Slashdot Mirror
Large Prize Offered For Writing Mac Virus
Mordant writes "Some experienced Mac developers are offering a $25K prize to the first person to successfully infect two 'naked' Internet-connected Macs running stock Apple software. The best part is that if any Symantec employee succeeds in infecting the Macs, the prize goes up to $50K (Symantec has been fanning the flames of totally bogus "Macs aren't more secure, it's just that Windows is a bigger target" technical-equivalence propaganda)!" Update: 03/26 20:24 GMT by Z : Well, that was quick. Jack Campbell has cancelled the contest, after he "...was contacted by a large number of Mac users, and Mac software professionals who shared their thinking with me about the contest."
As far as I'm aware there is no conclusive evidence that shows Macs are inherently more secure and would not suffer the virus problem that Windows does if it had Windows' market share.
The conclusive evidence is that OS X is a flavour of *BSD.
If that doesn't strike you as conclusive, then feel free to explain how it is that Apache running on *BSD has such a better security record than IIS running on Windows, despite the fact that the Apache setup has, always has had, and most likely always will have too, a market share far greater than that of IIS.
That certainly strikes *me* as being a pretty compelling counterargument to the greater market share theory of hacker victimization, anyway...
clicking 'Yes' to install things they really shouldn't
Macs use verbs in dialog boxes, instead of 'Yes', 'No' and 'Cancel'. The button to install software on a Mac would be 'Install Software', not 'Yes', so clueless users have a better sense of what they are doing.
Discussed better here
Guy asked me for a quarter for a cup of coffee. So I bit him.
It had better be more than $50K for a Symantec Employee: according to my employment contract, writing a virus will result in my immediate termination. Such termination also means that I forfit all my stock options, worth far more than $50K at this point. And not to mention a great paying job with annual bonuses worth about half the original award.
So from an economic standpoint I'd be seriously in the hole, trading in options and bonuses worth a hell of a lot more than the amount being offered from a rather shady source.
No way!
Hartman: Private Joker, do you believe in the Virgin Mary?
Joker: Sir, no sir!
Hartman: Well Private Joker! I don't believe I heard you correctly.
Joker: Sir, the private said "No sir!", sir!
Hartman: Well, you little maggot, you make me want to vomit!
...
Hartman: Are you trying to OFFEND me?
Joker: Sir, negative sir! Sir, the private believes that any answer he gives will be wrong, and the senior drill instructor will beat him harder if he reverses himself, sir!
Hartman: Who's your squad leader, scumbag?
Joker: Sir, the private's leader is Private Snowball, sir.
Hartman: Private Snowball!
Snowball: Sir! Private Snowball reporting as ordered, sir!
Hartman: Private Snowball, you're fired! Private Joker is promoted to squad leader.
Snowball: Sir, aye aye sir!
Hartman: Disapear scumbag!
Snowball: Sir, aye aye sir!
Hartman: Private Pyle!
Pyle: Sir, Private Pyle reporting as ordered, sir!
Hartman: Private Pyle, from now on, Private Joker is your new squad leader, and you WILL bunk with him. He'll teach you everything, he'll teach you how to pee!
Pyle: Sir, yes sir!
Hartman: Private Joker is silly and he's he ignorant, but he's got guts, and guts is enough.
What a HUGE surprise. The linked page now explains, almost sorrowfully, why he decided to call it off. Read the last paragraph for a real laugh.
On this subject, I recently answered a query raised during a Chronicle of Higher Education colloquy. I believe it touches on the major issues here.
Question from Lisa L. Spangenberg, UCLA:
Given that there are no viruses or Trojan horses for the current Macintosh system, OS X 10.3, and given that it is essentially UNIX, and given that the most common applications (Microsoft Office Suite, Adobe applications) work very well on OS X, why don't more institutions adopt Macs and encourage faculty to use them?
Gregory A. Jackson:
Well, first of all, there are viruses and Trojans that afflict MacOS, witness Apple's periodic release of security fixes to counteract them.
First, that isn't true, regarding viruses. To date, there are no known viruses that specifically target Mac OS X. Last week's "trojan" was nothing more than an application with a different icon and misleading name that displayed a dialog box (which was an example posted to a USENET Mac programming group to illustrate this fact that has been known and possible on Mac OS for over twenty years; an antivirus vendor apparently thought this an appropriate time to dress it up, incorrectly, as some new, terrible exploit easily adapted for malicious means, when in reality it's nothing more than an application).
If you're referring more broadly to security issues in general, almost all of the security and security-related updates for Mac OS X to date have been updates for primarily server-type services that ship with the OS, all of which are disabled by default, and the lion's share of which are never even enabled, much less touched, on the vast majority of systems. I'm not saying that they should be ignored, but Apple's comprehensive and swift response to the most minor security issues does not rise to the level of the staggeringly numerous, sometimes completely automated, remote exploits, worms, and so on for Windows. It is no longer possible to even get through a full installation Windows XP on a machine connected to a public network without it being exploited before you even have a chance to patch it.
It's definitely possible for Mac OS X to have viruses, worms, trojans, and other malware - Mac OS X is not invulnerable, and no sensible person would claim it to be. But the underlying philosophical design principles are fundamentally more secure than Windows, period. Since the major ingredient for the success of a worm or virus is some ability to spread, witness the fact that there is no way with anything built into Mac OS X to perform automated propagation of a virus, and no current known ways to exploit a machine remotely, not to mention that potentially exploitable network services are disabled to begin with anyway (and remain that way unless explicitly enabled), a stark contrast to Windows. Any hope for automatic propagation would require a comparatively high level of sophistication, and perhaps even its own mail server - not to mention some intrinsic vulnerability to exploit. On the other hand, there are still, to this moment, unfixed vulnerabilities in certain versions of Outlook that will spread certain virus variants simply by previewing a message, and nothing more. There is simply no equivalent to this on any other platform. Microsoft's track record and attitude on security (though admittedly much improved) versus other vendors speaks volumes on this topic.
It takes work and thought to do security, and do it right. Ease of use and security aren't mutually exclusive. The key is to make security easy to use, and Apple has so far been on the right road with Mac OS X.
But the small installed base of Macs makes them an unexciting, low-visibility target for the bad guys, and so the weaknesses don't get exploited much.
The marketshare argument only goes so far. This seems to be a version of the "Macs have no software" argument. It is indeed true that they are targeted less for this reason. But the argument that it's straight cause-and-effect is disingenuous
A quick visit to the website reveals that their
"Mac Virus Contest" is a totally bogus bit of
showmanship. ( From the: "Even bad publicity
is still publicity" Department ):
DVForge Virus Prize 2005
The Contest That, Sadly, WIll Never Be
Contest goal: To lay to rest, once and
for all, the myths surrounding the lack
of spreading computer virii on the
Macintosh OS X operating system, by
sponsoring a contest that challenges
virus writers to actually prove that
they can introduce a harmless virus
into two modern OS X Macs.
That was the goal of a contest
announced recently by DVForge, but,
due to a variety of influencing factors
was cancelled shortly after having been
announced.
A Statement About The Contest Cancellation
"In response to the statements put forth
this past week by Symantec Corporation
suggesting that Mac users are at
substantial risk to infections from viruses,
our company crafted and announced a contest
that would have paid a $25,000 prize for
the successful creation of such a virus,"
said Jack Campbell, DVForge, Inc. CEO,
"During the first several hours after making
the public announcement, I was contacted by
a large number of Mac users, and Mac software
professionals who shared their thinking with
me about the contest. A few of these people
are extremely well-regarded experts in the
field of Mac OS X security. So, I have taken
their advice very seriously, and have made
the difficult decision to cancel our contest.
I have been convinced that the risk of a virus
on the OS X platform is not zero, although it
is remarkably close to zero. More importantly,
I have been convinced that there may be legality
issues stemming from such a contest, beyond
those terminated by our own legal counsel,
prior to announcing the contest. So, despite
my personal distaste for what some companies
have done to take advantage of virus fears
among the Mac community, and my own inclination
to make a bold statement in response to those
fears, I have responsible choice but to retract
the contest, effective immediately."
DVForge, Inc. supports honesty and integrity by
manufacturers in all public communication. And,
we strongly discourage the use of exaggeration,
innuendo, or loosely stated claims in an effort
to increase sales of a company's products. We
believe in accurate, fair marketing statements,
and in allowing an accurately informed public to
then make its own decisions about purchasing,
or not purchasing, a company's products or
services. We implore all Mac industry businesses
to support these same values.
We do not endorse the creation or distribution
of computer viruses. U.S. and international law,
as well as simple good judgment forbid the
transmission of computer viruses.
I get no end of amusement from people claiming that Mac users buy Macs because "they don't know anything about computers," or something to that effect. The fact of the matter is, this particular Mac user sees his computer for what it is: an appliance. It's not a platform, a political party, or a religion. It's a machine, not entirely unlike a toaster or Cuisinart.
When choosing a computer, I took into consideration:
1) What I need it to do.
2) How I plan to interact with it.
3) How much effort I need to put into maintaining it.
3a) How much effort I need to put into making sure my machine stays mine (i.e. not compromised by some bored malcontent.)
So, over the course of several decades, I test-drove a few different machines, running different OSs (disclosure: I ran DOS and Windows variants up to and including XP, various Linux distributions, and Mac OS X.) It became glaringly obvious that OS X was far and away the OS of choice for the amount of time and effort I intend to invest in using and maintaing my computer.
I'm not a BSD advocate or a network security guru because, quite frankly, the subjects absolutely bore me to tears. However, even I can appreciate the simple, quiet wisdom of turning most networking services OFF on a fresh install of an OS (as does OS X.) Just think how much more secure our computing environment would be if people only enabled the services they absolutely needed.
*sigh*
I don't know why I bother with the tin-foil hat brigade, but it is an explicit terminatable offense at Symantec to write--or help in writing--a virus. They just clean out your desk and have security escort you out of the building that day, no appeal. Your stock options and stock purchase plan options are immediately revoked, you lose back vacation pay, and you get no severence. Just a bootprint on your ass as you're kicked out the door.
But of course I'm part of the conspiracy, so you'll probably think I'm either a dupe or a lying spokes-hole.
I like being part of conspiracies; I worked many years ago for JPL in the same building the Weekly World News claimed housed an alien spacecraft that was being studied by the military--and the tinfoil hat brigade didn't believe me then when I told them it was just so much hokem...