"Experts" Say Macs Are Not Safer Than PCs

MoneyT writes "As reported at vnunet, experts are claiming that Macs are no safer than PCs in terms of protection from a virus. Seems more to me like they're just saying that we Mac users aren't invulnerable, but until I see things like nimda taking out my Mac, I'll stick with the iBook." The article doesn't mention that the "7,000 macro viruses" attack Microsoft products (leaving uses of a Mac only as a web server completely protected from them), nor does it quote any statistics about how many Mac vs. Windows viruses exist, and it doesn't address the real- world fact that Macs are hit with viruses far less often than Windows machines.

Now there's an unbiased opinion...

[jspayne]

Antivirus firm Symantec said that over three quarters of Mac users are under the illusion that they are not a target for virus writers and hackers. Well, in that case I should rush out and buy some Antivirus soft...hey...waitaminit.. Jeff

Fear, Uncertainty, and Doubt strike again

[kalidasa]

Just Symantec trying to boost sales of their Macintosh product. I use a Mac without MSOffice, and I almost never use IE (I use OmniWeb, Chimera, or full Mozilla instead), and only use OS X (don't use Virtual PC). None of the viruses they're talking about (except maybe Sub7, though all but one of the SubSeven viruses listed in Symantec's only encyclopedia are said to affect .exe files - not a Mac problem). Sure, there are probably a few Unix vulnerability that could hurt me, but compared to the 1 copy I get of Klez.H per day, I feel much safer on my Mac.

what are they talking about?

[RealisticWeb.com]

according to experts who have just shattered a long standing myth.

This is total biased crap. I don't mean to troll, but think about the statement. Who where the experts? A company who sells virus software, who wants to break into the mac market. What was their evidence? "Because we said so".

Unless I get cold hard facts, I refuse to beleive that apple has code that is so flawed it would be a threat to national security. The same things about MacOS that makes it more stable are the things that make it more secure, namely properly written code, and quality assurance testing before release. None of this security by obscurity that you see way too often.

Re:what are they talking about?

[Dephex+Twin]

I noticed that line too. How exactly was this myth shattered and by whom?

In fact, 62 per cent of Mac users said that increased security was the main reason for them moving to the platform, according to Symantec.

Sixty-two percent of Mac users have a Mac mainly because they want security? I don't think 62% of Mac users really even think about security.

"Obviously there are more PC-only viruses out there, but there are still over 7,000 macro viruses which can hit either Mac or PC platforms."

So there are lots and lots of viruses, mostly for the PC, but some are cross platform. Who, then, has more? When was the last time a Mac-only or even a Mac-compatible virus (like Nimda or Code Red) been in the news (or even existed)?

Chapman explained that, because of the Mac's age, some of the first viruses ever written were for a Mac

Oh no, not the first viruses ever! What is the relevance of that?

and some writers still target the platform specifically.

Really? All 15 of them? Compared to 15000 on Windows? Did anyone claim there was a 0% chance of a virus being written for Mac?

"Another big problem Mac users don't think about is that they make perfect incubators for Windows viruses," said Chapman.

This makes the Mac less secure how? And the fact that Macs don't automatically search for viruses on any platform and destroy them means they are somehow guilty of giving Windows users viruses?

At the time of going to press Apple was unavailable for comment.

That's because Apple shouldn't have to waste its time defending itself to trolls like that.

Okay, so the Mac community believed there were FAR less Mac viruses out there, and very few Mac virus writers. What "myth" has been shattered exactly?

This is such complete FUD that pretty much every sentence is full of it. This wasn't ignorance but someone going out of their way to deceive.

mark

Re:what are they talking about?

[daviddennis]

One thing I've noticed about virus writers is that they are lazy and sloppy. I find it unlikely that most of them even thought of cross-platform considerations when writing their code.

For example, I'm betting a lot of those viruses refer to "C:\program files\Microsoft Office\ ..." instead of using the system call to get the appropriate directory. And just one of those calls is going to stop the virus dead on the Mac.

D

Re:what are they talking about?

[digitalcowboy]

I agree with you completely. This is the most biased anti-Mac propaganda I've read in a long time. One small piece of evidence:

In the past even the US Army has moved its web servers over to MacOS in the mistaken belief that they will be more secure.

They fail to mention that that was prior to OS X. While it's certainly true now also, back then the Mac OS was FAR more secure than Windows for running a web server simply by virtue of the Mac having NO COMMAND LINE. Even if you could exploit a Macintosh web server in the days of OS 9 and prior, what would you do once you got in? There is no ability to do anything remotely on the machine unless there is third party remote desktop software installed on it.

I find the line about 7,000 macro viruses hysterical as well. The vast majority of those macro viruses are VB viruses that attack the myriad gaping security holes in Outlook (or the myriad gaping security holes in IIS, installed by default on all Windows systems and not even available for Macintosh). The Macintosh version of Outlook Express doesn't even support VB! The only macro viruses a Mac might be vulnerable to are MS Office macros. How long has it been since you heard of an MS Office macro virus outbreak? They're virtually non-existent now because it's so much easier to propagate a virus via Outlook and/or IE.

Speaking of which, if you're dumb enough to be running IE on a Mac, you probably are opening up some vulnerability. That's one reason there's so much activity in the browser space (iCab, Opera, OmniWeb, Chimera, etc.) even though IE is free.

No system is totally invulnerable, but having spent many long hours dealing with the effects of NIMDA (for one) at work, I'll gladly hold on to my Mac at home, thanks.

Known troll, or just a moron?

[zephc]

The story author, James Middleton, is a known troll and MS banner-waver, check out http://www.vnunet.com/News/1128907
Either that, or he is very susceptible to marketing hype from corporate interests, and taking it as news.

Re:Less demand for viruses, not less feasable...

[feldsteins]

If Apple had say 45% OS market share, I'm sure there would be many more Mac viruses rampaging across the net.


I hear that argument from Windows users all the time and I'm sure there's some truth to it. I mean it's obvious. But there's another part to the story. The part where Microsoft makes many of it's software products in an extremely vulnerable way in order to "give customers what they want."

Case in point. Why are Word, Outlook, Excel, PowerPoint, Access, etc all able to open programmable documents which could contain potentially malicious code? In plain english, the way they've chosen to impliment scripting and macros makes them dead-on guilty of making extremely vulnerable products.

Do you remember back in the days before such things existed? Before the concept of the "macro virus"? How many virii were there back then? How vulnerable did you feel? What percentage of Windows users even had virus protection? And most importantly, don't you think it's strange that everyone just accepts this? All for the sake of the 0.02% of macro-writers out there.

So yes, there would be more Mac virii if there were more Macs, I buy that. But there would be less Windows virii if MS didn't knowingly and repeatedly sell fundamentally insecure software products.

So please don't lull yourself to sleep with the old "there are so many Windows virii because there are so many Windows boxes out there." Rather, wake up and realize that Microsoft has decidedly turned away from security in favor of whiz-bang features that look good printed on the software box.

And please pardon the shrill, crazed tone of the above. I've been holding that one in for a while I guess.

They are right...almost

[theolein]

The Mac, either Classic OS9 or OSX is generically not safer than Windows. The fact that Microsoft products are virus traps is not only because they are written without any real security in mind. It is also because the platform is so widley used. I can't substantiate this of course, but the sheer volume of Windows, IE, MSSQL and Outlook Virii does point to the fact that *a lot* of people are almost constantly on the lookout for ways to crack the system.

The Classic Mac OS had the one built-in but not for that purpose security measure in that it didn't have a commandline. This prevented anyone from logging in via SSH or whatever and rooting the system. The only widespread server on the Classic OS was Webstar and by default it didn't have any way of getting in via a CGI or buffer overflow unless you installed plug-ins, and even then you could crack the serve but had no way of doing anything else on the computer.

Mac OSX has had the occaisional security hole, the last one I remember (Apart from an IE hole but we won't talk about that) was the HFS case hole. Apple has simply been wise and turned off most of the daemons that are notoriously prone to sniffing etc by default such as telnetd, ftpd etc. If you turn these on, you stand a good chance of getting hacked.

Apple also has a built in Scripting System on both the Classic and OSX systems: AppleScript. The only reason that there have not been more Virii coming in on this channel is because there is no automatic way to execute one of these as there is on windows. You could however easily use social engineering (i.e. trick someone into downloading a bad Applescript application) and wreak havoc on that persons machine.

Anyone who has used Macs in the early '90s will remember many Virii such as mdbf or the CD autoplay worm, some of which were even spread on MacWorld CD's. Apple's loss of marketshare in the mid '90s coincided with less virii being written for the Mac. You work that out.

With the rising marketshare of the *new* Apple under Jobs and Tevanian with the new OS I am willing to bet that the attempts to crack the system will incease.

How Apple will eact to this will determine Apple reputation in this espect. Up until now Apple has been very good and fairly candid at reacting to and releasing patches and hasn't gone on any whining campaigns as MS has done in order to try to draw attention away from buggy products.

So, the article is not entirely wrong but still misses the true issue.