Partners: MacDefender Phishing Attack Won't Bring New Business, Yet

The MacDefender virus and its variant, MacGuard, which ran rampant across Apple's Mac OS X platform might have grabbed headlines, but they will most likely fail to grab the attention of solution providers as a threat that will spur more Mac-related security business.

So what impact will theMacDefender and its variants have on business?

The short answer is not much, at least for now. That's because Windows still dominates the enterprise, while businesses relying on the Mac OS X platform -- even in a mixed environment -- are still few and far between, partners say.

Daniel Duffy, CEO of Fresno, Calif.-based Valley Network Solutions, said that altogether, Mac OS X security business occupied less than 1 percent of his business. "It's still predominantly a Windows world, then Linux, then Mac is a distant third," he said. "That might be changing in the next couple of years, but with computers or servers, there's virtually no presence in the enterprise space."

Renowned for being impervious to most security threats, Apple shocked the IT community earlier this month when it issued an advisory warning users of the rampant MacDefender fake antivirus phishing attack sweeping across the Mac community, affecting an estimated 60,000 to 120,000 customers .

Another iteration of the virus, known as MacGuard , bypassed the Mac OS X password requirements and installed the malware without any user intervention.

"I think we all knew these days were coming. Malware hit an operating system that we haven't seen targeted in as many attacks on lately. This one made the media. It's going right for the credit card numbers," said David Sockol, CEO of Emagined Security based in Santa Clara, Calif.

Meanwhile, the Cuptertino-based computer company on Tuesday issued an update for Mac OS X 10.6.7, update 2011-003, which includes malware detection and removal for the MacDefender phishing attack and its variants, while also providing a mechanism for updating future malware definitions.

The security update is available from Software Update or the company's Downloads page, and does not require a system reboot, Apple said.

However, despite the recent media focus on MacDefender, channel partners maintain that they are not seeing a tremendous upsurge of customer requests for Mac OS X security solutions, nor do they anticipate a significant rise in Mac-related services.

"I haven't heard of customers being concerned," said Gary Fish, founder and CEO of Kansas City, Mo.-based FishNet Security. "Most of the Macs in our customers' environment are consumer driven. They want to use them for access to the network. We don’t' have a lot of enterprise customers that have standardized on a Mac. "

Andrew Plato, CEO of Beaverton, Ore.-based Anitian Enterprise Security, said that all of his Mac customers rely on Mac-based antivirus and outbound Web proxies -- on his advice -- to eradicate those kinds of infections.

Sockol added that the majority of the security solutions targeting the Mac are already being applied, just not in vast quantities.

"A lot of the (Mac OS X security) solutions are on the market, they're just not widely adopted," he said, adding that he anticipated seeing a little bit of an uptick in demand, but not one that would significantly transform his current business.

Next: Apple Could Edge Into Enterprise Market

But that could change as the Mac platform gains marketshare in the enterprise and becomes a bigger target for viruses and other security threats, partners say -- especially in the consumer device space.

"Where the real challenge is for iPads and iPhones," Plato said. "Those are being adopted at a much faster pace than Mac desktops and laptops."

In fact, Fish said that he anticipates building out his Mac security practice down the road as the number of cyber threats targeting that platform increases, adding that his demos now include hacking into an iPhone or iPad because "you have to assume that the data on there is not secure, unless you use some third party tools."

"CIOs and CISOs are having to write policies around Macs and personal devices. I think we're only going to see more and more publicity around different viruses and bots and different vulnerabilities. It's going to get worse," he said. "We're going to have to focus on the security of the Mac environment, as much as we do Windows today."

Duffy echoed that Macs and the iOS, are going to slowly become more relevant in the enterprise.

"It's inevitable. There's a lot of influential decision makers that are adopting Mac in the consumer space," Duffy said, adding, "I hope it doesn’t come too quickly, because Apple has never been an easy company to work with."

But Apple has a long way to go in terms of adopting adequate security practices designed to keep pace with Mac and iOS adoption, partners say. "Apple is about where Microsoft was about 10 to 12 years ago, still leaving security up to other people or ignoring it entirely," Plato said. "Their model of tight control over applications, delivery and even content is not a replacement for good security."

Meanwhile, the greatest satisfaction around the groundswell of Mac-targeted malware could likely more abstract -- finally Mac users are now on more of an even playing field with Windows users, partners say.

"For years Mac enthusiasts said that they are completely bullet proof," Duffy said. "They've always missed the fact that Macs are just a less visible target."