Daniel Eran Dilger in San Francisco
Random header image... Refresh for more!

Inside Mac OS X Snow Leopard: Malware Protection

Malware Warning

Daniel Eran Dilger

Apple has enhanced the warnings Snow Leopard users get when directly downloading or opening disk images containing files known to be malicious. This article, the fifth in a series looking closer at some of Snow Leopard’s well-known but often misrepresented or misunderstood features, examines what this really means for Mac users and their relative security.

Inside Mac OS X Snow Leopard: Malware Protection.

Malware Protection?

Safari, like other modern browsers, already flags certain websites that are known to be used to distribute malicious software (below). The previous release of Leopard also already flags Internet downloads with metadata that alerts users that what they are opening was downloaded from the web, citing where and when.

What’s new in Snow Leopard is an additional warning when disk images are opened containing known malware installers. However, there is no real malware problem on the Mac, in part because it’s hard to write viral code that infects Mac OS X and very easy for Apple to roll out a patch that closes any discovered holes.

“Mac bugs aren’t really valuable”

Shortly after security experts disclose their pet exploit discoveries at black hat security competition events, the highly publicized exploits are patched relatively quickly by Apple, although many report that they wish the company would step up its efforts on that front to close any potential window allowing theoretical attacks.

The fact that there are no real problems on the Mac makes every potential exploit discovery newsworthy, unlike the scores of new exploits regularly discovered for other platforms. In the wake of the Pwn2Own contest, Mac security expert Charlie Miller reiterated, “I’d still recommend Macs for typical users as the odds of something targeting them are so low that they might go years without seeing any malware, even though if an attacker cared to target them it would be easier for them.”

Despite this exaggerated publicity surrounding Mac malware discoveries, there’s simply no sustainable business model for profiting from malware on the Mac. In Miller’s words, “Mac bugs aren’t really valuable.”

That is particularly the case in comparison to Windows, where security holes abound in the massive sea of the unmanaged installed base of generic PCs, updates are not as easy to install, and there is an active market for ready-made virus code used to deliver malware payloads.

Most of the iceberg is under water

Microsoft’s installed base of a billion Windows PCs is a fertile base for spammers and identity thieves to set up their virus-distributed operations. While Microsoft has invested heavily in securing Windows Vista/7, adoption of modern versions of Windows is very low. This has severely diluted the billions Microsoft has invested over the past decade to fix Window’s show stopper security problems.

As noted earlier, even among big spending gamers with higher-end PCs, Vista’s penetration has only reached a weak 36% after nearly three years. W3Schools reports the combined use of Vista/7 reaching just 21% in August 2009 among its web stats of ten million visiting developers.

That means more than two-thirds of the general PC population worldwide is still using Windows XP, and many of those Internet-connected but security-challenged machines are not regularly patched and will never be upgraded to Vista or Windows 7.

Window’s security problem isn’t simply a product of its popularity, but rather a result of Microsoft’s catering to the low end of the mass market to deliver a ubiquitous product suffering from engineering lapses, from Active X to the Registry to invisible and unauthorized background software installation, all problems that have resulted in a platform riddled with serious security breeches.

Microsoft isn’t just a victim of malicious software vendors however; it has also distributed both its own and third party adware and spyware, from Windows Genuine Advantage to Alexa. In 2005, it even entered talks to buy the notorious Claria, which resulted in Microsoft’s Windows AntiSpyware conveniently reclassifying that company’s Gator and other malware titles as “non-threatening” and suggested that users ignore the problem.

Prior to becoming a potential benefactor of the firm’s malware business, Microsoft recommended that Windows users quarantine Claria’s malware.

No ice on the horizon in Cupertino

The iPhone demonstrates that Apple can achieve a significant share of a market without creating a Windows-like petri dish of viral malware as a result. If the iPhone can avoid a security plague while capturing 10% to 25% of the smartphone hardware market (and a majority portion of smartphone software activity), it appears Apple’s Mac platform should also have room to safely double several times.

Panicked warnings about an inevitable flood of Mac malware have been regularly sounded since 2004, but dramatic advances in Mac market share have simply not resulted in similar growth in malware threats relative to those on the Windows platform. Instead, the Mac’s security has been improving.

Snow Leopard continues the development of the Mac platform to include an immune system that helps prevent users even from infecting themselves inadvertently while trying to download porn or obtain an illicit copy of iWork. This issue, of trojan user trickery, has no direct connection with the separate issue of software flaws and vulnerabilities that can result in direct exploits from outside attackers.

Security Fears and Exploitation

Security experts who discover theoretical exploits and flaws in operating systems, including Miller, report that Mac OS X offers fewer security features overall than Windows Vista, but that it is “safer” because nobody is taking advantage of those holes.

It is true that in certain areas, Microsoft has delivered security features in Windows Vista/7 that have no equivalent Snow Leopard. Uninformed writers who interview these software exploit experts often confuse the issue by associating “exploits” with “viruses,” and “automated viral attacks” with “people being tricked into installing malicious software themselves.”

As a result, they end up falsely claiming that the Mac is on a similar level as Windows as far as malware existence, which is not remotely true; they ignore that Windows PCs are still bombarded with viruses, none of which has ever hit Mac users; and they claim that the theoretical security of Windows is better than that of Mac OS X, apparently having forgot that the very “do-it-to-yourself trojan installation problem” they inspire fear about on the Mac is much worse on Windows, and that nothing in Vista/7′s fancy exploit-closing technologies can stop users from manually installing their own casual malware trojans.

Be careful what you ask for

The Mac platform isn’t under attack from virus writers who exploit vulnerabilities because there is no business model for investing in attacking Macs. The only examples of Mac malware ever cited are non-viral, malicious software installers that must trick users into authorizing their installation.

However, the only way an operating system can prevent users from installing their own malware is to specifically regulate the software users can install. That’s what the iPhone does; users can’t install unapproved software without first defeating the iPhone’s security system via jailbreaking.

Most Mac users wouldn’t want Apple preventing them from installing any software that wasn’t signed and approved by Apple. Yet some pundits who complain that Apple went too far in restricting iPhone apps are also inspiring fear that the iPhone is a potential security risk when jailbroken, effectively arguing for the right to eat cake while keeping it around, too.

Mac Antivirus?

Antivirus vendors Kaspersky, Symantec, and particularly Intego have all tried to suggest that Apple’s new alert targeting a couple of known malware installers is somehow an admission that Mac users need to buy antivirus software to eat up 10% of their processor while looking for problems that don’t exist.

However, with Snow Leopard’s built-in, updatable malware blacklist managed by the operating system, the Mac now has a security profile closer to the iPhone, without any need for a whitelist requiring an app approval process like the App Store.

Mac and iPhone users are not theoretically impervious to any possible attack, but both are well ahead of the competition. Macs are not suffering from real-world problems (as Windows does) and the iPhone is secured from the wide-open potential for malicious assault (as Android is). With Snow Leopard, Apple has simply made the business case for building new Mac malware that much less attractive to thugs.

Bugs in the bug-catchers

The fact is that virtually all software has some potential for exposing exploitable vulnerabilities. The threat of vulnerabilities in antivirus software is particularly dangerous because antivirus typically requires greater access privileges to do its job than most user software does. On Windows, the moderate risk of antivirus exploits are outweighed by the benefit antivirus provides. On the Mac however, installing antivirus software has little upside and can instead expose its own vulnerabilities, demand performance-sapping overhead, introduce other bugs or incompatibilities into the system and simply get in the way.

One obvious example is McAfee Virex, which Apple formerly bundled with .Mac. It doesn’t anymore because Virex didn’t really provide any valuable security service, it flagged false positives and it introduced other bugs. A simple Google search for “antivirus vulnerability” provides a long list of critical vulnerabilities introduced by antivirus products from virtually every brand in the business: Avast, AVG, BitDefender, McAfee, Norton, ClamAV, Symantec, F-Secure, F-Prot, Kaspersky Labs, and Trend Micro. There are flaws in the antivirus engines and sometimes even new vulnerabilities that are exposed when updates are downloaded.

A recent vulnerability discovered in Panda Security’s ActiveScan online service for Windows users allowed remote execution of code. Last year, a study of antivirus vulnerabilities unearthed hundreds and called into question how antivirus vendors report and patch their own software’s flaws.

The problem with antivirus vulnerabilities is separate from the additional risks of false positives (sometimes just a false alarm, sometimes disabling important system files which cause serious problems), false negatives (failing to stop an infection), and just being in the way and sapping system performance. The claim that users should just “install something” to feel safe is simply wrong.

Preparing for the future

Despite all the uproar about theoretical exploits made possible by software vulnerabilities in either Apple’s own code or the open source code Apple incorporates into Mac OS X, the lack of any business model to support the creation of such exploits has prevented Mac users from being attacked.

For this reason, third-party Mac antivirus software largely only offers most users the potential of installing new vectors for exploit. There are no real malware risks that are currently addressed on the Mac by third party antivirus tools apart from scanning for Windows or Office viruses.

Snow Leopard’s launch is now being set for an overshadowing by tomorrow’s iPod and iTunes event. However, Apple is also continuing to build upon the new foundation laid with Snow Leopard, preparing the next minor “service pack” 10.6.1 update and working to build the next generation of new hardware to further exploit capabilities enabled in the new release.

Among these are support for built in WWAN mobile wireless networking, far more RAM, and fully exploitable, advanced GPUs. Apple is also advancing Snow Leopard Server, and will also be using the advances delivered in Snow Leopard to improve the iPhone and Apple TV, as future articles will examine.

Inside Mac OS X Snow Leopard: QuickTime X
Inside Mac OS X Snow Leopard: 64-bits
Inside Mac OS X Snow Leopard: GPU Optimization
Inside Mac OS X Snow Leopard: Exchange Support

Snow Leopard Server (Developer Reference)

Daniel Eran Dilger is the author of “Snow Leopard Server (Developer Reference),” a new book from Wiley available now for pre-order at a special price from Amazon.

24 comments

1 nat { 09.07.09 at 8:56 pm }

Macs are not suffering from real-world problems (as Windows does) and the iPhone is secured from the wide-open potential for malicious assault (as Android is[?]).

Whoops, Dan, didn’t you mean to say, as Android isn’t?

Great series and congrats on finishing your book!

2 ulicar { 09.08.09 at 12:52 am }

Dan, you do not understand when somebody says “Mac bugs aren’t really valuable.” what do they really mean. That doesn’t mean bugs do not exist, or are small, but that installed base is too close to zero for any use or for any investment into finding bugs.

[The Mac installed base is not close to zero by any stretch of the imagination. The person who said that, Charlie Miller, "invests in finding bugs". So I don't see how your comment makes any sense. - Dan]

“I’d still recommend Macs for typical users as the odds of something targeting them are so low that they might go years without seeing any malware, even though if an attacker cared to target them it would be easier for them.” Pay attention to the last part “even though if an attacker cared to target them it would be easier for them” It would be easier to break into Mac. Why? http://www.theregister.co.uk/2009/08/29/snow_leopard_security/

[You are confusing relevance with potential. See also: worrying about plane crashes and begin hit by lightening. There are more important things to take precautions against. This is basic risk management. ]

Remember about 2002 when Limewire downloaders got a nasty surprise? That can happen now as well as any other time if you do not have your security AV/Firewall/etc set up. What Mac users do not understand is that if nobody wanted to attack Mac untill now, doesnt mean they are protected. If you walk down the street with no clothes and nobody sees you, doesn’t mean you are dressed up. You are still naked.

[But Macs aren't naked. Installing any software incurs risk. Even if the OS were battle hardened, installing anything that runs/interprets its own code, from Flash to Java to a web browser to antivirus, will expose new vulnerabilities. Your position is alarmist and hysterical, and is not supported by facts.]

3 Brau { 09.08.09 at 1:14 am }

What I find most people don’t understand is that the incident rate of false positives from AV software is quite high for a couple of reasons:
1. a better safe than sorry point of view from the software maker and
2. a false positive makes the user *think* it’s actually working for them and feeds the all important “hype” needed to perpetuate the product.
AV software doesn’t run code to see if it’s a legit virus (too dangerous) it only compares for similarity meaning the end user is often denied access to a file that just happens to contain a string of similar code. Many times it’s as little as a filename. I have tested this by attempting to send known clean jpegs to my work using filenames like “Sunny Day” or any other known virus. They often get rejected despite not containing anything viral at all.
The end result is that the end user is denied legitimate files, suffers an added burden to their processing speed and invites a whole new plethora of AV related “issues”.

For Mac users … add this up; How many Macs have ever been taken down, slowed, or adversely affected by a virus since OS X? None. Now go visit the Mac support section of any one of the AV software makers and see how many users are suffering major issues.

4 ulicar { 09.08.09 at 2:34 am }

@Brau If they haven’t been pwned doesn’t mean they are safe. If nobody is shooting at you doesn’t mean you are bulletproof.

There have been known security issues (trojans from limewire) in the wild. I fixed some for some friends who do not have AV installed. There is a reason for “Safe Boot” in OS X.

I do not want to get into discussion about AV products, but if you say Mac is inpenetrable, you have a problem AV cannot fix.

5 Brau { 09.08.09 at 3:51 am }

@ ulicar

Perhaps you should re-read what I said above. I said nothing about Macs being impenetrable, only a target so undesirable at this time that AV causes much more grief than any “real” threat at this time.

The trojans from Limewire did not originate from simple music file downloads, they came from bogus offerings of pirated software requiring admin authorization to be installed. Your friends got what they deserved.

6 ulicar { 09.08.09 at 4:29 am }

@Brau
“The trojans from Limewire did not originate from simple music file downloads, they came from bogus offerings of pirated software requiring admin authorization to be installed. Your friends got what they deserved.”

Virus/trojans are generaly standalone executable files. Some only will use other applications to run (macro, or JPEG).

My friends got what they asked for, agreed, but they are not any dumber or smartet than your average mac user. They are average users who were under the impression that Mac is safe as houses. That is why I reacted to this article, because it perpetuate that notion, while in fact Mac is as woulnerable as any other OS, or more, but not many people write malicious software for it. That is all.

7 Brau { 09.08.09 at 5:28 am }

@ ulicar
“My friends got what they asked for, agreed, but they are not any dumber or smartet than your average mac user. ”

I’ll have to disagree. I don’t know one single *honest* Mac user who has ever been infected by any trojan or virus. I know one person who downloaded pirated software from Limewire and got infected and one other (university student) who had a weak password and had his old OS9 Mac hacked and taken over as a spam server.

“Mac is as woulnerable as any other OS”

Not true. Period. There are no Mac viruses or trojans found in the wild that have been able to:
a. Install themselves by simply clicking a link or downloading a simple media file.
b. subvert the need for authorization.
c. replicate and spontaneously infect other Macs.

The above are a regular danger to Windows users thanks to its reliance on legacy QDOS, the registry etc. Real existing threats are not the same thing as potential exploits and a Mac benefits from being inherently more secure in its design along with being less of a target. At this point it *does* tend to make some people think Macs are infallible, and that assumption is very wrong too.

The day that honest Mac users have to worry about inadvertently downloading a nefarious file from trusted sources is the day I’ll recommend AV software.

8 mailjohannes { 09.08.09 at 5:51 am }

Daniel, excellent article. Congratulation with the ‘server’ book.

Ulicar, the reason Mac OS X has no viruses, and as a consequence has no business model for exploitation, is that no one succeeded in writing one. And of course people tried to write viruses. If only to show the Mac community that it is possible. The problem from a virus writer stand of view is how to generate an automatic procedure, with no manual intervention from the malware writer and users of the targeted systems. It is possible – as demonstrated by some – to ‘take over’ a Mac user account, but this in itself isn’t enough to install a virus because that requires authorization of the systems user (a request for a password). It is possible to spy on the user and get the password, but the problem is that this takes malware writer interaction. And that’s not an automated action, and it won’t scale up for millions of users.
Windows XP (and earlier) provided a perfect environment for virus writes because every user is a super user and no authorization is required to alter the system when your ‘in’.
So installing a virus is a breeze, propagation it is even easier because Microsoft supplied activeX to automatically do this for you (opening a mail is enough to start the attached code to infect the system).

Another important notion is that even if Snow Leopard has ‘less’ security than Vista this only means that Vista is virus save, like the Mac. And doesn’t need virus scanners either!
Remarkably that’s what Microsoft said about Vista when they released it, to the despair of the anti-virus makers.

9 tron { 09.08.09 at 10:13 am }

Until viruses start showing up, AV software is unlikely to be useful. AV vendors don’t yet have any real experience with what they would really look like, and, being staffed by humans, are unlikely to be vigilant against something that has not yet happened.

A small number of viruses are likely to be handled more quickly by Apple itself, which has very good auto updates. With SL’s black listing mechanism, they can even handle the few cases of software that requires an admin password to install bad software. Admittedly, it wouldn’t be too hard to work around that, but until there are enough of those to start overwhelming Apple’s ability to react quickly enough, writing viruses won’t be worth it for anyone.

10 stefn { 09.08.09 at 11:16 am }

We computer users would all be safer with ten OSes of Apple’s market share, than with one monopolistic OS like Microsoft’s. Compare with the cellphone market. Apple is right sized; Windows is a monoculture, and monocultures are inherently vulnerable to catastrophe and collapse.

11 Mac OS Snow Leopard mit integriertem Virenscanner - gegen Viren & Trojaner - Mac OS / Linux { 09.08.09 at 11:48 am }

[...] [...]

12 gus2000 { 09.08.09 at 1:41 pm }

It never fails to amaze me how otherwise intelligent, educated people fail to distinguish between a Computer Virus and a Trojan Horse. Trojans are a security risk and an annoyance, but I can’t create a botnet of 1M nodes with one (unless I can convince 1M users to download my “free p0rn”). Any computer can be compromised if the user is willing to help.

The malware crisis of the 90′s was the spread of viruses, so-called because of their self-replicating nature. Put a freshly-installed, unupdated WinXP box on the internet today and it will be infected before you can download the patches. Most of the security lapses were by design, not accidental bugs.

OSX will not do this. Period. Microsoft built network capabilities into Windows with full trust, and closing the holes would have meant disabling touted features. In contrast, OSX was designed with security from the ground-up.

I’ve said this before and I’ll say it again: there are as many Macs on the Internet right now as there were PCs on the internet when viruses started to take off. (This doesn’t include the 40M OSX touch devices.) If it’s just a matter of numbers, the Mac has crossed the previously-established threshold for hackers, and yet no digital pandemic has occurred.

If I had viral code for the Mac that would let me infect and commandeer even a fraction of the millions of Macs on the ‘net, it would easily be worth 7 figures.

13 ulicar { 09.08.09 at 5:31 pm }

@Brau So, there you have it, you know of two already who were infected. We are not talking about *honest users*, but about common users. I do not know any Windows users that were infected ever, but that doesn’t mean there are none, it means that my windows using firends are not common users and are protected with everything and the kitchen sink. Common users make common mistakes, one of which is downloading infected files.

The fact that nobody (yet) is writing malicious software for Mac does not mean Mac is secure. It means that no serious money can be made from writing it, thanks to the small installed base. Currently you can hire infected networks of PCs with more machines than are macs in the world for a silly small amount of money. Who would try to write and infect Macs? But that does not make Mac secure. Far from it. (Leopard)“First observed on Saturday, the attacks appear to be aimed at Windows users, but Mac OS users could also be at risk since the QuickTime vulnerability in question affects both operating systems, the alert said.” http://www.macworld.com/article/61313/2007/12/quicktimeflaw.html (Snow Leopard)“Apple has shipped an out-of-date and vulnerable version of Adobe Flash Player with Snow Leopard, security companies have warned.” http://www.computerworld.com/s/article/9137481/Snow_Leopard_downgrades_Flash_to_vulnerable_version

Anyhow, be safe.

14 bartfat { 09.08.09 at 8:36 pm }

@ulicar

actually, the fact that you mention that PCs can be commanded by botnets with less money than all macs put together is a testament to the fact that macs ARE more secure than Windows. It’s just that they’re not perfect either, since all software has their own security holes. It’s just that Apple tends to rely on the open-source community more to debug its systems to discover holes and they tend to write cleaner code than MS or Adobe. Btw, that Quicktime vulnerability is old.. really old. And Apple I’m pretty sure was working on developing a patch for that as fast as it could. But Quicktime is also a extremely old piece of software, nearly 20 years old, way before most development tools were even made. There’s bound to be badly written code in that 20-year-old software that’s been heavily modified over the years to have new features. So they started fresh with Quicktime X. But I don’t see anyone developing a vulnerability for Quicktime X…

Anyway, the only way to prevent things like this from happening completely and practically bulletproof is to develop an iPhone-like ecosystem and apply it to the Mac, thereby having Apple screen all the software to ensure that the applications that are written are valid and don’t mess with the system. This might even eliminate the need to enter a administrator password, since only valid signed software can install. Also nicely puts piracy out of the equation for many people running software. So I can definitely see Apple doing this after they finally work out all the kinks in the App Store approval process.

15 jdb { 09.08.09 at 9:12 pm }

@ ulicar
A very good solution to the Flash problem is to install “click-to-flash”. That should solve nearly every security problem associated with Flash. Unless you think that Youtube and the various other video sites (which are the only legitimate uses of Flash that I can find) are malware laden, flash security updates become irrelevant.

So, everyone, install this: http://rentzsch.github.com/clicktoflash/

16 shiver me timbers { 09.08.09 at 10:32 pm }

“… Microsoft’s catering to the low end of the mass market to deliver a ubiquitous product suffering from engineering lapses … a platform riddled with serious security breeches.”

I guess you are saying Microsoft got too big for its breeches.

;-)

17 TheMacAdvocate { 09.09.09 at 12:42 am }

@ulicar
An 18 month old Quicktime vulnerability and the version of Flash bundled with SL (ostensibly because that was the version available when SL went GM)? That’s all you have?

Gotta say – I don’t see much factual basis for your paranoia, but if I were a woman, I’d feel much safer going to bed with you.

18 The Mad Hatter { 09.10.09 at 12:08 am }

The Registry. Ah, yes. What joy.

I’ve talked to a lot of Windows programmers, in fact I spent most of a week trying to convince a friend that his application should not, and should never had used the Registry. His final response was, “Well, Microsoft recommends it.”
I like John, but I have to say, he’s not that bright.
As to Mac Malware, yeah, it isn’t going to be a big issue. One point that Daniel skipped was Microsoft’s design philosophy for Windows, which was that Microsoft Software is special, is treated special, and has access that it shouldn’t have. No other operating system is designed this way, which is why Linux, Solaris, BSD, and OSX are virtually impossible to write a virus for. Oh, you can write a Trojan, but Virii are a particularly Windows problem.

19 ulicar { 09.10.09 at 5:33 pm }

@TheMacAdvocate

“Apple fixes more bugs
The Iphone and Quicktime are swiss cheese ”

http://www.theinquirer.net/inquirer/news/1533073/apple-fixes-bugs

“iPhone anti-phishing protection goes AWOL
It just doesn’t work”

http://www.theregister.co.uk/2009/09/10/iphone_antiphishing_failure/

Oops, yes, 18 months old QT bug only that and nothing else.

If you put your appendage into a guillotine, but nobody pulls the lever, doesn’t make your appendage uncutable, it makes it insignificant. That is not SAFE, that is UNSAFE, but INSIGNIFICANT. If your only protection against a guillotine is being insignificant, then you are not just insignificant, you are ignorant as well.

[Things get fixed because they need attention. Just because there is some theoretical flaw doesn't mean that it warrants being prioritized in front of more important issues. The Reg/Inq are both joke sites. They are reporting issues without context nor with any understanding of the situation.

The issue of anti-phishing is particularly retarded given that its based on Google's Safe Browsing service. If it isn't working, maybe its because Google isn't working right. See photo:

anti-phishing
- Dan ]

20 ulicar { 09.10.09 at 9:48 pm }

@Dan
Those were just two articles from this morning to prove that I am not talking about 18 months old issues, but something that is as fresh as of this morning.

Whatever, I am running AV/FW on my machine. If you feel safe not running them, that is completely your decision :)

21 ulicar { 09.10.09 at 9:56 pm }

P.S. Even if the problem is with google, who is affected?

22 ShabbaRanks { 09.11.09 at 10:06 am }

@ ulicar

Feel free to run A/V software if you want. You feel safer and that alone makes it worth the effort. No one here thinks you’re wrong to do this. 

However, I choose not to do so for the following reason. 

The different architecture of Windows when compared to OSX and Linux means I currently cannot unwittingly be a victim of a virus as it cant self execute and if it does execute it’s very hard for it to damage my system significantly. Any viruses found by an A/V scanner on my system are likely just sat there twiddling their fingers with nothing to do as its access is severely limited. It also cannot self propagate via Mail.app etc due to the same limited access. 

Any system changes need explicit password enabled permission directly from myself. Windows doesn’t require my permission to alter system files. It merely requires the virus to contain code which can alter system files. This is improved on but not changed by UAC in Vista/7 and is the reason people write viruses for Windows. Monitary gain is only half the story.    

Because of this, viruses for Unix based systems require a level of technical finesse which is not commonly associated with virus writers. Unix systems effectively sandbox running programs by requiring superuser permission to alter system files. Even if it gets my permission it still requires further permission to alter the files of any other user registered on my computer. These hoops to jump through are what prevents viruses from self propagating in the wild for Linux and OSX. 

Due to this, Mac users are not deluded if they think their computers are more secure. From out of the box a Mac is significantly more secure than any hardened Windows machine. Not just against virus attack but in greater ability to contain viruses with no extra effort  You also cannot escalate user priviledges as easily in Unix based systems. You need the user to allow you access. 

Trojans, such as those your friends fell victim to are another issue. They rely on user ignorance and have to be enabled and installed by a user. They are essentially user exploits, not sydtem ones. User ignorance is ubiquitous across all systems and so is a moot point. However, OSX is inherently better equipped to combat this than both Windows and Linux (Linux doesn’t have as many user friendly warning messages). OSX’s Linux-esque architecture prevents the Trojan causing serious system-wide damage even when it’s sucessful at fooling it’s way into the system and hiding from the user as it can only make changes when authorised by the user. In Windows, all a Trojan has to do is be downloaded. A well designed one can do all the rest itself. 
It’s true that Windows has more security specific featured than OSX and Linux but due to it’s design it’s still far more insecure than either despite these. Saying Windows is more secure than it’s competitors because of the number of security features it has is akin to saying a centipede is the worlds fastest animal because of the number of legs it has. 

I realise you never said this but it has been said by many of the ‘security experts’ that you trust. Mac security is not through anonimity or insignificance. It’s through time and effort required for a lower reward. People in the malware business are above all in business. Macs require significant expertise and overhead for much less money than the far easier to exploit Windows. Most people concentrate on the market size and money part of the equation where it’s really the effort required to write effective malware for Unix type systems which is the actual clincher. The Mac market may be smaller but with effective malware it’s still worth a lot of money. 
User ignorance is unavoidable and the sole reason why all systems definitely have some security holes and will never be totally secure. OSX and Linux both protect the ignorant user more than Windows does though.  

23 The Mad Hatter { 09.12.09 at 7:14 pm }

Saying Windows is more secure than it’s competitors because of the number of security features it has is akin to saying a centipede is the worlds fastest animal because of the number of legs it has.

Please warn us when you are going to say something like this, I nearly ruined the keyboard on my MacBook, as I was drinking coke at the time.

24 hylas { 09.13.09 at 4:44 pm }

An interesting development:
(flagging Internet downloads, etc.)

Snow Leopard Snubs Document Creator Codes:

(When you “double-click”, how the System (OS) understands “what” to open)

“When you double-click a document in the Finder, how does the system decide what application should open it? The relationship between a document and its owning application is called a preferred application binding. Since the very first day of the very first version of Mac OS X, there has been an uneasy detente between the Unix way of binding documents to applications and the former Mac way, inherited from the early days of the Mac OS. Now, in Snow Leopard, users and developers are complaining that the Unix way is being allowed to run roughshod over the Mac way.”

http://db.tidbits.com/article/10537

Document Creator Codes •Apple

http://en.wikipedia.org/wiki/Creator_code

Magic Numbers •UNIX:

http://en.wikipedia.org/wiki/Magic_number_(programming)

Me – Bitching.

http://www.apple.com/feedback/macosx.html

To Apple Feedback:

We understand Document Creator Codes are antiquated. But if you are going to get rid of them and kill ALL our spare time with “fixing” this on EACH machine, at least make the Magic Numbers the substitute rather than breaking functionality and making it default to “Open Generic” document. This, or allow some way of divining a difference of application binding that is universal (assuming this is your all’s direction).

We love the code review you’ve executed with Snow Leopard – 10.6.x (we miss the PPC (POWER6 Builds?).
We understand the direction you all are heading, but see you sawing off the limb you’re sitting, we’re standing underneath oblivious, but impressed, none the less.

:-)

You must log in to post a comment.