Daniel Eran Dilger in San Francisco
Random header image... Refresh for more!

The Unavoidable Malware Myth: Why Apple Won’t Inherit Microsoft’s Malware Crown

200804010234
Daniel Eran Dilger
According to the Unavoidable Malware Myth, Microsoft’s Windows security epidemic of viruses, spyware, and adware will be passed on to the next major computing platforms as an inevitable symptom of platform popularity. Were this to be true, it would be bad news for both Apple’s Mac platform, which is growing several times faster than the PC average, and for the iPhone and iPod Touch, which appear to have an early lead as one of the most promising mobile platforms of the future. But malware isn’t unavoidable. The myth is wrong, here’s why.


A Sign of Weakness.
The idea most frequently thrown out by detractors of the previous articles involving the CanSecWest contest was that Macs lack the security epidemic plaguing Windows only because Apple has held a marginal percentage of the market share of all PC desktops and servers sold worldwide over the last decade. Were that to change, they say, Macs would become an equal target for malware authors and fall into the same mess bogging down Windows.

Although difficult to prove unequivocally, it is likely true that the limited exposure of Mac OS X to attacks, based on its historically small market share, has helped to prevent any Mac malware industry from developing. However, that’s not the only factor in play, nor even the most significant.

Thanks to its extensive use of battle-hardened Unix and open source software, Mac OS X also has always had security precautions in place that Windows lacked. It has also not shared the architectural weaknesses of Windows that have made that platform so easy to exploit and so difficult to clean up afterward, including:

  • the Windows Registry and the convoluted software installation mess related to it,
  • the Windows NT/2000/XP Interactive Services flaw opening up shatter attacks,
  • a wide open, legacy network architecture that left unnecessary, unsecured ports exposed by default,
  • poorly designed network sharing protocols that failed to account for adequate security measures,
  • poorly designed administrative messaging protocols that failed to account for adequate security,
  • poorly designed email clients that gave untrusted scripts access to spam one’s own contacts unwittingly,
  • an integrated web browser architecture that opened untrusted executables by design, and many others.

CanSecWest and Swiss Federal Institute of Tech Deliver Attacks on the Reality of Mac Security
Mac Shot First: 10 Reasons Why CanSecWest Targets Apple
Thom Holwerda of OSNews Calls “Mac Shot First” Misinformation and Slander. Oops!

The Past is Not the Future.
If we could travel back to 2001 and somehow alter history to give Windows a 5% share of the PC market, and grant Mac OS X a 95% share of the market, that reversal of fortune would result in spammers finding that their existing malware exploits were nearly worthless. It could also induce them to desire to write or obtain attacks exploiting Mac OS X. Third party developers would also have to make a huge shift in their allocation of software development resources, as Windows software would have much less value, while demand for Mac software would explode.

We can’t actually go back in time to do that. We can however watch in realtime as history moves forward over the next eight years. As Apple’s Mac market share has ratcheted up dramatically over the last two years in particular, there has been no change at all in Mac malware: there’s still no viruses, and no real malware threat dogging Mac users. Pundits’ predictions from as early as 2003 that Mac OS X would fall into the same malware void as Windows have failed to come to pass.

It would seem reasonable that malware authors would gradually move from being Windows-only to also target Macs, just as other software developers have increasingly shifted their resources to develop new Mac versions of their software over the last several years. However, while the percentage of major developers who offer Mac versions of their software is much greater than the Mac’s overall worldwide market share, the Mac’s share of the malware market is at zero, and shows no signs of growth.

As the future unfolds, external factors, including learning from the past, will prevent the past from playing out again exactly as it did. Before detailing how these factors will change the malware industry, consider the core fallacy of the idea that malware is inextricably tied to market share and popularity.

The Malware Market Share Myth.
Does malware development require some threshold of market share before it can exist? Is the malware ecosystem “irreducibly complex” in a way that prevents small pockets of malware from spontaneously developing to exploit smaller markets? If so, this would explain why Apple now has 20% or more of certain markets, but does not have even 1% of the malware market.

Alas, this theory is easy to crush. There have been many examples of thriving malware “serving” minor markets. Back when all computers used floppy disks, and floppies were easy to infect with boot sector viruses, Macintoshes of the Classic Mac OS era carried and transmitted viruses on floppies despite never having more than 8 to 11% of the market. Viruses were around because of a weakness, not because of the Mac reaching a certain market share threshold in popularity.

Even platform targets that are tiny to the point of insignificant are attacked by malware. Specific versions of small minority of Symbian phones were attacked by a Bluetooth virus, not because those models made up 95% of the phone market, but because there was an open flaw in their software that left them vulnerable to attack.

The idea that Apple will inherit Microsoft’s problems is based in the ignorance that Windows’ security problems are rooted in its popularity, rather than its poor architectural design. That is not true, as countless examples of viruses attacking minor platforms attest. Malware targets weakness, not popularity. Windows is plagued with malware, not because it is ubiquitous, but because it is riddled with weaknesses.

The Malware Economy.
Today, and over the last two decades, Windows has been plagued with malware because it is easy to infect. That ease results in a low cost for creating Windows malware, as the supply of potential exploits is high. Even when adding in the small risk of being prosecuted, the development cost for Windows malware is still much less than the significant, if relatively shallow, payback spammers earn on spyware, adware, and the spam and viruses that deliver and install it.

Windows’ historical weaknesses have made the creation and maintenance of malware exploits cost effective. Complicating that problem, the platform’s popularity has made payback greater. Spammers earn returns on a very small number of duped victims out of the huge volume of messages sent out. Adware earns tiny profits on a huge volume of banner popups. As the cost of creating the malware to support those businesses is ratcheted up, the profits from high volume, low margin malware businesses quickly wither. The problem that makes malware work isn’t the popularity of the platform, but rather the platform weakness that drives down the cost of creating widespread, virulent attacks.

Creating Mac malware costs more because it is harder to write (fewer weaknesses to target), harder to keep working (exploits are patched), and too easy to clean away. There’s no Windows Registry that can be subverted to reinstall the malware the user is trying to eradicate, no clumsy web-based Windows Software Update and the Windows Genuine Advantage mess that prevents users from running updates; Macs are easy to keep up to date. There is simply no workable business model for Mac malware writers, not because the Mac market isn’t big enough, but because creating and maintaining a virulent botnet of Macs would be too expensively difficult to develop, given the lack of weaknesses to exploit.

Adding more Macs to the population does not change that. If exploited nodes on a network are too expensive to maintain, adding more nodes does not solve the problem. Mac malware is not sustainable as a business model, not because of limited market share, but because Mac malware costs too much to develop and maintain due to Mac OS X’s architectural strengths.

Planting Malware For a Harvest Payout.
Security researchers like Charlie Miller, who correctly point out that there are Mac exploits to patch, fail to also recognize that exploits are only part of the malware problem. An exploit can plant a malware seed, but without a Windows Registry to nurture it and wide open ports and poorly implemented network protocols to spread it, any potential Mac malware can be easily uprooted before it ever matures. That serves to make planting Mac malware an unworkable business: there’s never a harvest.

Windows has a thriving market of spammers, not because of platform popularity, but because there were and continues to be weaknesses in the design of Windows that made it easy and cheap to exploit, along with the fact that there are millions of PCs connected to the Internet but not maintained or updated. This provides fertile ground for a bountiful harvest of Windows malware. It’s not the popularity of Windows PCs that’s causing the problem, but the fetid pools of infected PC botnets.

That problem is not the product of popularity, but simply another example of an architectural weakness in Windows. Microsoft sold those millions of users defective systems that were ill equipped to be connected to a public network, yet it advertised them as being the ideal way to use the web and get email. Why haven’t those users filed a class action suit over being sold a harmful, defective product that was unfit for the purpose it was sold?

Hardware vs Software.
It’s because users see hardware as a product, but fail to grasp that software is one too. That’s why they like to pay for hardware but not software, and also why Apple and other manufacturers are regularly sued over minutia such as the advertised size of a display and the color depth of an LCD screen, while Microsoft is not sued for defective software that causes billions of dollars of real problems. Microsoft has only been sued for cheating customers by charging too much for its software.

If the world ever figures out that software doesn’t have to be horrible just because Microsoft’s has been for decades, real solutions could happen. Until then, the primary hope for gaining better consumer electronics software is being pushed by Apple by incorporating such software into its hardware products. The public doesn’t marvel that the iPhone has great software; they simply think of it as an impressive hardware device.

That reality plays into five factors affecting the computing platforms of the future that will prevent Apple from inheriting Microsoft’s malware legacy. The next article will present why those factors will have such a significant impact on the future of malware, and why the world’s greatest malware threat will continue to be firmly attached to Microsoft, the company that introduced the epidemic to the world in the first place.

Five Factors Shifting the Future of Malware and Platform Security

I really like to hear from readers. Comment in the Forum or email me with your ideas.

Like reading RoughlyDrafted? Share articles with your friends, link from your blog, and subscribe to my podcast! Submit to Reddit or Slashdot, or consider making a small donation supporting this site. Thanks!

Technorati Tags: , , , , ,

50 comments

1 John Muir { 04.01.08 at 6:17 am }

Reckon Vista might change this in the long run? I’m no Windows enthusiast, but it appears to have plugged the most egregious gaps in XP’s Swiss cheese façade, at least so far as we hear.

Sure: Vista’s as popular as death and taxes. But it’s just as unavoidable for the denizens of the botnets which are the crucial audience. It comes on boxes … for all who know not to ask!

2 Sennoo { 04.01.08 at 7:09 am }

Thanks for your great articles.

I always believe that the virus and malware not happen to Mac OS X is not just because of its less market shares.

But I never have a way to explain it, thank you very much, your articles let me have the answer.

Please allow me to email to my friend this article.

Thank you.

ps I think you can write Cocoa application, do you?

3 Berend Schotanus { 04.01.08 at 7:42 am }

Interesting stuff. You sure convinced me platform strength does matter and OS-X is designed well.
I’m not so sure however market share is of no importance at all. As long as there is even a 10% Windows NT/2000/XP share in computer installed base why develop malware for Mac when it is so cheap and easy to do it for Windows. Like: why steal from a house with a lock on the door when there are so many houses with the door permanently open. But one day (maybe not so far away) Windows NT/2000/XP will have disappeared all together and there will be no cheap and easy opportunity for malware, just like every day stealing opportunities tend to disappear. What will happen then?
It would be great when all those malware makers suddenly would become honest and start respected businesses. Experience in other fields of crime however suggest they might start exploring less obvious possibilities to continue their business.

4 warlock7 { 04.01.08 at 8:06 am }

JM,

Lack of usability far outweighs the potential security benefits.

5 Joel { 04.01.08 at 8:11 am }

I think you’ve missed the # 1 reason for Windows Malware. By default, Windows users run as the super-user. If this was as common on Unix based o/s, you’d have the same problems. Where I’ve encouraged people not to run as Administrator, the number of malware infestations goes down…

6 Are Macs becoming less secure? { 04.01.08 at 8:17 am }

[...] of the Mac platform becoming more susceptible to security problems as it becomes more popular. As tech writer Daniel Eran notes on his Roughly Drafted site: Thanks to its extensive use of battle-hardened Unix and open source software, Mac OS X also [...]

7 dustbag { 04.01.08 at 8:27 am }

Well I guess I just should have waited a couple days, since this clears up my confusion from the “Mac First Shot” article in a huge way. Thanks again for your amazing analysis.

My company’s IT department just started a project to assess Macs for our users. The project manager said that the migration to Vista was so hardware intensive just to get to an acceptable level of productivity (read: equal to current XP performance), and that OSX has so much better performance on identical hardware, that the company viewed it as a money savings potential too great to ignore. Can’t frickin’ wait to have them come hand me a MacBook Pro to replace this piece of %$#@ Dell.

8 jezcaudle { 04.01.08 at 8:37 am }

I agree that malware authors go after the low hanging fruit and in this orchard that is Windows. Windows is also the most popular tree – if we are to keep the metaphor going.

Apache is the most used web server but IIS is attacked more.

Windows security is improving and this is good for everyone – spam in your inbox is not dependent on your OS choice. But as you point out MS make it hard for users to patch their system – even something like Automatic Updates is so annoying that it gets turned off. At work I have many applications running on my PC – I don’t want it to reboot in the night, but Automatic Updates will do that! Hence I have it switched off.

While the current economics point to the mac being malware free for the time being this might not always be the case if Apple take their eye off the ball. New business methods spring up all the time, most fail but a malware business channel that targets Mac’s, the iPhone etc is not impossible just because you or I can’t think how to make money from it.

Also the days of cracking for fun and no-profit might return. Instead of taking a gun to school and shooting people we might see an attack targeted at Mac’s for no other reason than spite and rampant teenage hormones.

The big issue that you haven’t mentioned in the last few days since the Air was hacked is that software holes are not inevitable or a fact of life in the numbers we see them today. The OpenBSD project releases very few patches for the base software that it distributes because it prefers to be secure first, features second. OpenBSD software is on the mac in the form of OpenSSH and while it has had security issues over the years, these are few and far between because of the code audit that the OpenBSD team carries out. When they identify an attack vendor in their code they look through the whole of the code base for the same or similar vectors. The exploting of code usually needs more than one hole to become effective, but removing a vector that “could in theory” be used, the “fact” of exploit becomes impossible. While other OS’s fall, OpenBSD stays up – this has happened many times with PHP or DNS flaws being unexploitable because the underlying OS is secure.

The OpenBSD team made some big changes to malloc to make it fail when memory was read after being released. They found a few errors in their own code but found that many third party packages would not compile because of the sloppiness of their programmers.

Apple has used random memory address allocation in 10.5 to all but snuff out buffer overflows but I wonder if they have gone the whole hog. This might not make business sense if 10.5 started crashing programs that worked fine under 10.4.

At the end of the day, as you have pointed out, Apple is responsible for all the software that is shipped on it’s boxes where ever it comes from. I think it needs to make sure that common programming mistakes are not in the code that it ships. I only care about Windows security because the port scanning, DDOS and spam effects my daily net experience. After that I couldn’t give a monkeys because I don’t use them (except at work), but I do care about the security of my Apple computers because they are my joy.

Apple can and should do better when it comes to security, being 99.99% better than MS is not enough for me. I would like to see them following OpenBSD with the firewall (PF), code auditing and security as their number 1,2 and 3 priorities.

9 acidscan { 04.01.08 at 9:36 am }

I think you are totally wrong about this, the market share is KEY for malware.

Let’s forget for a minute the open flaws of each system. Lately I’ve seen a BIG increase in socially engineered attacks, files that you execute and give all permissions THINKING it’s another thing, there is no way to protect a user against that type of malware.

I think the mac is STILL a non malware environment because it’s not an attractive target, because that TON of malware makers need to learn ObjC and mainly why do that if the windows environment is working perfect for their purpose.

I work as an IT admin and the majority of my users infected was mainly because they were tricked into that, executing something they thought was a very different thing.

10 Why Malware is Avoidable on Macs « dagny’s desk { 04.01.08 at 9:52 am }

[...] The Unavoidable Malware Myth: Why Apple Won’t Inherit Microsoft’s Malware Crown — RoughlyDraft… via kwout [...]

11 Rich { 04.01.08 at 10:35 am }

“Even platform targets that are tiny to the point of insignificant are attacked by malware. Specific versions of small minority of Symbian phones were attacked by a Bluetooth virus, not because those models made up 95% of the phone market, but because there was an open flaw in their software that left them vulnerable to attack.”

That’s not accurate.

The malware targeted S60 v1 and v2 phones. At the time, these S60 phones accounted for 80% of all smartphones being sold. It wasn’t technically a virus either – it required interaction from the user to firstly accept the Bluetooth file and then click through several security warnings. The malware relied on social engineering rather than any technical flaw in the operating system. The same kind of malware could easily be achieved on OSX. Why did the virus writer choose Symbian rather than Windows Mobile? No doubt because Symbian was the market leader by a long distance.

Of course, even the social engineering flaw has been shut thanks to drastic action by Symbian. Action so drastic (i.e digital signing) that it has upset a lot of honest 3rd party developers. That said, it’s this action (and the same concept with the iPhone SDK) that shows that malware *isn’t* inevitable.

12 John Muir { 04.01.08 at 10:53 am }

@acidscan

So what we need is a privilege level of user account which doesn’t allow any binary execution – or even scripting – besides what’s mandated by the admins’ white list.

Doesn’t OS X already have that when you turn on parental controls? I have to use them on my parents, being their occasional admin!

13 Joel { 04.01.08 at 11:10 am }

@acidscan “Lately I’ve seen a BIG increase in socially engineered attacks, files that you execute and give all permissions THINKING it’s another thing, there is no way to protect a user against that type of malware.”

So these are programs that you have download, and explicitly give execution privileges…? On OS X unless they’re explicitly given super-user rights they won’t affect much other than user data, or create network problems. As such they’ll be easily detectable and fixable. (Most of the problem I find with malware on Windows is that it ties into the system becomes undeletable).

There’s also the problem that they’ll need to be made executable before they’ll even run.

If users can be tricked into doing both that we should really stop the user using their Mac..

14 info-dave { 04.01.08 at 11:15 am }

I’m speaking from ignorance (which is always a dangerous thing), but for once, your article didn’t help much. This article didn’t do much to move along the malware debate.

What exactly is malware doing to Windows? And can that be exploited in OS X? If it’s a matter of a port being left open and attacking a common service, the exploit can occur in both environments. If it’s attacking Windows services that don’t exist in OS X, that’s a different story.

My solution to my Windows friends is to quit using IE and use Firefox instead. I blame ActiveX for some of the mess, and this simple change does have a dramatic impact. A system software reload is usually in order. Since you only put back a portion of the software you may have tried, the System Registry is less bloated for a while.

I certainly feel safer with the *nix use of root, admin and user layers to hide the os as much as possible. My Windows buddies tell me to run as admin because the user accounts are quite there yet. And there is no root. And in order to change my Windows desktop theme, I had to make hidden system files visible and allow another layer of access to the machine.

I’ve always thought of the System Registry as the Achilles heal of Windows, all your eggs in one basket. Easily accessible, devastating consequences. And I know nothing like that exists in OS X. But I hear a lot of stories from my Windows buddies that sound to me like they’re blaming malware for things that are registry screw ups, unrelated to the Internet.

I wonder how much of the Windows malware problem is just a registry problem. I had registry issues with W95, but no viruses, they came later. And XP SP2 and Vista have gone a long way to fix that.

So I still don’t know where we stand, but I’m going to blame ActiveX. Not that I have a clue…

15 acidscan { 04.01.08 at 11:55 am }

@Joel:

Social Engineering do amazing things even with moderate knowledgeable users and the only solution (i think) to this problem is code signing.

16 elppa { 04.01.08 at 12:14 pm }

This was a really good one, liked the analogy about the planting / harvest, it made a lot of sense.

17 harrywolf { 04.01.08 at 12:36 pm }

Good article.

I dont see the argument at all, though – if Windows is potentially, by virtue of its architecture, and actually, in the real world, full of adware sent by botnets and malware etc.etc., and OSX isnt, what is there to say?

Fact: Windows=virus, OSX=no troubles.

Until this FACT changes significantly, and it hasnt changed for about five years, then the discussion is pointless.

The reason why this comes up is because when faced with a choice between which OS to buy, a customer may say that he has heard that OSX is ‘clean’ and trouble-free.
The only way to refute this is to insist that OSX will get virii and ‘its only a matter of time’.

Well, time has gone by, and nothing has happened.

Daniel, can we now call this one a ‘win’ until something changes?
Or are we really trying to stem the tide of the ‘information malware’, where OSX will somehow, magically perhaps, get a virus, and Vista, magically again, is somehow OK?

This virus misinformation is in the head, not the computer. Hard to fix that one…..

18 KathyLee { 04.01.08 at 12:49 pm }

This was a very lucid explanation. It needs to be pointed out that the traditional viruses ARE due to Windows architectural flaws, that have only been recently addressed in Vista. Well, too late. It may be unavoidable that more and more people will be stuck with Vista when upgrading, but we have at least another Decade of the “fetid pool” of old PCs mucking up the internet.

It does appear that more malware is going the route of social engineering, so that is much more difficult to prevent users from harming themselves. But, as Daniel pointed out, it may be most difficult to create the massive botnets with current OS’s and what we really have to worry about is identity theft (or any type of personal information theft) by getting access to our data through these methods.

19 NormM { 04.01.08 at 1:04 pm }

It seems clear that exploits target the weakest links. In the past that’s been Window’s OS’s and humans. As OS’s become harder to compromise humans remain weak. Perhaps that gives Apple an edge since man-machine interaction is something they’re good at.

20 gus2000 { 04.01.08 at 1:39 pm }

We probably need to make a list of all the gigantic mistakes that Microsoft shipped in Windows as “features”:

– ActiveX
– VBscript
– Interactive Services

I think it’s safe to say that these will not be implemented in OSX, and that Microsoft had learned its lesson and will at least avoid adding any more “malware-friendly” features.

That leaves the malware authors with no attack vectors except actual software bugs. On Windows, it’s a matter of trial-and-error, but the OSS portions of OSX can be reviewed for flaws directly. This seems like an advantage for Windows (“security through obscurity”) but in reality, the openness of the OSX code allows flaws to be quickly identified; the only way to find flaws in Windows is to wait for an exploit to appear that can be reverse-engineered. Both platforms benefit from White Hat security researchers who work to patch the holes instead of exploit them.

Even assuming that Win and Mac have roughly the same number of bugs that lead to vulnerabilities, the larger number of installed Windows machines makes them a more attractive target when all other things are equal; therefore, the Mac is safer. That won’t last, but even if Mac sales double every quarter it will be half a decade or more before the Mac could start to overtake the Windows installed base. That leaves Apple plenty of time to identify and patch OSX flaws before the Mac becomes the primary malware target. The same logic applies to the speed of patch delivery: as the OSX user base grows, Apple will grow their staff so that they can stay ahead of the malware curve. Apple also benefits from the maturity of the decades-old OSX platform, as opposed to the Microsoft plan of throwing out all of their code every 3-5 years.

It’s true that any system designed to attach to a network is potentially at risk to compromise, but good design will minimize this threat. Despite what the Microsoft Apologists would have us believe, the Security Crisis of the last decade was not some unforeseeable accident but the result of poor planning, bad decision-making, and downright apathy over security. Mac OSX has never suffered from such mismanagement and engineering incompetence.

The future remains to be seen, but OSX is built on a rock-solid foundation ready to grow to the sky, while Windows resides on shaky ground and is nearly collapsing under its own weight.

21 John E { 04.01.08 at 1:52 pm }

well, we’ll see how this really turns out in about 5 years. the huge number of PC’s running the heavily compromised Windows XP (and earlier) will be greatly reduced, replaced by Vista and whatever comes next. while by the same time there will be a lot more Macs in use, certainly enough to bother with attacking if possible.

then we’ll know who was right back in 2008.

22 Netudo { 04.01.08 at 2:04 pm }

It is hard to back a statement like “Macs do not have spyware because they have a smaller market-share than Windows”.

I think Mac market-share should be big enough to attract spyware writers, but market-share alone isn’t the only factor.

Only time will tell. And I can’t wait to put a cork on pundit’s mouths in five years.

23 SamLowry { 04.01.08 at 3:49 pm }

I am surprised that no-one ever seems to point out this:
(very rough estimations and disregarding Linux, to make the point)

altogether assumed: 5% Mac OS X, the rest is Windows

two thirds of computers are in companies, i.e. in well-protected environments (intelligent IT staff, hardware firewalls,… assumed unbreakable here). They are no targets.
100% of computers in companies are non-Macs.

So, malware targets in private use: 15% Mac OS X, the rest is Windows

Of the private Mac users, 0% use protection by anti-virus software.
Of the private PC users, 75% use protection by anti-virus software.

Or, 100% of private Macs rely on their OS alone
and 25% of private PCs rely on their OS alone

Lets assume anti-virus software to be 100% successful.
Then, out of 100 PCs and Macs in private use (85+15), there are:

15 Macs that rely on their OS alone
21 PCs that rely on their OS alone (85/4)

So altogether, the number of Macs and PCs that are open to malware attacks (in the sense that they rely on the OS alone for security)
IS ROUGHLY THE SAME !
Still, there are no Mac viruses in the wild.
OS X seems to be a very hostile habitat for viruses.

24 BjK { 04.01.08 at 4:00 pm }

I’m a little late to the party, but I have a security related question,

It seems to me that a company such as microsoft, who’s platform contains the most security issues, could dry up the black market for exploits by offering their own reward for verifiable flaws in their code.
Of course, unless the flaw is patched quickly, the exploit could be resold to the malware industry. But if the profits in the industry are as is claimed in this article, this seems like it would be an effective solution.

25 John Muir { 04.01.08 at 4:02 pm }

@ SamLowry

Congratulations: you have made the Mac vs. Windows equivalent of the Drake Equation!
http://en.wikipedia.org/wiki/Drake_Equation

Nice idea, but there’s also an old computer saying: garbage in = garbage out. There’s an awful lot of assumptions in that arithmetic!

The best statistic is the fact there are zero Mac viruses in the wild, while Apple are making billions by shipping millions of them through their stores; irritating Windows fans immensely. The prestige is there for someone who can really “pwn” the Mac. Yet in practice they’re just not succeeding.

As long as Apple takes its responsibility seriously, this will continue.

26 Michael Linehan { 04.01.08 at 4:19 pm }

“I think you are totally wrong about this, the market share is KEY for malware.”

If that were true, Apache would have more problems that Windows Server. It doesn’t. With the majority of market share, its security record is, as far as I understand, similar to OS X —- i.e. solid.

27 BjK { 04.01.08 at 4:28 pm }

@ John Muir

I read the linked article, and the similarities between Sam’s equation and the Drake Equation are uncanny, right down to the Fermi Paradox!

———-

I just realized that I didn’t ask a question in my last comment. What I meant to end with was “is there a system in place that already does this? If there isn’t, why isn’t there one?”

28 chr4004 { 04.01.08 at 4:34 pm }

Amen.

29 Scott { 04.01.08 at 5:04 pm }

May those who assert that ‘Microsoft Windoze OS is in the mess that it is in because of its market share’ please provide supporting evidence or real world examples!

When did criminals care how much market share a *poorly secured* bank has before robbing it?

When did criminals care how much market share an *unguarded* cash transporting company has before committing a heist?

This market share argument is null and void!

Windoze is a crap OS, a poorly designed piece of sh!t. Microcrap is a greedy company that doesn’t give a damn about its customers and users. I lost five hard drives due to that Microsoft developed virus called IE7. Sh!t their software cannot even talk to each other!

I use to like Excel (and SQL) a lot, but the latest versions 2003 and now 2007 are behaving a lot like all other Microsoft products. Buggy, bloated and unstable. The crap crashes all the time, wasting my time in the process.

Microsoft is in sh!t because of all the reason that Daniel has outlined above. They are not virus/malware/etc ridden because they have a huge market share; they are virus ridden because they were too greedy to care about “useless” things like security. Market share has absolutely nothing to do with it!

30 SamLowry { 04.01.08 at 5:30 pm }

@ JM

“garbage in = garbage out” is a bit harsh here.
“true tendencies in -> undeniable tendency out” is more appropriate.
There are statistics that are so simple that you can’t falsify them.

Put in your own numbers (and omit the simplifying mathematical approximations applied), and you will find that under all reasonable assumptions (more non-Macs in companies, at least some success with firewalls, more PCs using anti-virus stuff) that the ratio of possible targets is not 19:1 as suggested by 95% : 5%, but much less, maybe 3:1.
This invalidates any threshold theory for malware creation (as proposed by Windows defenders). A threshold of 25% would be unrealistic, simply because it would be rather attactive to own 25% of any market. Someone would try.
This all is only one aspect, but it is an undeniable one.

31 Electric-12 { 04.01.08 at 6:01 pm }

I appreciate your commentary as always Daniel.
What comes to mind sometimes when I think of all of these bot-nets of infected unpatched MS minions – why doesn’t some enterprising individual write a virus or worm that exploits these machines and patches the registry to disallow connectivity to the Internet for these machines.
A mean idea, I know, but I have seen so much time and money spent on the “hidden costs” of saving money on MS PC’s in my corporation ( I work in IT managing a large international WAN that has come to its knees in the past due to MS exploits ) – If they are infected – get them off the network – including the BIG network.
Just my two cents -

32 WholesaleMagic { 04.01.08 at 7:03 pm }

After that article, I can’t believe there are still people saying that market share is the sole factor.

As many before me have pointed out, there are ZERO viruses for Mac OS X. Macs have 5% of the market share, right? That still means that there are millions and millions of Macs out there right now.

Don’t you think that someone would have exploited those MILLIONS of Macs if it were easy or simple to do so?

Lets take the US, for example. I just Googled some facts which say that there are 164 million computers in the US.

Let’s say that 5% run OS X. That means that there are 8.2 million computers in the US running OS X. I don’t think this is an insignificant number by any scale.

Malware distributors aren’t known for their lack of zeal. They’ll exploit anything that can be exploited. This leads us to one inevitable conclusion.

33 John Muir { 04.01.08 at 7:50 pm }

@ SamLowry

As tendencies, it’s probably better to line them up rhetorically rather than in a precarious formula, itself every bit the product of its assumptions. You’re basically right that there are more Macs in juicy locations – higher income homes with decent broadband – than a blind marketshare figure suggests. I’d just not try putting too sharp a figure on it, overlooking every exception to the broader rule.

34 FoldMaster { 04.01.08 at 11:45 pm }

the funny thing is that even if windows only had 5% of the market share, or even only 1%, its easier to exploit, so the hackers would stay there

35 Five Factors Shifting the Future of Malware and Platform Security — RoughlyDrafted Magazine { 04.02.08 at 6:33 am }

[...] The Unavoidable Malware Myth: Why Apple Won’t Inherit Microsoft’s Malware Crown [...]

36 Joel { 04.02.08 at 6:36 am }

@ acidscan : “Social Engineering can do amazing things even with moderate knowledgeable users” — if you can persuade a user to give a program execution rights, and then run it a root (and enter their password, etc) then we have a real problem with user education…

37 retnuh { 04.02.08 at 11:15 am }

@info-dave: “So I still don’t know where we stand, but I’m going to blame ActiveX. Not that I have a clue…”

ActiveX would be one of serveral reasons, basically its a problem of “always run everything” which has been a basic assumption of DOS & Windows until now. Its always been more important to just run from a business perspective than to introduce barriers. Now MS is trying to fix a problem that goes against its very nature. Think about it, how many extensions can execute or contain valid execution code, why did Outlook run scripts without asking, etc…? I’m not sure if they were trying to do a “its just works” in a “in just runs” kind of way, but they seriously got caught off guard by people with bad intensions. Also I think their need to integrate has worked against them as well, with so many technologies designed to layer on top of each other, one OCX calling a DLL that runs an executable that talks to a service that relies on a SOAP call that needs ActiveX that needs COM so my excel file shows up in my email populated by live data because it’d be too much trouble for me to just open excel.

38 Ephilei { 04.02.08 at 1:07 pm }

I don’t know if MS realizes this, but malware has sold licenses. I know multiple Windows users who said, “my computer was got really slow with lots of popups so I bought a new one” and computer and license go into the trash. It’s the same old practice of “sell cheap, sell often.”

39 retnuh { 04.02.08 at 1:36 pm }

@ Ephilei:

Besides that there’s the entire windows consulting industry that mainly exists to support something broken. I’d bet general pc tech support is the #1 most frequently used service next to custom software development and its services, in the windows IT industry. There’s a lot of money there that won’t want to go away, and will fight against it except for those that can reinvent their services into something useful. The problem is things have gone on for so long that enough people are sick of it, so change is finally happening, hopefully more good change than not. There’s a despair inc. poster that sums this up pretty well; “Consulting: If you’re not part of the solution, there’s good money to be made in prolonging the problem.”

40 bigcasino { 04.02.08 at 3:01 pm }

The people most likely to continue to claim that the lack of viruses on Macs is due to market share are IT specialists. Please tell me how an IT specialist can make money if the computers he/she services are virus free. Folks this is where it is all “at.” It is an IT specialist job protection racket. Had a Mac for 27 years. Never had virus protection, never had a virus. Do not need an IT specialist.

41 Guardian of the Non Sequitur » The Unavoidable Malware Myth { 04.03.08 at 7:02 am }

[...] The Unavoidable Malware Myth, roughlydrafted.com [...]

42 Windows Vista, 7, and Singularity: The New Copland, Gershwin, Taligent — RoughlyDrafted Magazine { 04.23.08 at 2:49 am }

[...] Five Factors Shifting the Future of Malware and Platform Security The Unavoidable Malware Myth: Why Apple Won’t Inherit Microsoft’s Malware Crown [...]

43 Myths of Snow Leopard 6: Apple is Out of Ideas! — RoughlyDrafted Magazine { 06.27.08 at 6:26 am }

[...] The Unavoidable Malware Myth: Why Apple Won’t Inherit Microsoft’s Malware Crown Ten Myths of Leopard: 10 Leopard is a Vista Knockoff! Windows Vista, 7, and Singularity: The New Copland, Gershwin & Taligent 1990-1995: Microsoft’s Yellow Road to Cairo CES: Fear and Loathing in Las Vegas [...]

44 Google’s Android Market Guarantees Problems for Users — RoughlyDrafted Magazine { 08.29.08 at 9:57 pm }

[...] Ten Myths of Leopard: 9 Apple is Spying on Users! The Unavoidable Malware Myth: Why Apple Won’t Inherit Microsoft’s Malware Crown [...]

45 The Mac Malware Myth — RoughlyDrafted Magazine { 01.29.09 at 2:00 am }

[...] The Unavoidable Malware Myth: Why Apple Won’t Inherit Microsoft’s Malware Crown Office Wars 3 – How Microsoft Got Its Office Monopoly [...]

46 There Were Never Any Mac Boot Sector Viruses — RoughlyDrafted Magazine { 01.30.09 at 4:10 pm }

[...] Boot sector viruses were (and are) exclusive to the PC. I originally got this wrong in writing The Unavoidable Malware Myth: Why Apple Won’t Inherit Microsoft’s Malware Crown. Chris W. Johnson, an anti-virus developer of the era, offered a correction that I forgot to print [...]

47 GranneBlog » Reasons Windows has a poor security architecture { 03.26.09 at 11:51 pm }

[...] Daniel Eran Dilger’s “The Unavoidable Malware Myth: Why Apple Won’t Inherit Microsoft’s Malware Crown” (AppleInsider: 1 April 2008): Thanks to its extensive use of battle-hardened Unix and open [...]

48 Mac vs. Windows: Security « Pittsburgh web design @ visuaLATTÉ | Blog { 04.14.09 at 11:55 pm }

[...] if it did, Vista would not have seen a virus for at least a few years. Or, as Daniel Eran Dilger powerfully wrote, “Even platform targets that are tiny to the point of insignificant are attacked by malware. [...]

49 Are Macs more Safe than Secure? No — RoughlyDrafted Magazine { 05.16.09 at 6:02 am }

[...] The Unavoidable Malware Myth: Why Apple Won’t Inherit Microsoft’s Malware Crown [...]

50 Neil Anderson { 05.18.09 at 7:16 pm }

John said, “Doesn’t OS X already have that when you turn on parental controls? I have to use them on my parents, being their occasional admin!”

So that’s why they call them Parental Controls! :)

You must log in to post a comment.