Game Theory, Antivirus Improvements Explain Rise In Mac Malware 319
Sparrowvsrevolution writes "Four years ago, security researcher Adam J. O'Donnell used game theory to predict in a paper for IEEE Security and Privacy when malware authors would start targeting Macs. Based on some rough assumptions and a little algebra, he found that it would only become profitable to target Apple's population of users when they reached 16% market share. So why are we now seeing mass attacks on Macs like the Flashback trojan when Apple only has 11% market share? O'Donnell says it turns out he may have underestimated the effectiveness of the antivirus used by most Windows users, which now makes overconfident Mac users a relatively vulnerable and much more appealing target. Based on current antivirus detection rates, O'Donnell's equations now show that victimizing Macs becomes a profitable alternative to PCs at just 6.5% market share."
Hogwash (Score:3, Informative)
Reversal from the 1980s (Score:4, Informative)
Back in the 1980s, Macs were very tempting virus targets. They had multitasking operating systems at a time when the rest of us were running DOS or CP/M (although Amiga users and users of DOS multitaskers like DESQview had a small market share). Luckily this was before the internet, so the only real risk was downloaded software.
Re:Hey Apple Users... (Score:5, Informative)
Linux does have significant marketshare in the server and smartphone arenas. Servers are generally more secure than desktop machines (not to mention better maintained), so there's naturally fewer points of vulnerability - this holds true for Windows servers as well. As for smartphones, I've seen a lot of articles about Android malware recently although I haven't personally encountered any.
Re:Hey Apple Users... (Score:5, Informative)
Generally more secure, but Linux servers are still vulnerable, especially when they are neglected from being looked after. I have signed onto a company that kept a mail server running for years with no updates -- turns out that exim had a security vulnerability and there was a rootkit living on the system for at least a couple years. If the machine was being properly monitored, the chances of infection would be very low (keep on top of updates!), and it would have been detected rather quickly even if it did happen despite that first point.
I still don't know what the attacker gained but apparently it pays off enough to pry on mismanaged Linux servers.
Re:Correct (Score:5, Informative)
http://www.apple.com/why-mac/better-os/#viruses [apple.com]
Is this true? Yes, but only because the malware they are talking about was written specifically for Windows. It has nothing to do with the "built-in defenses in Mac OS X that keep you safe". It is at best disingenuous because the average user reads that to mean "Macs can't get malware".
Re:sigh (Score:4, Informative)
http://blog.laptopmag.com/mac-os-x-lion-vs-windows-7-which-is-better/9 [laptopmag.com]
http://www.eweek.com/c/a/Enterprise-Applications/Apple-Mac-OS-X-Lion-Bests-Microsoft-Windows-7-10-Reasons-Why-647298/ [eweek.com] (slide 4)
http://gadgetwise.blogs.nytimes.com/2011/07/29/lions-upgraded-robust-security-features/ [nytimes.com]
I think you get the point... all of these I found on the first 2 pages by Googling "lion security vs windows 7".
Re:Hey Apple Users... (Score:4, Informative)
Yeah, it's not like Apple has ever done anything to encourage that thinking...
http://www.youtube.com/watch?v=GQb_Q8WRL_g [youtube.com]
Re:Hey Apple Users... (Score:4, Informative)
Notably, "macs don't get viruses" is not the same as "macs can't get viruses". The former was true in the early 2000s.
Re:Hey Apple Users... (Score:5, Informative)
I'm sorry; I love my Macs BUT this last Flasback virus would easily get into your computer without doing anything. All you had to do was visit a page with the virulent java applet for your computer to be infected. Once infected it may attempt to ask a password off you to dive further into your system, but even ignoring it did nothing, the virus was fully active in your system.
Some tech geeks love to think "I'm too smart for me to be infected", and blame anyone with a virus of being stupid. Ironically, those tech geeks" tend to be some of the most vulnerable users for real virus infections, since they refuse to use any anti-virus solution because it will "slow down their system" or patch their systems with latest updates because "it's working fine and I know what I'm doing."
That’s how viruses actually work. Everything that requires you to do something to accept it is qualified as a Trojan. No amount of tech savvinnes makes anyone less likely to get virus infections (unless you are savvy enough to update asap and run some form of antivirus.)
THAT being said:
0.7% flashback victims were Linux machines
0.6% flashback victims were Windows 7 or Windows 8 PCs
0.3% flashback victims were FreeBSD
0.5% flashback victims were machines running an unidentified OS.
How on Earth does Linux got more Flashback infections than Windows??? Hint: I said why above. At least Macs have the excuse of Apple negligence at patching the vulnerability.
Re:Hey Apple Users... (Score:5, Informative)
To add (thanks for the edit button, slashdot!)
Source of the numbers [arstechnica.com]
Re:Hey Apple Users... It's not a virus (Score:0, Informative)
Flashback is not a virus, it's a trojan. This is sort of like saying to someone who bragged that they don't get skunks in their neighborhood "Well, after those coyotes ate your dog, I guess you'll be taking that skunk problem a lot more seriously now!" Viruses and Trojans work completely differently - one infects programs and data files, then spreads all over your computer when you access those files, and the other is a program all of it's own that hides and sneaks onto your computer, then runs separately. Viruses infect your files, Trojans invade your whole system (and generally don't attach themselves to individual files).
Re:Hey Apple Users... (Score:2, Informative)
At the same time, having basic security practices still thwarted it from being installed on your system. From F-Secure [f-secure.com]:
So doing something basic and sensible, such as having a common (and free) antivirus program, or having a popular (but non-free) firewall meant that you wouldn't get the trojan. This particular piece of malware was specifically targeted at people who don't follow common security practices. (And before anyone says that Mac users haven't needed AV software in the past: It has always been recommended, if only because you don't want to risk passing a virus on to a friend's PC if you email him a file.)
Re:Hey Apple Users... It's not a virus (Score:2, Informative)
The first variant did. The second did not.
Just hit up the previous Slashdot Flashback article and you'll see the article title that specifically said that it could go "without user interaction." -- i.e. it was a drive by that installed itself without user interaction.
Sounds like a virus (by anon's definition) to me.
I have a different interpretation: Trojans are applications that pose as legit programs (like codecs or games) that trick you to run the program. Viruses (trojans being a subset of viruses) is any software that was specifically written to do bad stuff (delete files, spam, etc). This may or may not be with user interactions.
Re:Hey Apple Users... It's not a virus (Score:2, Informative)
/slam head against desk
Difference between Virus and Trojan:
Trojan disguises itself, pretending to be something else, to get into your system (named after the Trojan Horse [wikipedia.org].) A program that says pretends to be a photo file (with a jpg icon) or pose as an antivirus installer would count as a Trojan.
Virus simply activates and goes into your system when, lets say, you insert a floppy disk or visit a website. As long as it can infect a machine without the user opening it up, it's considered a virus.
The last java based Flashback was a virus, not a Trojan.
Not only did it require the user to provide a password, as oh_my_080990890 points out, but even if it hadn't, it still wouldn't be a virus, and it still would be a trojan. Trojan versus virus is not a case of "happens with or without user interaction". Viruses infect files - VBS viruses can even infect .html files (ie: Code Red and others from a while back), or image files, or anything else, but they do need a file there to infect, of whatever type of file that virus is intended to infect. Yes, the boot sector on a floppy disk is also a type of file. Trojans pretend to be some other type of program, and get the user to run them - in this case, by being a Java applet in a web page, which of course means that if you've shut off Java running in your browser (I do because it annoys me. The only site I commonly use that wants to run Java is my work webmail, which oddly works better with Java disabled completely...) it's not a problem, regardless of your operating system, and it's not a virus, it's a trojan. Even the article Tharsman (at ars technica) linked to calls it a Trojan, and not a virus. Same with the initial article way up at the top.
The Mac people (and their advertizing) have been saying "We don't have viruses", and they're still right. (For now.) Regardless of the coyotes eating people's dogs, there still isn't a skunk problem.
Linux on the other hand, actually does have a virus available - there were several slashdot articles about it a few years ago, provided by a security researcher at an AV company. In order to get it to run, you need to install a specific version of the Linux kernel, and then apply a patch kindly provided by Linus Torvalds after he analyzed the code to figure out why it wouldn't work for him. It takes advantage of three separate kernel vulnerabilities which, sadly, never all co-existed in the kernel simultaneously (unless you install the patch). Much like just about everything else fancy at the time (expensive video cards, TV tuners, ...), getting the virus to actually work required re-compiling your own kernel.