Mac users need to wake up to the social engineering threat

Clu-blog reader Peter directed my attention to a letter in this week’s edition of “Computing” (a popular British IT magazine) earlier today.

The letter from Jamie Forder is in response to an article written in a previous edition by Laurent Marteau (disclaimer: Laurent is the CEO of French firm Intego, which specialises in Mac security), where the rising number of instances of Mac malware are discussed.

Here’s what Jamie has written in response to Laurent’s article:

Letter in Computing, 25 March 2010

Jamie actually summarises the threat to Mac users pretty well, with his points 1 to 4, but his response that the original article is “frankly rubbish”, and that the points made are somehow not worth worrying about and “frankly stupid” is incorrect I feel.

For instance, when are Mac users* going to wake up to the news that just because something is a Trojan, doesn’t mean it’s not a threat? Furthermore, it’s tell to realise that the vast majority of the malware we see on Windows is in the form of a Trojan horse, not a worm or a virus, and I don’t see anyone claiming that the malware threat on Windows isn’t a concern.

Here’s the shocking headline, folks: If your users are fooled by social engineering (ie. “sexy peephole video of Angelina Jolie”, “Sex video of Leighton Meester”) into installing code onto their computers they will have no qualms about doing so.

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

And yes, they will enter their username and password if it’s necessary to run the code which they believe will let them watch the sleazy footage.

Ashley Greene dirty pics webpage leads to malware

It’s true to say that there is much more malware for Windows than Apple Macs, but that doesn’t mean that the threat is non-existent for Mac users.

Mac users pride themselves on having made smart, informed choices regarding which operating system they choose to run – now is the time for them to prove they can be equally canny about security by ensuring their computers are properly defended.

After all, even Apple now acknowledges there is an issue having built a (very limited) form of protection into the latest version of Mac OS X.

More and more, it’s not so much about vulnerabilities in your operating system which are exposing your networks to attacks. Instead, it’s the bug in your user’s brains that is being exploited through social engineering – people are tricked into making poor choices, which can lead to computers becoming infected.

And that’s a bug which is just as present in Mac users’ brains as it is in those belonging to Windows users. The only difference is that Windows users are more likely, at the moment, to be running anti-virus software.

Mac user, surfing for porn, all ending in tears

* Footnote: I acknowledge that not all Mac users have this opinion, but certainly a vocal proportion of the community seems to have its head in the sand regarding security. Let’s all take computer security more seriously, eh?