Mac users 'still lax on security'

Apple OSX has proved far more robust than Windows

Apple Mac users are still too lax when it comes to security matters, an independent researcher has said.

Kevin Finisterre caused ripples in the Mac community when he started a website in January revealing a different bug in Apple systems each day of the month.

While some observers dismissed the survey, Apple recently issued a patch to plug holes outlined by Finisterre.

Apple owners' attitude to security was "one of the main reasons we started the campaign," he said.

Apple makes great play of the fact that its OSX operating has yet to be attacked by a virus while Windows XP machines are plagued with problems.

Its recent global campaign of adverts pitching Macs versus PCs has focused on security issues.

XP machines are represented by a flu-ridden, sneezing individual while the Mac remains untouched by illness.

Security holes

Many of the problems highlighted by Finisterre are security holes in applications, which are not related to viruses.

Apple recently plugged holes in Mac software such as iChat and Finder and a flaw in the user notification process that could potentially grant system privileges to malicious users.

All three problems were highlighted by Finisterre, and a fellow researcher known only as LMH.

Finisterre said: "Try calling any Apple store and ask any sales rep what you would do with regard to security, ask if there is anything you should have to worry about?

"They will happily reinforce the feeling of 'Security on a Mac? What? Me worry?'."

He said the Month of Apple Bugs (MOAB) project had succeeded in its original aim of raising the level of awareness around Mac security.

"I would really hope that people got the point that there are most definitely some things under the OSX hood that need a closer look," he said.

But Mac experts have pointed out that none of the exploits have ever successfully been used to hijack an Apple computer.

By contrast hundreds of thousands of Windows machines have been taken over as part of so-called bot nets, which use the hijacked machines to deliver millions of spam e-mails around the world.

'Extra efforts'

He said Apple had opened up dialogue about security issues.

"They have certainly given some extra efforts on the backend to open up lines of communication, at least with me.

"That sort of progress is what I am after rather than a particular set of bugs."

He said that Apple had in the past not been open to dialogue about security matters, but things were changing for the better.

"I chat quite regularly with some of the security engineers," he said.

At the moment there are no plans for the MOAB website to continue.

"Real life comes in to play; the cost of living, the fact that we did it all for free.

"If someone wanted to invest some of their own resources I would be more than willing to continue."