Microsoft's malware problems are certainly a product of poor engineering, not its large installed base. The launch of Windows 95 coincided with the dramatic growth of the Internet and network connectivity. This advancement caught Microsoft off guard and its lack of secure coding meant users were connecting to each other using flawed and vulnerable systems. Combine this with the way Microsoft targeted less computer-savvy users, and hackers had a field day.
The Mac, on the other hand, has always had good baseline security built in, and it has a reputation for providing a safe haven from malware. Recent viruses and Trojans such as OSX.Trojan.iServices.B, however, have shown that Mac machines are not fully malware-resistant. Mac users must get used to security updates for multiple vulnerabilities, too. The big question is: as the growth in the Mac user base makes it a more profitable target for attackers, will more vulnerabilities come to light?
Cybercriminals are ultimately after money, so OS X will inevitably be attacked. Also, Mac users are generally less security conscious than Windows users -- an added attraction for potential hackers who often rely on users' bad habits to spread their malware.
Mac social engineering attacks are now a fact of life. If, however, they remain small in number, the figure will imply that hackers have found the time and cost of developing Mac malware too great compared to their potential returns. Will this prove then that the Mac, from a security angle, is a better engineered OS than Windows? Sadly no. It could show that there are next to no vulnerabilities to exploit. But it could mean that with only a tenth or less of market share, just a tenth or less of the hacker community's collective effort is focused on finding those Mac vulnerabilities and that the opportunity cost still favors targeting Windows instead.
Malware is not an unavoidable problem facing users of popular platforms, though. For example, it has proven difficult to distribute malware on Apple's iPhone, which limits the distribution of software to a restricted model similar to the console video gaming market, a sector that has seen no real malware exploits. Certainly no personal computing platform is 100% safe from attack, so remaining security-aware will always be essential to avoid the problems that come with malware.
This was first published in July 2009