Java exploits seen as a growing threat

Anti-virus software maker Sophos -- who recently introduced a free Mac Home Edition of their anti-malware program -- have gathered the statistics generated by their 150,000-strong Mac user base to compile a snapshot report on threats facing the platform. While the results tacitly admit the lack of actual Mac viruses and the low incidence of other Mac-specific malware, the company says the risk of Mac-specific or platform-independent non-virus malware -- and the need for detection software -- is growing.

The company has analyzed just under 50,000 malware reports since it first released its free Mac Home Edition on November 2nd. The majority of the flagged malware (98 percent) turned out to be Windows-specific, but two percent of reports (just under 1,000 instances) turned out to be OS-X specific DNS-changing Trojans. These are typically disguised as pirated copies of Mac software, often seen on BitTorrent sites, or planted on other web sites as free downloads or special plug-ins required to view videos. While not the same as actual computer viruses, they do trick users and create annoying or embarrassing problems.

More worrisome from the Mac point of view is the fact that about half of the malware reported is based on exploits in Java, and while most do not currently affect Macs, they could easily be adapted to do so -- one already has been, though no instances of it turned up in Sophos' analysis.

The report makes a case that anti-virus/anti-malware software for Mac is needed to both detect and stop the spread of Windows-specific threats, as well as guarding against Java-based exploits that can be platform-independent, or the still-rare Mac-specific Trojan. Sophos' Anti-Virus for Mac Home Edition is free and does not require registration to use.

by MacNN Staff