It’s sad to see that even after all these years, we still have to write articles like this one. It’s all over the web right now: a new backdoor Mac OS X trojan discovered! Code execution! Indicative of rise in Mac malware! Until, of course, you actually take a look at what’s going on, and see that not only is it not in the wild, it can’t really do anything because it’s a beta.
The malware in question is a port from Windows, and its functionality on the Mac is extremely limited. It can’t, for instance, gain root privileges, so all it can do is work within the confines of the user who installed it. This can certainly be bad, but it’s still a vital detail to mention. It can, for instance, open a fake administrator password dialog. For the rest, the tool is apparently in beta, coded by someone with a very insecure grasp of English.
As is always the case, the story comes from an antivirus company, Sophos, which happens to also sell a Mac version of their software (how entirely unrelated and not at all convenient). Sophos also stirs up the usual drama about how this is indicative of the rising popularity of the Mac and that more malware is sure to follow soon – something we’ve been hearing for years now, but never actually materialises.
Is the Mac a secure platform? Well, if you look at it from a practical standpoint – the standpoint that matters to most users – it is a very secure platform, with no widespread and/or destructive infections. From a theoretical standpoint – well, that’s for experts to decide. The story is the same for Windows Vista and up; these platforms, when kept properly up to date, are, like the Mac, incredibly secure in practice.
All in all, these stories are linkbait – plain and simple. Security companies are a lot like politicians – they spread fear (terrorism, computer viruses) because they’ve got something to sell (laws that further impede your rights so they can maintain their own power, security software). Like politicians, security companies are not tobe trusted, and are probably the worst scum in the software industry.
But I don’t give a damn if a piece of malware can gain root privileges on my desktop when measured against the greater harm that results from it getting and sending my personal information. This old mentality of “oh, well, it can’t gain root so it’s no big deal” needs to stop dead. Which is worse, my system being brought down or otherwise affected… or my personal data being snagged? This isn’t a trick question, especially in today’s environment. I’d argue that gaining user’s data is worse than gaining root privileges when you’re referring to desktop machines. On servers, of course, the situation is completely different and root access is much worse than a single user being compromised. We’re not talking about servers this time around, however.