Macs more at risk?

6 posts / 0 new
Last post
Hawaii Cruiser's picture
Offline
Last seen: 7 years 3 weeks ago
Joined: Jan 20 2005 - 16:03
Posts: 1433
Macs more at risk?

I was taken a little aback when I read *this article* about the Zeus trojan attack where it mentions the software producer McAfee stated that:

"It also warned users of Apple's Mac computers, considered relatively safe from virus attacks, that they may also be subjected to malware attacks in the future. For a variety of reasons, malware has rarely been a problem for Mac users. But those days might end soon,' a spokesman said."

Of course, the way it is worded actually says nothing at all. The way it is worded, it could just as well have said, Macs may also turn into pumpkins--it hasn't been a problem before--but those days might end soon.

Anyway, is this just McAfee using the opportunity to strike fear in an effort to tap a market, or is there any truth in the statement? Are malware threats going to increase for Macs for some reason?

cwsmith's picture
Offline
Last seen: 6 months 1 week ago
Joined: Oct 13 2005 - 08:23
Posts: 698
fearmongering

McAfee, Kapersky and Symantec have a vested interest in making Mac and Linux users worry about malware. "Just because there aren't any Mac or Linux viruses *yet* doesn't mean it could never happen." I've seen similar messages on the fora for almost the entire 10 years of Mac OS X.

Of course this is true. At some point, the Mac and Linux installed bases are going to be large enough to be a worthy and lucrative target for the basement dwellers. Until then, the installed base is too small, and the security on Macs and Linux too much trouble, to be worth their time.

A trojan is not a virus or a spyware. It can't install itself on a Mac or Linux machine without interaction from the user. The big "Please enter your password to install this software" dialog is a big enough red flag that most savvy users are going to pull the train over before damage can occur.

I don't live in a fantasy world: I'm aware that there are bad people out there on the Interwebs. I use a modicum of common sense in browsing, shopping, chatting, socializing and emailing, and my Macs, Linuces, and Wintels have been (mostly) fine. Although I know my Macs and Linuces won't be immune forever, there's no point in slowing them down for a problem that just doesn't exist at this point.

I also don't feel the need to run unnecessary software to protect Joe Windows (who doesn't use malware protection) from Bob Windows (who also doesn't use malware protection). If Joe sends an infected email to me, and I pass it on to Bob, the fact that they're not using precautions shouldn't necessarily be my fault.

In the meantime, McAfee, Kapersky and Symantec would be thrilled to sell you software you don't need, taking up RAM, hard drive space and processor cycles that could be doing more important work, for viruses and spyware that aren't there. My insurance company would be thrilled to sell me hurricane insurance too, but since I live in Iowa, it really isn't necessary.

Eudimorphodon's picture
Offline
Last seen: 3 months 3 weeks ago
Joined: Dec 21 2003 - 14:14
Posts: 1207
Well...

Over the last few years Macs (and the Safari browser in particular) have earned a reputation for being "easy marks" at DefCon and other hacker conventions. When confronted by a determined attacker the Mac hasn't proven to be much if any more secure than Windows.

Example: A fully up-to-date Mac with Safari fully hacked, and only requiring the user to make to one wrong click on a website.

Note that by saying this I'm not suggesting you run out and buy some half-arsed AV software for your Mac... there's a good chance it won't catch this sort of thing anyway. (I also have a problem with "personal firewall" software that constantly pops up "should I allow this?" dialog boxes when programs make outgoing connections. Not necessarily because they miss malware, but because they all too often flag "normal" behavior as potentially dangerous, and thus train the user to click "allow" every time they see a dialog box. Meaning the user will be all trained to click "allow" when some website wants to install some vile Trojan browser plugin or ActiveX control.) I'm just noting that the aura of invincibility that Mac users like to wrap themselves in bears a striking resemblance to the emperor's new clothes.

Clearly if you're a scumbag spammer looking to assemble a botnet picking on Windows makes the most sense from an "economy of scale" standpoint, but if someone is determined to hack your mac they can probably do it. It's still up to you to exercise basic common sense no matter what you run. (IE, use a firewall to block incoming connections, don't open spam email let alone click on anything in it, be careful to not misspell URLs to websites, etc, etc, etc.) It's actually pretty amusing to bring up a host on an unfiltered Internet connection and run a sniffer to see what people try to do to you the instant you're online. It's not paranoia if they're actually out to get you. And yes, they're out to get you.

Offline
Last seen: 10 years 6 months ago
Joined: Sep 16 2004 - 02:44
Posts: 274
Exactly, it can be "hacked",

Exactly, it can be "hacked", but it doesn't suffer from the issue of viruses per se, like windows based machines do. The design of unix based machines are pretty safe from these things.

One area to watch out for is in freeware software. Newer users feel that the mac is safe so they can just go out and download any program they find on the internet. Once you give software access to your machine, it can basically do what it wants, so if it has some malicious code built in, you'll be in trouble.

Hawaii Cruiser's picture
Offline
Last seen: 7 years 3 weeks ago
Joined: Jan 20 2005 - 16:03
Posts: 1433
Cracking Safari on a Mac in 1

Cracking Safari on a Mac in 10 seconds! Wow. There should be a Youtube video of that. I've never liked Safari and don't know why anyone would choose it for their primary browser. I've got a few Windows machines now including a quad-core Dell which moves pretty sweet, but I'll not do any banking on a Windows comp. I do my banking in Firefox on a Mac in Leopard--seems like the safest place to be. I use Firefox in Windows too. IE seems like a moving target. Most of the malware crap that reaches my email comes from PC contacts who are using IE. I keep telling them to dump IE and move to Firefox. They don't listen.

DrBunsen's picture
Offline
Last seen: 9 years 8 months ago
Joined: Dec 20 2003 - 10:38
Posts: 946
A "moving target" would be a

A "moving target" would be a good thing, in this instance. I think the phrase you are looking for is "sitting duck" Smile

Log in or register to post comments