Mac users are facing an onslaught of security threats -- and reacting to the malware is no longer considered a good strategy. Taking proactive measures against phishers, spyware, ID thieves and other Web threats, like downloadable rootkits which infest operating systems, is the new norm.
During a conference call with reporters, experts affiliated with the SANS Institute indicated that there has in recent weeks been a "surge" in attacks on the Apple (Nasdaq: AAPL) 
OS X platform. The growth in Mac vulnerabilities, according to Alan Paller, director of research at SANS, comes as there is a decline in the critical vulnerabilities found in Windows services.
Browsers Vulnerable
Part of the problem lies in the Web browser that many Mac users rely upon -- Internet Explorer. "I think it is almost time to rename Internet Explorer the 'Internet Exploiter,'" said Rohit Dhamankar, manager of security research at TippingPoint, a division of the networking firm, 3Com (Nasdaq: COMS) . "The trend of more vulnerabilities being discovered has been increasing during the last six months."
Another problem lies in the Firefox 1.5.0.2 browser, which is providing native support 
for Macs with Intel (Nasdaq: INTC) core processors. Last month, the Mozilla Foundation had to release an update of its Firefox browser, just hours after reports of critical vulnerabilities appeared in the media.
This is prompting a call in the industry for security solutions that can respond to so-called "zero day" threats -- that is, threats that appear, all across the Internet, without warning, and without time for IT departments to respond properly.
Traditional Models 'Ineffective'
"The traditional models are proving to be ineffective in defending against unknown, zero-day and stealthy attacks like rootkits," said Jeff Kessler, chief executive officer of Chicago-based Ktech Consulting, an IT security firm. "The primary problem is time. Consultants are called in to run scans and updates, which wastes hours."
Anti-virus solutions commonly deployed by companies -- small and large enterprises alike -- are not as effective as they once were in shutting down the malware attackers. "Critical systems cannot effectively be protected against threats," said Timothy Eades, senior vice president of sales at Sana Security, an IT security firm, based in San Mateo, Calif.
Several levels of security are now needed to protect desktop computers, or networks with a number of Macs, from intruders bearing rootkits. Software has been developed that can scan for rootkits and keystroke loggers without having to scan the system -- the reasoning being that these stealthy software programs can evade detection through scanning. So-called "behavior heuristics" are embedded in the software to detect and remove the malware -- before it can harm the computer at the kernel level.
Too Many Opportunities
"Hackers have numerous tools that can exploit attack vectors into organizations today," Paul Proctor, research vice president at Gartner (NYSE: IT) , said. "Businesses need to develop a defense-in-depth strategy that combines pro-active security processes with tools and techniques to protect their networks at a reasonable level."
This is an area that Gartner, in particular, is watching. The company last week named Derby, England-based Prevx, a developer of intrusion prevention technologies, as a "2006 Cool Vendor." The reason -- the company has developed a real-time database of information about the emergence, propagation, genetics and behavior of software used by its user community of 200,000 computers. A free trial version of the software is available online via the company's Web site.
"The technology detects malicious code based on what it does, not on what it is," said Gartner's March 2006 Privacy and Security Report. "One behavioral signature can stop entire classes of attacks, while traditional anti-virus products would require many signature updates for similar protection."
Often, on Macs and PCs, with conventional anti-virus technology, the anti-virus scans are not revealing the presence of the malware, because not all variants of active virus signatures are being detected, Gartner said in its report.
Network access control is the new buzzword, replacing mere anti-virus protection for IT organizations. "Organizations are looking to network access control solutions that leverage endpoint intelligence to deliver continuous protection against worms, spyware, malicious behavior and endpoint configurations that slip out of compliance," said Eric Ogren, security analyst at the Enterprise Security Group, an IT research consultancy.
Talkback: 
