They've become the yuppies of the 21st century. Many of them ostentatiously flaunt their easy-to-use, pristine gadgets as if they offer the answers to all the world's problems while simultaneously making them feel beautiful and brilliant. They smile so wide while singing the praises of their new iGadget-of-the-month that it's like Steve Jobs himself imprinted the barcodes on the backs of their heads. It's reached the point that whenever I'm at a gathering and people start talking about their iWhatevers, I find myself looking for the nearest exit.
So I can't help but smile just a little - well, more than a little - knowing that Apple users are about to get a dose of reality, at least when it comes to information security, or lack thereof.
It's widely accepted that Apple technology - desktops, notebooks, smartphones - is more secure than Windows-based systems. People have written essays and books on the topic, but ultimately it boils down to the economics of malicious hacking: more people (and especially more
companies) use Windows-based technology, so there's greater financial incentive for the digital underground to seek out vulnerabilities that exploit Microsoft's long-lived cash cow. Since few instances of malcode are effective against both Windows- and Apple-based systems, it's no surprise that most cybercriminals have focused on Windows.
But that perception is shifting as the number of Apple-based systems in use increases. According to data from NetMarketshare, which measures operating system share trends based on visit data from thousands of websites, in the past two years Mac usage has grown to account for 5.16% of all Internet-connected devices; the iPhone alone accounts for nearly .6%, a more than 600% rise during that period. Usage of Windows-based devices, conversely, has dropped more than 3.5% in the past 24 months.
It's not a monumental shift by any means, but my hunch is that usage trends will continue to shift in this direction as more companies follow Google's lead and move away from Windows in search of a more secure client platform. Linux would probably be the best choice, but no doubt Apple-crazed executives and end-users will push for Macs. All this means the economics of exploiting Apple will be more attractive to organized criminal hackers.
Making matters worse for Apple aficionados is the mounting evidence that Apple software was never as secure as it seemed. There have been warning signs for some time, like last year's proof-of-concepts from Vincenzo Iozzo and Dino Dai Zovi. More recently we've seen spyware embedded in Mac applications and zero-days affecting the iPhone and Safari browser. Even Apple, which has been loath to even mention security, recently patched four dozen vulnerabilities, and boosted its OS X malware signatures by 50%.
Together, all the signs point to potentially serious security problems for Apple users in the not-too-distant future. I'm not the first to say this by any means, but the especially evil twist will be that Mac users who have never had to care about security will fall victim to the looming iceberg of custom malware for iPhones, iPads, MacBooks and the like without ever knowing what hit them.
The lesson here for savvy information security pros is that Apple products and users need the same defense-in-depth technology and training that the Windows world has long become accustomed to. Patches need to be downloaded and applied promptly. Antimalware needs to be installed and updated regularly. Network-based defenses need to makes sure packets from Macs get just as much scrutiny as PCs. And, perhaps most importantly, the Apple user bases need the same user awareness training that everyone else gets. It may be cheaper and easier to focus on high-risk users, but the definition of high-risk can and will change quickly.
Are Apple devices still by and large much safer than Windows-based computers? Of course. Does it remain a wiser choice to conduct online transactions using a Mac with a browser other than Internet Explorer? Without question. But we're on the precipice of a new era in which Apple users may soon be downloading patches and updating operating systems with the same frequency as Windows users.
When that day dawns, what will I say to my smug Apple friends? Just one word: welcome.
Eric B. Parizo is senior site editor of SearchSecurity.com. His rants can also be heard each month on SearchSecurity.com's Security Squad podcast.