In the Mac OS X (10.6.4) update which arrived earlier this week, Apple has made a change to its anti-malware feature to include an additional set of definitions, bringing the total number of built- in protections to three. The latest update now protects Mac users against a backdoor trojan that would allow hackers to take control of infected computers in order to send spam email.
Apple Anti-Malware Protections Updated to Three
The change is notable for the simple reason that Apple, unlike its highly-targeted competitor Windows, has typically sold itself as a safe, secure OS where anti-malware protection is not really needed. This mindset apparently enrages security researchers, who aren't as interested in the number of Mac malware programs (OS X certainly has few of those), but are worried about how Apple is training its users to be unconcerned with security.
Writes security expert Graham Cluley on his blog at Sophos, "Mac users seem oblivious to security threats which can run on their computers. And that isn't helped when Apple issues an anti-malware security update like this by stealth, rather than informing the public what it has done." He even goes so far as to suggest that the reason Apple keeps updates like these hush-hush is because the company doesn't want to taint its "secure OS" image. "Shh! Don't tell folks that we have to protect against malware on Mac OS X!," Cluley writes tongue-in-cheek about his discovery of the new anti-malware protections, describing what he believes to be the Apple marketing mindset.
Although Cluley still admits that there's a lot less malicious software for Mac out there than there is for Windows, the lack of concern regarding security issues among Mac users makes them a potential "soft target for hackers in the future," he warns.
Security by Stealth
The other reason why this news is worth mentioning is not just due to the security angle itself, but also the way Apple handles these sorts of issues. And that is very, very quietly. Most mainstream Mac users are probably wholly unaware that their operating system includes, by default, simple anti-malware protection by way of a file called "XProtect.plist," the same file that has now been updated to block against the newly detected threat, a trojan called HellRTS.
Arguably, Mac users have far less reason to worry about viruses, trojans and malware than their Windows counterparts, as any Apple user will quickly tell you. But despite this fact, the question remains: should consumers call for the company to be more forthcoming about its security protections, instead of leaving them to be unearthed by researchers hacking through Mac files? Or is the stealth status-quo OK, so long as the threats are minimal?
Image credit: Sophos; Disclosure: Sarah Perez freelances for Microsoft's Channel 10, but it is not a Microsoft employee. She owns four (soon to be five!) Apple products including the iPad, but runs Windows on her primarily blogging machine. She's also very forthcoming about her affiliations here.