Apple’s lack of support for older Macintosh operating systems is placing Mac users into the path of in-coming cyber security attacks such as the recent Flashback botnet outbreak according to Kaspersky Labs co-founder, Eugene Kaspersky.
In April, researchers at the Russian security vendor reported that Flashback had infected 41,600 Macs in Australia. This high penetration rate was attributed to two factors by Kaspersky Australia and New Zealand technical services manager, Nigel Hedges -- a lack of anti-virus security and Apple Australia’s healthy market share of 11 per cent.
A total of 670,000 computers were infected worldwide with more than 98 per cent thought to be running Mac OS X. The United States had the most infected computers (300,917), followed by Canada (94,625), the United Kingdom (47,109) and Australia (41,600).
Kaspersky told Computerworld Australia that while the Flashback botnet had been a “wake up call” for Apple to improve security, the company still needed to improve some areas such as extending time frames for supporting older operating systems. For example, in May this year Apple ended support for OS X 10.5, aka Leopard, when OS X 10.7, or Lion, was released.
“Apple has stopped supporting some older operating systems but there are still millions of people using these systems,” he said. “It means if vulnerabilities are found, any kind of bad guys will be free to infect these machines.”
In contrast, Microsoft has extended its support date for Windows XP, an operating system which dates back to 2001, until April 2014. “There are so many people around the world who still use XP and Microsoft are responsible for security,” Kaspersky said.
He added that Apple could learn from Microsoft’s security strategy of extensive patching, such as its monthly release of security patches nicknamed Patch Tuesday, and software source code inspection.
“Ten years ago Microsoft was vulnerable because there were many mistakes in its software codes and exploits were possible to be developed for Microsoft,” he said.
“However, it invested in a source code inspection to make sure there were no vulnerabilities and introduced patch systems.”
Apple Australia was contacted by Computerworld Australia but declined to comment on Kaspersky's claims.
A statement on the Apple Product Security website reads that for the protection of its customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU