Mac users 'too smug' Over Security?

wild_berry writes "Bill Thompson, one of the BBC's technology commentators and presenter of Go Digital on the BBC World Service, expresses his concerns that Mac users assume their safety in the face of trojans, worms, keyloggers and other malware. As a Mac user he is most concerned about the lack of herd immunity that is needed to stop a few infections becoming an epidemic, fully explained in his column week for the BBC technology site. Is he right, and what actual products exist for OS X that would protect against infections?"

Dead On

[eldavojohn]

This article was dead on.

My first ever encounter with this mentality was in high school when my music theory instructor told us that she loved her Mac and when I tried to argue with her about a number of things, she'd repeatedly reply with "No Mac has ever been hacked or had a virus on it."

Now, at the time, I was a young nooblet and probably should have let it slide but instead I snuck into her office and opened up her Macintosh's word editing software with the intent of some lil' bastardry. I found the option to replace a mistyped word with another that the user entered. After that, whenever she typed the word "the", it was replaced with "WARNING! VIRUS DETECTED! PULL PLUG FROM OUTLET AS SOON AS POSSIBLE!" Unfortunately, her son knew enough about computer to fix it so my fun didn't last very long (only one or two lunges at the wall).

Back to the issue--I think it is a grave mistake for anyone to ever feel 100% invulnerable when it comes to computers that are connected to the internet in anyway. I would diagnose this as a standard case of a false sense of security. This is something that has plagued many people throughout history and often led to their downfalls.

What message am I trying to get across to Mac users? First, realize you're not invulnerable. Second, just browse around and look at what's out there for you to use as anti-virus and virus blocking tools. And if you don't want to, read some horror stories, perhaps that will motivate you to become aware of possible worms in your Apple.

Re:Dead On

[Fordiman]

The point of TFA is that Macs don't get the kind of scrutiny that Windows machines do.

This is, by the way, not even mentioning the following: Now that OS-X, Windows, and Linux all run on the same hardware, spreading a fully cross-platform virus is easy. The virus first attempts to identify the target machine. Upon doing so and diagnosing apprent weaknesses, the virus then packages the relevant position-independant code in an appropriate executable container (ELF for linux, PE for Windows, a.out or unibin for OS-X) and set the entry point.

The virus then executes a found exploit, causing the offending computer to download the converted virus from the attacking computer (uploading a virus via buffer overrun is tricky; it's better to simply send up a stub that grabs the virus from the attacker than to try for a full infection via exploit). This can be done by either piggybacking the download through a program that's been cleared by the firewall (wget, internet explorer, etc), or by creating a servlet whos only purpose is to wait for connections from the attacker and let it upload.

Hell, on OS-X, you could even have it download and compile the virus SOURCE behind the user's back.

I've said it here before: I'm a pretty good programmer, and I've been fighting viruses for years. Be glad I don't write the damned things; I could probably cripple the world. The same is true for any half-competant programmer with an interest in security.

Re:What's worse?

[guet]

A platform which doesn't have Active-X, doesn't have services running out of the box, doesnt' have autorun for CDs with Sony Malware, and doesn't have an unfortunate legacy meaning almost all apps require continual admin access, is more secure in my book. There's a couple of operating systems that fit the bill, one of which you seem to hate : )

Having no known viruses at this point is an extra bonus.

Not immune of course, but then I don't hear many people claim that, in fact, I've never heard anyone say that, just heard it repeated as a truism (Mac users think this) on websites.

It's just a shame that for them to be proven wrong, a lot of people and their PC's have to get hurt

A lot of people and their PCs get hurt continually at present, but they come back for more and keep running the same broken system.

Re:How do you protect against the unknown?

[redragon]

I will be adding some extra security to the system. But the average user cannot do what I will be doing.

Why don't you enlighten us oh gifted one?

Macs are not Targets.

[Barzoo]

You're not vulnerable if you're not a target. Macs are not targets. And I fix all computers, Windows, Linux, Macs. Mac people are no more or less smug than those other users. Most Windows people don't have a clue about firewalls, virii, trojans, or worms fyi. Computer users are all the same. They just want something that works. BTW I haven't had to remove a virus, trojan, or a worm from a Mac yet. I've done that for Windows machines all the time and make good money doing it. You do the math.

Re:MacOS X itself?

[Seanasy]

So again how is it a safer OS if these exploits existed in the first place?

Because most weren't critical vulnerabilities and there are no exploits. Show me an exploit for a Mac OS X vulnerability. Now, show me one in the wild. Can't? The only thing you have to do to wipe the smug look of a Mac users face is to release an exploit in to the wild. Go ahead. What are you waiting for?

If just one person who thinks Macs are just as vulnerable as PCs would just write a worm/trojan/virus, we could end these f*@&!#g trolls and all agree that security is hard. Really, please, someone write an OS X exploit and spread it. Make it benign if you're uncomfortable with writing viruses. Just get something out there.

I'd like to see it just so people will stop using the lame "there are more Windows PCs" arguments. I'm sorry but this whole issue has gotten so blown out of proportion that the first person to show a really bad Mac vulnerability with an exploit would be on every geek blog and quite possible the NYT. You'd be f*@&!#g famous.