Yesterday, Gruber posted an article on daringfireball entitled “Wolf!”. (Oddly, I cannot find the link on the main page now.) He quoted a number of tech bloggers and the like who, over the years, have claimed that Mac OS X’s rising prominence is going to lead to a flood of malware for which stupid Mac users are hopelessly ill-prepared.
The title seemed clever but as another blogger (Guy English) points out, the story of The Boy Who Cried Wolf is not just an object lesson for the blogger boy (who was eaten by the wolf after too many false alarms) but the Mac OS X user villagers (who stopped paying attention to warnings because of too many false positives). English is not claiming that the bloggers are right, but simply that it’s stupid to be complacent.
Gruber should probably have titled his post “The Sky Is Falling” since Henny Penny’s warnings turned out to be Just Plain Wrong.
I’ve gone over the “Apple is complacent about malware” crap before (note the emphasis on security in Lion), but let’s reiterate:
- Mac OS had plenty of malware in the late 80s and early 90s.
- Apple responded by building malware detection into the OS and Claris apps, and subsidizing John Norstad’s excellent Disinfectant anti-virus software which was distributed for free and constantly updated to handle any new malware as it appeared.
- For years, Apple gave away antivirus software to Mac.com account holders, so they could find out about all the Windows malware they were receiving as email attachments.
- Apple has signaled its intentions w.r.t. Mac OS X malware by building detection of all known in-the-wild malware into Mac OS X 10.6. The fact that this comprises a total of two viruses doesn’t mean that if it suddenly became 10 or 100 or 1000 Apple would give up.
- Apple has been, continues to be, and will remain better at pushing out software updates and patches to its user base than competitors.
Social Engineering
Most of the malware around these days is in the form of Trojans. Trojans are basically a social engineering exercise that involves:
- Convincing someone to come to your site and download something (or grab an email attachment and download that)
- Install or unzip the file and run it. (Ignoring warnings from your OS in some cases.)
Every OS is vulnerable to this kind of attack unless you tie down user accounts to the point where they can’t download and run anything. (And even XP lets you tie down accounts like this if you know how.)
Arguments about user accounts and so forth are moot. If a program can stomp around in user space then 99% of us are screwed. Knowing that your computer will still be able to boot afterwards is of no value whatsoever. (In fact, it may be of negative value since you will be less likely to realize what happened.)
So, the real question is: what makes a user more likely to download and run a Trojan?
My suggestions:
- Being terrified of malware and yet too cheap to buy antivirus software and too stupid to Google for good free software. A major source of trojans is sites advertising free malware protection.
- Wanting to get free warez.
- Being a moron who downloads and installs random shit.
- Running an OS that bogs you down in stupid warnings all the time (i.e. early versions of Vista).
Note that being an overconfident Mac Fanboy makes you immune to the first item in two different ways, and makes you less vulnerable to the second in one way. Clearly, there are morons using every platform, but given that overconfident Mac Fanboys tend to be wealthier, better educated, and have a demonstrated tendency to spend more for quality stuff, I suggest that they’re less vulnerable to item 3.