On mySimon: Elmo Live
BNET Business Network:
BNET
TechRepublic
ZDNet

December 2nd, 2008

Despite what blogs (and Apple) say, Macs will eventually have malware

Posted by Adam O'Donnell @ 10:15 pm

Categories: Anti Virus, Apple, Exploit code, Malware, Punditocracy, Research, Viruses and Worms

Tags: Apple Macintosh, Antivirus, Blog, Malware, Apple Inc., Virus, Malware Writer, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms

People seemed to get into a tizzy about Apple posting an announcement recommending Anti-Virus software for Macs. Even though it was retracted, I do think that Apple priming Mac users for the eventuality of widespread malware is a good idea. People who believe that the fundamental design of Macs will prevent them from being an attractive target for viruses are dead wrong.

Several reporters and bloggers jumped on the apparition that graced Apple’s knowledge base stating that Mac users needed to run multiple anti-virus packages. While the KB article turned out to be bogus, it does not mean that Apple users are safe from malware forever. I have said many times before and I will say it again: given the constant of end-user gullibility and a monetized malware underground, the emergence of Mac malware is a function of market share and anti-virus effectiveness on the dominant platform. You don’t even have to depend upon verbal arguments, as I provide a game theory analysis as well.

The fact that the announcement was made and pulled seemed to give some bloggers, including Joe Wilcox, fuel for their argument that Macs don’t have malware because they are fundamentally more secure.

The reality is that mass market malware writers don’t care about novel attack code anymore. They also don’t care about who is running the most vulnerable services. They do care about writing programs that look like legitimate applications that will trick the end user into voluntarily installing them. When the bad guy’s target is the human being at the console, then his only decision becomes what is the size of the target to go after.

The fundamental fallacy in Joe’s argument is that operating system security is equivalent to malware security. It isn’t. No level of system architecture can prevent users from harming themselves. Malware writers are just waiting until there are enough victims to make their switch profitable.

Adam O'DonnellAdam J. O'Donnell, Ph.D. is an R&D engineer who has focused on computer security since 2000. He currently is the Director of Emerging Technologies at Cloudmark, a messaging security company located in San Francisco. See his full profile and disclosure of his industry affiliations.

Email Adam O'Donnell

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 267 Talkback(s)
"Niche" meaning almost ALL of the big, important servers in the world?
/r (Read the rest)
Posted by: AzuMao Posted on: 12/30/08 You are currently: a Guest | | Terms of Use
Wrong assumptions based on the negative Windows experiences  Mikael_z | 12/02/08
Safari didn't have anti-phishing until recently  LBiege | 12/02/08
And how long did other browsers have that feature?  financegozu | 12/03/08
Another one  timiteh | 12/03/08
You're kidding right?  eMJayy | 12/03/08
Safari is a joke anyway  masonwheeler | 12/03/08
Makes you wonder  tikigawd | 12/03/08
Safari is "a joke"?  dlmeyer@... | 12/04/08
A joke  tikigawd | 12/06/08
same experience  Chris Z | 12/05/08
Yup Safari is to be avoided  awasson@... | 12/03/08
I love Safari  ccfman2004 | 12/03/08
Re: I love Safari  W1LL-B1LL | 12/04/08
IE7  JoeMama_z | 12/03/08
We're not all the same.....  GSavage777 | 12/05/08
Lack of arguments?  Sleeper Service | 12/03/08
Whose Kool Aid are you drinking?  MacGeek2121 | 12/03/08
Kool Aid?  W1LL-B1LL | 12/04/08
different meanings  cuba_pete@... | 12/05/08
it wasn't kool-aid in Jonestown,  rtk | 12/05/08
What a fanboy  timiteh | 12/03/08
The real causes  Mikael_z | 12/03/08
there is no answer  changlinn | 12/03/08
It's not black or white  Mikael_z | 12/03/08
Such root access...  arminw | 12/03/08
Scripts don't have access to the full system....  storm14k | 12/03/08
The same applies for Active X  ye | 12/03/08
And why do they run with those permissions...  storm14k | 12/03/08
@storm14k: It wasn't poor design. It's what users wanted.  ye | 12/03/08
Many XP users NEED to know about this....  xuniL_z | 12/03/08
@ye Users didn't design Windows from the beginning...  storm14k | 12/03/08
@xunil Linus is right....  storm14k | 12/03/08
@storm14k nice tongue in cheek reply  xuniL_z | 12/03/08
Exactly  changlinn | 12/03/08
@zuniL_z...  JCitizen | 12/03/08
Uh... no, in real life, it doesn't work that way  akulkis | 12/04/08
@JCitizen Yeah, any program that works is fine.....  xuniL_z | 12/04/08
RE:Uh... no, in real life, it doesn't work that way  changlinn | 12/04/08
And the beauty of it is....  akulkis | 12/04/08
Good gracious  andrewjg | 12/03/08
From the wrong viewpoint  Mikael_z | 12/03/08
The Windows "illiterates" will never get it.  fr0thy2 | 12/03/08
The Apple Illiterates ....  ShadeTree | 12/03/08
Is it your assertion OS X is uncrackable? (nt)  ye | 12/03/08
There's no doubt which platform is the most crackable though [NT]  Mikael_z | 12/03/08
@Mikael_z: You didn't answer the question. Let me repeat it for you:  ye | 12/03/08
Enough!  Mikael_z | 12/03/08
@Mikael_z: You're avoiding the question.  ye | 12/03/08
Ye, he never said OS X is uncrackable.  bmerc | 12/03/08
@bmerc: I never said he did. Notice the question mark at the end.  ye | 12/03/08
Ye... Why are your questions always circular?  awasson@... | 12/03/08
@awasson: Do you know the difference between a question and statement?  ye | 12/03/08
Wrong...  bmerc | 12/03/08
?  ye | 12/03/08
Is it your assertion that all questions must be taken at face value?  bmerc | 12/03/08
@bmerc: Your question about the 2nd amendment lacks relevence.  ye | 12/03/08
It is uncrackable.  AzuMao | 12/17/08
sure, it's uncrackable, if you forgot pwn2own.  rtk | 12/17/08
You're pretty obsessed, aren't you?  AzuMao | 12/18/08
oh noes  rtk | 12/18/08
lol?  AzuMao | 12/19/08
20% Mac market share?  tikigawd | 12/03/08
Oh for God's sake...  bmerc | 12/03/08
@bmerc: Oh my bad  tikigawd | 12/06/08
For goodness sake think out of the box.  Richard Turpin | 12/03/08
Stop pulling numbers out of your...er...hat...  eMJayy | 12/03/08
You say Windows is flawed?  xuniL_z | 12/03/08
Yes of course  Mikael_z | 12/04/08
I'll tell you what I want.......  xuniL_z | 12/04/08
FUD time again  rag@... | 12/03/08
No, it did not.  ye | 12/03/08
You're wrong again Ye.  bmerc | 12/03/08
@bmerc: I am right.  ye | 12/03/08
That seems to be the point.  sjbinaz | 12/03/08
A theoretical vulnerability..  arminw | 12/03/08
What about flash player, java, quicktime  zmud | 12/03/08
What a Bozo  OracleOfReason | 12/03/08
Jealous of what ?  timiteh | 12/03/08
Linux and Unix users chose their OS  don@... | 12/03/08
Fanboyism goes both ways  MacGeek2121 | 12/03/08
Agreed  W1LL-B1LL | 12/04/08
If ignorance is bliss ....  ShadeTree | 12/03/08
Then he is "bliss"...nt  USTechHead | 12/03/08
The fanbois have spoken  NStalnecker | 12/03/08
Vista is still retarded  rag@... | 12/03/08
Yep..  Badgered | 12/03/08
pahlease  changlinn | 12/03/08
Fanboi marks post as no content  OracleOfReason | 12/03/08
Any Mac user...  arminw | 12/03/08
There's not zero malware  alaniane@... | 12/03/08
Nice Rubbish....nt  USTechHead | 12/03/08
Stupid is as Stupid Does  sales@... | 12/03/08
That time Macintoish was not based on UNIX  FirstNLastN | 12/03/08
Bzzzzzzzt! Wrong  akulkis | 12/04/08
You are The Irresponsible  Mectron | 12/03/08
Naive Beware  Tracy_Barber@... | 12/03/08
If you are the one...  arminw | 12/03/08
Been There, Cleaned Them Up  Tracy_Barber@... | 12/04/08
Wrong assumptions are yours  cdmsr | 12/05/08
We've been hearing this for over five years now  frgough | 12/03/08
Huh, no you won't  ShadeTree | 12/03/08
Post hoc fallacy  frgough | 12/03/08
Nearly all of them will ...  ShadeTree | 12/03/08
I like how you think  tikigawd | 12/06/08
Another principle difference  homant@... | 12/03/08
Provided they exist .....  ShadeTree | 12/03/08
supposed lack of malware tools... pfft! You don't know *nix!  akulkis | 12/04/08
principAl  tikigawd | 12/06/08
No, an Apple user...  arminw | 12/03/08
No, an Apple user...  W1LL-B1LL | 12/04/08
Bzzt! Wrong. *nix security model prevents it.  akulkis | 12/04/08
Well, that's of course if they keep them patched.  xuniL_z | 12/04/08
Also.....99.9% of attacks are social engineering...SO  xuniL_z | 12/04/08
7 years and counting  rag@... | 12/03/08
Is it your assertion OS X is uncrackable? (nt)  ye | 12/03/08
Why must the assertation be that its uncrackable?  storm14k | 12/03/08
Because that's the question I'm asking. (nt)  ye | 12/03/08
You're avoiding the question. (nt)  storm14k | 12/03/08
Nope. I answered the question. Here is my answer again:  ye | 12/03/08
Why? Because it's Ye, and he's incapable of sticking to the actual subject  bmerc | 12/03/08
Yep, and he will almost undoubtedly be the last to post  Kid Icarus-21097050858087920245213802267493 | 12/03/08
And since neither of you...  Sleeper Service | 12/03/08
Ye, is it your assertion that the 2nd Amendment should be repealed?  bmerc | 12/03/08
Irrelevent. Unless you can show a connection between...  ye | 12/03/08
Irrelevant!  grail@... | 12/03/08
I'm glad you agree with me that asking irrelevant questions  bmerc | 12/03/08
My question is relevent.  ye | 12/03/08
No Ye, your question was NOT relevant.  bmerc | 12/03/08
@bmerc: Yes, my question was quite relevant.  ye | 12/03/08
Uh, he asked a question.  Kid Icarus-21097050858087920245213802267493 | 12/03/08
DOH!  Kid Icarus-21097050858087920245213802267493 | 12/03/08
Nobody made such an assertion, ye  akulkis | 12/04/08
My mistake  frgough | 12/03/08
Noone is warning You  sjbinaz | 12/03/08
Retarded MS PR dept thinking  whisperycat | 12/03/08
Disingenuous and you know it.  cornpie | 12/03/08
Shhh...reality is a missed by this one...nt  USTechHead | 12/03/08
Anti-Virus Software On the Mac...  grail@... | 12/03/08
Yawn...nt  USTechHead | 12/03/08
Since Vista...  rjohn05 | 12/03/08
Since I run IE in a virtual copy of Windows...  awasson@... | 12/03/08
A virtual machine is not a sandbox. (NT)  logicearth@... | 12/03/08
A virtual machine can be a sandbox.  bmerc | 12/03/08
RE: Despite what blogs (and Apple) say, Macs will eventually have malware  Gis Bun | 12/03/08
Eventually has been...  arminw | 12/03/08
And number 3  homant@... | 12/04/08
RE: Despite what blogs (and Apple) say, Macs will eventually have malware  Gis Bun | 12/03/08
Safari a part of the OS???? IE removable? Stop smoking crack!  akulkis | 12/04/08
Remove webkit  rtk | 12/04/08
"Macs will eventually have malware"  Userama | 12/03/08
Smugness  Tracy_Barber@... | 12/03/08
Av Scanners  chromeronin | 12/03/08
Time once again to debunk the moronic market-share argument.  bmerc | 12/03/08
Where are the facts?  ye | 12/03/08
He did repeat it three times  tikigawd | 12/03/08
LOL! (nt)  ye | 12/03/08
And here we see how Ye responds when he can't refute something.  bmerc | 12/03/08
No surprise his humor was lost on you.  ye | 12/03/08
I don't need to look up these things, Ye.  bmerc | 12/03/08
@bmerc: Nice to see you have a sense of humor.  ye | 12/03/08
More insults from Ye.  bmerc | 12/03/08
@bmerc: Pointing out you've got a sense of humor is insulting? (nt)  ye | 12/03/08
@bmerc: Pointing fingers  tikigawd | 12/06/08
What part  frgough | 12/03/08
What part of OS/2 and Atari 800 proved market share is...  ye | 12/03/08
Because  frgough | 12/03/08
Not in their heday it wasn't.  ye | 12/03/08
Can't have it both ways.  bmerc | 12/03/08
@bmerc: If DOS is not secure then why is there no malware being written...  ye | 12/03/08
Security. Availability. Market share. Familiarity. ALL are FACTORS  bmerc | 12/03/08
@bmerc: When you can show the following is true...  ye | 12/03/08
DOS had no idea...  arminw | 12/03/08
Then you did not read what I wrote.  bmerc | 12/03/08
Ok then.....point us to the OS X malware  xuniL_z | 12/03/08
Hypocrite:  ye | 12/03/08
It's true Ye. He can make endless....  xuniL_z | 12/05/08
Aww jeez  tikigawd | 12/06/08
Moronic view That post IS!!!  781lc | 12/03/08
I hope you were talking about your own post!  OracleOfReason | 12/03/08
So if you are disagreeing with me...  bmerc | 12/03/08
Full of beans.....  JoeMama_z | 12/03/08
No, I did not discount it.  bmerc | 12/03/08
So many holes so little time....  JoeMama_z | 12/03/08
Let me 'splain it to you, Lucy  bmerc | 12/03/08
And since the purpose of modern malware...  akulkis | 12/04/08
So if its not market share...  logicearth@... | 12/03/08
You're beating me to the punch.  ye | 12/03/08
DUH!  rag@... | 12/03/08
Is this an acknowledgement Vista is just as secure as OS X?  ye | 12/03/08
But...  rag@... | 12/03/08
Irrelevent. Microsoft fixed the problem. (nt)  ye | 12/03/08
not only irrelevant.  rtk | 12/03/08
With regard to this particular aspect of security? Yes!  bmerc | 12/03/08
Finally some honesty!  ye | 12/03/08
He made no such admission  akulkis | 12/04/08
So far  akulkis | 12/04/08
And...  logicearth@... | 12/03/08
My guess would be  frgough | 12/03/08
You know what they say about assuming  Spiritusindomit@... | 12/03/08
Hmmm  logicearth@... | 12/03/08
Your guess is a stupid generalization  sjbinaz | 12/03/08
Do you really want to know my opinion? Or are you just playing Ye's game?  bmerc | 12/03/08
Programming Macs is...  arminw | 12/03/08
Iron clad? You are way out there.  xuniL_z | 12/03/08
Indeed....  akulkis | 12/04/08
Indeed not. Wasn't talking about DoD systems in my post.  xuniL_z | 12/04/08
And anyone who thinks that...  cornpie | 12/03/08
Malware is Malware is Malware......  gsmcten@... | 12/03/08
Bingo.  Tracy_Barber@... | 12/03/08
The difference between  akulkis | 12/04/08
At Least We're Talking...  Tracy_Barber@... | 12/04/08
Yes, but  sjbinaz | 12/03/08
RE: Despite what blogs (and Apple) say, Macs will eventually have malware  john_gillespie@... | 12/03/08
Despite what you say, Macs will NOT have malware  marcyves | 12/03/08
CanSecWest disagrees.  Sleeper Service | 12/03/08
Lame...  awasson@... | 12/03/08
It went more like...  logicearth@... | 12/03/08
Which was the same for the Vista box too...  Sleeper Service | 12/03/08
Good answer to a simplistic question...  zhorkon | 12/03/08
Nicely said  awasson@... | 12/03/08
RE: Despite what blogs (and Apple) say, Macs will eventually have malware  OracleOfReason | 12/03/08
You're using roughlydrafted as a source?  Sleeper Service | 12/03/08
Shoot the messenger fallacy  frgough | 12/03/08
more like  rtk | 12/03/08
Shoot this messenger, anyway...  PCEZ | 12/03/08
RD has as much credibility as you.  Sleeper Service | 12/03/08
Don't worry  rtk | 12/03/08
Apple Fanboy  PCEZ | 12/03/08
RE: Despite what blogs (and Apple) say, Macs will eventually have malware  sales@... | 12/03/08
It is amazing how..  arminw | 12/03/08
RE: Despite what blogs (and Apple) say, Macs will eventually have malware  bdollerup | 12/03/08
And there's the rub...  awasson@... | 12/03/08
I agree completely ...  Tony R. | 12/03/08
Wrong.  akulkis | 12/04/08
ZDNet faults story retraction = headline implying the same faults-hood -NT  raycote | 12/03/08
RE: Despite what blogs (and Apple) say, Macs will eventually have malware  Tony R. | 12/03/08
Is THIS the best news story you can come up with (economy=screwed)  stevey_d | 12/03/08
Macs aren't the economic sweet spot ...  Tony R. | 12/03/08
RE: Despite what blogs (and Apple) say, Macs will eventually have malware  BBTechie | 12/03/08
Yes and No  technology@... | 12/03/08
Evenb if the market ratios were reversed  akulkis | 12/04/08
RE: Despite what blogs (and Apple) say, Macs will eventually have malware  chromeronin | 12/03/08
How Macs and Linux can be Cracked  technology@... | 12/03/08
Disable the nun-disable...  logicearth@... | 12/03/08
RE: Despite what blogs (and Apple) say, Macs will eventually have malware  acetace | 12/03/08
The worst malware of all  ryantimestwo | 12/03/08
Buy a Mac  bbneo | 12/03/08
Buy a Mac - No  PCEZ | 12/03/08
Over 1000 new malwares per month for Mac. YAY!  Gradius2 | 12/03/08
Buy a Macbook Air, because they look hot  W1LL-B1LL | 12/04/08
RE: Despite what blogs (and Apple) say, Macs will eventually have malware  DeusExMachina | 12/03/08
Lucid and Well Spoken  OracleOfReason | 12/03/08
Then you're incompetent.  Sleeper Service | 12/03/08
RE: Despite what blogs (and Apple) say, Macs will eventually have malware  changlinn | 12/03/08
Funny - I've ALWAYS Used AV on my PC, No Matter WHICH OS It Uses  drprodny | 12/03/08
Whether the Unix 3 standard is vulnerable or not...  JCitizen | 12/03/08
RE: Despite what blogs (and Apple) say, Macs will eventually have malware  APPLEOFMYEYE | 12/04/08
Where's the beef?  GreyGeek77 | 12/04/08
I think they are talking about world-wide. Much malware comes from China...  xuniL_z | 12/04/08
Are you kidding?  stan@... | 12/05/08
"Niche" meaning almost ALL of the big, important servers in the world?  AzuMao | 12/30/08
RE: Despite what blogs (and Apple) say, Macs will eventually have malware  Bob_or_Fred | 12/04/08
Macs will eventually have malware  dlmeyer@... | 12/04/08
Also  stan@... | 12/05/08
RE: Despite what blogs (and Apple) say  davidkapl | 12/05/08
RE: Despite what blogs (and Apple) say, Macs will eventually have malware  pppaulll | 12/06/08
RE: Despite what blogs (and Apple) say, Macs will eventually have malware  Bilmekanikeren | 12/29/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement
Click Here

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here