Virgin territory

This story was updated at 1:45 p.m. EDT on Monday, March 14.

"I just got a Mac, think many first-time Apple customers. I'll never have to worry about a virus again."

So it would seem to many longtime PC users, plagued by virus, e-mail and phishing attacks that require constant vigilance and the installation of often pricey security software. They rarely, if ever, hear their Mac-using friends complaining about the same problems.

But even though it's true that Macintosh computers, iPhones, iPods and iPads (the latter three of which run Apple's iOS mobile operating system) are subject to far fewer attacks than their Windows (or Android) counterparts, Apple products are definitely not immune to security flaws.

In fact, as Apple's market shares increase, so do the chances of malware being written specifically for the company's devices.

Apple software is actually ripe for attack. At the 2010 Pwn2Own hacking contest, held every March at the CanSecWest security conference in Vancouver, Apple's Mac OS X, the Safari Web browser and an iPhone 3GS were all exploited with surprising ease, falling quicker than their Windows-based competitors.

The overconfidence many Apple users feel about their gadgets may come from the company itself, said Alex Horan, director of product management at Boston-based Core Security.

On its website, Apple states that: 'Mac OS X doesn't get PC viruses. And its built-in defenses help keep you safe from other malware without the hassle of constant alerts and sweeps, Horan said.

But it's a false comparison.

Traditionally the only reason we haven't seen a lot of news about viruses and worms targeting Mac systems is because we haven't seen as many Mac systems in use, Horan explained.

The reality today remains that if I want to write some code that will attempt to control the maximum number of systems, then I need to have that code target the most common systems out there [Windows]. But as the number of Mac system grows, so will the attention of the attackers.

Horan's colleague at Core Security, Vice President of Security Awareness and Government Affairs Tom Kellermann, added a warning.

Over the past few years, we've seen multiple exploits that have proven that this perception around Apple security is truly misguided, Kellerman said. Those people who believe that they are fundamentally more secure simply because they use Apple products will likely someday learn to regret it.

Five hard lessons

With that in mind, here are five Apple security myths and the brutal truth behind each:

Myth: I don't need antivirus and spam protection because I work on a Mac.

Truth: The Mac OS X operating system is targeted less frequently by malware only because it's not as widespread as Windows. It's no more secure than any other operating system, said Sorin Mustaca, data security expert at Germany-based Avira.

As for phishing attacks, said Mustaca, the biggest problem in this case is not the computer itself, but rather it's the user.

Myth:

I can't be infected by any malicious software because I get my applications exclusively from the iTunes App Store.

Truth: We've seen a couple of times already that the App Store is not such a secure fortress as one might have hoped, said Mustaca. It is extremely difficult to check every single application that is inserted there.

Myth:

Mac OS X is inherently more secure than Windows.

Truth: Apple's brand-new products are being hacked almost immediately upon arrival. For example, jailbreaking your iPhone is as easy as browsing to a specific website.

For a while, it was easier to write exploits for Mac OS X systems than it was for Windows, but now they're relatively equal, said Core Security technical specialist Dan Crowley. Bugs seem to be just as easy if not easier to find in Mac OS versus Windows.

Myth:

Apple's Safari browser is more secure than Microsoft's Internet Explorer.

Truth: Safari had more than twice the number of reported vulnerabilities in 2009 (94) than did Internet Explorer (41), according to Symantec's Global Internet Security Threat Report.

Myth:

iPad users are not susceptible to the same sorts of attacks that Windows users experience.

Truth: According to Anup Ghosh, founder and chief scientist of Fairfax, Va.-based Invincea, Apple released the iOS 3.2.2 software update for the iPad specifically to fix a critical vulnerability in the way it handled PDF files that could be manipulated by malicious hackers.

Mac Bacteria

So what can you do to make your Apple device more secure? First of all, never open an e-mail attachment you're not expecting, even if it's from someone you know.

Always check the URL the long string of characters that begins with http in your browser address window when surfing the Web, even on an iPhone or iPod Touch. Be very careful about using free Wi-Fi hotspots in coffeeshops, libraries or airports it's safer to just use your cellular carrier's data service.

There isn't any third-party security software for iOS devices as of yet, but a few Mac OS X applications are available, such as Sophos Anti-Virus for Mac Home Edition (free), BitDefender Antivirus 2011 for Mac (starting at $40 per year), Intego Virus Barrier X6 ($50 per year, two users) and various Norton products (starting at $50 per year).

Five Apple Security Myths and the Hard Truths