Analyst's Prescription For Security Ills: Get A Mac

In its semi-annual report on the state of the security landscape, U.K.-based Sophos noted that the total number of pieces of malware detected by its anti-virus software jumped to 180,292 by the end of June 2006 from 140,118 the same time last year. The vast bulk of them target Windows-based computers. That, and a dramatic increase in the ratio of Trojan horses to other malicious code, gave the company's analysts advisory ammunition.

"You have to wonder if you're not knocking your head against a wall" using Windows, said Ron O'Brien, a senior security consultant with Sophos.

Macs aren't immune to vulnerabilities, he added, but exploits continue to be rare against Apple's operating system. Even the February disclosure of the first-even "zero-day" flaw in Mac OS X wasn't enough to galvanize hackers.

"It's a matter of hackers being behind the curve on the Mac," said O'Brien. "The storm of 'iViruses' targeting Macs never materialized, and for the time being it seems Mac can still safely say it's a safe alternative for computer users."

Sponsored post

According to Sophos' data, worms and viruses e-mailed in massive spam-like attacks are a thing of the past. In the first six months of 2006, only 1 in 91 e-mail messages carried a viral payload; that's substantially down from the 1 in 35 ratio posted in the opening half of 2005.

A corresponding jump in Trojan horses has more than made up the difference, however. Trojans now outnumber other types of malware by a 4 to 1 margin, said Sophos' report. In the same period of 2005, the ratio was just 2 to 1.

Another notable piece of information gleaned by Sophos was a continued fall in the average number of computers targeted by each attack.

Taken together, the numbers reinforce security professionals' long-held belief that attackers are dumping large-scale attacks for smaller, targeted assaults that rely on Trojan horses to deploy large quantities of information-stealing spyware.

"There are different tiers of criminality" that can be assigned to Internet attackers, said O'Brien, and the top group "doesn't want to be known." Instead, these criminals rely on small attacks, pinpricks relative to past worms such as Sober and Netsky, to reap financial windfalls. For the most part, those attacks are launched from botnets of compromised computers, often by criminals who have "leased" the machines from the actual hacker.

"Month to month, there is a direct relationship between the increase in Trojans and the number of zombie PCs," O'Brien claimed. But although Sophos steered home users toward the safer Mac, it didn't tell everyone to ditch Windows. It took a wait-and-see attitude toward the upcoming Windows Vista, for instance.

"Vista will probably force malware writers to re-assess the techniques they are using for both regular malware and rootkits," the report stated.

"Vista is going to be more of a hurdle than an actual obstacle" to attackers, O'Brien added. He was certain that dedicated hackers would find a way to replicate their current tactics against Vista.

The OS, which has been delayed several times -- most recently when Microsoft announced in March that Vista would not appear in volume until January 2007 -- has been touted by its Redmond, Wash. developer as the most secure Windows yet.

Sophos agreed while it bemoaned the postponement. "The delay is bad news for security-conscious computer users as it incorporates a number of new features which should harden the operating system against attack," said the Sophos report.

The Sophos Security Threat Management Report can be downloaded as a PDF file from the company's Web site.