A Perspective on Mac OS X Security from an Expert

| Reports

SAN FRANCISCO -- Macworld is a great place to sit down with a representative from a well-known company and acquire new insights that don't always come through in either their press releases or Website. When the subject is Mac OS X security, the occasion is even more profitable,

This reporter spoke with Jack Nahon, V.P. of Business Development with Intego. We had a frank, wide-ranging discussion about all things related to security on the Mac.

The first topic was the overall state of Mac system security and how if evolved over the years. "Back in 2003 to 2005," Mr. Nahon recalled, "the threats to the Mac were mostly proofs of concept from the white hats. There weren't any real threats except the Word-macro viruses. Our goal then was to stop the spread the viruses, mainly with the Mac as an infected carrier."

"However, in the 2006-2007 time frame," he continued, "we saw the first malware emerging. These Trojan Horses were derivatives of their counterparts on the Windows side. We believe their source was, generally, eastern Europe, and they live mainly on pornographic Websites -- the best kind of site to lure unsuspecting users."

"Nowadays, as we've learned how to close and harden ports and detect Trojan Horses and viruses, the emphasis has shifted to phishing. This is much harder to protect against because it uses trickery to deceive the user at a high level rather than technical means to infect the machine at a low level."

That led to a discussion of how one can protect against phishing and whether Safari or Firefox is better.

"We think that with the new anti-phishing protection, Safari is in better shape. But a critical problem remains, namely, thousands of new Website spring up each day, and there's always a lag between the time it springs up and when the site can be blacklisted. During that time, the Mac user is vulnerable."

This reporter wondered if Symantec's work on the Windows side gives them an advantage. Mr. Nahon didn't think so, and pointed out that that work closely with some partners to monitor what goes on in the Windows world.

"You should know that we published an annual report recently. It catalogs al the major threats from 2008 and describes how they operated," Mr. Nahon added. "There were perhaps ten or so significant threats. We expect that number to rise to about 40 or 50 in 2009."

At this point, Mr. Nahon brought up a very interesting point that all Mac users should be aware of. "Sometimes, for technical reasons, it takes Apple some time to provide an OS update that deals with significant threats. Our job is to analyze the threat and update Virus Barrier right away, This is the first, immediate line of defense. Then, when Apple can certify an update that doesn't have any ripple effects and is a sound change to the OS, that fixes the vulnerability for good. So that two part sequence produces a layered defense strategy."

That's a smart approach for any Mac user, many of whom can be a little too complacent about the state of their Mac -- or who grumble that Apple takes so long to publish a notable update. Mr. Nahon pointed out that Microsoft has found that 50 percent of their customers have no malware protection at all installed. It's amazing, but complacency remains a continuing, wide-spread problem for both Windows and Macintosh users. Independent of market share and relative system security, just like the fictional Jack Bauer of "24," he might stop 9 threats out of 10, but that one breach not stopped can be a real problem.

All in all, it was a sobering conversation with an expert in Mac OS X system security. The lesson is that there are people out there who are out to compromise your computer, fool you, and steal your money. They get paid and make a living doing it. Mac users should take their safe presence on the Internet at least as seriously.

Popular TMO Stories



Sorry, I’m still not worried.


FUD from a “Security Expert”


I love it. Basically: “There are no big threats to OS X specifically, so we’re going to shift the coversation to phishing.”

John Martellaro

Luvit: Mr. Nahon said no such thing. There are exploits, still not addressed, according to Mr. Nahon that can allow certain malware to seize root access on Mac OS X, and the admin password need not be compromised to do so—only that the user be in admin mode. As a result, Intego advises that users run day-to-day as an unprivileged user and only enter the admin account when necessary. The above scenario suggests that complacency is ill-advised.


It would be interesting to have a serious discussion vis a vis security and the Mac.  This discussion should have many participants and not only those who are involved in selling security software.


Really, what is the point of asking a maker of security products about security. All you are going to get is a sales pitch.


I cannot recall ever reading about a real life Mac user being infected with anything. I am fairly certain it is possible, but I will stick to backing up critical files, and avoid the security software. From experience, security software really slows system performance down and since so few Mac users are reporting problems, on balance it doesn’t seem worth it to get such software. It seems I have a better chance of getting hit by a car today then getting a Mac virus.

Richard Dalziel-Sharpe

I await in fear and trembling for the flood of terror that is about to befall me after these dire predictions. Predictions that have been made year after year for as long as I can remember. Oh bugger, seems like another false dawn for the snake oil salesmen. I’ll just mix up another Gin and Tonic, and wait for the next round of b***s***t to flow. And continue to enjoy my Mac as I have in the past.
I have been using Mac computers since 1992.
And on the internet shortly after that, with a whizz bang 9.6kbit per sec connection speed. A 25kbyte file could take 4 or 5 minutes to download.
I have never had any form of antivirus application on any Mac that I have owned.
I have never had any form of contamination from any outside source on any Mac that I have owned.
I do have the built in Firewall active on my Mac
I make sure that I know about anything I allow to be installed before I enter my admin password.
And thats the future for me.


let me get this straight you talked with a “expert” who is selling software,  and amazingly,  he recommends buying that software?

do you really want to be a reporter?  next time try a little hardball…  like how many users have LOST DATA do to installing their type of “software”...


Macs are not perfect.  So far all has been OK!  Let us not stick our heads in the sand.  As macs become increasingly popular, particularly in the corporate world, the potential gain for hackers increases.  Let us not be lulled to sleep by a false sense of security.  There are a few reputable security software companies out there and it would not hurt to listen to them. 

The last one I would listen to is Apple Inc. because it is not in their best interests to acknowledge a potential threat.

I would like to hear more from John Martellaro on this subject because I feel that it is better we (Mac community) stay on top and not have to scramble, after the fact, like Microsoft has.


Why does this discussion remind me of the pre 9/11 days?

Those who think that because nothing has happened yet nothing ever will, are fooling themselves.


Exercise caution and don’t be complacent. I’ve been running Macs for 20+ years and haven’t had a problem since WDEF. But I have a “victim” Mac next to me that’s just collecting malware (it’s deliberately exposed for this purpose).

Don’t kid yourselves that there aren’t people out there trying to break your box—this one is being hit many times every minute.

I fully agree with WetcoastBob that there *are* reputable security companies out there; unfortunately there are also some FUD-mongers.

It *is* a good idea to set the “first” account as admin, and then create a second, standard account for your everyday use [easier since Panther and better still in Tiger and Leopard].

Apple’s response has been mixed. Overall I guess I wouldn’t rate it as “bad” but “less than good”. It *will* improve because attackers *will* start to break things—they have lots of incentive ($$). It’s just a question of whether Apple will improve ahead of this (I hope) or following one or more disasters, as happened to Microsoft. The history lesson is clear and, as has been said before, those who do not read history are doomed to repeat it.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account