The biggest vulnerability to Macintosh computers is the belief among their devoted users that Apple's superior operating system makes them immune to malware, experts say.
"Some Mac users have this perception that the Mac is free from hacks and that is completely wrong," said Zheng Bu, senior director of research for FireEye, which develops anti-malware products.
Mac users, said Kevin Haley, Symantec director of product management for security response, "have let their guard down."
While the vast majority of malware is aimed at Windows operating systems, the growing market share of MacBooks and iMacs is making Apple computers a bigger target. In recent years, Macintosh computers have garnered about 20 percent of the U.S. consumer market, said Stephen Baker, the hardware analyst at the NPD Group. "They are gaining," he said.
Macs going mainstream may be great for Apple's bottom line, but it also makes the Macintosh operating system a bigger target for hackers, experts say.
"We are seeing more and more Macs getting infected," Haley said.
The first computer viruses actually were aimed at Apple computers, said Andrew Conway, a researcher at Cloudmark, which works on Internet security problems. "Back in the day, the first virus appeared on Macs," which was more sophisticated than Microsoft Disk Operating System, or MS-DOS, he said. "You could write a virus on it, and you couldn't do that on DOS."
Many Mac users have long assumed Apple's operating system, which is tightly knitted with the hardware the company also designs, has stronger security than Windows. Conway, though, said there is no way to prove that is true.
While Apple is good about fixing its vulnerabilities, "the Mac hasn't come under the kind of attack we've seen with the Windows PC," he said.
The Macintosh operating system is "not a super-system made by super-people," Conway added.
What is certain is the Macintosh operating system is once again becoming attractive to hackers.
Last year, the Flashback Trojan malware infected an estimated 600,000 Macs by appearing to be a browser plug-in but actually stole personal information. In February, Apple said Macs operated by Apple employees were infected with Java-related malware when they visited a software development website. The Cupertino, Calif., company did not disclose how many of its employees' computers were infected or when.
One of the biggest threats to Mac users is third-party software, such as Java, a popular vehicle for cyber thieves to infect Windows and Mac machines by writing only one attack code. In such cases, simply visiting an infected website that exploits a Java vulnerability can enable malware to get onto a Mac, which is what happened with the Apple employees, Haley observed. He called it a "drive-by download."
"In this case, (infected) Java software was used to download malware onto machines," Haley said. "You would have no idea."
Adobe software is also another vehicle used by hackers to infect computers, Bu said.
"Both Apple and Windows need to work closely with third-party (software makers) to make safer software," he said. "Then they need to build a rapid process to quickly address issues."
Haley said Mac users can also take steps to ensure they avoid malware traps. Perhaps the most important move is to quickly accept software updates from Apple and other vendors, such as Adobe, which often close security vulnerabilities.
"It's a good idea not to ignore those," he said, adding, "People are always good about computer security after they have been hit with malware."
FIVE WAYS TO MAKE MACS SAFER:
-Accept software updates from Apple and third-party vendors as soon as they become available. These often include security patches.
-Do not click on unexpected attachments, even from email that appear to be from people you know.
-Do not click on suspicious links.
-Be careful about clicking on links on Facebook or Twitter from someone who appears to be a friend "offering" photos of you.
-Consider using anti-virus protection software for Macintosh computers.
Explore further: CACR: MacDefender shows Apple users no longer immune from cyberattacks