The Mac Malware Myth
January 29th, 2009
Daniel Eran Dilger
According to proponents of the Mac Malware Myth, Mac users should be afraid of a series of reports about a “rising tide” of malicious software and in panicked response, install anti-virus software from the vendors who propagate those dire warnings. They’re wrong, here’s why.
For more than a half decade, the Windows-enraptured tech media has been banging on a drum about the imminent arrival of Mac viruses. As proof of this coming wave, they always cite researchers employed by anti-virus vendors who recount vulnerabilities found in Mac OS X or occasionally trojan horse malware designed to dupe Mac users into manually installing software that intentionally causes problems.
This is like warning the population of the threat of a global pandemic outbreak based on press releases issued by a homeopathic group concerned that isolated reports of individuals hitting themselves with a hammer might portend a greater public health crisis, unless more people coat themselves with 30x ferrum phos obtained from one of their practitioners.
Somewhat ironically, a good long time ago, well before any of today’s pundits were trying to suggest that Windows isn’t really that insecure and the Mac isn’t really any better, there was a time in the 80s that Macs did suffer from regular infections, at least if you were in a school setting where kids were passing around floppies infected with boot sector viruses. That was in the days before Microsoft ported the Mac desktop to the PC and called it Windows. A lot has changed since. (Correction: There Were Never Any Mac Boot Sector Viruses )
Someday, someone might develop code that attacks Mac OS X, then replicates itself, and propagates the attack to other systems. Of course, for that type of viral attack to have any real and lasting effect, it will also require Macs to be widely installed by millions of users in the 1990s, prior to the development of Software Update over the Internet. You’ll know this is about to happen shortly after the first time machine is invented.
Until then, you can rest assured that every article you read about a wide spread virus attacks is really about Microsoft Windows. Of course, there will also be those sneaky articles written in CNET and Wired and the Register that insinuate that trojan horse attacks are the same thing as viruses because they are both “malware,” just like stubbing your toe and the Black Death are both “health-related issues.”
Goodin Questions Security Using Obscurity.
One recent example of this comes from Dan Goodin, filling space in the Register. If you’re one of the millions of web readers who stopped reading the Register back in the late 90s when its effeminate sassiness grew tiresome, let me fill you in on what the site has been up to lately.
Goodin’s most recent article “Mac malware tide on the rise!” (exclamation point added to highlight the silliness) desperately bends backwards to conflate a) malicious software dressed up as pirated warez that tricks one individual Mac user into manually bypassing operating system security to install it once with b) the self-installing, self-replicating viruses that rapidly spread to millions of Windows PCs overnight, like the recent Conficker virus (aka Kido or Downadup), which has now infected more than 15 million Windows systems across the globe.
Goodin was careful not to directly refer any of the four Mac malware reports that made up his “rising tide” as actually being viral, but he expertly wove in mentions of “anti-virus providers,” purposely muddying the waters to suggest that Macs have no security advantage over PCs running Windows, the platform that must always run anti-virus software or else face immediate infection.
Warning: yikes link Mac malware tide on the rise • The Register
The Business of Fear Gets an Education.
Googin’s article was sponsored by Symantec security ad banners and made direct reference to “Mac anti-virus provider Intego” and “anti-virus provider Kaspersky.” How is it that there is any software industry built around Mac anti-virus when there are no Mac viruses?
Fear. And ignorance. It is certainly conceivable that a Mac virus could be written, even it if would not pose the same widely infectious threat that Windows users face every day they are connected to the public Internet. However, it is not accurate to say that installing anti-virus software would protect Mac users from such a theoretical situation.
In fact, anti-virus software itself is a key target for infection. That’s because anti-virus software sits in a powerful, trusted position within the operating system and has its own mechanisms for accepting updates from the network, which are often easier to corrupt than the operating system itself.
Apple itself discovered this when it began shipping Virex as part of its Dot Mac package. While the anti-virus software was never compromised by an external virus attack, it did cause other low level problems for the system, which got so bad Apple yanked the title and stopped distributing any anti-virus tool at all for Macs. It also stepped up its advertising of the fact that Macs had no viruses in the wild. When dealing with fear, sometimes the best defense is a good offense: education.
Apple’s other offensive is in working to progressively bolster the security of its platforms. That means regular updates to its system software, new technologies incorporated into Mac OS X, and new security policies that make infecting the iPhone and iPod touch virtually impossible.
Anti-virus software on Windows, like Windows itself, has actual exploited vulnerabilities that have been used to spread infections. That risk is usually overwhelmed by the greater risk of not running anything and being more likely to fall victim to one of the tens of thousands of active viral attacks that can infect Windows software.
On the Mac, there is no background danger of viral infection, only a theoretical one. That makes running anti-virus software a risk not worth accepting. It’s not just that there’s no valid reason to run anti-virus software, but that there is real danger in installing anti-virus software on the Mac and assuming that you are now protected from any problems.
Installing anti-virus software on a Mac puts you at greater risk because the anti-virus software itself provides new opportunities for potential infection. If that’s hard to comprehend, imagine covering yourself with band-aids with the hope of avoiding any potential for infection; the reality would be that those bandages wouldn’t do anything to protect you from being infected if you were actually injured, and up to that point they would only serve as a potential media for culturing infectious bacteria and keeping it in contact with your body.
Prophylaxis not Always a Panacea.
Similarly, because there are no known signatures for Mac viruses (because no viruses yet exist), there is no way to prevent infections that might be developed. The security software would have to be updated to provide any protection, but that update mechanism also serves as a potential vector for distributing elements of malicious attacks, either directly or by opening up potential new vulnerabilities.
Were there some real, plausible risk of Mac viruses being developed (say, you operated a large lab of Macs that served as a valuable target for attackers), it might make some sense to install anti-virus tools so that you could mitigate damage once a threat was discovered. It also might make some sense for some institutions to install tools that limit what software its users can install.
However, for home users, Mac anti-virus makes no sense whatsoever. All it can possibly do is slow down the system, add some irritating interruptions, and provide a false sense of security while actually undermining real security by adding new layers of potential vulnerabilities. Very targeted attacks, ones that might exploit a vulnerability to gain access to your system, are not preventable with anti-virus software that only scans for known patterns of malicious software.
Really, how useful is it to install anti-virus software that can realistically only stop you from installing software you should know better than to attempt to install in the first place, whether it’s the pirated version of Photoshop or the pirated version of iWork or an unknown anti-virus package from the web? Yes, those are the four fearsome malware examples Goodin cited as his “rising tide” of Mac malware, and which, coincidentally, Intego cites as the reasons to buy its Mac software.
Of course, the security experts at Kaspersky, Symantec, Intego, and others don’t want you to know that. They want you to read scary articles like those that regularly appear on CNET, Wired, and the Register, which are based on press releases issued by those vendors, all suggesting that Macs are really damn close to being dangerous to use, and that their products are really critical for your continued safety.
Because when you’re in the business of fear, an educated population is the worst thing you can imagine, and a lazy media content with republishing your press releases is your only hope in preventing that from happening.
Did you like this article? Let me know. Comment here, in the Forum, or email me with your ideas.
Like reading RoughlyDrafted? I’d write more if you’d share articles with your friends, link from your blog, and submit my articles to Digg, Reddit, or Slashdot where more people will see them. Consider making a small donation supporting this site. Thanks!