The Virus Fear Merchants Still Don’t Get the Mac
March 31st, 2009As I listened to the talking heads on the various cable TV news channels this week, I got to thinking that maybe they feel their audience is sick and tired about stories of a volatile stock market, a U.S. auto industry in distress and other oppressive events. So, having nothing better to do, they delivered warnings about the impending April Fool’s Day worm known as Conficker.
A Mac security software developer, Intego has this statement about the significance of this threat: “This worm, called Conficker, as well as Downadup and Kido, has infected unknown millions of Windows computers, and is expected to become active on April 1, 2009. For now, researchers are unsure of what the worm may do; it is just sitting on infected computers waiting for instructions. Researchers think it will connect to remote servers and download code and then become virulent.”
Certainly this is the sum total of what is known so far, except for ongoing speculation, and the news channels were filled with warnings to stay up to date on your virus protection software and so on an so forth. Few, however, bothered to mention this one salient fact, and I again quote Intego’s statement: “This worm, which affects Windows computers, has no effect on Mac OS X; at least not yet.”
Now that final phrase is based on absolutely nothing. There is no evidence whatever that a Windows virus has ever infected Mac OS X in any way. However, this doesn’t mean a Mac isn’t vulnerable, though not in the Mac OS X environment. You see, Mac users who run Windows either via Boot Camp or through a virtual machine, such as Parallels Desktop or VMWare Fusion, can be impacted, again within those environments.
In those cases, it makes perfect sense to keep up to date on your security software. Indeed, the latest versions of both commercial virtual machine applications ship with a security suite, so, assuming you’ve kept it up to date, all that’s necessary is to make sure that the latest virus signatures are downloaded and installed.
What troubles me most, however, is how the boys that continue to cry wolf continue to rant and rave about potential security lapses under Mac OS X and how the sky’s about to fall at any moment. Certainly Apple isn’t perfect, although it does appear that they are taking such matters seriously enough to deliver periodic updates that patch holes in the system discovered by security researchers around the world.
A tribute to the quality of their work is the fact that, except for some proofs of concept and a few Trojan Horses, Mac users by and large have so far been spared of the misery inflicted on their fellow Windows users. This doesn’t mean, of course, that the situation can’t or won’t change. I’m most concerned about the fact that premature fear mongering will just cause people to ignore the real threat when and if it arrives.
But maybe that doesn’t matter to the folks who are hot on the trail of the maximum number of hits for their fear-mongering pieces of misinformation. If the real threat arrives, they’ll just say “We told you so,” and pat themselves on their backs for being so prophetic.
At the same time, I’m not going to dispute the possibility that we’ve been living on borrowed time for the past eight years, since Mac OS X first debuted. All right, maybe the fact that Windows still commands nearly 90% of the market is one reason why Macs have been relatively free of April Fool’s worms and such, although the mainstream media doesn’t always make that distinction. If the Mac had 20% or 30% of the market, it’s possible that Internet criminals would target he platform more consistently to do their dirty work. On the other hand, Unix-based operating systems have been around an awfully long time. The first computer virus appeared in the Unix environment. However, Windows, which was not originally designed to interact with a wide open network — the Internet — got targeted early and consistently, and there’s been no letup.
Indeed, it’s a sure thing that lots of Windows users may remain unaware of the threat, despite the massive publicity the matter has received. I got a letter from someone today, an educator that I considered well-informed, who confidently wrote: “stick with Windows XP and have great virus protection … THAT’s the REAL solution!”
When I reminded him that there’s nothing inherent in the Windows XP installation that would necessarily protect him from malware of this sort, he responded and admitted that, yes, he does have an up-to-date security suite installed. So that rendered his claim pretty much irrelevant. Indeed, if he wants an operating system that’s more secure, and he isn’t inclined to switch to the Mac, he could upgrade to Windows Vista.
And despite the fear, uncertainty and doubt on the part of some members of the media, informed or otherwise, I am not going to tell Windows users “I told you so.” Instead, I’ll just urge them to make sure their PCs are protected, particularly the ones used in business. They do not need any more misery in their lives these days.
Print This Post
I can’t wait for April 1st to arrive, but I still think it will be quiet.
I have no idea what’s involved in writing malicious code, but with Apples at times ‘low level’ response to security along with the growing popularity of OSX, I’m surprised no ones had a serious go at cracking it – simply for the notoriety. Maybe thats not enough. Maybe the platform isn’t worth it yet. Or maybe it is a tough nut to crack. Still, I don’t think its wise to be blasé about security on the Mac, but until we’re proven otherwise, I guess its business as usual.
I am not, admittedly, a security expert, but I have been a tech support technician for over ten years, and have supported both Macs and Windows. As an observer of the computer world for over fifteen, I don’t believe the bit about market share being the reason Macs are ignored.
A good explanation is in the following statement I read somewhere this morning: “Windows is a taller nail, and the tallest nail gets smacked first.” I believe that refers to the fact that it is the EASIEST target, due to the fact that there are just more vulnerabilities, and the huge numbers of users that don’t patch those vulnerabilities.
That isn’t market share, that’s sheer vulnerability. Why should ANY hacker out to make money waste his/her time trying to find a vulnerability in a fairly secure OS whose users update regularly when one can find such low hanging fruit in literally untold numbers? Especially if the vulnerabilities are so well known and the exploit is published and already there to hand?
The current atmosphere that allows for such widespread infection is due solely to a combination of well known vulnerabilities and users that refuse to/can’t/don’t update their machines. I don’t know what can possibly be done to break up that combination in a way that could erode the ability of malware to be such a threat, but SOMETHING needs to be done.
virus/worm writing is big business now. It’s about making money. So why would anyone want to write a virus for the mac when 90% of computers are windows based, and a large nos of those are not updated regularly.
Because it’s not about share numbers – it’s about ease of writing and infection. Almost all Mac malware requires direct user intervention to install the malware – windows vulnerabilities that malware like confiker use are well known, and do NOT require user intervention to spread – they do so themselves over networks.
There are over 30 million Macs out there – plenty of numbers to make up a botnet. So why don’t they infect Macs? The Mac stuff can’t spread fast enough using the only method of infection that works on that platform.
It is the EASE of infection that determines who gets hit, NOT market share!
When one’s paycheck depends on not understanding, I doubt they’ll ever understand.