Home > Mac News > Here We Go Again

Here We Go Again

May 6th, 2006

Seeing an opportunity to jump on the recent “Macs aren’t safe” bandwagon, McAfee Inc. just released a report (pdf file) which claims that Macs aren’t safe. The report is clearly biased, stretching facts and definitions, and presenting the case in as damaging a manner as possible.

This is what gets me: McAfee is a company that sells antivirus software. And yet, in the article, McAfee is identified only as a “security firm,” and no mention or disclaimer is presented to explain that the company issuing the report stands to gain financially from a biased and inaccurate report. How is that not an issue?

One dishonest point jumped out at me right away:

From 2003 to 2005, the number of vulnerabilities discovered on the Mac OS platform has soared 228 percent to 143 from 45, McAfee Inc. said in a report entitled “The New Apple of Malware’s Eye: Is Mac OS X The Next Windows?” Microsoft Corp.’s Windows platform, on the other hand, saw an increase of 73 percent.

Do you see it? That’s right–they note the percentage of increase of vulnerabilities in both operating systems, but not the number for both; while they note the number of Mac vulnerabilities, they neglect to clearly state the number of Windows vulnerabilities. In the original McAfee report, that number is intentionally buried in small print in the footnotes, though there is no honest reason to do so.

Windows vulnerabilities jumped from 92 to 159, as opposed to Mac vulnerabilities going from 45 to 143. So the Mac is made to look worse than Windows because Windows itself was less secure two years ago? Not to mention that it still has more vulnerabilities than the Mac OS today? No wonder they buried that number–it clearly shows they are playing with the truth here, manipulating the numbers to make Macs look far more open to threat than it actually is. Also of note is that the report fails to measure the potential threat of damage via the vulnerabilities or the effectiveness possible for any exploit attempted.

Another example of a clearly intentional omission: the McAfee report mentions the Inqtana worm that operated via a Bluetooth vulnerability:

OSX/Inqtana.a actually exploited an OS X vulnerability in the Bluetooth directory traversal and file exchange services…. Apple has a patch available on its web site for the vulnerability exploited by OSX/Inqtana.a.

What McAfee fails to mention is that the patch was made available by Apple eight months before the Inqtana worm appeared, and that the patch is not only available on its web site, but that most users have Apple’s Software Update running, and would have received the patch long before the worm appeared. In addition, while McAfee explains technically how the worm is transmitted, they skip any mention of how completely unlikely transmission would be (it requires two Bluetooth-active Macs in the same room, one infected, and then the other user has to authorize a non-existent Bluetooth peripheral). Even if the vulnerability had not been widely patched 8 months before, the chances of the worm spreading farther than a few users was unbelievably small.

One inaccuracy they don’t try to hide is their classification of the Leap trojan or the Inqtana worm as viruses. What’s the difference? A trojan depends on social engineering, and therefore is not a problem with the security of the OS. And while a worm can be more dangerous than a virus, it is not widely recognized as such; if you say something is a “virus” it’s bound to get more of a reaction. McAfee also glosses over the fact that with both “viruses,” user intervention to validate the malware was required, and in both cases was highly unlikely to happen.

All of this leads one to question any of the contentions of the report, including the vulnerability count. I’ll wait until any of this is verified by an independent source, thanks.

Once again, this is not to suggest that the Mac OS is invulnerable, or that the increase in the number of recent vulnerabilities is not cause for concern. It is to suggest, however, that this is nothing more than yet another wildly exaggerated claim of the alleged weakness of OS X security, in this case forwarded by a company that stands to profit from the fear the report inaccurately generates.

Update: ZDNet agrees with me.

Update 2: Just one day after releasing a highly biased report exaggerating the malware dangers of OS X, McAfee showed up their own self-serving motive by releasing a new anti-virus product “for Mactel.” The software being named as though it was designed for “MacTel” plays on irrational fears that somehow working on the Intel CPU will somehow make OS X more vulnerable when nothing of the sort is true. It is further disingenuous since (according to reports) the McAfee software is not even written for use on the MacTel platform, but instead runs under the Rosetta emulator; this means that the inclusion of “MacTel” in the name is for fear-mongering specifically, and does not describe anything about the actual software. McAfee really seems to be crossing lines of truth and propriety badly here.

Categories: Mac News Tags: by
  1. Tim Kane
    May 6th, 2006 at 09:48 | #1

    From your stand point, do you think that companies that supply anti-virus software have any hand at all in the creation of virus’s?

    Is it harder to create a virus for a Mac or do hackers just choose not to meet the challenge of the Mac OS?

    It seems like apple’s market share is growing and at some point, it might have greater than 50%.

    I walk around Washington University’s library and most of the students today have Apples.

    I wished I had one too. Because of the virus threat, mostly, but also, it has some better software installed with it.

    Finally, do you know if Visio is provided for Apple or something similar?

  2. Luis
    May 6th, 2006 at 13:17 | #2

    From your stand point, do you think that companies that supply anti-virus software have any hand at all in the creation of virus’s?I have to reluctantly say no, I can’t imagine they would, for the simple reason that if any hint of evidence came about that they did, it would destroy the company. On the other hand, if they believed that there was a way to accomplish this with 100% deniability, I would not put it past them, just as I would not put it past any corporation, seeing that they are corporations.Is it harder to create a virus for a Mac or do hackers just choose not to meet the challenge of the Mac OS?Probably both. Macs have better built-in security. For example, whenever you do something on a Mac that requires a change in the system software, you are required to input an administrative password. That simple measure alone will stop a great number of malware that would infect Windows computers. Macs furthermore do not have “conveniences” that Windows has, such as CD/DVD autoplay, which will automatically launch any app on an optical disc that you insert, or the “feature” in MS Outlook that launches executable files without your consent. Further, the core software of Mac OS X, the Unix kernel, is tried and tested against hackers and is more secure than the Windows kernel. In these ways and more, Macs are inherently more secure and harder to write malware for.

    However, other variables also come into play. Macs currently compose only about 3-4% of computers used worldwide, which means that it’s harder for malware to propagate; imagine a cold virus that only 4 out of every 100 people are susceptible to, it wouldn’t spread so far before it died out. Then there’s the target audience: malware writers want bang for their buck, they want to create more havoc; while attacking Macs would be more prestigious, more people overall would be affected by a Windows virus. And finally, there are just more Windows programmers out there than Mac programmers. So other factors do play into this.It seems like apple’s market share is growing and at some point, it might have greater than 50%.That’s what we’ll see about in the next few years, maybe starting next week when the MacBooks come out. When people get used to the idea that (a) you can run Mac and Windows on one machine, (b) you can run all your Windows apps but safely compartmentalize vulnerable operations to the Mac, (c) that for machines of the same quality, Macs don’t cost much more and sometimes are even cheaper–maybe the market share will start increasing.Finally, do you know if Visio is provided for Apple or something similar?I’m afraid I’m unfamiliar with that category of software, but here’s the sweet part: you can run Windows and Visio on any new Intel Mac. Either dual-boot (choose either Windows or Mac OS at each startup) or virtualize (get $40 software to run Windows within the Mac OS, instantly switching back and forth). By the end of 2006, Mac/Windows interoperability should be smoothed out and working even better than now, but the hardware you need is already there in any Intel Mac computer.

  3. Tim Kane
    May 7th, 2006 at 00:23 | #3

    Thanks Luis.

    By the way, visio is diagraming software.

    You can use if for drawing flowcharts, or diagraming databases etc.

    Its a poor substitute for a real upper CASE tool, but its whats available, and is a Microsoft product (not originally, but they bought them out – subsequently sending truly good diagraming tools under – the best/cheapest long ago was EZ(easy)case from an outfit called Evergreen Software out of Seatle, its was cheap but comprehensive, you could diagram a data base, and it would generate the schema. I wonder whatever happened to them.)

    It sounds like OS X is becoming like OS/2. OS/2 was a great software, extremely efficient, and at least a decade ahead of Windows, using maybe 10% of the resources. You could launch and open up windows applications inside of it. IBM’s big mistake was not just giving OS/2 away. It was fully multi-threaded, multitasking. It was better than windows, but it came in second. If they had made it free, we’d all be using it today, or most of us, and millions of lost man hours of work to windows crashing would not have been stripped away from our GNP. I am sure there’s quite a few people who lost their job because they lost their work, before saving, to a windows application that crashed because it ran on DOS and couldn’t manage memory well.

    One more question:
    If I run windows, inside of OS X, does that mean its ‘more protected’ from virus, because of what you just discribed?

  4. Luis
    May 7th, 2006 at 00:38 | #4

    If I run windows, inside of OS X, does that mean its ‘more protected’ from virus, because of what you just discribed?’Fraid not, not exactly. If it’s hooked up to the Internet, receives email, and connects to the web in general, it’ll be as vulnerable as it would be regularly. I don’t know about network vulnerability. Though virtualized within the Mac, it acts just like Windows does usually, and could still get malware just as it would as an independent machine.

    On the other hand, you could take advantage of the strength of each OS. Use Windows for Visio and other business apps, and/or for gaming and whatever other specific apps you have. Use the Mac for its iLife suite and other goodies. But make sure that any use which could open Windows to attack, such as web browsing, email, and networking are done on the Mac. That way, you’ll have the best of both worlds–whatever you need that can only be done on Windows, while you enjoy the protection the Mac offers in the malware arena.

Comments are closed.