Lessons for IT, Apple in Flashback brouhaha

It's clear that OS X is now a target of malware purveyors

1 2 Page 2
Page 2 of 2

Intego, a company that specializes in Mac security and produces the Mac-specific Virus Barrier antivirus tool, was not only aware of the threat but had already been protecting Mac users from it. The company's Mac security blog notes that it was aware Flashback was targeting Macs in the fall of 2011 and said it began offering protection before the malware became a news story. Intego even pointed out that its 30-day free trial was available and would identify infections.

This raises a rather thorny question: Why didn't other companies identify and address the threat sooner? It would seem logical that companies pro-actively protecting a wider computing audience would be the first to announce a solution. On other hand, such companies don't have Mac users as their primary customers. One could posit that, as a result, their priorities (and thus budget and manpower) lie elsewhere.

What about Macs in enterprise environments?

This entire saga is a wakeup call that Macs are just as vulnerable as PCs to malware. One can quibble about specific security technologies employed by Apple, Microsoft, and other players -- and there is merit to such discussions -- but the days where Mac users could ignore security concerns and shrug off the possibility of infections is gone. Apple's efforts with the Mac App Store,OS X Mountain Lion, and the upcoming Apple Developer ID program are good security moves, but they can't turn back time to the state of comfort many Mac users enjoyed a month ago.

Even more so, this is a major wake-up call for IT departments now adding Macs to businesses of all shapes and sizes. Simply handing out new laptops, desktops and iPads and trusting that users -- or maybe just one or two IT team members -- can handle any issues is no longer an option. (It really never should've been thought of as one in the first place.) Whether Macs at your company are business-owned or employee-owned as part of a BYOD program doesn't really matter; IT shops need to ramp up their Mac knowledge and skills -- pronto.

IT departments cannot allow Mac security efforts to slip through the cracks. Apple has done a lot to help bolster Mac security for OS X in its default state, but that isn't enough.

Being able to handle Mac security effectively requires a real depth of knowledge and understanding about OS X. Apple new (and free) Mac Integration certification is a starting point, but it only scratches the surface. Apple's larger training and certification programs are a great additional resource (and the texts of those classes are available as part of Peachpit's Apple Training Series for those who can't attend those programs). Beyond that, there's the MacTech conference each fall and related events through the year, which are excellent options. For sharing knowledge, the PennState Mac Admins List is a great resource (and even has its own two-day conference in May). APF548.com and MacWindows.com are two additional resources. If all else fails, there's the Apple Consultants Network.

Beyond simply understanding OS X and Mac security, however, this situation raises the prospect that Mac security may require additional tools and systems to work well. Intego was the first vendor to address this threat, and it's not one of the vendors most IT departments turn to for site licensing of security software.

At the end of the day, this threat shows that there is a need for a new perspective about Apple and Mac OS X on the part of Mac users, IT professionals and the tech media. While Flashback represents the first real shot across the bow of Apple security, it won't be the last.

Ryan Faas is a freelance writer and technology consultant specializing in Mac and multiplatform network issues. He has been a Computerworld columnist since 2003 and is a frequent contributor to Peachpit.com. Faas is also the author of iPhone for Work (Apress, 2009). You can find out more about him at RyanFaas.com and follow him on Twitter (@ryanfaas).

Copyright © 2012 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon