How to take Apple security seriously?

Apple's software security has always been a tumultuous area of conversation among Mac and iPhone aficionados. On the one hand, you are always hearing things like "the Mac is easier to break into than Windows 7" or the "iPhone isn't safe enough for enterprise!" But when has there ever been an outbreak among Apple machines or break-ins not caused by lax user passwords?

Many times it is true, Apple products are unsafe. It took Apple the better part of a year to update a significant Java security hole in Mac OSX, for instance. This week, some researchers showed how to take out iPhones (and Androids and Windows Mobile devices) with a single character SMS message. Forbes called this How To Hijack 'Every iPhone In The World'.

Apple released a security update today and nothing happened.

The point I am getting at is this: How do you know when to be concerned and how do you differentiate from the anti-virus companies who are trying to sell Mac software or journalists who are trying to write attention-getting headlines?

It is a pretty ambiguous game because there is no precedent. However, there are some signs to look for.

You could jailbreak the original iPhone by simply going to a webpage. The URL had a malformed TIF file that allowed the iPhone to execute some website code which would update the OS software on your iPhone.

That is the biggest security flaw I've ever seen on any device, ever. Being able to change the whole OS from visiting a website. I could have jailbroken every iPhone that visited my web page by imbedding that image (the thought crossed my mind!). Fortunately, no hackers saw fit to take advantage of this hole, which was fixed months after it arose.

Trojan horses aren't terribly dangerous for Mac users because you have to want to install them on your computer. On Windows XP and previous you can install applications without login and password which is much less secure.

Most people don't install shady software applications that ask for username and password. The one exception I can think of is the recent iWork torrents that had an extra application inside it that allowed the hacker to take over the Macintosh. This is an area to be extremely careful of.

As far as viruses are concerned, the Mac and iPhone haven't had much to speak of. That doesn't mean that one day a big conflickr type of virus won't be unleashed. It certainly appeared that the SMS vulnerability could have been used to build something like that.

That brings up an interesting point. People have given many reasons for the lack of viruses on Macs. I think the biggest factor is that virus writers -- the good ones -- don't work on Macs. They aren't familiar with the platform and the tools to crack into Macs aren't widespread. With Apple wanting to keep its margins intact and having little desire to sell under-$1000 computers, I believe this will continue to be the case.

So where does that put us Apple users?

For the most part, there aren't any antivirus tools for the iPhone and iPod. Until something bad happens, I don't think there will be a market for such a thing (though the antivirus companies will try to sell one).

Although I probably shouldn't be, I am currently running my Mac OS without antivirus software. I've been without for about three years, though I do keep a disabled copy of ClamAV on my machine in case something bad happens. My experience with Mac antivirus software is that its been so poor and untested that if something were released, the software wouldn't be able to stop it.

On my Windows VM, I run Symantec.

I keep a pretty good eye on security threats out there and I generally update my desktop the minute any security updates are released. The MacOS has a very solid security foundation based on its UNIX heritage.

I don't feel entirely safe from the unknown but I can sleep at night. That is all I really want from my OS.