Following up on Mac OS X Security Myth #1: Mac OS X Has Few Security Bugs, this post continues my look at “perception versus reality” for Mac OS X security.
There aren’t a lot of sources of validated compromises, but one of the few we can check is www.zone-h.com, which gathers and documents web server compromises, along with a lot of information about the compromised systems.
I went to the zone-h home page and clicked on Attacks Archive. Next, I click Enable Filters to open up some filtering options for the archive of compromised site. One of the filters is System, so I used the pulldown to select “MacOSX” and then the “Apply Filters” button and this is what I get:
Well, that’s not a small set of compromised web sites, is it? Look closely along the bottom of the screenshot and you’ll see that this is page 45 of 50 pages of listed compromised sites.
Now, MacOSX certainly isn’t the platform with the most attacks over the past couple of years, but that isn’t the point. The point is that, given sufficient motivation, attackers can and do attack any platform – and succeed – even against Mac OS X.
The idea that nobody attacks Mac OS X definitely appears to just be a Myth.