Sophos Cloud Optix
Up until just a few days ago, Apple’s website was keen to point out that Mac OS X doesn’t get PC viruses, and that the operating system “defends against viruses and other malicious applications, or malware” with “virtually no effort on your part”.
Now, Apple’s changed its tune a little and revised the wording on its “Why you’ll love a Mac” webpage:
You can click on the image above to see a larger side-by-side comparison, but here’s what the old page said:
It doesn’t get PC viruses.
A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers. That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part.
Safeguard your data. By doing nothing.
With virtually no effort on your part, OS X defends against viruses and other malicious applications, or malware. For example, it thwarts hackers through a technique called “sandboxing” — restricting what actions programs can perform on your Mac, what files they can access, and what other programs they can launch.
And now..
It’s built to be safe.
Built-in defenses in OS X keep you safe from unknowingly downloading malicious software on your Mac.
Safety. Built right in.
OS X is designed with powerful, advanced technologies that work hard to keep your Mac safe. For example, it thwarts hackers through a technique called “sandboxing” — restricting what actions programs can perform on your Mac, what files they can access, and what other programs they can launch.
I think it’s pretty interesting that Apple has made this change to their messaging.
Clearly they’ve decided that pointing out the size of the Windows malware problem isn’t going to look terribly convincing unless they are also open about that Mac malware also exists.
After all, it was only a couple of months ago that it was found one particular piece of Mac malware had infected 600,000 Macs worldwide, including 274 in Cupertino.
In short, people in glass houses shouldn’t throw stones.
And there’s no longer an emphasis on Apple customers having to “do nothing”, to keep their Macs malware-free.
Mac malware is a reality these days, with regular users finding their computers are becoming infected. The problem may not be as significant as Windows malware, but it exists.
A recent analysis by Sophos found that 2.7% (one in 36) of Macs which downloaded our free anti-virus product were found to be infected by Mac OS X malware.
So, the problem is real. And Apple seems to be becoming a little bolder in acknowledging it. This week, for instance, Apple mentioned malware for the first time ever at a WWDC keynote address. I view the changes in the messages pushed out by their marketing department as some important baby-steps.
Let’s hope more Apple Mac owners are also learning to take important security steps – such as installing anti-virus protection.
Hat-tip: CRN
So, if it's official "that Mac malware also exists", and the suggestion of "customers having to 'do nothing', to keep their Macs malware-free" has gone, is it now time for Sophos to provide a premium protection service for OSX?
Umm.. Sophos has provided a Mac anti-virus solution for businesses for years. 🙂
http://www.sophos.com/en-us/products/endpoint/endpoint-protection.aspx
How does this come up every time there is a Mac related article? Get with it and get over it. Yes, Sophos offers FREE Mac AV.
Shouldn't your study have found 0% of Macs which downloaded our free anti-virus product were found to be infected by Mac OS X malware?
Were the others that didn't get the malware protected by your product, or protected by savy users, or even exposed to the virus in any way?
"2.7% (one in 36) of Macs which downloaded our free anti-virus product were found to be infected by Mac OS X malware."
I.e. once Sophos Anti-Virus was installed on the Mac and a full or on-access scan was completed, 2.7% of the install base were found to have malware already present on the machines.
The 97.3% of users either had another AV product installed already or in the past, were cautious/careful internet users, or just lucky. Don't play down the 2.7% – that's a huge number of endpoints!
It’s good that Apple is finally taking malware seriously, as evidenced by the 600,000 Macs that were infected with from the Java exploit. Apple is finally realizing that there’s no such thing as 100% secure, but they do need to be more open regarding malware threats. Macs have started gaining market share, and is getting attention from cyber criminals. Anyone out there who owns a Mac and is being complacent about security need to wake up. Please heed the warnings from Sophos. I’ve taken the security of my Mac seriously and have installed the free anti-virus product from Sophos. Thus far, I haven’t been infected at all. I feel safe knowing that I’m being protected.
Exactly.
The Mac is secure if the user doesn't provide elevated privileges to an unknown download/install request. I wonder how many Mac users would just tap in their credentials for elevation if they were asked to? I know quite a few. The general Mac user isn't the supreme being they used to be.
Windows can be just as secure if you configure it correctly, patch it and use decent AV, Firewalls and Host IDS. I've never been infected but then I've disabled the services I don't use, run a minimal amount of apps, patch regularly, I use a decent AV, a well configured firewall and run everything in user context and only elevate to admin when I know I've requsted something.
More importantly don't be stupid. Educate yourself, it's your data and money they'd be trying to steal so use your head and act responsibly.
A false sense of security can be very damaging.
And don't forget that there is a malware for Macs that *doesn't* require you to give permission to install.
Funny how they are JUST now admitting this… when an article came out last year on CNET about iPhone's vulnerable to hacking in 30 seconds or less. Also the folks over at ZDNet posted an article about two University students who hacked the iPhone's SMS data base in LESS than 20 seconds.
Macs still don't get PC viruses, but the truth is, that's not a very good message. It is better that Apple brag about it's security features while keeping in people's minds that no one is 100% safe. simply telling people they're safe and being done with it was probably never the right thing to do. I don't think that the change reflects poorly on Apple, but rather well in that it takes into account this pesky little thing called reality.
This isn’t the first time Apple changed their message. Some time ago they had conceded, on their web site, that it might be a good idea to run AV, but then very quickly pulled that message off the site.
An animated GIF don't lie! Cool writeup, Graham. You sum it up very well with your point about rock-throwing by those who live in homes of processed silicon. I link to your article from one I did on a writing perspective: Words Matter. Apple Knows. …and would welcome your thoughts in the comments if you'd like to share.
With all the info about Flashback for Macs, it made me look up at my old familiar Sophos shield logo for comfort….OMG its gone! Now there is a little "s" outlined by the shape of my old shield. PANIC! What happened! A new update? A smart aleck hack? The forum said it came from an update but no notice to the trepid user. A notice would be nice but I would really like a SHA-1 response to verify my downloads from Sophos website.