I’ve had some acerbic exchanges of views here and elsewhere with people who regard social engineering threats as somehow irrelevant to the issue of Mac malware, preferring to focus on system vulnerabilities.
I don’t particularly want to reopen that discussion right now, but Dancho Danchev’s recent commentary on Microsoft’s Security Intelligence Report and the mythical aspects of the 0-day issue does, in my opinion, have some relevance to the OS X arena, though obviously there are many differences in detail between the platform. 0-days are significant, but they’re not the whole malware problem.
I try to explain why we need to reconsider the “received wisdom” that they are the whole problem in the Apple orchard, in an article just published in Infosecurity Magazine’s blog: Social Engineering: A Real Persistent Threat.
David Harley CITP FBCS CISSP
Small Blue-Green World/AVIEN/Mac Virus