Home > Computers and the Internet, Mac News > Yet More New FUD Bamboozlement Re: Mac Security

Yet More New FUD Bamboozlement Re: Mac Security

December 8th, 2007

The International Business Times sports the headline, “Apple Mac, iPhone, No Longer Immune to Hacks.” The problem with that: Macs were never “immune” from malware, no computer is. And though Mac fans are usually tagged as the source of such claims, it’s usually the crowd that is antagonistic to Macs and Mac users who set that statement up as a straw man to take down.

So the question is, is the Mac really “increasingly vulnerable?” How accurate is this new report? Is the amount of Mac malware increasing? Are the number of security holes spiking? Is the Mac less secure than it used to be?

The answers: not really, not at all, no, no, and no. The “new” report bases its warning completely on a single trojan. Admittedly, it’s the first trojan that even shows promise of getting installed on more than one machine, but it’s a trojan nonetheless.

Trojans are a type of malware that requires the user to be fooled into sweeping aside the OS’s defenses. Trojans are the one piece of malware that no OS could possibly protect against without severely hobbling the user; they represent not a vulnerability in the security of the OS, but rather a vulnerability in the intelligence or awareness of the computer user.

For example, let’s say you get a high-end security system for your house. All the doors and windows are wired in a way that would be virtually impossible for a burglar to circumvent. If any are tripped, a security firm races to your house to apprehend the intruders. None of this, however, is of any use if you simply open the door and let in anyone who asks. This is what a trojan does, and the success of any one trojan is not the fault of the security system.

The “alert” from F-secure, a company that wants to sell its security software for the Mac, is a trumped up re-hash of similar chicken-little warnings they have issued and re-issued over the years. I suppose you can’t blame them, from a business perspective; they have a hard job. Selling security software for the Mac is kind of like selling raincoats in the desert.

The fact is that Mac malware is still so rare that the chances you’ll encounter it is close to nil. There are still no viruses and no worms that affect Macs. There have been two Trojans in the past few years that actually made it on to a few people’s computers. One was a fake image that was reported on only one computer in the wild.

The other came out more recently, and it is the focus of the new “warning.” It was a fake codec for watching porn movies. To fall victim to it, you have to surf porn sites until you find one that offers free porn movies–but they tell you that you need their special codec to play them. You must download the codec, ignore the message about installing software you found on the Internet, and enter your admin password for the installation to complete. That last part is the kicker: the password is needed only when an application needs to screw around with system resources. Only when a user passes through all these hoops–similar to a porn huckster showing up at your door and you decide to let him into your living room–will the trojan affect your computer.

And when it does, it will not spread to other computers or infect other users. Each computer must be infected one at a time.

Many of the other “threats” against Mac security are just that: threats. Not actual malware, but rather the potential for malware to be made. These took the forms of “vulnerabilities” or “proof of concept” hacks. And many of those tend to be unlikely, sometimes outlandishly so. Take, for example, a Bluetooth “proof of concept” hack in Macs reported a few years back. In order for an exploit to work, it would have to already be present on one Mac while another Mac was in the same room. Both computers would have to have outdated versions of the Mac OS, and both would need to have Bluetooth activated and discoverable. Then the infected computer would send out a signal to the clean one, telling it that a Bluetooth device was available. The user of the clean Mac would then be presented with a message by the computer, informing the user that a Bluetooth device was available, and do you want to accept it? The user would then have to agree to the incursion, despite there being no new Bluetooth device within sight.

Short story: Macs are still more than secure enough. You have to learn not to be an idiot, but that’s pretty much it, for now. Sometime in the future some actual virus or worm may materialize for the Mac, but it doesn’t look like it’s going to happen anytime soon.

The thing you have to look out for most is the scammers in the “security business” for Macs, and the media outlets that buy their FUD (Fear, Uncertainty, and Doubt) scare tactics wholesale. Take these closing paragraphs from the Times article:

News of Apple’s growing attacks comes as the number of viruses and other malware has doubled over the past year.

F-Secure had detected 500,000 viruses, trojans and worms in 2007, compared with 250,000 last year.

Doesn’t that sound like there are 500,000 viruses, trojans, and worms for the Mac? Oi vey.

Categories: Computers and the Internet, Mac News Tags: by
Comments are closed.