Upon further review
It’s been a bit busy since we started this blog, to say the least. So here’s a quick summary of what’s happened in the Macintosh Internet security world since the “Don’t Panic!” scare hit a couple weeks back:
Don’t Panic.  A Mac user’s machine was actually “hacked” over the Internet, and a Unix-based virus installed on it. As expected, however, it turned out the virus did not infect the machine, but was placed there by a hacker who had access to the machine’s IP address, account name and password and was, apparently, given SSH (Remote Login) access by the machine’s user.  It’s interesting that, unlike the other events that followed, this event seems to have never made it to the mainstream media.
Here we go again.  Hot on the heels of “Don’t Panic,” what looked like, and turned out to be, a real Mac OS X virus, appeared on a Mac bulletin board. Although ineffective and not all that destructive, the virus caught the fancy of the world’s mainstream media, since it showed what many of us already new: the Mac is not perfect.  This “LeapA” virus made the score Windows 100,000, Mac OS X 1.
More on viruses.  The press went on to dig up an old, already-fixed vulnerability that could be exploited, not over the Internet, but over Bluetooth of all things.  We’re not even sure it should have counted, but, if it did, the score was now 100,000 to 2.  Actually, by that time, probably more like 100,547 to 2.
100,000 to 3.  And since all the attention of the past week had gotten people looking (not a bad thing, all-in-all), a firm in Germany found a somewhat significant “vulnerability” in the Safari Web browser and potentially other Mac applications. By no means the first such vulnerability in Safari or Mac OS X, it nonetheless provided the mainstream media with a way to continue and enhance their ongoing story line.
So what’s next?  As John Dvorak points out in his recent column, for better or worse, there is now significantly more focus on the Mac as a potential target.  This focus is both a good and a bad thing.  It likely will lead to more attacks, but it should also lead to more vigilance (and less complacency) on the part of the Macintosh community at large.  I expect we’ll see soon enough.  
Friday, February 24, 2006