April 03, 2012, 12:15 PM — In the face of new threats aimed at OS X, a security expert has warned that Mac users may be even more vulnerable than Windows users.
Because Windows users are more likely to be running up-to-date anti-virus programs, Graham Cluley of Sophos says that many Mac users are missing a "valuable safety net".
In the face of several new threats targeting Mac OS X that have been discovered in recent weeks, Mac users should make sure that they have some form of protection, Cluley said. However, keeping your computer safe from cybercriminals isn't just a case of having anti-virus programs installed - it's about making sensible choices as well.
"As we have seen on the Windows platform, the majority of the attacks do not exploit any weakness in the operating system but instead take advantage of the bug in people's brains. Mac users can be just as easily duped as their Windows cousins into making poor choices, and could end up infected as a result, Cluley told Macworld.
"The only difference is that if you're running Windows you're much more likely to have protected yourself with up-to-date anti-virus software which acts as a valuable safety net."
Cluley's comments come in the wake of the discovery of a new threat that bypasses OS X's built-in security protection features. Last week, AlienVault reported that it had encountered a malicious Microsoft Office for Mac file that on the surface appeared to be targeting non-governmental organisations in Tibet.
"A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploits this vulnerability could take complete control of an affected system," wrote Jaime Blasco on the AlienVault Labs blog.
Fellow security firm Intego warned that it was necessary to make sure you keep all software, not just anti-virus programs, updated, as though this attack seemed to be targeted, it could be adapted for use against other OS X systems.
"These Word documents exploit a Word vulnerability that was corrected in June, 2009, but also take advantage of the fact that many users don't update such software. Word 2004 and 2008 are vulnerable, but the latest version, Word 2011 is not. Also, this vulnerability only works with .doc files, and not the newer .docx format.