A Worm in the Apple

A Worm in the Apple

Security used to be a standard talking point for Apple enthusiasts. PCs were riddled with viruses and vulnerable to hacking, but Apple users were safe.

Not anymore. Stories about hacks and other vulnerabilities in Apple products are becoming ever more regular. Just last week, the latest in a series of iPhone hacks caused costly breaches in iTunes accounts. In August, two new Mac-specific viruses were discovered. And then there’s the nude celebrity photo scandal, caused by hacking of Apple’s iCloud system.

It’s been three years since Apple grudgingly removed claims of invulnerability to viruses, malware and Trojans from its website. Even when security incidents occur today, Apple tends to blame the victims rather than take action to assure users. The spin behind those old talking points is something that Apple continues to hold onto. (Even though in retrospect, that hubris-filled Apple TV spot about how there weren’t any Mac viruses seems almost like a dare to cybercriminals.)

So does this mean that the playing field is level now when it comes to security?

Not so fast. The fact remains that the sheer volume of PC viruses and malware still dwarfs the security problems of Apple products. Despite the hype, however, that’s not a function of Apple’s security posture. It’s a function of Apple’s relative unpopularity.

Just over 4% of the world’s computers run Apple operating systems. The monetary and prestige-related returns for hacking Apple products are simply lower. Hackers have less of an incentive to find and exploit security breaches on a Mac because fewer people use them.

iOS, on the other hand, is the mobile operating system of choice for over 40% of the world’s users – a far more lucrative target. The fact that quite a few of the Mac hacks were actually designed as a back door into iOS is telling.

When choosing systems and mobile devices, IT managers have to weigh both the potential for vulnerabilities and the benefits that come with user familiarity. Unfortunately, it appears that the two are linked – familiarity breeds vulnerability. In the end, the playing field may not be exactly level when it comes to security of competing platforms. Still, assessing risk is an increasingly nuanced task.