Mac Musings
Symantec's Self-Serving Ravings Spread Fear, Uncertainty, Doubt about OS X Security
Dan Knight - 2005.03.22 - Tip Jar
Be afraid, Mac users. Be very afraid. Mac malware is just around the corner.
Just read the headlines: More Macs means more malware - Symantec, Symantec: Mac OS X a hacker target, Hackers loose worms on Apple.
Are the folks at Symantec performing a public service or merely spreading fear, uncertainty, and doubt?
Well, let's see what they're saying:
"The Macintosh operating system has not always been a safe haven from malicious code." True enough. There were somewhere around 70 viruses for the classic Mac OS - but there isn't a single known virus for any version of Mac OS X.
"Symantec said over the past year, security researchers had discovered at least 37 serious vulnerabilities in the Mac OS X system." And Apple has released how many security updates? And just how many of these vulnerabilities have been exploited?
"Apple Computer has become a target for new attacks...." Well, Apple certainly isn't a target for old attacks, just like the Homeland Security isn't concerned with preventing old attacks. This may sound ominous, but once you think about it, it's self-evident that new attacks are the only kind of attacks anyone need worry about.
"The appearance of a rootkit109 called Opener in October 2004 serves to illustrate the growth in vulnerability research on the OS X platform...." Opener illustrates the danger? No, it's more that Opener illustrates how robust OS X is.
Opener can't be installed by reading email or visiting a website or downloading a Trojan. Opener can only be installed by using root access, which means that the Mac user has to agree to install it - OS X won't do that without asking for your password.
Sure, if you deliberately install a piece of malware, you're asking for trouble, but I've only heard of one case where someone did that - and they had to be at the computer to do it. Unless we expect hackers to walk into your office or family room, your Mac is safe from Opener.
"The various OS X vulnerabilities allow attackers to carry out information disclosure, authentication bypass, code execution, privilege escalation and DoS attacks. The vulnerabilities don't allow anyone to do anything to your computer, they only provide the potential for attackers to do so. They still have to write the software and get it on your Mac.
Until they find a method of delivery, these vulnerabilities (most of them already patched) don't provide access - only potential access - any more than having your front door unlocked means someone is going to make unauthorized entry.
"Symantec believes that as the popularity of Apple's new platform continues to grow, so too will the number of attacks directed at it."
Here's another self-evident claim. Think about it. There have been no successful attacks on the OS X platform, so it's impossible for there to be less attacks on it. If there is any change in the status quo, it can only come from more attacks directed against OS X.
"As Apple increases its market share, it will be a legitimate target." The Mac has always been a legitimate target, and during the entire classic Mac OS era, only about 70 viruses were ever created for it. Mac OS X has been a legitimate target for several years now, yet with an installed base of over 10 million users, nobody has hit the target.
"You don't see Macintosh viruses in mass outbreaks but you do see them in the labs as proof of concepts. There aren't any outbreaks because there are simply are not enough [OS X Macs] out there. For a virus to be successful it needs a combination of an exploit and a large target audience."
For a virus to be successful, it has to exist in the wild. If these malware programmers can't even find a way to infect networked Macs in a lab, they are not going to be able to create something that will propagate over the Internet.
It has nothing to do with the number of Macs. It's the operating system, stupid.
Think About It
There are several possible reasons the Mac has been safe from malware thus far. The most common argument from those who benefit from viruses (that would be Symantec and other antivirus software companies) is that the only reason the Mac appears invulnerable is that OS X is too small a target.
To use an analogy, viruses propagate like shotgun shot, and the Mac OS is too small a barn for the world's malware shooters to hit.
Are we to believe that these crackers are a bunch of idiots? They don't have to use a shotgun approach. They could easily use a rifle to precisely target Mac users by identifying their browsers, for instance.
The problem isn't that crackers can't hit the broad side of the Macintosh bar - it's that the barn is made of stone. To use another analogy, it's like a cop wearing body armor. Or maybe it's more like shooting someone with any type of gun while they're safely enclosed in a military tank and you're on the outside.
Nobody is claiming that OS X is invulnerable, only that nobody has found a way in and exploited it. Not yet. If OS X has an Achilles' heel, I think malware authors are clever enough to identify it and take advantage of it.
Just imagine the fame of being the first to crack OS X! If anything, breaking into OS X has to be the golden chalice of cracking.
The simple fact that nobody has yet compromised OS X means that it's pretty secure. Sure, there will be more efforts made to hack in, but until once succeeds, we don't need Symantec and Trend Micro spreading fear, uncertainty, and doubt so Mac users will invest in antivirus software that has nothing to do.
The ravings of Symantec are nothing more than self-serving
propaganda aimed at spreading fear, uncertainty, and doubt to
create a market for a product that no Mac user needs at present.
Join us on Facebook. Follow us on Twitter.
Dan Knight has been using Macs since 1986, sold Macs for several years, supported them for many more years, and has been publishing Low End Mac since April 1997. If you find Dan's articles helpful, please consider making a donation to his tip jar.
Recent articles by Dan Knight
- Kill Caps Lock, but Leave the Rest of My Keyboard Alone (Mostly), 2012.02.03. It's too easy to hit Caps Lock by accident, but why change a keyboard layout that billions of users are comfortable with?
- Is This RIM's Macintosh Moment?, 2012.01.25. In 1996, Apple was in dire straits, but Steve Jobs redefined the company. Now it's do or die time for RIM.
- Saying Good-bye to Inkjet Printers, 2012.01.18. Apple has discontinued its $100 printer rebates, but even a free inkjet printer is false economy.
- More in the Mac Musings index.
Links for the Day
- Mac of the Day: Mac IIfx, introduced 1990.03.19. This 'wicked fast' 40 MHz Mac trumped the 33 MHz DOS world.
- February 14 in LEM history: 98: A perfect compact Mac - 00: Extended computer warranties worth the cost? - Making your PC work with your Mac - 01: Customize Microsoft Word - 02: Quadra revives a passion for computing - 03: Real world performance - DIY Pismo screen replacement - Best Mac for writing - 03: Fastest browser on the Mac - 06: 15" MacBook Pro - Impressions of a newly acquired Lisa - Finding and using free WiFi - Apple should liberate OS 9 - 07: New Mac mini cheaper than upgrading a Power Mac - 08: Falling in love with OS X
- Support Low End Mac
Recent Content on Low End Mac
- Fix Home Button Delay, Tablet the Ultimate Mobile PC, iPad Notebook a Possibility, and More, iOS News Review, 2012.02.10. Also using your iPad at work, two photo editors, a new iPad text editor, Macally's magnetic iPad 2 stand, and more.
- White MacBook Goes End-of-Life, Logitech Touch Mouse Supports Gestures, Firmware Updates, and More, The 'Book Review, 2012.02.10. Also MacBook Air better than any Ultrabook, docks for MacBook Pro models, Intel offers improved SSDs, and more.
- Mac and iOS Browsers: Options Galore, Freeware Forum, 2012.02.10. Safari is adequate on Mac and great on iOS, but the range of good alternatives is stunning. LEM writers share their favorites.
- Apple's Support Lead Shipping, Smartphones Outsell PCs, OS X Ported to ARM by Intern, and More, Mac News Review, 2012.02.10. Also the power of Tex-Edit Plus, Google and Twitter are already censoring the Web, Snow Leopard Security Update, and more.
- LogMeIn: Remote Screen Sharing for the Rest of Us, Alan Zisman, Zis Mac, 2012.02.09. Configuring the Mac's built-in screen sharing to work over the Internet can be difficult or impossible. LogMeIn makes it easy.
- 15 Years Ago Motorola Unveiled the PowerPC G3, Low End Mac Round Table, 2012.02.06. The G3 processor was optimized for real world Mac software and made a big leap forward in efficiency.
- Don't Kill Caps Lock, Learning to Love the iOS Keyboard, and an Adaptive iPad Keyboard, Charles W. Moore, Miscellaneous Ramblings, 2012.02.06. The Caps Lock key has a useful function, the iPad's keyboard really is useful, and checking out an adaptive keyboard for the iPad.
- More links in our archive.
Recent Deals
- Best 17" MacBook Pro Deals
- Best iPod classic Deals
- Best eMac Deals
- Best MacBook Air Deals
- Best iBook G4 Deals
- Best iPad Deals
- Best Classic Mac OS Deals
- Best Apple TV Deals
- More deals in our archive.
About LEM Support Usage Privacy Contact
Follow
Low End Mac on Twitter
Join Low End Mac
on Facebook
Low End Mac Reader Specials
TypeStyler 11 is now in the Mac App Store!! -- Special Introductory Price of $59.95!! -- To Buy From The Mac App Store Click Here Now!! Or buy direct
from Strider Software.
Don't install Parallels to play poker online! Poker Mac will show you how to download and install a native Mac poker and Mac Casino applications in minutes.
Favorite Sites
MacSurfer
Cult of Mac
Shrine of Apple
MacInTouch
MyAppleMenu
InfoMac
The Mac Observer
Accelerate Your Mac
RetroMacCast
PB Central
MacWindows
The Vintage Mac Museum
DealMac
Deal Brothers
Mac2Sell
Mac Driver Museum
JAG's House
System 6 Heaven
System 7 Today
the pickle's Low-End Mac FAQ
Affiliates
Amazon.com
The Apple Store
The iTunes Store
PC Connection Express
GainSaver
Parallels Desktop for Mac
eBay
