Malware authors love to use holes in 3rd party software. This is as true on OS X as it is on Windows. Some of the most recent high-profile OS X threats, such as Flashback and SabPab, are great examples of this. Flashback relied on a Java exploit, and SabPab on a Microsoft Word exploit.
From a malware author perspective, the best thing about 3rd party software vulnerabilities is that people are very slow to patch them. For all the media focus on malware that uses the newest or cleverest techniques, the most prevalent malware out there is totally banal. It doesn’t go to great lengths to hide itself, it doesn’t exploit the latest vulnerabilities, and it’s probably covered by anti-malware software by the time you get infected.
From their perspective, why go to all that trouble to be extra-stealthy and cutting-edge when you really don’t have to? They only need a certain number of infected users to make good money stealing credit card numbers or using your machine to send spam. Having too big an impact can actually work against malware authors, as users might be more inclined to update their protection if they hear about malware on the evening news.
Apple has added an interesting feature to the upcoming OS X Mountain Lion, that I hope may help with this issue. It looks for security updates, daily or as you restart, then it downloads and installs them in the background. It may be that this is only pertaining to OS security updates, in which case the improvement will be minimal. But it could be that this feature could include updates to other software as well, in which case it could be quite helpful.
Time will tell. As this feature is implemented, we will cover more details in this blog about what the improvement entails. Stay tuned!
