Macintosh Security: No Need for Perfection

by Chris Seibold Mar 24, 2005

Any time you start talking about Macintoshes debates are sure to ensue. You have Apple fans that swoon over every little thing that emanates from 1 Infinite Loop and those who despise anything in consumer white or brushed aluminum. The one topic that the two groups usually do not debate is the Macintosh’s relative immunity to all forms of malware. On the other hand just because no one denies the fact that the Mac platform isn’t riddled with viruses doesn’t mean people have given up talking about it. Instead of “Whether or not the Mac is safer” the debate has shifted to “Why the Mac is Safer.” There are those that believe the Mac is inherently more secure and those that earnestly opine that Macs aren’t regularly hacked owing to the relative paucity of the platform. At this point the long time Mac user simply shrugs and thinks: “It’s a secure system, the ‘why’ isn’t important.” And to great extent that bit pragmatic thought is enough, or it was until Symantec weighed in on the issue.

The debate flared yet again when Symantec issued a report saying that Macs would be the next target of malicious code. They note that there were some thirty-seven major vulnerabilities found in OS X in the past year. Couple the vulnerabilities with a market that Symantec thinks will rise to 5% and you’ve got a brand new spiffy target for those that would invade your computer. Here it is worthwhile to remember that Symantec is in the business of virus protection so the idea that they’ll come out and publicly say that there is no need for their product is akin to Apple releasing Tiger while saying “It’s just a few more gimmicks, no real tangible improvements exist.” Even noting that Symantec has a vested interest in moving more product one has to wonder if they are correct. Will the Mac be the new platform of choice for zombie PCS? Will viruses propagate throughout the Mac-o-sphere unfettered? Or will everything pretty much stay the same?

The first issue that needs to be addressed is the notion that a 5% market share suddenly makes the Mac a prime target. Symantec’s logic is this instance is nigh inscrutable to the casual reader. On the other hand Symantec knows much more about malware than the average Joe so maybe it is the case that there is a consortium of evil programmers that adhere to a strict code of going malware writing nuts only when a computer platform hits some arbitrary share of the market. Other than that unlikely scenario it is hard to see why the Mac would be ignored this long and suddenly become desirable, after all the as yet unseen market change is still very small. It is also useful to point out that when Apple controlled 4% of the market Windows had viruses and Macs didn’t. So barring the secret cabal mention previously one is hard pressed to think why a still very minor portion of the market would be so tantalizing to internet evildoers.

The 37 major vulnerabilities aren’t so easily over looked. It is possible, perhaps likely, that the thirty-eighth or hundred and fifteenth vulnerability might be discovered by someone with maliciousness on their mind and the requisite coding skills. If someone discovered a vulnerability and wanted to make a statement they could really make a name for themselves by cracking the supposedly impervious OS X operating system. This isn’t too far fetched, there are some folks who write programs and viruses not for financial gain or access to your data but simply because they can. A threat to data to be sure and a major headache but not exactly the bank account draining, data stealing malicious code people constantly fear.

So if we allow that the Mac could possibly be hacked we are left to wonder: Will OS X attract the mass of malware that plagues the Windows system? Many people will argue that that will be directly correlated with market share, the more Macs sold the more incentive (and money) to be made by doing very bad things to the computers. The truth is not quite as obvious. An experiment may shed a little light on the issue. Find a friend and tell him or her to steal one hundred dollars from you. Next get three crisp one hundred dollar bills. Tape bill number one to your front door with a note that says, “please don’t steal”, place c-note number two in your dresser under the socks, take Benjamin the third and head out. Spend the third hundred dollars on liquor and sushi, well anything to kill most of the day (it may seem wasteful but such is the price of experimentation). Upon returning your front door will be sans one c-note while the sock drawer will remain untouched.

The point the experiment illustrates is simple: People that would do untoward things will take the easy path. Imagine a Mac and a Windows machine as revenue generators. If one computer is substantially harder to manipulate than the other one, which has been the case, then the great majority of the bad stuff will be written for Windows. So it is not really necessary to have a nearly uncrackable computer box, you just have to have a computer that is much tougher to hack than the next guy. Therefore unless Microsoft starts making significant strides forward or Apple starts leaping backwards by bounds the Mac will remain a relatively safe haven.

Comments

  • 5% market share just isn’t enough to get out of the theory-zone of why Macs are less of a target than PCs.  It would probably even take more than double-digit market share, something approaching 50% for Apple to be a worthwhile target.  And that’s likely a long way off.

    Beeblebrox had this to say on Mar 24, 2005 Posts: 2220
  • I agree but symantec thinks otherwise

    chrisseibold had this to say on Mar 24, 2005 Posts: 48
  • It’s like that joke where two guys are in the woods, and get confronted by a bear, and the one guy freezes while the other guy bends down to put on his running shoes.  And the first guy is like “What are you doing?!?!  You can’t outrun a bear!”  And the second guys says “I don’t have to outrun the bear, I just have to outrun you.”

    Some sideways wisdom for ya. grin

    Karl had this to say on Mar 25, 2005 Posts: 2
  • Yeah. Don’t gripe about Quark. It’s not the de facto standard anymore.

    I love InDesign just from using it for my high school’s yearbook.

    piecetogether had this to say on Mar 25, 2005 Posts: 13
  • Uh… How did that cooment from M Fivis get in here?!

    I think the Mac OS is no more safe than Windows, when you get down to it. If someone wants to hack’n'crack there way into your life, and ruin your day by messing with your computer via malware/spyware/viruses/trojans/etc, then they can.

    But why would they? Generally, those with malicious intent do it for Windows ‘cause if they get a thrill from messing with people… Well, they’re going to be VERY thrilled.

    If they mess with a couple million Mac users, they might get a semi.

    Waa had this to say on Mar 28, 2005 Posts: 110
  • Go to John Gruber’s excellent Daring Fireball site for a complete discussion of the “Security through Obscurity” shibboleth, in the article entitled “So Witty”.

    Check out the rest of the site, too.

    Mike

    http://daringfireball.net/2004/06/so_witty

    M. T. MacPhee had this to say on Apr 12, 2005 Posts: 7
  • Page 1 of 1 pages
You need log in, or register, in order to comment