When you say “computer security,” most people think viruses, worms, and other forms of malware. They also think that Mac users don’t really have to worry about it. And they’re correct. But that may be changing. Not only is the Mac becoming more popular, and therefore more worthy of criminal attention, there are many other ways Mac users can be targeted that are not platform dependent. It’s time to reassess the threats and decide whether Apple’s built-in security measures are sufficient to keep Mac users safe.

A virus earns its name by its ability to replicate. Viruses attach themselves to programs. When those programs are launched, the virus code launches and the virus goes about its nefarious business. Viruses are commonly found in the Windows world, not the Mac world.

A Trojan (shortened from Trojan horse) is malware that promises one thing but delivers another. For example, you’ve downloaded an application that promises to make you rich, or, as was the case with the iServices Trojan, a pirated copy of iWork. When you run this program the writer of the code gains remote access to your machine.

The term botnet refers to what the software does once you’re compromised. A botnet is a collection of infected computers tied together and controlled by the attacker. Criminals use these to send spam, distribute other malware, or co-ordinate large, distributed denial of service attacks (in which thousands of computers hit a single site at once to overwhelm it). In 2009 a small botnet, built from Macs compromised by a Trojan, was seen. But, since your Mac first needs to be infected by some form of malware before it can be made part of a botnet, the chances that it’ll end up in a herd are still low.

It's possible for an iPod to be infected with a virus; although it's mainly an issue that will affect PC users

Infected hardware
Some attackers have managed to infiltrate supply chains, shipping digital picture frames, storage devices, and, yes , even iPods that are pre-infected with viruses. This is still mostly a Windows-only problem thanks to Windows’ autorun feature, which automatically launches software on an appropriately-configured storage device. When you connect one of these devices to a PC, the virus automatically runs. (Microsoft has since issued updates to disable this feature.) Fortunately, Macs have never had an autorun feature, and thus are not affected. That said, there have been security vulnerabilities in the OS X file system that could lead to an infection if you run a malicious DMG file. But so far we haven’t seen this method used in real attacks.

Bluetooth attacks
Bluetooth wireless technology, found in Macs and iPhones, has known security vulnerabilities. But your odds of being victimised by those vulnerabilities are low. Even if you accidentally leave Bluetooth file-sharing enabled, it’s unlikely you will ever be within range of an attacker, never mind one with the tools and knowledge to take advantage of the opportunity.

Phishing schemes trick you into revealing personal and financial data. They exploit the weakness of the person sitting at the computer rather than the computer itself. These fraudulent offers or warnings arrive via email or instant message, demanding that you provide credit card, password, or bank account information in order to maintain a service or confirm a transaction. For example, you receive a message from your credit card company asking you to confirm username and password in order to continue using the bank’s online services. Click the link that supposedly takes you to the bank’s website and you’re presented with a web page that looks like the real deal. But, of course, it isn’t. Provide the information and gain a drained bank account.