Forgot your password?
typodupeerror
Security Apple

Game Theory, Antivirus Improvements Explain Rise In Mac Malware 319

Posted by Soulskill
from the apple-blames-solar-flares dept.
Sparrowvsrevolution writes "Four years ago, security researcher Adam J. O'Donnell used game theory to predict in a paper for IEEE Security and Privacy when malware authors would start targeting Macs. Based on some rough assumptions and a little algebra, he found that it would only become profitable to target Apple's population of users when they reached 16% market share. So why are we now seeing mass attacks on Macs like the Flashback trojan when Apple only has 11% market share? O'Donnell says it turns out he may have underestimated the effectiveness of the antivirus used by most Windows users, which now makes overconfident Mac users a relatively vulnerable and much more appealing target. Based on current antivirus detection rates, O'Donnell's equations now show that victimizing Macs becomes a profitable alternative to PCs at just 6.5% market share."
This discussion has been archived. No new comments can be posted.

Game Theory, Antivirus Improvements Explain Rise In Mac Malware

Comments Filter:
  • by Samalie (1016193) on Friday April 20, 2012 @12:27PM (#39747035)

    Stupid people doing stupid shit with technology and getting viris outbreaks?

    Yeah, that's confined to ANY particular OS.

    Sorry, but if Linux had enough market share, they'd be targeted too. Computing is by definition insecure, because you'll always have stupid people doing stupid shit.

  • by MikeRT (947531) on Friday April 20, 2012 @12:27PM (#39747049) Homepage

    In all of the fights between Windows and Mac users over the disparity in viruses for both platforms, I've never seen a Windows user point out the fact that Windows is often used on infrastructure that is valuable to compromise. No major business runs their corporate infrastructure on Macs. No major sites with valuable data I know of are hosted on Apple hardware. What has changed with the marketshare is that now Macs are used by the upper-middle and upper classes extensively at work and at home. So even at 6.5% of the market, you're far more likely now to compromise a Mac with valuable data or access to it now.

    Compromise a Mac today and you might get access to a corporate network, a richer man/woman's bank information, etc. That wasn't true 10 years ago.

  • by ledow (319597) on Friday April 20, 2012 @12:31PM (#39747097) Homepage

    He says himself that the equation is vastly oversimplified, and a small change in antivirus detection range changes the answer from 16 to 6%. That means the equation is all-but useless and pointless to try to "predict" anything except, apparently, in hindsight.

    I could have plucked any number I liked out of the air and wrote a (reasonable) equation to make it come out with whatever answer I wanted, even basing it on "game theory" (which has very, very, very little relevance here, actually) - I could have done that even before I graduated in mathematics (including Game Theory) over a decade ago.

    When enough Mac's exist to make it viable (and market share has little to do with it compared to "number of computers active on the Internet" of that particular model), viruses will target them. Guess what, same for every other platform on the planet. If someone miraculously sells a popular device based on MINIX that millions start buying, eventually someone will write a virus for that platform.

    Seriously - don't give it the press.

  • Winning formula (Score:4, Insightful)

    by chepati (220147) on Friday April 20, 2012 @12:31PM (#39747103)

    Let's see what our wise men can come up with:

    1) Write a "scientific" paper, make assumptions, use some "algorithm", predict event A
    2) Wait
    3) Observe empirical evidence
    4) Revise initial paper
    5) Bask in peer admiration

    Did I miss anything?

  • by SJHillman (1966756) on Friday April 20, 2012 @12:32PM (#39747127)

    So what you're saying is the fact that Apple overcharges for Macs is actually a factor in the increase in Mac malware? Oddly enough, makes sense.

  • by WrongSizeGlass (838941) on Friday April 20, 2012 @12:34PM (#39747137)

    How it security by obscurity treating you now?

    Security by obscurity was not the problem. Complacency was the problem.

  • by Loopy (41728) on Friday April 20, 2012 @12:36PM (#39747167) Journal

    While I realize there may be some outrage over the "overconfident" label, it does make sense in terms of learned behavior. More specifically, Windows users have known malware has been rampant for so long that:

    A) they're used to having to use antivirus, firewalls and other "security" type apps

    B) Windows has steadily improved its built-in firewall and anti-trojan features to combat real and perceived vulnerability

    C) Windows-based PC OEMs and system builders install anti-virus by default and have for quite some time now.

    I can't say whether Macs get a/v software by default but despite our joking about macs not being susceptible to malware, that view is held by far too many mac users. While it might be true statistically speaking relative to Windows, it is unhelpful in being a rightfully vigilant denizen of this wretched hive of scum and villainy we call the Internet.

  • Re:Winning formula (Score:4, Insightful)

    by Haedrian (1676506) on Friday April 20, 2012 @12:45PM (#39747269)

    That's how Science works.

    You build a model, you predict things, you test it. If it fails, you fix your model, you test it again.

    Now we'll see how his next prediction holds and we can then judge his model

  • by Anonymous Coward on Friday April 20, 2012 @12:51PM (#39747339)

    You should get out more.

  • by davester666 (731373) on Friday April 20, 2012 @12:59PM (#39747447) Journal

    What's funny is that NONE of the anti-virus products blocked it, indicating just how useless their products are.

  • by msobkow (48369) on Friday April 20, 2012 @01:00PM (#39747461) Homepage Journal

    Servers are more secure than desktops in the Linux arena primarily because there is no idiot user sitting in front of the keyboard to click "Ok" when malware tries to install itself. Also, servers aren't typically used for surfing and downloading, so the malware doesn't get a chance to try to install itself.

    Only once since I started programming in the late '70s have I seen a machine that was infected without the intervention of a user disabling the anti-virus or installing pirated/downloaded software. Once.

  • Re:Correct (Score:4, Insightful)

    by ByOhTek (1181381) on Friday April 20, 2012 @01:42PM (#39747959) Journal

    Two examples I've ran into:

    Limiting it to just people who have IT experience that I know:
    (1) One person literally told me that it is impossible for a mac to get a virus.
    (2) One has said that, since he uses Chrome and MacOS, he can't get malware, period.

    That's maybe 10% of the MacIT people I've dealt with, the rest have been in the 'it is less likely' camp.
    From the non-IT Mac users, it's closer to closer to half, that fall into one of those (or similar, change the web browser), categories.

  • by Luckyo (1726890) on Friday April 20, 2012 @02:02PM (#39748223)

    Anti-virus software is good at blocking threats that are not zero-day threats. I.e. known viruses reused. Much of stuff out there that actually does damage falls into this category (think conficker for example).

    The only thing that can protect you against zero day threats is having solid security practices on user's end. And even that is not guaranteed (think valve source code theft).

Never put off till run-time what you can do at compile-time. -- D. Gries

Working...