As the latest Microsoft Windows infection spread across the Internet last week, knocking out thousands of PCs in homes and businesses, Macintosh users did what they usually do during a computer virus outbreak -- they continued working.
That's because the "Blaster" worm, also known as LovSan and MSBlast, cannot harm a Mac. The worm exploits a vulnerability present only in certain versions of Windows. So a computer running a non-Windows operating system, such as Linux or the Mac OS, is immune.
Nevertheless, this is not an occasion for gloating, as the attack caused widespread inconvenience -- ask anyone who visited any of Maryland's Motor Vehicle Administration offices last Tuesday -- and surely cost the nation's businesses millions of dollars in lost productivity.
Mac users rarely have concerned themselves with worms and viruses because very few "malware" -- malicious software -- programs have been written for the Mac.
In a report released last month, Sophos PLC, a British company that sells anti-virus software, noted that through the first six months of 2003, the most commonly reported virus that could affect Mac computers was one designed for the "classic" Mac OS -- not OS X. It placed 78th on the company's list.
Sophos compared that to the top 10 most-reported viruses, all targeted at Microsoft Corp.'s Windows, which accounted for more than half of all the attacks over the period.
Not that it was a fair competition. According to Security Focus, a computer security information Web site owned by Symantec Corp., the Cupertino, Calif.-based maker of the Norton brand of anti-virus products, the number of viruses written for the classic Mac OS is about 50.
By comparison, security experts estimate the number of Windows-specific viruses at about 70,000, though the exact count depends upon how you classify all the variations of a single virus or worm.
Graham Cluley, Sophos's senior technology consultant, attributed the lack of Mac viruses to a failure "to capture interest amongst the counter-culture that writes viruses."
"It's perfectly possible to write viruses for Apple Macs," Cluley said. "Indeed, a Mac has no more inherent security than a PC, but virus writers appear motivated by a desire to cause widespread havoc and so have concentrated on the market leader."
By "market leader," he means, of course, Microsoft Windows.
Sophos, nevertheless, advises Mac users to have anti-virus software and to keep it updated, if for no other reason that to prevent a Mac from spreading Windows viruses. Last month, the company released a version of its antivirus software for Mac OS X, which joins Norton AntiVirus and McAfee's Virex as OS X weapons to fight malware.
However, because a Mac can pass a virus to a Windows PC by forwarding an infected e-mail or document, Mac users always have been cautioned to run anti-virus software and to employ safe-computing practices, such as deleting e-mail messages from unknown sources without opening them.
And Windows malware can irritate Mac users despite its inability to infect their Macs; this week's outbreak of the SoBig worm, for instance, has choked my .mac e-mail box with dozens of useless messages.
Ensuring that Macs don't perpetuate the misery of Windows users by hosting Windows viruses is indeed desirable, but one question still begs an answer: Is Mac OS X just as vulnerable as Windows, spared by hackers only because of its relatively small footprint in the computer world?
It's a tough question to answer precisely because Mac OS X isn't being probed for weaknesses by thousands of mischief-minded hackers every day as is Windows. In other words, even if OS X has more security holes than Windows, with far fewer people looking for them, far fewer will be found and exploited.
Some clues to the relative vulnerability of Mac OS X can be gleaned from its heritage. OS X is based on FreeBSD, an established, well-known version of Unix.
"Unix architecture is a fairly known quantity," said Jeff Thompson, who worked with many commonly used operating systems -- Linux, Solaris, Windows NT -- as vice president and master technologist at the security software firm Argus Systems Group Inc.
Thompson now is chief technology officer of CodeTek Studios Inc. in Champaign, Ill., which is an OS X software developer.
"Unix kernels have had their security vulnerabilities over time, but they are fairly rare," Thompson said, noting that most Unix vulnerabilities reside in support services used more by businesses than homes, such as Web servers and e-mail servers.
"Chances are there are a fairly large assortment of Mac OS X bugs to be found," he said.
But more than two years after its introduction, not a single Mac OS X-specific virus has yet appeared.
Robert Richardson, the editorial director of the Computer Security Institute, an organization of computer security professionals, confessed he wasn't aware of many published OS X security holes, though he agrees that Mac OS X inevitably must share some vulnerabilities with its Unix cousins.
"My suspicion is that Apple did a fairly good job at closing up any known and obvious Linux vulnerabilities," Richardson said.
In fact, after taking some criticism early in the life of OS X, Apple Computer Inc. took a number of steps to improve its security. Besides issuing timely patches to security holes -- usually within about a week of a reported vulnerability -- Apple ships OS X with most of the services hackers typically use to invade a system, such as Web hosting, blocked by a built-in firewall.
Although experienced users who need these services can easily turn them on, this Apple policy protects the average Mac user from exposure to the most common attacks.
While Windows also has a built-in firewall, by default it has been turned off. In the wake of the Blaster worm, Microsoft said last week that new versions of Windows XP will ship with the firewall active by default.
Other steps that Apple has taken to thwart breaches of OS X include a Product Security Web page with advice on how to keep your Mac secure, as well as contact information for reporting security incidents. In addition, Apple collaborates with several computer security organizations, most notably the CERT Coordination Center.
Still, a successful Mac OS virus attack could occur; total prevention is impossible, for a number of reasons.