Black Hats, the iPhone, and Mac Security

Earlier this month, computer hackers enjoyed the biggest week for demonstrating their skills and know-how. Annually, during the last week of July and the first weekend of August, Las Vegas hosts the two largest hacker conferences in North America: BlackHat and Defcon. Blackhat is more of a formal/professional gathering and usually attracts a few thousand people whereas Defcon draws over six thousand, many of which are the true hackers themselves. This year it was estimated that well over seven thousand people attended Defcon.

Each year the hacker conferences put forward new vulnerabilities being discovered with regards to the Mac, and they are presented with significant fanfare. This year the big Apple hack surrounded the hugely popular iPhone, whereby the phone’s browser could be compromised to the point of having the unit being completely controlled by an evildoing third party. The ‘hack’ was disclosed to Apple ahead of time, and was even patched in a software update before the conference began. Sidebar: I got my hands on an iPhone for a while, and was very impressed with this latest marvel of technology. My biggest gripe was the touchscreen keyboard - I found it very difficult to use, enough so that I consider it to be a deal breaker for a potential purchase in the future. We in Canada likely won’t see the iPhone until at least Christmas, but I digress.

The point of this week’s article is not to discuss the iPhone or it’s inherent security - my concern is with the overall state of security for the Apple Operating System. Each year, the computer security industry is presented with new information on how simple the Mac OS is to hack into, or to make vulnerable. Some professional hackers go as far as saying that Macs are easier to hack than Windows. So, why is it that us lucky Mac users are still able to operate without any antivirus or antispyware programs on our systems?

The answer is actually quite simple. It’s all about money. Although there may be more vulnerabilities in existence for the Mac OS, and while hackers love to boast about being able to compromise it, the fact of the matter is that Microsoft still has 95% of the market share. Sure, Apple’s gain in market share each year is increasing substantially by at least 30%, but when you’ve only got 5% of the market, what incentive is there for the criminals who rely on these vulnerabilities to exploit the Mac? There isn’t.

Hackers may love the Mac to hack, but the criminal gangs who are essentially responsible for the majority of viruses and spyware in the wild only care about the bottom line. Why would they spend their time going after only 5% of computer owners? One security expert who presented at both conferences noted that until the Mac owns at least 35% of the market, we are likely not going to see much in terms of any malware for the Mac. Even with a yearly market share gain of 30%, at that rate it’ll be a while before Mac users will need to panic. This is all a matter of opinion of course, and things can easily change. But for now, I’ll take comfort in the knowledge that the Mac is still a much safer environment than the Windows world.