Follow Slashdot stories on Twitter


Forgot your password?
Desktops (Apple) Privacy Security Apple News

Why You Shouldn't Panic Over Mac Malware 370

Earlier this week, we discussed reports that Mac malware was finally becoming a significant problem. Now, reader wiredmikey points out an editorial arguing that everyone should slow down and analyze the situation more calmly so the threat can be accurately assessed. Quoting: "According to Apple, the Mac installed base is approximately 50 million users. But according to Gartner, the number of Android handsets sold in 2010 alone exceeded 67 million units, giving it an installed base that is larger, and growing much faster, than the Mac base. If a large numbers of eyeballs is indeed the lure that causes criminals to write malware for a given operating system, surely Android is a more tempting target than Mac OS. ... I predict that the increase in perceived risks to Mac customers will give Apple the excuse it needs to increase its control over the Mac software ecosystem, by moving ISVs to the Mac App Store. It is no accident that the theme of the upcoming Lion desktop operating system is 'Back to the Mac': taking concepts that Apple employed successfully with the mobile version of OS X (iOS) and back-porting them to the desktop OS. One of those features is the introduction of the Mac App Store, an Apple-controlled storefront for selling and distributing applications. ... This provides buyers some assurance that their apps are from known points of origin and that they don’t contain malware, such as the Mac Defender Trojan horse.
This discussion has been archived. No new comments can be posted.

Why You Shouldn't Panic Over Mac Malware

Comments Filter:
  • by Deus.1.01 ( 946808 ) on Sunday May 22, 2011 @05:34AM (#36207012) Journal

    Now they even stole microsofts excuses.

  • by Flipao ( 903929 ) on Sunday May 22, 2011 @05:46AM (#36207040)
    There's no need to deflect attention,, this is not about Android, this is about Apple computers having the type of issues for which PCs have always been made fun of.

    The reason Mac users are now targetted is because they are less computer savvy, have deep pockets and have been educated to open their wallet on command.
  • by AliasMarlowe ( 1042386 ) on Sunday May 22, 2011 @05:49AM (#36207052) Journal
    ...because you don't have a Mac?
    That covers most people - many of whom actually should panic over Windows malware. But nobody should be too smug, not even Linux-only or BSD-only users, since every compromised machine (Windows or Mac or whatever) pollutes the internet commons.
  • Astroturf. (Score:5, Insightful)

    by Anonymous Coward on Sunday May 22, 2011 @06:12AM (#36207134)

    Nice bit of Astroturf there.

    So, we shouldn't worry about malware on the Mac because Oh LOOK here's some speculation about a completely different OS so don't pay attention to this story anymore!!!

    And then the inevitable push from Apple to have total control over you system by the eventual restriction of apps to Apple market-approved programs only. Well that's sure a nice idea, too bad some of the Official apps like Safari also contain security weaknesses. So much for the safety of the walled garden approach. But it's not stopping them from trying, apparently.

    No, I don't panic over Malware on my Mac. It has nothing to do with Android, or any other OS, or the App Market, or anything else this shit-for-an-article is talking about.

  • by dr.Flake ( 601029 ) on Sunday May 22, 2011 @06:15AM (#36207142)

    Sort of the same for me.

    For me the route was also windows -> linux -> OSX.

    However, during my linux period i grew accustomed to finding great software doing almost everything i could wish for within a few clicks/google searches.

    For OSX its the opposite. For every small task that i want to accomplish, i seem to need to pony up. Every small time programmer tries to make a buck with his little program. Nothing wrong with that, but where are the Free/Libre alternatives?

    For now, after long searches i end up installing untrustworthy programs, because i'm used to get it all for "free" (he, i am Dutch). My problem, sure. But a lot of people like me would fall into these kind of traps.

  • by MROD ( 101561 ) on Sunday May 22, 2011 @06:20AM (#36207156) Homepage
    The story has the correct title but rather misses the point. Yes, it's not time to panic. There is a set of malicious tojan horse programs out there for MacOS. The current crop require the user to authorise their installation. i.e. the security weakest link (at the moment) being exploited is the one behind the keyboard. Very often this is the places where security is the weakest, just watch WarGames if you doubt this. MacOS is by design, with a greater degree of privilege and OS/Application separation, more resistant to attack than Microsoft Windows has been. However, this is not to say that it is not vulnerable. All systems are, be it design flaws or merely implementation flaws. Yes, I'm looking at you Linux, FreeBSD, OpenBSD, Solaris, HP/UX and AIX. No-one can rest on their laurels.
  • Re:Panic? (Score:4, Insightful)

    by msauve ( 701917 ) on Sunday May 22, 2011 @06:25AM (#36207182)

    Today, we celebrate the first glorious anniversary of the Information Purification Directives. We have created, for the first time in all history, a garden of pure ideology — where each worker may bloom, secure from the pests purveying contradictory truths. Our Unification of Thoughts is more powerful a weapon than any fleet or army on earth. We are one people, with one will, one resolve, one cause. Our enemies shall talk themselves to death, and we will bury them with their own confusion. We shall prevail!

    And you'll see why 2011 will be like "1984."

  • by sunspot42 ( 455706 ) on Sunday May 22, 2011 @07:12AM (#36207352)

    Yeah, this story is complete bullshit. Apple is not going to lock down Mac OS X Lion.

    I disagree. I think Apple probably will ship a locked-down version of OS X sometime in the next couple of years, and it'll be the default version of the OS. Yeah, you'll still be able to unlock it, but it may not be particularly easy - indeed, the ability to unlock may only be available in a separate "professional" version of the OS.

    And I think given the stupidity of the average user (Mac, PC, Android, whatever), this is probably not a bad thing.

  • by boristhespider ( 1678416 ) on Sunday May 22, 2011 @07:14AM (#36207368)

    Wait, you mean.... the majority of people aren't computer savvy????? STOP THE PRESSES!

    I'm not sure why people find this so hard to understand. Most people in this world
    a) Don't understand computers
    b) Don't really give a shit about understanding computers
    c) Simply just don't care

    That goes whether they're running Windows or Mac -- and for those who use a Linux their more computer-savvy relatives installed on their computer. And these days I strongly expect more and more Linux users to be computer un-savvy. That's the whole point behind Canonical's ethos is to grow beyond people who enjoy recompiling kernels, after all.

  • by Tom ( 822 ) on Sunday May 22, 2011 @07:20AM (#36207386) Homepage Journal

    However, during my linux period i grew accustomed to finding great software doing almost everything i could wish for within a few clicks/google searches.

    For OSX its the opposite. For every small task that i want to accomplish, i seem to need to pony up. Every small time programmer tries to make a buck with his little program. Nothing wrong with that, but where are the Free/Libre alternatives?

    Not learnt anything during your Linux period? Ok, I'll help out. The answer to your question is: Are you writing them? No? See, that's why they're not there.

  • Re:Qubes OS (Score:5, Insightful)

    by Anonymous Coward on Sunday May 22, 2011 @07:24AM (#36207402)

    I don't know whether your post is serious or a reference to some meme I am unfamiliar with, but anyway.

    Everything is in a VM instance

    If this is the (only) reason why it is "secure", and the official website seems to say so, you may want to go with OpenBSD anyway. To quote Theo de Raadt:

    You are absolutely deluded, if not stupid, if you think that a
    worldwide collection of software engineers who can't write operating
    systems or applications without security holes, can then turn around
    and suddenly write virtualization layers without security holes.

    Rutkowska definitely has an impressive resume, but I don't think that even someone like her can make a system secure just by using virtualization. However, I will make sure to keep an eye on that project, it looks quite interesting even though it won't replace my current setup.

  • by Anonymous Coward on Sunday May 22, 2011 @07:32AM (#36207420)

    Around CS and math departments at universities, it seems to me that macs are becoming almost universally adopted. Same is true for the best back-end oriented tech companies (e.g., google). I think it's likely that there are two peaks for computer skill for mac users-- very competent folks who are willing to pay more for an easy-to-use unix laptop, and those less savvy folks that you seem to have more experience with.

  • by stewbacca ( 1033764 ) on Sunday May 22, 2011 @08:16AM (#36207592)

    And, yes, they will certainly lock down OSX.

    Ahh, the inevitably incorrect Apple prediction. The most valuable tech company in the world that was predicted dead in 1997...the company that killed the floppy drive prematurely...the company that adopted USB too early...the company with the lame mp3 player.

    You may still be able to buy a Mac Pro with an unlocked OS, but I'm willing to bet that soon all iMacs and MacBooks will be 100% walled garden.

    That is possibly the most stupid prediction I've seen. Why would the company who is getting ready to consolidate OSX Server and OSX Home into ONE edition --OSX Lion-- start making different versions of the OS based on the user's hardware?

    Keep predicting slashdotters, because my livelihood benefits from your terrible predictions.

  • by pandrijeczko ( 588093 ) on Sunday May 22, 2011 @08:52AM (#36207824)

    Just an education to those "happy-go-lucky" fanbois who believe their beloved Macs are somehow immune to malware:

    1. Malware can appear on any system - yes, even my beloved Linux is not totally immune from the threats.

    2. Defending computing devices against malware is as much about your own common sense as it is about someone else's anti-walware software or handing over your responsibilities in their entirety to Lord Jobs The Almighty. That means understanding *how* malware can enter through a web-site, email attachment, etc. and not going to sulubrious websites or opening emails where you don't necessarily trust the source. Yes, fanbois, it may be beneath your designer "pay someone else to do it lifestyles" but it all comes down to not being naive plonkers and learning how a computer works.

    3. Apple has become an "evil company" in the eyes of many, just like Microsoft and Sony did. When that's the case, subsets of malware authors who consider themselves to be Internet Robin Hoods will consider that they are doing the world a favour by targetting Apple over and over again. Whether they do that or not is irrespective of how many Macs are out there, it's more on just how big and evil they perceive Apple to be.

    4. Apple moving all software under the App Store banner is *precisely* what Apple wants to do because it makes them more money - it has *nothing* to do with anti-malware measures apart from giving them a good excuse to do it amongst the faithful. As that lockdown gets more and more, you will see a recurrence of exactly what has plagued Windows for many years - namely that not every fanboi has millionnaire parents and whilst some will buy every piece of software they use, most will get cracked copies which will be infected with all manner of malware because they won't or can't pay for the software.

    5. Yes, Android will also be targetted and non-techie Android users will suffer as a result. But anyone who is tech-savvy knows where the legitimate sources for software are and how to do as many checks as possible before installing anything. I've run Windows XP alongside Linux for years, for about 5 years now I went totally legitimate in the software that I use (I gave up with cracks and warez, I use Open Source programs and legitimately licensed and paid-for software) and I've not seen a piece of malware or virus in years - and that's running freebie virus checkers and anti-malware programs.

    6. I've not used Vista or Windows 7 because I've found no good reason to - but as I understand it, in Windows 7 Microsoft have put in much better layered security that takes into account people who don't know what they're doing and, as a result, it's having a positive effect on reducing malware spread on Windows 7. Yet at the same time, Apple leaves a ridiculous amount of unpatched flaws (especially in that Safari garbage) on their systems. The net result is malware creators will ultimately find it easier to target Apple than Microsoft, as Microsoft gets better and better at holding them back. (Nope, I'm not an MS fanboi, I use Linux more than Windows but I tell it like I see it as a security techie in my day job.)

    So stop with the defensive posturing, get your heads out of your assholes and READ THE FUCKING MANUALS like the rest of us do.

  • by XManticore ( 2128426 ) on Sunday May 22, 2011 @09:30AM (#36208040)

    This is something Apple took the piss out of a couple years back, why would they start doing it with their own products?

    To paraphrase SJ when he was introducing Mac OS 10.whateveritwas: "We have a Basic Edition that retails at $99. Moving up from that, you can purchase the Home Edition, also for $99, or the Business Edition for $99. And if you want the luxury of having all the features that we've built into Mac OS X, you can go all out and purchase the Ultimate Edition –at just $99".

    They're not going to feature lock. This would just be daft.

  • This is why I figured it would only be a matter of time before Macs end up nearly as infested as Windows boxes. the last numbers I saw were something like an average income of $100,000 for Mac owners, which means snatching their CC numbers will be worth a hell of a lot more than snatching the CC from the girl that works the checkout at the Wally World who just got her a $400 Dell laptop.

    This is something that both Linux and Apple users are simply gonna have to accept, it is simple really all computers are vulnerable period. ALL OSes, I don't care who makes them, are extremely complex piles of code with so many interactions on so many levels nobody can have a full grasp of all the variables anymore, and that is before you add third party code on top.

    Can they be made more secure? Of course they can, which is why you see only 4 infections per 1000 on Windows 7 VS 14 per 1000 on WinXP. But no matter how well you harden the OS it always comes down to the user is the weak point which is why here in my shop I've seen Windows malware go from drive bys and exploits to nearly all social engineering based, it is simply easier if you can trick the user to help you.

    In the end owning a Mac or running Linux doesn't instantly make you a CS genius or make you invulnerable to social engineering, as we saw with the Mac DNS changer bug or the KDE screensaver malware that went around a couple of years ago. It all comes down to how bad the bad guys want in, and how much working they are willing to do for a target.

    What has protected Macs and Linux in the past is that malware writers like all criminals are naturally lazy creatures, and there was plenty of low hanging Windows machines to snatch. Now that Android is popping up everywhere and the malware guys are starting to realize Macs=money I have NO doubt things are gonna change, just as I have seen Windows malware going from exploit based to third party to social engineering. Times change, targets change, and I have a feeling so many have bought the "Macs don't get malware!" meme that until some really nasty bugs hit Mac guys are gonna be easy pickings. I've already seen it myself, with having to argue with a customer who swore up and down his Macs couldn't possibly be infected even as the DNS Changer bug was redirecting everything.

Neutrinos have bad breadth.