There is an interesting and humorous work of fiction at http://www.appleinsider.com/articles/09/09/07/inside_mac_os_x_snow_leopard_malware_protection.html. Humorous as long as you don’t believe it!
The article starts out saying “Safari, like other modern browsers, already flags certain websites that are known to be used to distribute malicious software”. That’s a nice layer of defense, but there are sites many sites that have been compromised and distribute malware, as well as new sites cropping up all of the time.
The article says that “there is no real malware problem on the Mac, in part because it’s hard to write viral code that infects Mac OS X and very easy for Apple to roll out a patch that closes any discovered holes.”
To start with, the security community is seeing an increase in attacks against Mac users. Recently a Mac botnet was discovered (http://arstechnica.com/apple/news/2009/04/evidence-suggests-first-zombie-mac-botnet-is-active.ars). Apple would not have added any malware protection to Snow Leopard, their newest operating system, if it wasn’t a problem.
Most malware is not viral. So, the claim about it being hard to write viral code is pretty irrelevant. Speaking of viral code, the very first worm that significantly disrupted the internet ran on UNIX systems. Snow Leopard is a flavor of UNIX. It has long been known that viruses and worms can be written for UNIX operating systems. It isn’t hard to write viruses for a Mac, it is the configuration of the operating system that makes them hard to spread. Even with a properly configured operating UNIX based operating system a worm can spread, especially if the system isn’t patched. Not only does the system need to be patched, but the third party applications must be patched as well, or you can have serious problems on a Mac.
That Apple can patch holes quickly is highly theoretical as they are often criticized for being slow to roll out patches.
Completely naively the author claims that Mac bugs aren’t valuable. Apple computers often contain personal information which is valuable for identity theft. Apple computers often contain business information that is of value. Apple computers can be used in botnets, which makes them valuable.
The author claims that Windows isn’t as easy to update. Windows updates itself automatically if you let it.
The author continues to harp on viruses when viruses are much less than 10% of the malware which affects users.
The comparison of an iPhone to a Mac is rather ludicrous. The iPhone has a much less general purpose operating system than a Mac has. The conclusion is not supported by the premise.
The author claims that viruses that bombard Windows have never affected Mac users, when in fact, Office Macro viruses often ran just fine on Macs and infected other files on the Mac.
The comparison of Snow Leopard’s blacklist to the iPhone White list is apples and oranges. A whitelist is proactive where a blacklist is reactive. The premise that snow Leopard’s built-in blacklist makes building Mac malware less attractive to thugs is simply ludicrous. It is trivial for a thug to defeat the blacklist.
The author is correct that there is much less malware targeting the Mac, but not correct in stating that there are no real world problems, as we have seen with the recently discovered Mac botnet. In fact, this is not the first Mac botnet (http://voices.washingtonpost.com/securityfix/2009/04/worlds_first_mac_botnet_hardly.html)
So, while currently there are few attacks against Macs, we are seeing an increase in attention to Macs by the bad guys. Mac users may be able to get by now without antivirus software, just as most PC users were able to prior to about 1995, but I would expect that to be changing in the next couple of years.
Randy Abrams
Director of Technical Education
Visit ESET on Facebook
Follow ESET on Twitter