[UPDATE: I'm a dork. I didn't realize that the article I was responding to was from 2005. My analysis remains valid, though. It would be interesting to find out how many verified exploit potentials have been found in Mac OS X and Safari which have been actively pursued. I'm betting the number is really small. -TCR]

The time has come. Symantec has officially come out and stated that there is an active malware infection potential for Mac OS X in the wild. Many people unfamiliar with the superior operating system have claimed that the Mac wasn’t getting noticed because it was too small a target. Now Symantec is saying that Mac OS X isn’t any more secure than Windows. I can take the former statement, even though there has never been less than 30 million Mac users in the last 10 years (this is a non-verified datum point, but I’m pretty confident I’m relatively close). There are far more Apple product users now, so I’d have to say that its extremely unlikely that anyone, anywhere has no clue who Apple Inc. is. That just seems ignorant.

That leaves us with the latter statement, that Mac OS X is as secure as Windows is. That’s like saying a Lamborghini Murcielago and Tata Nano are equal in capabilities because they are both cars. The very simple fact of the matter is that Windows is a sieve because it was designed that way. Microsoft has developed a load of scripting interfaces for Windows to facilitate developer diversity, they stick hooks to these technologies in everything, including IE, then they integrate IE into the OS, and literally millions of exploitation points are born. As long as a user’s IE security settings are turned down enough to allow scripts developed by legitimate programmers to run, there are plenty of holes into IE for malware to slip in.

Mac OS X only offers a few scripting technologies, and those are locked down and not made accessible to the web browser. Magically, all of those potential security holes that IE presents are gone. In fact, there is only one hole into which a hacker can gain some limited access to the Mac OS X system, and it is the most complicated and difficult to manage exploit potentials on the planet: the human being. That’s right, us. In order for a virus to get on to a Mac OS X system it needs to trick the user into believing that its of real value to the user. These Mac virus developers have used a trick which works well on Windows users called, among may stupid and weird names, the Fake Codec. Users are tricked into downloading a fake video player which they need to watch porn.

Does the fact that people can be gullible and susceptible to offers of free stuff constitute the body of logic which says that Mac OS X and Windows 7 share the same level of exploit-ability? That would be ridiculous and far more than unscientific. Apple takes a far larger measure of care in making Mac OS X secure than Microsoft does with Windows, that has been clear for well over two decades of Windows viral infections starting with really early boot sector viruses. Of course, that was back in the days of the floppy and there were a few for the Macs back then, too. I’d like to get back to the point about human gullibility, however, because there is a more insidious and frightening source to be aware of.

Remember how I started this piece mentioning that Symantec has reported an active Mac virus roaming the wild? Yeah. Symantec makes anti-virus software and said software makes this millions upon millions of dollars every year… in the Windows market. Symantec makes practically no money on the Mac OS X market, so it would be important, as Apple’s market share grows, for Symantec to work hard to exploit that market potential. Are you hearing any parallels here? I’m not suggesting that Symantec is fabricating these viruses in order to create a market, but its clear that Symantec would love to get another 50 million users paying $30 a year. That would almost certainly make a great deal of people very rich.

There are two quotes I’d like to pull from the article published over at MacObserver:

Between July 1 and December 31, 2004, Symantec documented 13 vulnerabilities affecting Microsoft IE, nine considered high severity. Six vulnerabilities were reported in Opera and none in [Apple's] Safari browser. The report called the zero number of confirmed Safari vulnerabilities “somewhat surprising given the increasing popularity of Mac OS X,” but suggested that as the browser grows in usage, so will the attacks.

Mr. Cole said the classic and basic rules still apply to fend off virus and hacker attacks. “Keep your operating system up to date, your browser to date and your virus definitions up to date,” he said. “If you do that, your chances of having problems are minimal.”

Mr. Cole is some guy from Symantec named David Cole. I’d like you to now go and read that article from which these quotes are taken. Knowing what you know now, I think you will find it very interesting, and quite transparent.

Now, here are the tips you need to keep yourself safe:

1. Unless you need to, never go to a website you’ve never heard of.
2. If you don’t already know a website’s address, look it up in Google. Don’t try to guess it.
3. Don’t click on any ads. You are a consumer. If you want something, look it up at your favorite stores.
4. Never run any programs or open any archives where the source cannot be verified.
5. Never open attachments until you have verified a) that you know the person who sent it and b) that they actually sent it to you.
6. Get your software from reputable sources like Apple, the Apple Store, Best Buy, Target, Wal-Mart, etc.
7. Don’t believe every claim or statement you read.
8. Don’t assume that because someone is smart about computers they are also ethical.
9. Never use your credit or debit cards unless the vendor is confirmed and the page is secure.
10. NEVER, EVER, EVER RUN YOUR MAC WITHOUT A PASSWORD.

That password is your Mac’s key to its security. If there is no password, there is still some protection, but not enough to really cover your ass in case something happens. Your Mac asks you to enter your password when a program requests that something important be changed in the delicate places of your OS. Without that permission, it can’t get in. If you don’t use a password and typically click those request dialogs away, then it is a foregone conclusion that you will allow a virus into your system.

If you are thoughtful and deliberate, it will be a cold day in hell that you get your Mac infected.

Purchase this and related items at Amazon now: