Why You Shouldn't Panic Over Mac Malware 370
Earlier this week, we discussed reports that Mac malware was finally becoming a significant problem. Now, reader wiredmikey points out an editorial arguing that everyone should slow down and analyze the situation more calmly so the threat can be accurately assessed. Quoting:
"According to Apple, the Mac installed base is approximately 50 million users. But according to Gartner, the number of Android handsets sold in 2010 alone exceeded 67 million units, giving it an installed base that is larger, and growing much faster, than the Mac base. If a large numbers of eyeballs is indeed the lure that causes criminals to write malware for a given operating system, surely Android is a more tempting target than Mac OS. ... I predict that the increase in perceived risks to Mac customers will give Apple the excuse it needs to increase its control over the Mac software ecosystem, by moving ISVs to the Mac App Store. It is no accident that the theme of the upcoming Lion desktop operating system is 'Back to the Mac': taking concepts that Apple employed successfully with the mobile version of OS X (iOS) and back-porting them to the desktop OS. One of those features is the introduction of the Mac App Store, an Apple-controlled storefront for selling and distributing applications. ... This provides buyers some assurance that their apps are from known points of origin and that they don’t contain malware, such as the Mac Defender Trojan horse.
Qubes OS (Score:3, Interesting)
I'll admit I bought a macbook in 2009 with likelihood of system vulnerabilities in mind. I *did* consider a number of other things, so I'm not a bad person, I swear.
Some say it's a case of going to a FOSS operating system... or specifically a BSD family kernel... or even of going to OpenBSD exclusively. Some say it's a case of knowing our OpenBSD software inside out and testing thouroughly *and* putting various in safeguards.
However, they're all missing a piece of the puzzle. Qubes OS should be on everyone's radar, especially since it's starting to progress. Sadly, it's one of those things that unless you give it some time to read up about you'll only hear bits and pieces about and then sadly ignore it.
Qubes, with Joanna Rutkowska at the helm no less, is a solid framework of ideas that results in the security we should all expect of an operating system. Fear that you'll have input sniffed or root compromised? Have your system disconnected from the internet - "what?", you say, before you read on and realise how silly it is in the first place.
Everything is in a VM instance, each VM instance can boot from the same image and run a (single, if you feel like it) program. The data that instance *thinks* was written to disk was instead pushed to a copy-on-write block device which can be thrown away when you're done.want files between different VMs? Message dom0 with the request from inside the VM and then accept the dialogue box that your isolated dom0 greets you with.
Sadly, I'm not the best ambassador. Sadly, I'm in a rush and haven't supplied my best effort in communicating how significant Qubes will be. Sadly, it's taken until now to have decent security on a desktop. But now I can be confident.
The universe is smiling down on me for this post with a captcha of "secure", and rightly so if you hop aboard.
Re:What a load of crap (Score:3, Interesting)
Mac users less computer savvy? Not really I've seen a lot of IT- and multimedia-pros using them. I've never understood why geeks don't appreciate useability...
For me the Mac is Unix + hardware support + hot souce!
But I'd have to thank Linux as it made me fall in love with *nix-systems.
And exploits? I only get my software from trusted sources, no remote services are on, never connect to public wifi. On the other hand, if you follow this advice you are very unlikely to get infected, even on windows. But I just prefer the Mac. No need for bashing and fanboyism.
Re:Now I am _really_ panicked (Score:3, Interesting)
Yeah, this story is complete bullshit. Apple is not going to lock down Mac OS X Lion. There's no way they can use this current trojan as an excuse to do something which makes no damned sense in the first place. Apple will not cripple Mac OS X. The only remotely possible thing is that 10.8 could have a security model that defaults to only allowing signed apps, but the user can toggle a System Preference to enable it. However, even this is of extremely low likelihood. Mac OS X and iOS are not the same OS. What's good for one OS is not necessarily good for the other. That's why there are two OS's in the first place! Tech "writers" need to figure this out.
Re:What a load of crap (Score:4, Interesting)
Actually, it's all about Android.
Any hacker will tell you that the smartphone is the juiciest target of them all. Loaded with credit card and direct billing capacity, and with manufacturer-customized OS's that are rarely updated or patched, and thrown together under tight deadlines.
Smartphones are the low hanging fruit of the decade. And of that fruit, Android is the juiciest because of it's relative lack of manufacturer updates.