03
Feb 11

The last Mac myth

Back in the good old days, the die-hard Apple fans — embarrassingly outnumbered — would often attempt to debunk the many myths surrounding the platform.

They targeted such notions as “Macs aren’t as fast as PCs,” “Mac files aren’t compatible” and “Macs offer less software.”

Like most of the world, I’ve stopped worrying about such things. The arguments just aren’t relevant anymore. Even the software issue, which still exists by absolute numbers, isn’t worth discussing. Whatever the number of Mac apps may be, a Mac owner has a huge amount of titles to choose from. If you lust that badly after a particular Windows app, you can simply configure your Mac to run it.

But, nosing around on the Apple sites and discussion groups recently (this is what I do for a good time), I was surprised to see one myth still alive and well. It’s the idea that Macs are not more secure than PCs — there are simply so few Macs on earth, they’re not a juicy enough target for the evildoers. This is the famous theory of “security by obscurity.”

This is also pure crap.

Macs were once not only a tiny minority of the world’s computers, they were a fading minority. The platform didn’t generate nearly the buzz it does today. Nor was its every move reported by legions of journalists and bloggers.

If I were a hacker 15 years ago, I’d buy the obscurity argument in a nanosecond. What’s the fun of being a big fish in an invisible puddle.

However, this isn’t then. Apple is now the world’s most successful — and most valuable — technology company. Macs get far more attention than their numbers suggest. They’re all over movies and TV shows. They’re the defacto standard in graphics and design. Although the Mac market share remains far smaller than that of PCs, Mac users number in the tens of millions. And then there’s mobile technology, where Apple either leads in market share or owns a giant chunk of the category. Regardless of market share, Apple leads by far in share of mind. The world’s obsession with Apple only grows bigger every day.

Add to that the fact that Apple has spent tens of millions of dollars proclaiming to the world that Macs don’t get viruses. That was the claim in one of the earliest “Mac vs. PC” commercials (the one where PC couldn’t stop sneezing). It was an open challenge to the world’s hackers. It was Apple’s public “bring it on.”

If you were a hacker seeking glory these days, the Mac has to be one super-tempting target. Being the first person on earth to cause havoc in the Mac world would mean instant enshrinement in the Hackers Hall of Fame. It’s just horribly naive to suggest that hackers have no motivation to attack the Mac. In fact, why would you create malware for PCs, where viruses are a dime a dozen, when you can have the fame and glory that would come with bringing those arrogant Mac users to their knees? Hell, I’m tempted to go try it myself.

Hacker conventions have been held with the express goal of breaking into the Mac. They usually end with a “concept virus,” or the announcement of some newly discovered vulnerability in Mac OS X. Yet somehow none of that ever causes a blip in the Mac world.

Given the total lack of widespread Mac viruses over all these years vs. the hundreds of thousands that exist in PCs, it takes some kind of twisted logic to maintain that Mac OS X is as vulnerable as Windows.

Interestingly, there’s a newer, more absurd myth being born to take the place of security by obscurity. It’s the idea that Macs are actually more vulnerable than PCs. This belief is put out there by security companies out to sell their own software, or security experts eager to prove their unconventional smarts. They have all the reports to prove Mac’s many documented vulnerabilities. The only thing missing are the viruses.

This is not to say Macs are invincible. Clearly any computer can be compromised. Everyone needs to exercise some common sense. But the simple fact is, it’s pure insanity to run a PC without antivirus software and commonplace to run a Mac without it. I haven’t run antivirus software in my Macs since Mac OS X was released, over 10 years ago. I don’t know anyone who has.

The “Mac is vulnerable” crowd does exist and will always exist. They’ll continue to make their claims until one day they can say they were right.

I will only note that there is also a Flat Earth Society waiting patiently to be proven right. We’ll see who gets there first.

Tags: , , , , , , , ,

  • Paul

    I don’t know exactly what motivates hackers to hack. You’ve covered all the bases when it comes to seeking glory as a motivation. I might add that for those with more profitable, criminal intentions, macs must be a mighty tempting target. It’s not poor people who are purchasing all those $1,000 and up macs.

    As Willie Sutton famously said when asked why he robbed banks, “because that’s where the money is.” Likewise for mac users.

  • qka

    Today most “hacking” is done by criminals for economic gain. While malware (viruses, etc.) is a tool in their arsenal, an equally important tool is social engineering – getting the trust of potential victims to have them do something that leaves them vulnerable. An example would be to enter confidential account information on a bogus sign in screen. Mac users are not immune to that.

    — A Mac user since 1984

  • GadgetDon

    Here’s why the “obscurity” argument still holds water, at least for viruses.

    I’ve got my super mega wonder virus inserted on one reasonable well known Mac site. Mua ha ha ha ha. It’ll be caught in a couple hours, but that’s OK, the virus will spread from Mac to Mac, and soon I will rule the world!

    So CluelessMacGuy gets infected, and my super mega wonder virus starts reaching out to the computers on his network, and sending emails to his friends. Except most of the computers on the network are PCs who go “ok, you gave me a folder with a .app name – what do I do with it?”. And most of CluelessMacGuy’s friends are PC users, who are unsure why CluelessMacGuy sent them a folder.

    It’s not just enough that “there are enough people at the point of initial contact we can infect”, at each level there has to be enough people susceptible to the virus for it to spread.

    Is obscurity the only protection Macs have? No, but I doubt we’re as well protected as Windows 7 users is. Because Microsoft has been such a target, they have had to adapt to the situation. Not just look at things and say “OK, where are the obvious holes here and how do we close them” but become paranoid about “how can some %@#$# out there squeeze into it” and also develop systems for watching for exploits and responding as quickly as possible. Apple just hasn’t had to adapt to that. So even if they are pretty good at the straightforward security stuff, they haven’t undergone the trial of fire yet.

  • Bladrnr

    You win a cookie (no pun intended) for this rant. I’ve been a Mac user since 1987 and I work in IT for a Mac-only shop. Never used AV personally and don’t for my Mac users at work. There’s just no need. But it’s a joke trying to convince Windows IT people. They are so used to AV software they simply can’t see how awful things are from a Mac perspective. I would NEVER recommend a Windows PC to a friend. My gosh, there is a huge spam botnet running on hundreds of thousands of Windows PCs all over the world. Who wants to be part of that…and not even know it? Gates even went after hundreds of their URLs a few months ago trying to get it shutdown.

    http://forums.theregister.co.uk/forum/1/2010/09/08/waledac_takedown_success/

    Using a Windows PC is a tragedy if you don’t know what you’re doing. I would skip all the drama and just get a Mac, or at least a used one if I couldn’t afford new.

  • BrianM

    Re: GadgetDan

    in most cases, Mac users know more mac users, so your obscurity argument wouldn’t actually help prevent much in most cases. It is possible that these are more clusters, than chains, so it wouldn’t spread as fast as might happen with a windows user (but even the windows ones now usually require a user to at least click on something, not self spreading)

    There have been trojans (about 5 or 6 total in the last 8 or 9 years of Mac OS X), but no self spreading virus. As of yesterday when someone I know ended up with a trojan on a Mac, that makes 4 that I personally have had to deal with since Mac OS X came out (I do Mac repair & support professionally)

  • BrianM

    oh, forgot to mention I installed the free Sophos AV onto my work iMac (partially to appease the network guys) It has caught 3 PC virus/trojan/malware on stuff being migrated to a new mac (from PCs that were supposed to not have any virus on them), and a couple more on our own tech’s USB keys that for some reason the PC AV software wasn’t catching.
    And one actual Mac trojan… well the remnants of one that I had kept a copy of along with documentation of how to remove it incase I had forgotten by the time I ran into it again on a customers system, completely inactive on my desktop (it has to be executed with an entry into the crontab to keep it running) since none of the anti-virus at the time could remove it, I had to figure it out manually.

    so it looks like Sophos is finding piles of virus on this Mac at least… in reality, I either knew about it, or it wasn’t an issue since the infected files wouldn’t have been moved to the new Mac.
    (it was useful for the infected USB keys though, the techs rescanned it specifically with a different AV, and confirmed it was a potential trojan, and have replaced it with a clean version of their utility)

  • John Halbig

    @BrianM: When I was doing the Mac Genius thing a few years back, one of the upsells Apple retail was pushing anti-virus software onto Mac users.

    On the one hand it felt very much like the old joke about a door-to-door salesman in Kansas selling tiger repellent. When challenged by a skeptical farmer that he had never seen a tiger in the vicinity, the salesmen replies “See? It works!”.

    However I had no trouble selling it as part of being a good citizen of the ‘Net — That Macs, while unaffected by the various bits o’ malicious code, could still act as “carriers” of dormant viruses.

    Minor digression: The only truly “cross-platform” Mac/PC malware that has ever caused me trouble in nearly 25 years of using Macs was during the 90’s, when self-replicating Microsoft Office macros were common. Thanks, Bill! :P

  • paulr

    Here are two serious pieces of evidence that support your case. I’m surprised they aren’t mentioned more often.

    1. Back in 1990s, when Mac market share was lower than it is today, but pre-OSX, we had Mac viruses! Plenty of them. They weren’t as prevalent or as malicious as PC viruses, but they were in the wild, they caused problems, and we professional mac users were constantly updating our virus software and bracing for the next hit.

    Now in the OSX era, in spite of ever-growing market share and mindshare, nothing. Not a single virus in the wild … only a handful of trojans and other “social engineering” type threat, which no OS can protect against fully.

    2. Recall that Google has BANNED Windows from its corporate computers, for security reasons. Employees are free to choose between OSX and Linux. Anyone who needs Windows to get their job done has to make a case to the CIO … that’s pretty high up approval, so it’s clear they take this seriously.

    Google and Apple are hardly in bed together these days, so I don’t think you can put a political spin on this. It comes straight from the top of IT, and was not publicized by Google.

    I have several friends who work at Google (in both sales and engineering). They’re all fine with this. The bigger debate in their minds in iphone vs. android …

  • Manuel Plascencia

    Since the creation of the World Wide Web in 1991 ( CERN – Tim Berners-Lee ) the soul of the Mac has been untampered with Virus problems, its Operating System is STRONG and SOLID.

    When Tim Berners-Lee set out to create “WWW” and “HTML” , he did this on a NeXT Computer, not only was NeXT the development of the WEB , but had the first Web Browser , and itself was the first Web Server. Since that time NeXT OS would later become what we know as Mac OS X (NeXTStep AKA OpenStep AKA Mac OS X) .

    Now tell your self since the beginning of the WEB itself , do you think by now a hacker should have created a Mac virus. All that time , all those Millions of Mac computers, all that fame at their finger tips, NOTHING , NOT 1 VIRUS !
    http://info.cern.ch/NextBrowser.html

    Serious you haters have to come up with some other excuse , your excuses are old and tired.

  • Plain Don

    @GadgetDon wrote: “It’s not just enough that ‘there are enough people at the point of initial contact we can infect’, at each level there has to be enough people susceptible to the virus for it to spread.”

    As the infamous Witty Worm demonstrated, that is not even remotely true:

    http://www.computerworld.com/s/article/93584/The_Witty_worm_A_new_chapter_in_malware
    http://www.caida.org/research/security/witty/

    From the last link: “Witty spread through a population almost an order of magnitude smaller than that of previous worms, demonstrating the viability of worms as an automated mechanism to rapidly compromise machines on the Internet, even in niches without a software monopoly.”

    Witty TOTALLY infected a world-wide susceptible population of just 12,000 systems in 45 minutes. Obscurity didn’t help those victims…

    I’m glad Apple’s idea of security isn’t the equivalent of closing the barn door after the horses have left–a technique so prevalent in the rest of the computer world…

  • Jeff

    Here is an interesting article on what numerous computer security experts have to say about this issue:

    http://news.cnet.com/8301-27080_3-10444561-245.html

    Regardless of your position on this matter, the important thing to realize is that times are changing, particularly for users of iOS devices (i.e., iPhone and iPad). I would play it safe and use some types of OS protection at the very least (e.g., a host-based firewall), and certainly browser protections similar to Firefox’s NoScript extension, since the browser has quickly become one of the most common attack vectors on ALL platforms.

  • Icon

    a good challenge is a good fun for hackers. beating that challenge just brings great ecstasy for anyone. just add that for reasons why hackers hack.

  • Icon

    a good challenge is a good fun for hackers. beating that challenge just brings great ecstasy for anyone. just add that for reasons why hackers hack.s