We all know that Mac fanatics claim how secure Mac OSX is. Is it really that secure though?
The last couple of months have not bee kind to OSX. The Mac operating system has seen its first round of widespread malware. Apple has been busy playing whack-a-mole trying to stop it. The Mac fanbois have been denying it. Apple is still more secure they claim. If this is true, then how did Apple top the Stack of Shame this week?
The reality of the situation is that Apple is entering uncharted territory for OSX. Not only does it have enough percentage of the market to make it a more viable target for the underground Internet, but it doesn’t have a true plan in dealing with such issues. This was shown by Apple’s response to the MacDefender malware. The denials, the bad press, and finally a solution that keeps getting circumvented. Yes, overall the amount of people infected might be small beans, but it is a larger outbreak than ever before, plus it shows that it can be done.
The next question comes in with these 26 vulnerabilities, how quickly will they be patched? That is the key to preventing exploitation of said holes. Is Apple ready to do monthly patches, weekly patches, out of band patches? How will they respond to all of this?
No Operation system is 100% secure. There is too much code, too many different vectors to attack from, and there is always the end user who is the biggest threat to security. Apple response to the OSX security issues should enlighten us to the iOS plans for security issues. No, there aren’t many now, but there will be.
Apple finally admits to the MacDefender scareware and puts out instructions on how to prevent it. Too bad that within a couple of days there was a new variant that makes the instructions obsolete.
Ed Bott continues to report on this on his Microsoft Blog over on ZDNet, and to much hatred from the Mac Fanbois. They still deny the whole thing. It does not matter that Apple has confirmed the malware. It does not matter that Intego, a Mac Security blog is the one finding these items. No, the Mac is uber-secure and there is no malware for it. Malware for the Mac is impossible to create. Well, the new version reported by Intego doesn’t require any administrator password. This to me seems to be no longer any proof of concept, but a real threat. But I digress. The biggest problem in this situation are the Mac Fanbois who are denying this sort of malware exists. The whole argument they give though reminds me of something else in history, that happened almost 100 years ago.
There was a ship built in the early 20th century in England, which was highly lauded. This ship was huge, luxurious and was unsinkable. That is correct, the claimed nothing could sink this ship, no way, no how, don’t even ponder the notion, it can’t happen. Well, there is nothing wrong with calling something unsinkable, of course until it met a friendly iceberg in the North Atlantic on April 15, 1912. The iceberg decided to give the ship a nice bump, tore open a huge gash, and caused a lot of people to perish as the ship sank. We all know the name of the ship, it lives on. Titanic.
I look at claims of the Titanic, and the blindness that the builders of it had, and see similarities to the reaction of Mac Fanbois to Ed Bott and the MacDefender malware. Denial, short sightedness, and unwilling to admit the problem. Actually, this also reminds me of Microsoft when it first started getting hit big time with malware.
There are many arguments in this whole scenario that can be taken in. Yes, its a socially engineered piece of malware, but so are the majority of ones written fro Microsoft. Yes one piece of malware like this does not an epidemic make. Yet, the Mac community has a chance to learn from the past, realized that they are starting to be targeted, and get ahead of the rolling stone that could be coming at them. Denial only hurts them.
Oh, and just one more piece of history on the whole, you need administrative privilege for the malware to become installed. Last time I checked, OSX was written on top of a BSD Unix variant. There have been viruses for Unix for a lot longer than Mac or Windows.
Ed Bott (@edbott Twitter) at ZDNet has been feeling the wrath for the MacFanatics after he reported, “According to a report from a Danish IT security company, an underground group has completed work on a fully operational kit specifically designed to build malware aimed at the Mac OS platform. ”
Lets get some things straight. I’m not a Mac person. I think its a nice Operating System, and has its place out there, but I think the Cult of Mac, just like the Cult of <insert favorite OS here> needs a reality check. There are good and bad point to every OS, and each one shines in its own way. Microsoft is still the most popular, Linux is great for older or less powerful desktops, and Mac is fantastic for Graphics. It is what it is. Security wise, all of them have their plus and minuses. Any sane person knows that no OS is completely secure, and all can have viruses. So why when a report about one for Mac, let alone a kit to make more, comes out that many Mac Fanatics have to start attacking the report as a FUD (Fear, Uncertainty, Doubt) campaign?
The story I am referring to is written by Ed Bott, in his Microsoft Report Blog on ZDNet. “Crying Wolf? Apple Support Confirms Malware Explosion,” is a well put together article. It references multiple sources, and does a good job of defensing his original post from May 2 about the possibility of more Mac Malware coming. The Mac Fanatics tend to disagree, and do so in a lot of unprofessional ways in the talkback section of the article. Heck a lot of the deny the current malware even exists.
Let us pose a simple question. If 1 million people get a disease one year, and 100 million get it the next year, would that be considered an outbreak? Most people would say so. 100 time more infections. Yet according to a supposed number (which I cannot verify), there were 2 mac infections last year, and the new malware has 200 infections. That is the same 100 times increase. That is still a significant rise in the number of infections. Is it the end of the world? No. Does it mean that Mac users are as gullible to social engineering as Windows users? Yes.
In fact, being a SMB Consultant, 95% of the virus infections I deal with on a daily basis are socially engineered. Through Facebook, ads, e-mails, doesn’t matter, the end user has to do something to get infected.
Mac has been known for its security. I remember a long time ago when Mac Servers were basically unhackable. Times have changed though. the last 3 PWN TO OWN conventions, Apple’s vaunted OS has fallen, and fallen fast (even when they have patched right before the competition). In 2009, it was reported about the first Mac Zombie Botnet was active. Let see, to become a zombie on a botnet they have to hack your machine, and/or usually slip a rootkit and a trojan on it. That would be considered malware.
The evidence has shown that Mac isn’t as secure as it used to be. Its the way things are. Get over it and act like adults when debating things. I’ve had debates with Ed over his Microsoft slant in the past, but he does slam Microsoft a lot also. His blog is like this blog on more well known. Its news mixed with opinion. Take it or leave it, but as one talkback comment reminded people, the end of The Boy Who Cried Wolf finished with the wolf actually showing up and causing damage.