McAfee Feigns Fear at Mac Security

conq writes "BusinessWeek reports that McAfee has just come out with a report which asks the question 'Is Mac OS X the Next Windows?'." They appear to be attempting to scare consumers into buying anti-virus software for OSX. Blogger Arik Hesseldahl breaks down their claims: "First off, Mac users on average pay more for their computers, are self-selected because they tend to know more about technology than your average PC buyer, and by and large are a bit more affluent than those who buy cheapo commodity Windows PCs ... When you take into account the ongoing growth in general PC ownership, even if Apple pushes its annual unit sales to 12 million or more by 2010, its share of the overall market will still account for about 4%, leaving Windows the far more tasty target."

FUD or Valid Argument?

First off, read the original McAfee Report [nai.com] before you bash them as FUD spreading capitalists.

Why that wasn't included in the posted story, I'll never know. If you actually take a look at the PDF, it's got some good histograms and charts as well as a little more detail into the Leap virus.

Yes, it does follow from this that users should buy McAfee anti-virus for Macs. The simple fact of the matter is that this is a white paper that tilts in their favor. It has some valid points, though, and I don't think they need to tell people to be afraid. If Mac users start getting these viruses then they will truly need anti-virus software for their machines. They site the National Vulnerability Database and other sources in this document so it's not like they're making stuff up or are the only ones claiming there is an upcoming security risk.

I hate McAfee software. Like most anti-virus software, it uses too much memory and hogs the CPU if it's a real-time checker. I wouldn't opt for it if it was the last anti-virus company in existence. However after reading their white paper, it is convincing. I do think that if Apple doesn't take an initiative to protect their users from things like Leap then Mac users will need auxiliary anti-virus protection from a third party.

One man's FUD is another man's common sense. I don't care about the size or manufacturer of a device--if it runs programs in a turing-machine like manner, it can be infected.

Re:FUD or Valid Argument?

I'm sorry, but McAfee putting out a security report is like Exxon putting out an environmental assessment for Alaskan drilling. Slight conflict of interest there. It doesn't matter who they quote. They simply cannot be trusted because making a profit will always be their number one priority.

Re:FUD or Valid Argument?

Hmm... I'm sympathetic to your position, but not your reasoning. Except for the occasional trust funder, just about everyone here is selling their services in exchange for cash. If you leave one job for another, higher paying job, are you profit motivated, and thus no longer to be trusted?

I suspect that rather than their motivation to make a profit, it is really the years of strangely incongruous (for a security company) and untrustworthy behavior like pioneering the pop-up browser advertisements and so forth that have caused you to trust not McAfee.

Re:FUD or Valid Argument?

Two problems with your argument.

1. McAfee isn't a person. Most people aren't profit-oriented. Yes, most people have to work, but the pursuit of profit is not the primary focus of most people. On the other hand, most corporations seek nothing *but* profits.

2. While corporations have been known to do the right or promote honest facts, from time to time, this is not one of those times. Using fear is one of the most vulgar and appalling of manipulation techniques.

Any time a corporation tries to spread fear, and that corporation just happens to sell a product that directly addresses that fear, it's wise to become weary, because it's in that corporation's best interest to overstate the fear.

McAfee is just trying to build a market (which is a completely reasonable thing for a corporation to do), but in this specific case, they are trying to build a market which does not exist, and trying to force it into existence will have a net negative impact on the rest of us, as tends to be the case with FUD.

Re:FUD or Valid Argument?

Apple's mission is to dilute the technical abilities of their user base and turn it into a pool of Windows users.

Are you sure this is Apple's mission? Personally, I use OSX because it is based on BSD. I know many other recent Mac converts that are the same as me - in other words, it is actually people who understand technology that are moving to the Mac. I'm sure Apple loves that, and I doubt it is their mission to "dilute the technical abilities of their user base".

Virus probably less of a burden than MacAffee

They have produced some good-looking graphs; however, the number of viruses observed (about 2 per year for the last decade) means that the substantial upturn could be little more than statistical noise.

I think it speaks for itself that, according to that PDF, the macintoshes with 1/50th of the market share have 1/1315th of the number of identified viruses, somewhat disproportionate to their decreased market share.

Have got MacAffee antivirus installed as corporate policy on my business peesee, and it humbles what is otherwise a fairly able laptop. Perhaps Apple's move to a more powerful architecture means that they can now shoulder the MacAffee burden too?

Re:FUD or Valid Argument?

I just copy and paste the Key Findings:

1. From 2003 to 2005, the annual rate of vulnerability discovery on Apple's Mac O S platform has increased by 228 percent (Figure 2), compared to Microsoft's produ cts which only saw a 73 percent increase.
2. As demonstrated by its March 2006 patch, which corrected 20 vulnerabilities, Apple's Mac OS platform is just as vulnera ble to targeted malware attacks as other operating systems (Page 6).
3. Security researchers and hackers will increasingly target the Mac OS and other Apple products, such as iTunes and iPods (Page 6).

If you don't read much further, Apple is doing bad... If you compare the absolute numbers of exploits Apple trails a factor 1000 by Microsoft. It will take some time until Apple reaches par with Windows (if ever), even if all malware programmers dropped their Windows work ans started concentrating on OSX instead.

Wtf?

"First off, Mac users on average pay more for their computers, are self-selected because they tend to know more about technology than your average PC buyer..."

Are self-selected?
"Self. Your technical savviness has not gone unnoticed. You've been selected. Congratulations."

Hey, eMachine, shut your pie hole.

How this crap got modded Insightful I'll never know.

I'm not so sure after seeing the new Apple commercials saying how PCs have all of these Viruses; however, Macs are not susceptible to them. This could get more people to purchase Macs and while it might not be as large a target, if the majority of the community isn't being cautious it could be seen as an easy target. You will see outbreaks of Mac viruses. It's only a matter of time.

I think we've already discussed to death that Mac virus security is not due to obscurity but rather due to sensible security practices built in. We've been hearing "it's only a matter of time before a virus brings the whole Mac community to their knees" drivel for years. Still waiting on that service pack?

As for Mac purchasers being more computer savy. I don't really consider the majority of the artsy, yuppies that are the majority of the Mac audiance to be over savy.

I'd have to say that with a Unix command prompt and OS X/WinBlows/Linux dual- and tri-boot capability you're gonna see a lot more fascinating possibilities for tinkering that appeal to true geeks. Perhaps not so much to the poltroons whose idea of originality in computing is to casemod a neon light and window onto their beige hunk-o-junk, or who use their (e)machines simply as pricy game consoles. If that makes me a artsy yuppie for wanting to delve into my computer's innards, then I'll switch my 2600 shirt for a cardigan and my ratty sneakers for penny loafers.

OK, have at me. I can take it!

Re:Must be different Apple users

I have a M.S. in computer science. I've worked on avanced research funded by the US Army, NIH, and NSF. I participated in research that was used to justify the worlds largest Apple cluster, deployed at another subcontractor's facility.

I consider myself primarily a Mac user, even though I typically use Linux, OS X, and Windows every day. I do the vast majority of my work on my Apple laptop, and it is the platform I feel most comfortable with. The interesting thing is I've only been a Mac user since the summer of 2004. At my last job we purchased a large XServe G5 cluster (256 nodes), which at the time was probably the 3rd largest Apple cluster in a university. I used a Linux workstation at this point, and I was having doubts about running OS X on a cluster. I flew out to the WWDC while the ink was still drying on the PO. I was impressed with the developers tools I saw at WWDC, and with the whole OS experience. I ordered a iMac G5 for my desk the very day they were available for sale. We had to work at porting some applications to OS X, and there were a few issues with being one of the earliest large HPC clusters (especially one that ran large MPI applications over Ethernet - lots of early Mac clusters ran embarassingly parallel stuff, or infinniband line VT). I took a new job where I spend a good chunk of time writing scietific sofware for Linux based clusters - I insisted my employeer provide me with a Mac (we have about 1,200 employees and run about 40% Mac desktops, but no one in my group had a Mac).

Re:Must be different Apple users

I'm writing from a publishing company that has been running on Mac *exclusively* since 1987 (in business since '69). We have *never* owned a PC or Windows. Our IT dept is exclusively Mac. We do everything from desktop publishing to Web development and serving, database development and serving, Unix system administration, etc. No PCs, no Windows--ever. All Mac, all the time. And I am definitely not going to overgeneralize, but many IT people I have met know Microsoft and that's about it. Many Mac IT people I have met know Mac, Linux, Windows, Solaris, etc. The general trend I have noticed is that IT people who use Macs have a broader scope of technical knowledge overall than the Windows only IT departments.

Re:Must be different Apple users

I was network engineer for many years, then I became programmer, which I've been doing for many more years. At work I use a PC, but at home it's all Macs. And now that my Macbook Pro runs Windows so d@mn well, my next work computer will probably be a mac also.

Why? Simple: Mac = *nix (which I love on servers) + great windows manager

That's my reason, period. For things which I don't want to fuss with (music, digital photos, updates, etc) OS X is simple and I don't have to worry about it. For things that I do want to fuss with I have BSD, XWindows, and everything else you find on your linux distro. Best of both worlds, although at a higher price and being locked into one hardware company.

Over the years I tried and tried to replace Windows with a good Linux desktop distro. There was always something that was lacking. Then I found OS X.

I think you will find more and more technical people moving over to OS X, at least *nix ones. Now I have to admit that also enjoy design work, so I really appreciate beautiful things, wether that being perfectly simple elegant code or the PowerBook, so perhaps you should ignore everything I said above.

self-selected?

"...are self-selected because they tend to know more about technology than your average PC buyer..."

While this is true in some segments of the market (*nix geeks migrating to OS X), it is by no means true of other segments. There are many designers/graphics pros who choose to use Macs. However, this in no way implies that they actually understand technology. Some do. Many don't. The choice to use Macs is typically because either they have always used Macs or that is what they were trained on.

Antivirus companies are scared...

The antivirus companies are scared. Why? When Vista comes out, potentially their market is going to quickly dry up. So they are trying to convince Mac users that they need their software.

Personally, I don't trust any of the antivirus companies one inch. It's big business, and it is in their interests that there are security threats and viruses around. Talk about conflict of interest...
 

Macs should still protect themselves

Im' an avid fan of Macs, and I don't run anti-vi on my Powerbook, but I DO run it on the Macs in my office for a reason that people don't often think of: Macs can be a virus CARRIER, even if they can't be infected!

A few years ago I had a situation (in an all mac offce) where we burned a CD and sent it to a client (the client was Windows based). The client complained that some of the files were infected. As a Mac-only office, I didn't care about running virus protection, so the files went unchecked.

In my current office, a mixed enviroment, I make sure that both OS's are covered. even if the chance of the macs getting infected is next to nill, I want my PCs to be safe.

Re:Macs should still protect themselves

I don't run anti-vi on my Powerbook

Please tell me that someone else here read "anti-vi" and thought of the text editor? And that "anti-vi" meant emacs?

Re:Why Are Mac Uses Such Dicks?

Building your own computer makes you technically competent in the same way that paint-by-numbers makes you an artist.

LMAO

Wow dude, you had me in hysterics there... Seriously, coffee out the nose hillarity. Thanks for the laugh

Building your own box (by which psuedo-geeks mean "assembling six pre-built components into a working PC") makes one sooo technically superior. I mean, you probably have to have like what, a post-grad education to correctly install the MB and insert the PCI cards, right? Those PCs are just so complicated these days.

I used to build my own PCs... about 10 years ago. Then I grew up, got a life, and stopped spending my personal time fritzing around with hardware. I may work in the software industry, but I'll be damned if I'm going to spend my free time doing IT work. Give me a Mac any day.

The Mac users are mean to me!

And Windows is for the family next door who can't figure out how to program their VCR.

The appeal for Macs is different for each person, some people like Virginia Tech like to make super-computers, others like to composite special effects, and there are lots of people who just want to be able to use their computer with having the OS get in their way because of shoddy design. And some people just think the computers are pretty.

Stop pretending that Windows users are somehow the salt of the earth while Mac users are elitist, especially considering you use the exact same techniques to try to convince people that Windows or Linux is somehow better.

Accept the fact some people like the Mac, it's effective for what they want to do, and the hardware is not 2x as expensive and you know it and the G5 and Intel Duo Core are very powerful parts of very well-designed machines.

If everyone who had a Mac sold it and bought a PC would life be suddenly better for you? If not, then shut up.

market niche is not safety

The Witty Worm [caida.org] demonstrated that a market niche as small as perhaps 12,000 systems can be vulnerable to a worm based attack. The Macintosh is not inherently safe due to niche status. Anybody making this claim is seriously not keeping up with the field of information security.

Worms that have targeted other niche platforms including web servers and database servers of various kinds have also demonstrated that platforms with a few hundred thousand deployed systems (much smaller than the deployed base of Macintosh systems) are vulnerable to worm attacks.

Mac is an appealing target...

Seems to me that virus writers would want to target Macs because of all the talk about how Macs are less succeptable to viruses. It would be more prestigious to create a virus that spreads like wildfire through the "impenetrable" Mac community than to create one for the "wide open" Windows community.

Just my $0.02...

Re:Mac is an appealing target...

Seems to me that virus writers would want to target Macs because of all the talk about how Macs are less succeptable to viruses. It would be more prestigious to create a virus that spreads like wildfire through the "impenetrable" Mac community than to create one for the "wide open" Windows community.

Don't worry, McAfee and Norton are working on it as we speak. As soon as they can put together something more fearful than the cute little proofs of concept that have been floating around expect them to announce a full "epidemic".

It's not legal? It's not ethical? It's not honest? It doesn't matter. Their business model REQUIRES them act in this way. Though not officially, of course.

Re:Mac is an appealing target...

To play devil's advocate, a lot of malware these days seems to want to infect as many hosts as possible, without caring about 'rarity' of hosts. Things like botnets and info-harvesters just want maximum victims.

In London...

Most Mac users are not tech-savvy... many claim to be, but believe me they are not. :) There are, though, some real tech-savvy mac users, but they're in the minority.

Essentially...

Nice Mac you got there. Would be a shame if anything were to... you know... "happen" to it. Just sayin'...

apple is dead! long live apple!

Ok, so i see a pattern here. over the last twenty years all i ever heard about the mac was about how dead apple was, and how they were going to vanish and the company was going to go under.

Now all i hear about is that 'any day now' All the macs on the planet are going to be suddenly and utterly destroyed by the impending virus rush.

Look, I don't encourage people to run any system without security. My macs are all behind a nice firewall. However, I think that, given the record of some clever young programmers to break industry strength security in short order, i wonder when all of these virus writers are going to come over and focus on the mac? i mean, the mac market hasn't really changed much in the last year or two. (in terms of numbers) and the hardware change doesnt seem to have made it any easier to infect the systems.

Mac users and the mac community in general have been snobbishly touting the no viruses thing for quite awhile now. There are tons of clever hackers out there who can break all sorts of security, yet all we have so far are a few lame-ass trojans that you have to type your password in to install. (which, really are not viruses so much) So apparently the big carrot of 'first mac virus that actually was a virus' is really not that big of a carrot.

While i am a software engineer on macs, my expertise does not lie in the virus-area, so i can't really say if it is really much harder to write for the mac, or if it is just unappealing in a business sense (for the virus writers).

my opinion: if i measured my income with each thousand machines i added to my botnet with a virus i wrote, then i think i would stick to the 95% of the market that is fairly homogenous in terms of security. (ie all windows) and leave the outlying OSes (mac, linux) because even if both mac and linux double or triple their respective marketshares in the next five years, windows will still be the easy choice for virus makers.

 

If you have time, instead of RTFA, read this

I have read this today and was about to post to Mac usenet groups, decided to post /. instead.

It is a very interesting article about the real problems of anti virus companies (yes, no mac viruses mentioned) by Mr. Kaspersky himself. It also includes the problems antiviruses have including their products.

http://www.kaspersky.com/eugenearticle [kaspersky.com]

As a guy gave up running win32 for 3 years, I still check their site/blog as well as F-Secure one.

As a side note (hopefully not needed)
KASPERSKY DOES NOT PRODUCE MAC PRODUCTS. No FUD there.

Dear McAfee,

Thank you for your concern regarding OS X and viruses. Because of this information you have put forth, I will pay more attention to the coming virus threat to OS X. If, and when that should happen, I will be sure to follow your advice and get some anti-virus software. Unfortunately for you, it won't be your product. I'll download ClamavX instead.

Thank you for your concern,

A very "frightened" OS X user.

Many virii exist, but McAfee won't help you

The biggest threat to OS X users are the 'virii' an AV will not protect you against - poorly written software and drivers.

People trust the CDs that come with their latest printer/scanner/multi-function, but in my experience they are the biggest memory-hogging, system crashing, bloatware you could find.

Examples: Brother multifunction drivers install a 'ControlCenter' that loads (in the background) and prompts EVERY user to set up the printer, even if it is already configured. It is hidden away in the printer driver directory (/Library/Printers - not obivous given it is an application - though one you can't launch or control or quit yourself). It loads about 3 or 4 'agents' that run in the background and use over 100 MB of memory footprint each! WTF!

I found the HP scanner programs are just as bad - the acutal program to scan is great, but the bloatware you have no choice but installing (in random places) alongside makes me feel dirty inside.

Re:Tend to know more?

They know more about the technology they are buying because they only, for the most part, buy Mac products.

Re:Reporter with an agenda?

Bullshit. McAfee and Symantec have been engaging in a mis-information campaign against Mac security for the past year trying to get people to buy their junky wares. Is the Mac 100% impenetrable? No, but given that OS X has now been around for 5 years or so and no script kiddie has been able to create ANYTHING remotely close to dangerous (yeah, there are a few small, barely threatening programs), then why all of a sudden are certain people with a VESTED interest in selling AV software trying to scare Mac users into spending money unnecessarily? Let's just stop saying "Oh, when OSX is more popular then it will be a popular target." That argument is CRAP. What bigger ego booster could you get if you created a successfully propogating worm or spyware app for Mac OS X, a supposedly supreme Fort Knox of operatin system?

I'm a long-time Mac admin and user. I don't have AV software on my home machine and as of now have no plans to either. I think Symantec, McAfee, Gartner and a few others are teh ones who have a hidden agenda.

All to pr0n you need: http://excaliburfilms.com/partner/mainaffiliate.cf m?ID=1765 [excaliburfilms.com]