Prediction: Apple will recommend security software

Correction, 5:05 p.m. PDT May 12: This story initially mischaracterized iBotnet. It is a Trojan horse.

As an analyst, it is my job to follow the industry, internalize trends, and then use this information to make predictions. OK, here goes: Within the next 18 months, Apple will begin recommending that Macintosh users install Internet security software on all systems.

Now I realize that this statement is blasphemy to dedicated Mac users, so let me start with a few qualifying statements. I am not comparing Mac OS with Windows, or Apple with Microsoft, and my prediction should not be interpreted as an attack on Apple, its developers, or the security of its code.

The truth is that all sophisticated software contains vulnerabilities and Mac-based malicious code is nothing new. The recent iBotnet Trojan is just one example. My hunch is that Mac attacks will increase precipitously over the next year, driving Apple to drop its Windows security insults and partner with the likes of Sophos, Symantec, and Trend Micro. Here are a few reasons why:

1. Macs users are a lucrative target. Mac owners tend to affluent and Net savvy. To the bad guys, this means identities to steal and broadband connections to exploit.

2. Organized cybercrime is diversifying. Cybercriminals tend to work as a loose confederation with each group specializing in a certain task. There are malware writers, botnet owners, mules, etc. Some entrepreneurial bad guy is bound to see a green field market in Mac cybercrime, recruit Mac hackers, develop expertise, and market these capabilities. If there is an equivalent of a cybercrime venture capital firm, they are probably looking at business plans like this already.

3. Macs are growing in the enterprise. In many large firms, Macs make up about 5 percent of endpoints. If the bad guys infect these systems, they can troll the network looking for other vulnerabilities and juicy data at will.

4. Macs are fairly easy to hack. In March as part of a contest, security expert Charlie Miller won $5,000 for exploiting a hole in Safari in about 10 seconds. If he can do this in 10 seconds, how many techies can do it in an hour? This is a frightening thought to me.

The company and Macintosh users should not fight this trend--doing so would only increase risk and help cybercriminals. Realize that most enterprises that already use Macs do so with the caveat that these systems must run security software. The goal is reducing risk, not singling out Mac users. There is a lesson to be learned here.

Senior citizens often hark back to a time when people left their house unlocked and left their car keys in the ignition. Now they lock their doors for safety. Apple, along with Mac users, should prepare for a similar transition. Given the state of cybersecurity today, pragmatism should trump romanticism.

[monkeyfun14]

Another 300 comment flame fest

I'll point out some things as well pertaining to comments that are going to say well they require user interaction. All forms of hacking require some form of user interaction even in Windows with UAC.

[black jelly bean]

But I thought crApple Macs don't get viruses? :-)

[shellcodes_coder]

One thing's for sure, EXPLOITS ON CRAP OS X JUST WORKS!!
On the other hand, writing and getting those exploits to work in Vista and 7...it's TOUGH, damn TOUGH

Hackers have proven it!!

[kcotham]

Only if you engage in flaming. Keep your comments civil and logical and there'll be no problem. Be petty, illogical, and immature, and it'll surely happen.

[pentest]

"All forms of hacking require some form of user interaction even in Windows with UAC."

100% wrong, thanks for playing.

[monkeyfun14]

@pentest

Really?

With UAC nothing installs without the user knowing.

[slapppy]

@black jelly bean

Wow your really funny and so created. I bet no one has ever heard of that joke before. Give yourself a cookie.

[geognett]

"ALL forms of hacking require some form of user interaction" without the "All" that statement is true. I would have said the majority of successful viruses are, but hacking is something different entirely and doesn't always involve a sort of social engineering.

[santuccie]

@monkeyfun14:

Actually, security researchers have been performing drive-by downloads on the Mac at CanSecWest. I hope I don't get myself caught up in a big fight over this, but they're saying OS X is much easier to hack than Windows Vista.

[The_happy_switcher]

Prediction: this story was posted to get lots of hits and generate a flame war.

[monkeyfun14]

For the first time i'll have to agree with you unfortunately I don't know how well that will hold when more comments arise.

[pithenumber]

this is like a first
I agree with you applerocks

[kcotham]

Absolutely correct. But it wouldn't be a flame war if certain people wouldn't tout falsehoods as fact. You know who you are.

[michael_j_x]

it would be a nice wake up call to all those apple junkies, who seem not to realize that OS X is actually programmed by code monkeys, that are of the same species as those in Microsoft. There is no magic bullet in making a software virusproof. As long as there are people writting the code, there will be vulnerabilities, especially as the systems become more and more complex and multi-threaded.

[monkeyfun14]

So true but alot of people don't realize that getting a job at Apple is just as easy as getting one at Microsoft.

Take proper college courses and send in a resume.

Apple doesn't have their coders floating down from the heavens.

[pentest]

What makes OS X and Linux better is that they are built with secure foundations.

Security has been, and still is an afterthought for MS. Even Vista and Win 7 security changes are just bolt ons, and the memory protections in Vista have been completely broken for some time.

[michael_j_x]

@ pentest
that is not nescessarily true. Remember the first worm ever released was on unix, because the finger command was not reporting a stack overflow. Let alone, people find new ways to break an operating system every day. It simply is not possible to prevent all potential attacks during design time. One might even argue that Microsoft is ahead of the rest in terms of security, because its OS is being challenged a lot more rigorously. It is a lot more battleharden than the rest of the OS-es.
Lets not forget, all 3 systems started out as Monolithic Kernels, which is definetely the wrong choice with regards to security. Apple made the switch to Microkernel design in 8.6, and Windows in Vista. Thus, none of the 3 systems was initially designed with security in mind, as they were all aiming to improve perfomance, which was so needed in the 386 era.

[santuccie]

@pentest:

Actually, security researchers have been performing drive-by downloads on the Mac at CanSecWest since '07 (still waiting to see this on Vista). I'm not looking to start a flame war, but they're saying OS X is much easier to hack than Windows Vista.

[mattfast1]

@pentest: Many viruses have been released for Apple's OSs - just look at the plagues that began prior to System 7. Many servers run a *nix system that we keep hearing about at schools and large corporations that have been broken into - the very same base that OSX is based upon.

Just because an OS comes from Apple or is *nix based doesn't mean it's perfect.

[R. U. Sirius]

Oh wow, look. Another article about Apple that is pure speculation.

Cnet: the newest Mac rumor site.

[kcotham]

Agreed, there seems to be no hard news whatsoever.

[iain1962]

There has been one reported trojan for OS X. ONE. And it was discovered back in March. It's taken this long for the press and analysts to find out about it because it hasn't spread far. It was embedded in pirated copies of MS Office and Apple iWork, and installed when the user supplied the root password.

What good would 'security' software do in this case? (Ignoring, for the moment, that anti-virus programs are digital snake oil. They only reduce the chance of infection by new malware by 5 - 10 % ).

And note that the people getting infected by this trojan were downloading what they thought were cracked copies. They were stealing software. Do you expect a person like this to buy an anti-virus program?

[monkeyfun14]

It doesn't matter if it was only one it still proves that malware can be created for Mac's and that the computers can be just as vulnerable as anyone other one.

All 3 boxes can be hacked.
All 3 require some form of user interaction.

[eerongal]

AppleScript.THT Trojan Horse discovered june 19th 2008.

OSX.RSPlug.A trojan horse Discovered: October 31, 2007

OSX/Leap-A Trojan horse discovered Feb 16th, 2006

The one you reference:
OSX.Trojan.iServices.A Discovered: January 21, 2009

Point is: Might wanna research things you say before you say them :)

[Hep Cat]

Wow. A fact-filled and informative post. Too bad the haters won't read it, or if they do, that they'll ignore it.

[pentest]

"All 3 require some form of user interaction."

Wrong, lots of programs in Windows run with admin or kernel privileges, get access through those and the user will never see it.

Hell, I have written small, benign rootkits that install itself as kernel mode Vista with UAC turned on. Guess how many warnings it gave: 0.

[pentest]

"AppleScript.THT Trojan Horse discovered june 19th 2008.

OSX.RSPlug.A trojan horse Discovered: October 31, 2007

OSX/Leap-A Trojan horse discovered Feb 16th, 2006

The one you reference:
OSX.Trojan.iServices.A Discovered: January 21, 2009

Point is: Might wanna research things you say before you say them :)"

How many can spread on their own?

[monkeyfun14]

@pentest

I bet they require clicking.

[geognett]

The whole point of pointing out that the botnet was there was not to say why or how they got it but to explain that it can be done and that it should be addressed. Because the majority of Windows users that get viruses are doing the exact same thing which means only one thing, that once Mac's market share increases so will the amount of exploits become more common place. Now I agree people would not get into as much trouble if they were not trying to get everything for free, and going illegal routes to do it.

[santuccie]

@pentest:

Have you participated in Pwn2Own? If you can actually install a rootkit without triggering a UAC alert, you should be. Conficker and Mebroot can't do that.

BTW, are you doing this in a drive-by attack, or buffer overflow (and what application)? Inquiring minds want to know.

[kool_skatkat]

What's the timeline for this prediction? Is it this year? Within 5 years,... or any time in the future, eternally?

[monkeyfun14]

This arrogant type of attitude is what got Caesar killed and what is going to hurt alot of Mac users in the end. ;)

You've been warned.

[badmojo42]

um read the article duh, he said in the next 18 months.

[grossj144]

The article says within 18 months.

[kcotham]

@monkey
What is your major malfunction? What attitude? By whom?

[geognett]

@kcotham

I dont know monkey and I am not necessarily defending his comment as I partially agree with the concept of, if you constantly think something will not happen just because, doesn't mean it will not happen. Security, in this day in age is a necessity, with all the data that gets transmitted. I worked for companies that use software like SAP and their clients log in with secure tokens that change key codes every 30 seconds, and they still needed their personal password as well, and there had been reports often of even something as secure as that getting hacked. Point is, if there is a wall built by a man, there's another man thinking up ways on how to scale it. So, again, the arrogance of Kool's statement is just that, arrogant and an arrogant person fails the hardest. But I don't really care, because I benefit off of it every day working on peoples computers, but people still need to be educated about it.

[kool_skatkat]

18 months, let's wait and see. I suppose Sylvia Browne is not the only person predicting the future? Any previous predictions by Jon Oltsik? How well is he at predicting the future?

[geognett]

People predict future events all the time. Doesn't mean any of them will happen or the prediction has any grounding. Business do it all the time. They collect data and determine possible out comes to help measure possible losses and gains based on possibilities. But who knows maybe there is no factual basis on his prediction and he's just physic.

[DMAN3k]

Now if EU would just sue Apple for being monopolistic.

Not only do Apple control software but also hardware. A whole lotta money for EU!

[cwlqwp]

If the EU taught me anything its that bundling browsers is illegal, so i guess apple, ms, and probably android all have to die now.

[pentest]

MS didn't simply bundle a browser, they made it a part of the OS. Huge difference.

[seven7dust]

"Not only do Apple control software but also hardware"
thats exactly why they can't sue em
Since Apple controls the entire experience they can never be a Monopoly like Microsoft
and hence EU rules don't apply yo them !

[Seaspray0]

@seven7dust. Never? That premise is being challenged now by apple vs psystar. You're making too many assumptions when you use the word "never".

[protagonistic--2008]

Thank you. It has been lonely out here on the fringe. I have been using security software every since I switched to Mac over five years ago. Anyone that understands anything at all about computers knows there is no such beast as a completely secure OS. You should always know what your computer is doing and sad to say most users, both Windows and Mac, do not.

[Random_Walk]

...and anyone who understands computers knows that there is no such thing as protection with a reactive technology like A/V. I prefer to harden my own systems, thanks much... and if the worst the world can do is pack trojans into pirated software, I suspect that I'll be very safe for many years to come.

Otherwise, sure - I agree that there is no such thing as a perfectly secure OS. OTOH, there are varying degrees of secure... and it isn't hard to figure out where each OS sits on that scale.

[kcotham]

Nothing's perfect, but Antivirus, anti-malware software is better than nothing.

[pentest]

AV is always behind the curve, saying it is better than nothing is like saying using WEP instead of no wireless security is better than nothing.

No, it is not. WEP can be passively broken in anywhere from 1 minute to an hour, regardless of the passphrase strength.

I can't tell you how many times AV(especially garbage such as Norton and McCafee) killed legit programs such as Cain but let lots of obvious malware go by unmolested. We are not talking about clever malware, just simple things like keyloggers that make very obvious calls to Windows functions that are well documented. To be fair AVG caught that the function call had the argument in it that told windows to hook into every application running and that will run that request keyboard access.

Of course, the fact that MS created a function that sets up your keylogger for you and is nice enough to do the spying is just more evidence of the seriousness that MS takes security and how competent they are.

[santuccie]

@pentest:

Just so you know, McAfee added a technology to their consumer products in the end of 2006, which has successfully blocked drive-by downloads in IE without relying on signature detection, heuristic detection, or IPS/IDS. It's called ScriptScan, and all it does is sit on the Script Host. It allows most scripts to run (e.g. YouTube videos, Flash games, Google ads), but blocks any script that tries to make changes to Windows.

Furthermore, the latest version of Norton Internet Security adds drive-by download protection for IE and Firefox. Have you actually run tests, or are you just saying this and hoping nobody knows better?

[EC13823]

Hey, hey, now, sounds like some folks have some deep unresolved feelings about macs -perhaps you should talk to someone about the issue.
Anyway, my comment is related to the picture chosen for the column. Sometimes the fine details are interesting. Look around on TV, web, print and you will see most computers used as props are MACs. Some of you will say "That is all they are good for anyway". I just think it is ironic that the picture at the top of this column is of a PC in chains when, in this case, it should be a mac - It would still look good dressed in chains.

[Daturze]

What's more telling is that there's a Norton Internet Security 2009 ad coming up!

[slickuser]

Here is a prediction: Microsoft will scrap Windows and use Linux as a core OS to build its crap on top of it...

[monkeyfun14]

Here is a prediction as well: Trolls will continue to be irrelevant to the article being discussed.

[kcotham]

No slickuser, that would be too much of a step in the right direction.

[slickuser]

monkeyfun14: you seem to read my comments and get pumped up... thats the idea...

[monkeyfun14]

Nope but if you have noticed I rarely openly attack Apple I only try to disprove FUD.

[kcotham]

@monkey
I'm going to have to call bull$hit on that one. You are a rabid anti-Apple fanatic. You have never disproved anything, anything at all. What you perceive as FUD, is just a view that is counter to your Microsoft-centric views.

[Vegaman_Dan]

@kcotham:

That's a mighty fine kettle you have there. :)

[kcotham]

@Vega
Aren't you supposed to be working? Steve Ballmer will fire your butt if you don't get back to work.

[ckh1272]

I agree with kcotham on that one. Look up the definition of the word "Hypocrite" monkeyfun14. Of course, that might actually require reading something instead instead of just spouting off FUD.

[Arblade]

Look .... finally some one is supporting Mac. J/K

The same could be said for Linux as well as all the other software OSs out there. PC by far have the largest issue but there is a whole industry to counter it. The criminals only need a few people to falsely believe they are safe to achieve their goals.

On the other hand this article could be an excuse to produce a flame war and traffic...

[kcotham]

Undoubtedly.

[BillPStudios]

This may explain why I've already had 5 Emails today asking if I had a version of WinPatrol for the Mac.


Bill

[jazzmsngr]

monkeyfun14....are you an employee of symantec or something? I HATE, ABSOLUTELY HATE....Security Software...I am a PC user (only because I have not saved up for a MAC, one day I will buy a MAC to use a computer that WORKS...can't wait!) BUT, i decided to do a little test with my new (used) laptop.....I... (brace yourselves....) DID NOT INSTALL SECURITY SOFTWARE ON A PC!...OMG....I just said it! May GOD Strike me down! and guess what, since I don't download pirated software or frequent Porn sites or randomly click on pop-ups and spam email....GUESS WHAT??? NO MALWARE!!!! and its been over two years!!! I then went back and took it off my desktop and low and behold, Photoshop does not crash anymore!!! I can run itunes and firefox without a melt-down cus' I don't have McAfee running 400% of my PC's power!! I could have kept the software, but then I would have had to get 6gb's of RAM! Nah, i just won't be an idiot when it comes to the internet! BTW, the $30 a year I saved, I am using to put towards a MAC!

[monkeyfun14]

Where was I preaching the need for security software I think I clearly was just saying that all OS's are vulnerable.

O_o

[oxskittlefreekxo]

Quite honestly if you're running McAFee you SHOULD expect your computer to malfunction. Most people who know anything about good internet security software are not buying McAFee anymore. There are actually much better software(s) you can use now that do not take up much of your computers speed when it is running scans. But, I'm sure you knew that?

You may think that you do not need internet security software, but your computer is still vulnerable either way.

Have fun buying your new Mac whenever you save up for it. :)

And about the topic this was about , it was and is bound to happen anyway.

[sting7k]

You have security software, Windows Defender and Firewall are doing their jobs.

[kcotham]

AVG is a very good free alternative. ClamWin is also of use for Windows machines. On a Macintosh, Clam has a port for Mac OS X.

[geognett]

All your comments on how you use your computer is good. But the fact that you make an assumption at AV protection, or any IDS (Intrusion detection system) by saying McAfee sucks means you have not done your research on AV's in general. Anyone who uses McAfee or Norton, being the non Corporate Norton that is, means that you use what ever the manufacturer pumps at you blindly. Not all AV's slow your computer down and cause a bunch of headaches. This is the Kicker no one pointed out "if you dont have an AV to detect Malware or Viruses how would you know if you dont have one." Some viruses when they work properly do not slow your computer down. Even MAC suggests having an AV and that you should scan once in awhile to be sure. As long as you have good browsing habits and do not participate in illegal downloading then yes your chances are less but nude sites are not the only trouble on the internet anymore. You need to recheck that theory of bad sites though.

[Vegaman_Dan]

To be fair, McAfee has a reputation for being a rather large resource consumer. But there are plenty of other products and services available, so before damning the entire industry, you might consider using a different product.

[iptofar]

Be interesting to see how many times this has been predicted before.

Flame on!

[Perry_Clease]

"Be interesting to see how many times this has been predicted before"

About as many entries as there are in the Apple Death Knell. However, sooner or later someone will be smart enough to get past OSX security. In the meantime it is easier for the jerks who write malware to go after the low hanging fruit.

I wonder what security measures will be in Snow Leopard.

[monkeyfun14]

@Perry

A OS is only as secure as its users.

[Perry_Clease]

"A OS is only as secure as its users."

Right if I give someone my password they can get in.

[monkeyfun14]

@perry

We have people who have died from mistaking rubber bands for fetuccini

Someone giving there password to run any program is not so far fetched.

[Perry_Clease]

"We have people who have died from mistaking rubber bands for fetuccini

Someone giving there password to run any program is not so far fetched."

That is also true, look at all of the people who use Windows :)

[SIGHUP]

It will not happen anytime soon. Virus and worms need the same OS to spread and Apple does not have the population density on the net to support it. True there are more Apples on the net, but not anywhere near enough to support Viruses or Worms. Then there is the problem of someone wasting their time writing malware for an Apples that make up less than 5% of the net when they can write for windows and infect a lot more.

[shootfirst]

Point is who would expect that the Macs are exploited, 5% is still a huge number and most of these users do nothing to contain the exploits as they are protected by Mac. Gradually more people are going to start using Mac due to the sense of security and wanting to not be bothered by spyware. This itself will deem them as likely targets for malware especially since more users switching from Windows will want more applications they can't get on a Mac which will just increase the amount of flaws to exploit, due to the increased numbers of pirated programs.

I myself would rather go after 5% that is guaranteed and probably won't be caught as readily. Also food for thought more of the Windows users switching to Macs are bringing over the problems via virtualization and it is only a matter of time before this starts getting attacked more and more since virtualization is on the rise.

[MikePlacid2]

Let's look. If a Mac is just 2 times more harder to exploit, that means even when Mac density will equal Windows' one - you'll get 2 times LESS infection compared to you writing an exploit for Windows. 2 times LESS economic sense. Now, in my estimate Mac is really 10 times harder to exploit. That means no economic sense to try to exploit Macs until their installed base will be 90% vs 10% of Windows.

[michael_j_x]

@ MikePlacid2
The Pwn2Own hacker that hacked the Mac in just under 1minute, said that penetrating OS X is easier than windows, and he actually held onto a Safari vulnerability for a year, because the $5000 offered in the contest where more than what he could get on the open market. He then said how much harder it is to exploit a software vulnerability on a windows platform, than on an OS X, simply because M$ has all those mechanisms in place that prevent it. He was actually surprised, that one of his colleagues bothered to penetrate Windows in the competition, because he could have easily gotten $50 000 if he had sold the vulnerabilites in the market. Bottom line, his words, not mine, is that vulnerabilities exist on all 3 systems, but M$ actually makes it harder for hackers to exploit them.
I know this sounds ridiculous, but read before judging: http://blogs.zdnet.com/security/?p=2941

[edmalloy]

Jon,
Thanks for revealing your total lack of understanding.

My bet is that this blog entry paid a few car payments for you.

[monkeyfun14]

What lack of understanding? He has a valid point.

[kcotham]

While I commend Jon for encouraging people to use security software, he made several logical fallacies and factual ones as well.

[Dalkorian]

Thanks, I was starting to think I was the only one who saw through Jon's BS cloud. Where shall we start, the fact that Apple has recommended AV software for years or the fact that a trojan horse is not a virus? Maybe point out how long it took Mr Miller to come up with that "10 second exploit" (hint: it wasn't 10 seconds, not by a LONG shot)?

But I guess it did get the eyeballs and flame wars started, which must have been the goal otherwise it would have facts instead of pure unadulterated bull plop.

[santuccie]

@Dalkorian:

You're right, Charlie Miller's 30-second exploit took weeks to premeditate, but the point is that 30 seconds is how long it took to actually perform the task.

That said, where is this "bull plop" you refer to? Just because there is no such thing as a virus for the Mac (at least the Intel Mac), are you assuming it's harder to make one work on the Mac? What, pray tell, is it about Mac OS' code that enables it to distinguish viruses from all other programs without a monitor and signature database, and block them while failing to stop Trojans and drive-by downloads? Hint: NOTHING.

Say a woman lives out her entire life without ever getting laid, and she never contracts HIV. Does this mean she is immune to the HIV virus? You're confusing status quo with inherent security. The case in point is that Mac OS has been successfully pwned with remote code execution attacks three years in a row, while Vista could not be touched until the third day (Adobe Flash vulnerability), and Ubuntu not at all. Security researchers are saying unanimously that OS X is the most vulnerable operating system on the market (Windows XP isn't on store shelves anymore; it's in the past).

Now we have iBotnet, and by now the Russians are well aware that drive-by downloads will work on Apple. It's only a matter of time before they get familiar with OS X and figure out how to do it. Just to make sure you understand the difference between ItW and PoC, it doesn't mean ItW means "feasible" and PoC means "never." PoC means it hasn't happened "YET." But your choice platform's market share has grown quite a bit. Add the fact that a lot of Mac users don't run security software, and don't lock it down like some do with Windows 2K and XP because they can't imagine ever being attacked (the "I'm a PC, I'm a Mac" campaign doesn't help), and Apple becomes rather a mouth-watering target (and not because apples are juicy and delicious).

The tables have turned; sooner or later, you'll have to accept that. If you will refuse to do so until XP's market share drops below that of Vista and the upcoming Windows 7, and bot herders move on to the easiest remaining target (OS X), that's on you. But don't say you weren't warned. In the meantime, I'll enjoy knowing how to lock down XP itself, and doing everything I want with my computer without making sacrifices, AND without a single infection in over 2-1/2 years (not even simple adware). I get to have my cake and eat it too. And I'm not just safe because no one has spotted me in the thicket yet, or because I stay out of the meadow; I'm safe because I'm adequately shielded from their attacks.

Can't speak for anyone else, but I would never attempt to delude myself (It's not happening, it's not happening, Mac OS has always been tougher than Windows, so it must be now...), and I would never depend on the criminals themselves to leave me alone; that's insane. I hope you don't bank online.

[santuccie]

BTW, just so you are aware, most bona fide computer viruses are spread through e-mail attachments to targeted victims, such as politicians and high-profile clergymen. The virus is spread when they forward the message, often a cutesy or "heartfelt" chain letter. If it propagates on its own, then it is by definition a worm (or at least part worm), and worms already exist for OS X. The very first ItW malware written for Intel Mac was a worm.

Remember this adage: if you can install software, then you can install malicious software. If people can gain complete control over a Mac through a remote exploit, best believe they can infect you with a virus that requires your interaction to install. That works on all operating systems, including Linux and OpenBSD itself.

The only ways to block or mitigate damages caused by a virus are to detect and remove it, or to block changes to critical files indiscriminately. I believe most Linux distros do this by disabling write-access to system files for non-root users, which is the same way I lock down Windows XP and 2K (all live CDs are immune, being read-only). But evidently the Mac doesn't do this; otherwise, no one should be able to touch it at CanSecWest.

[bradrel]

Recommend security software, like they have been for years?

http://support.apple.com/kb/HT1147

http://gizmodo.com/5100996/false-alarm-apple-mac-os-x-anti+virus-recommendation-is-old

[kcotham]

Exactly!

[Hep Cat]

C'mon now. We can't have facts in a column written entirely to generate comments and page hits.

[Dalkorian]

Maybe you should apply to Cnet - obviously you have done a better job of researching this article than the hack who wrote it did.

[mattfast1]

Has there ever been a time Apple (or anyone else, for that matter) did NOT recommend security software for their systems?

[sargess25]

"Prediction: Apple will recommend security software"

a prediction or a wishful thinking? now we have a new breed of troll journalists; betcha he's an inveterate Windows user

[Perry_Clease]

Sidebar. I am working here in my home office and just saw the Google Map vehicle cruise by. I wish I had known he was making rounds, I would have mooned him. Anyone in San Diego Zip Code 92126 loosen your pants and get ready. :)