Linked by Thom Holwerda on Tue 1st Mar 2011 00:28 UTC
Mac OS X It's sad to see that even after all these years, we still have to write articles like this one. It's all over the web right now: a new backdoor Mac OS X trojan discovered! Code execution! Indicative of rise in Mac malware! Until, of course, you actually take a look at what's going on, and see that not only is it not in the wild, it can't really do anything because it's a beta.
Permalink for comment 464709
To read all comments associated with this story, please click here.
RE[6]: Comment by larwilliams
by windywoo on Fri 4th Mar 2011 00:07 UTC in reply to "RE[5]: Comment by larwilliams"
windywoo
Member since:
2011-03-01

"The Mac marketshare has been steadily growing by less than one percent each year. That hardly deserves a surge of interest. The largest figure I have seen for Mac marketshare worldwide is 7%. More often it is quoted as being around 5%. The fanboys always quote the American marketshare where I believe they just reached 11%. No Mac fanboy ever thinks to question it and thinks that it reflects the wider picture too.


That's still millions of computers. And if they're that easy to exploit it would make perfect sense to write malware for them.

The reason why hackers target windows is not only because it's larger market share but also because of bad design decisions up until Vista:
* Automatically executing whatever that's on an inserted CD or USB-stick.
* OS-integrated web browser
* ActiveX and its various security problems.
* Lots of services running and listening on ports by default.
* Users gets admin accounts by default.

XP still has a majority market share.

And when trying to fix these problems MS made a new misstake: UAC. It's too easy to grant applications elevated privileges and it shows up too often so users learn to click ok by routine.

So the reason why hackers dont't focus more on the mac is not only due to it's market share.

Some people said the same thing about firefox btw when IE had something like 80-90%, but firefox never became a big target for malware as IE was despite its large market share today.
"


Thank you for showing the typical fanboy lack of mathematical prowess and reading comprehension.

Firstly you seem to have ignored the second part of my comment and I never said OSX was easy to exploit, just that it hasn't really been tested yet.

Secondly, the flat numbers of computers don't really matter as we are discussing the fact that a malware writer can write one program and has a huge target, whereas if he aims at Macs he has a much smaller target. He has to learn a new set of programming skills and a new platform architecture for a much smaller chance of success and a much smaller payoff. Like aiming at an elephant instead of a bee. So which is he going to choose?

XP hasn't autoexecuted CDs in years, it gives you a dialogue box asking what you want to do. Any antivirus worth its salt has blocked autoruns on USB too. I've seen this argument now several times because it pops up as one of the top search results for Windows security flaws. Pity that the article linked dates back to 2002.

Macs don't have ActiveX but they still have Java and Flash, which aren't exactly saintly. Apple used to maintain updates of these for the user, and weren't averse to installing their own version even if it was less up-to-date (and therefore less secure) than the user installed version. Any extension to a web browser is almost certain to have security flaws, there is always some tradeoff between ease of use or functionality for the user and security. Again it comes down to the fact that Internet Explorer was on more machines.

Safari (or more accurately Webkit) is integrated into OSX hence the need to reboot whenever it is updated.

This whole Admin by default thing is not a useful argument until you can demonstrate that the average user won't give his password to any little box that pops on his screen. Trust me, the average user either doesn't know or care enough about security to stop himself. Do you think that Steve Jobs had security foremost in his mind when he based NextStep on BSD or did he just use it because it was freely available? Do you think he predicted the virus and malware threat early? OSX security is a pleasant side effect, and as we have stated, will hardly be tested so long as there are so few machines to attack. It's easy with hindsight to blame the default admin account but at the time it was seen as making things easier for users.

Likewise, Microsoft can't be blamed for the number of pirated copies that serve to host malware, or the user who doesn't patch his system. Did you know there was a patch for Conficker a month before it became widespread?

The majority of exploits now don't attack the browser they attack a plugin e.g. Java since even Internet Explorer has got itself up to scratch with security. This is probably the reason malware attacks against Firefox have not proliferated in proportion to its popularity.

Fanboys quote outdated facts, poor statistics and just good old fashioned prejudice.

Reply Parent Score: 1