Why You Shouldn't Panic Over Mac Malware

Earlier this week, we discussed reports that Mac malware was finally becoming a significant problem. Now, reader wiredmikey points out an editorial arguing that everyone should slow down and analyze the situation more calmly so the threat can be accurately assessed. Quoting: "According to Apple, the Mac installed base is approximately 50 million users. But according to Gartner, the number of Android handsets sold in 2010 alone exceeded 67 million units, giving it an installed base that is larger, and growing much faster, than the Mac base. If a large numbers of eyeballs is indeed the lure that causes criminals to write malware for a given operating system, surely Android is a more tempting target than Mac OS. ... I predict that the increase in perceived risks to Mac customers will give Apple the excuse it needs to increase its control over the Mac software ecosystem, by moving ISVs to the Mac App Store. It is no accident that the theme of the upcoming Lion desktop operating system is 'Back to the Mac': taking concepts that Apple employed successfully with the mobile version of OS X (iOS) and back-porting them to the desktop OS. One of those features is the introduction of the Mac App Store, an Apple-controlled storefront for selling and distributing applications. ... This provides buyers some assurance that their apps are from known points of origin and that they don’t contain malware, such as the Mac Defender Trojan horse.

Apple steals...EVERYTHING!

[Deus.1.01]

Now they even stole microsofts excuses.

What a load of crap

[Flipao]

There's no need to deflect attention,, this is not about Android, this is about Apple computers having the type of issues for which PCs have always been made fun of.

The reason Mac users are now targetted is because they are less computer savvy, have deep pockets and have been educated to open their wallet on command.

Why You Shouldn't Panic Over Mac Malware

[AliasMarlowe]

...because you don't have a Mac?
That covers most people - many of whom actually should panic over Windows malware. But nobody should be too smug, not even Linux-only or BSD-only users, since every compromised machine (Windows or Mac or whatever) pollutes the internet commons.

Astroturf.

[Anonymous Coward]

Nice bit of Astroturf there.

So, we shouldn't worry about malware on the Mac because Oh LOOK here's some speculation about a completely different OS so don't pay attention to this story anymore!!!

And then the inevitable push from Apple to have total control over you system by the eventual restriction of apps to Apple market-approved programs only. Well that's sure a nice idea, too bad some of the Official apps like Safari also contain security weaknesses. So much for the safety of the walled garden approach. But it's not stopping them from trying, apparently.

No, I don't panic over Malware on my Mac. It has nothing to do with Android, or any other OS, or the App Market, or anything else this shit-for-an-article is talking about.

Re:What a load of crap

[dr.Flake]

Sort of the same for me.

For me the route was also windows -> linux -> OSX.

However, during my linux period i grew accustomed to finding great software doing almost everything i could wish for within a few clicks/google searches.

For OSX its the opposite. For every small task that i want to accomplish, i seem to need to pony up. Every small time programmer tries to make a buck with his little program. Nothing wrong with that, but where are the Free/Libre alternatives?

For now, after long searches i end up installing untrustworthy programs, because i'm used to get it all for "free" (he, i am Dutch). My problem, sure. But a lot of people like me would fall into these kind of traps.

No need to panic, merely be more careful.

[MROD]

The story has the correct title but rather misses the point. Yes, it's not time to panic. There is a set of malicious tojan horse programs out there for MacOS. The current crop require the user to authorise their installation. i.e. the security weakest link (at the moment) being exploited is the one behind the keyboard. Very often this is the places where security is the weakest, just watch WarGames if you doubt this. MacOS is by design, with a greater degree of privilege and OS/Application separation, more resistant to attack than Microsoft Windows has been. However, this is not to say that it is not vulnerable. All systems are, be it design flaws or merely implementation flaws. Yes, I'm looking at you Linux, FreeBSD, OpenBSD, Solaris, HP/UX and AIX. No-one can rest on their laurels.

Re:Panic?

[msauve]

Today, we celebrate the first glorious anniversary of the Information Purification Directives. We have created, for the first time in all history, a garden of pure ideology — where each worker may bloom, secure from the pests purveying contradictory truths. Our Unification of Thoughts is more powerful a weapon than any fleet or army on earth. We are one people, with one will, one resolve, one cause. Our enemies shall talk themselves to death, and we will bury them with their own confusion. We shall prevail!

And you'll see why 2011 will be like "1984."

Re:Now I am _really_ panicked

[sunspot42]

Yeah, this story is complete bullshit. Apple is not going to lock down Mac OS X Lion.

I disagree. I think Apple probably will ship a locked-down version of OS X sometime in the next couple of years, and it'll be the default version of the OS. Yeah, you'll still be able to unlock it, but it may not be particularly easy - indeed, the ability to unlock may only be available in a separate "professional" version of the OS.

And I think given the stupidity of the average user (Mac, PC, Android, whatever), this is probably not a bad thing.

Re:What a load of crap

[boristhespider]

Wait, you mean.... the majority of people aren't computer savvy????? STOP THE PRESSES!

I'm not sure why people find this so hard to understand. Most people in this world
a) Don't understand computers
b) Don't really give a shit about understanding computers
c) Simply just don't care

That goes whether they're running Windows or Mac -- and for those who use a Linux their more computer-savvy relatives installed on their computer. And these days I strongly expect more and more Linux users to be computer un-savvy. That's the whole point behind Canonical's ethos is to grow beyond people who enjoy recompiling kernels, after all.

Re:What a load of crap

[Tom]

However, during my linux period i grew accustomed to finding great software doing almost everything i could wish for within a few clicks/google searches.

For OSX its the opposite. For every small task that i want to accomplish, i seem to need to pony up. Every small time programmer tries to make a buck with his little program. Nothing wrong with that, but where are the Free/Libre alternatives?

Not learnt anything during your Linux period? Ok, I'll help out. The answer to your question is: Are you writing them? No? See, that's why they're not there.

Re:Qubes OS

[Anonymous Coward]

I don't know whether your post is serious or a reference to some meme I am unfamiliar with, but anyway.

Everything is in a VM instance

If this is the (only) reason why it is "secure", and the official website seems to say so, you may want to go with OpenBSD anyway. To quote Theo de Raadt:

You are absolutely deluded, if not stupid, if you think that a
worldwide collection of software engineers who can't write operating
systems or applications without security holes, can then turn around
and suddenly write virtualization layers without security holes.

Rutkowska definitely has an impressive resume, but I don't think that even someone like her can make a system secure just by using virtualization. However, I will make sure to keep an eye on that project, it looks quite interesting even though it won't replace my current setup.

Re:What a load of crap

[Anonymous Coward]

Around CS and math departments at universities, it seems to me that macs are becoming almost universally adopted. Same is true for the best back-end oriented tech companies (e.g., google). I think it's likely that there are two peaks for computer skill for mac users-- very competent folks who are willing to pay more for an easy-to-use unix laptop, and those less savvy folks that you seem to have more experience with.

Re:Now I am _really_ panicked

[stewbacca]

And, yes, they will certainly lock down OSX.

Ahh, the inevitably incorrect Apple prediction. The most valuable tech company in the world that was predicted dead in 1997...the company that killed the floppy drive prematurely...the company that adopted USB too early...the company with the lame mp3 player.

You may still be able to buy a Mac Pro with an unlocked OS, but I'm willing to bet that soon all iMacs and MacBooks will be 100% walled garden.

That is possibly the most stupid prediction I've seen. Why would the company who is getting ready to consolidate OSX Server and OSX Home into ONE edition --OSX Lion-- start making different versions of the OS based on the user's hardware?

Keep predicting slashdotters, because my livelihood benefits from your terrible predictions.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Now I am _really_ panicked

[XManticore]

This is something Apple took the piss out of a couple years back, why would they start doing it with their own products?

To paraphrase SJ when he was introducing Mac OS 10.whateveritwas: "We have a Basic Edition that retails at $99. Moving up from that, you can purchase the Home Edition, also for $99, or the Business Edition for $99. And if you want the luxury of having all the features that we've built into Mac OS X, you can go all out and purchase the Ultimate Edition –at just $99".

They're not going to feature lock. This would just be daft.

Comment removed

[account_deleted]

Comment removed based on user account deletion