Is it really true that it’s only a matter of time before Macintosh users are under siege by a flood of viruses and malware? McAfee announced recently that 2011 would be a bad year for people using Apple computers, as hackers will be increasingly attracted by growing Mac market share. It’s not at all hard to find experts who agree.
The thing is, they also agreed back on July 18, 2010, June 17, 2010, April 9, 2008, and October 20, 2006, among many other dates in the past which I didn’t bother excavating from Google. Remember that horrible Christmas of 2006, when all of your Macs broke simultaneously?
Me neither.
How malware hackers eat
It’s worth noting how computer malware comes into being. Unlike biological viruses, such as H1N1, malware doesn’t spontaneously create new offspring. New viruses require the effort of “black hat” hackers, who try to create code that is easy to replicate, hard to remove, and does something to benefit of its creator.
That last bit is a crucial part of the malware environment. A few malware hackers write software attacks purely out of malice, but mostly it’s done for profit. In theory, the more Mac users there are in the world, the more appealing they become as a target for hackers. This theory is pretty much the sum total of the analysis you’ll see about Mac security on many general news sites.
In practice, though, there are three major components that play into the creation of viral attacks:.
Motivation: Hackers will attack where they have reason to do so. Consider the Stuxnet worm that attacked sensitive computers in Iran. If anyone knows for certain who wrote this, or how it was introduced into Iranian nuclear plants, they’re not talking to Macworld. But these attacks weren’t motivated by the sudden increase of people walking around carrying programmable industrial logic controllers in their pockets.
Opportunity: When there’s vulnerability in software—from Apple or or any other vendor—the malware hacker community is almost always the first to know. After all, this is their bread and butter—give them a chance to make money, and they’ll race to exploit the vulnerability before it’s found and fixed. Serious computer security experts (who are, alas, less frequently quoted in the general media than software vendors and supposed experts who give good sound bites) classify these opportunities into vulnerabilities (theoretical avenues for attacks) and exploits (actual attacks taking place in the real world).
For example, when going away for the weekend and forget door lock, but come home to an intact House, which is a vulnerability. But when you came back to find some rogue has off with belongings and possessions made thanks to your forgetfulness is an exploit. Most computer security issues read – and in particular that you see are vulnerabilities on cable TV news. But we are susceptible to thousand things a day, including death rays from outer space who do everything, from cancer cause to your MacBook crash. If you already both your hat and laptop bag with aluminium foil lined, are clearly not to these concerns. (Also should-the probability that this happens are very small.) (And the aluminium foil is unlikely to help.)
Herd immunity: Herd immunity is a concept from biological infection that also applies to computers. Disease relies on a certain critical mass to spread: if your population is dominated by those who are immune to infection, it helps curtail the communication of the disease. In terms of computers, it means that so long as the vast majority of machines that your computer interacts with aren’t subject to the same malware—i.e. when your Mac talks to Windows PCs—you’re less likely to get infected. When your machine talks mostly to computers that are susceptible, herd immunity is lost.
So, the assumption that is made by almost all of the doomsaying articles linked above—and thousands I didn’t link to—is incorrect. There is no magic number of Macs, above which they suddenly become less secure. There is instead a theoretical protection that is offered by Macintosh market share. The actual point at which a larger market share becomes dangerous depends entirely on the nature of the threat.
As Macs are built on many of the same technologies as the iPad and iPhone, it is possible that the rapid rise of iOS devices exposes Macs to new vulnerabilities. But until an actual exploit is in circulation, this is simply a conjecture that falls somewhere between “aliens are killing cows in Montana” and “global warming will submerge Manhattan in 2050.” It’s my opinion that beachfront property in Pittsburgh might be a good buy-and-hold strategy, but there’s still considerable debate about how the proven vulnerability of ocean surface rise will play out in human-impact exploits.
How Mac users think
There’s a second flaw in the Macs-are-vulnerable argument: the oft-repeated notion that Mac users believe their Macs are immune to attack. This is mentioned in both the McAfee report as well as the Computerworld coverage.
I beg to differ on the basis of overwhelming and purely anecdotal evidence. As a Mac consultant, author and generic “expert” a bunch of people in my community I regularly field questions on Mac Security. (Dies_zeigt_ein_allgemeines_Verstaendnis,_dass_A) vulnerabilities on Mac and B exist) people are curious enough to ask questions. Nobody has ever asked me, if cosmic rays can crash your computer even though it can or whether your MacBook can come to life over night and their RAID refrigerator. Mac users seem to assume they are safe from death rays and late in the night Mac snack raids, otherwise I would ask about these threats. When people ask me, they do about malware and I take that as evidence that they do not assume they are immune.
As for what you should be doing about these attacks, that has been covered by experts numerous
times
in greater detail than I can address here. Given that you’re reading this article, you’re already doing the most important thing you can: Staying informed. When a new Mac vulnerability breaks, you’ll read about it on Macworld and other Macintosh-specific news sites. When this escalates to the level of a circulating exploit, you’ll see even more coverage. If and when an exploit becomes common—which has not occurred since the primary method of moving Mac files around was an 800K floppy disk—then you won’t be able to avoid hearing about it if you’re keeping up on Mac-specific news.
Conversely, you should take any information you get about the Mac from a general news site with a grain of salt. Unfortunately, many tech and computer news websites can fall into the “general” category here more often than they probably should. If you hear about a threat, but it doesn’t seem to concern editors at Macworld and other reputable Mac sites, then those general sites are likely missing something. When something is genuinely dangerous, you’ll hear about it here from Mac-specific writers and editors. You’ll also be told how to protect yourself, if such a method exists.
Critics have often Apple advertises the tightness of the systems, but it is worth noting that the company recognizes its imperfections. For example it is still recommended that Mac users downloads scan from untrusted sources with antivirus software. (Users, the an antivirus package a set of options.) Apple itself builds a wide range of measures to security in Mac OS, including in OS X recent incarnation-a limited malware detection system. Security requires a proactive approach, but Apple helps users out by most of these measures by default.
In the meantime, despite the many varied technical debates to the contrary, you can generally rest easy—unless you enjoy getting lost in the weeds where Mac experts and geeks like to hang out. You’ll find many debates among Mac experts about theoretical dangers, and these can sometimes make it into the general media. But that doesn’t mean you need to take action every time the hint of a threat pops up in your RSS reader. The vaunted grain of salt and information from reliable sources should see you right.
One issue that we don’t seem to bother about in the Mac community is the possibility that even though most viruses won’t affect the Mac, they can still be carried, and passed on. This came home to me when I took some files to a local printer, and was told that there were two trojan files on the memory stick I was using.
I suppose we can say that it is not our problem… however, I don’t want to be the one who passes on malware to a colleague or friend unwittingly… Hence I bought Norton antivirus for the Mac.
Incidentally, I don’t keep it on all of the time because of the degradation to system performance, but just scan the system regularly