Slashdot Mirror
McAfee Feigns Fear at Mac Security
conq writes "BusinessWeek reports that McAfee has just come out with a report which asks the question 'Is Mac OS X the Next Windows?'." They appear to be attempting to scare consumers into buying anti-virus software for OSX. Blogger Arik Hesseldahl breaks down their claims: "First off, Mac users on average pay more for their computers, are self-selected because they tend to know more about technology than your average PC buyer, and by and large are a bit more affluent than those who buy cheapo commodity Windows PCs ... When you take into account the ongoing growth in general PC ownership, even if Apple pushes its annual unit sales to 12 million or more by 2010, its share of the overall market will still account for about 4%, leaving Windows the far more tasty target."
First off, read the original McAfee Report before you bash them as FUD spreading capitalists.
Why that wasn't included in the posted story, I'll never know. If you actually take a look at the PDF, it's got some good histograms and charts as well as a little more detail into the Leap virus.
Yes, it does follow from this that users should buy McAfee anti-virus for Macs. The simple fact of the matter is that this is a white paper that tilts in their favor. It has some valid points, though, and I don't think they need to tell people to be afraid. If Mac users start getting these viruses then they will truly need anti-virus software for their machines. They site the National Vulnerability Database and other sources in this document so it's not like they're making stuff up or are the only ones claiming there is an upcoming security risk.
I hate McAfee software. Like most anti-virus software, it uses too much memory and hogs the CPU if it's a real-time checker. I wouldn't opt for it if it was the last anti-virus company in existence. However after reading their white paper, it is convincing. I do think that if Apple doesn't take an initiative to protect their users from things like Leap then Mac users will need auxiliary anti-virus protection from a third party.
One man's FUD is another man's common sense. I don't care about the size or manufacturer of a device--if it runs programs in a turing-machine like manner, it can be infected.
My work here is dung.
I'm not so sure after seeing the new Apple commercials saying how PCs have all of these Viruses; however, Macs are not susceptible to them. This could get more people to purchase Macs and while it might not be as large a target, if the majority of the community isn't being cautious it could be seen as an easy target. You will see outbreaks of Mac viruses. It's only a matter of time. As for Mac purchasers being more computer savy. I don't really consider the majority of the artsy, yuppies that are the majority of the Mac audiance to be over savy.
"...are self-selected because they tend to know more about technology than your average PC buyer..."
While this is true in some segments of the market (*nix geeks migrating to OS X), it is by no means true of other segments. There are many designers/graphics pros who choose to use Macs. However, this in no way implies that they actually understand technology. Some do. Many don't. The choice to use Macs is typically because either they have always used Macs or that is what they were trained on.
This guy's the limit!
The antivirus companies are scared. Why? When Vista comes out, potentially their market is going to quickly dry up. So they are trying to convince Mac users that they need their software.
Personally, I don't trust any of the antivirus companies one inch. It's big business, and it is in their interests that there are security threats and viruses around. Talk about conflict of interest...
Im' an avid fan of Macs, and I don't run anti-vi on my Powerbook, but I DO run it on the Macs in my office for a reason that people don't often think of: Macs can be a virus CARRIER, even if they can't be infected!
A few years ago I had a situation (in an all mac offce) where we burned a CD and sent it to a client (the client was Windows based). The client complained that some of the files were infected. As a Mac-only office, I didn't care about running virus protection, so the files went unchecked.
In my current office, a mixed enviroment, I make sure that both OS's are covered. even if the chance of the macs getting infected is next to nill, I want my PCs to be safe.
The Witty Worm demonstrated that a market niche as small as perhaps 12,000 systems can be vulnerable to a worm based attack. The Macintosh is not inherently safe due to niche status. Anybody making this claim is seriously not keeping up with the field of information security.
Worms that have targeted other niche platforms including web servers and database servers of various kinds have also demonstrated that platforms with a few hundred thousand deployed systems (much smaller than the deployed base of Macintosh systems) are vulnerable to worm attacks.
If you mod me down, I shall become more powerful than you could possibly imagine.
Seems to me that virus writers would want to target Macs because of all the talk about how Macs are less succeptable to viruses. It would be more prestigious to create a virus that spreads like wildfire through the "impenetrable" Mac community than to create one for the "wide open" Windows community.
Just my $0.02...
"Self. Your technical savviness has not gone unnoticed. You've been selected. Congratulations."
body massage!
They know more about the technology they are buying because they only, for the most part, buy Mac products.
Yeah i'm not sure where that comes from. From my (limited) poll of friend with Mac, they tend to be artists or the artistic type, not technological inclined people.
If course they say "average PC buyer". I guess if you add the sum of all PC buyer tech knowledge and make an average... But thats like saying that 90% of all Mac user who drive have a Volkswagen. It seems true (it really does) but its not.
Bullshit. McAfee and Symantec have been engaging in a mis-information campaign against Mac security for the past year trying to get people to buy their junky wares. Is the Mac 100% impenetrable? No, but given that OS X has now been around for 5 years or so and no script kiddie has been able to create ANYTHING remotely close to dangerous (yeah, there are a few small, barely threatening programs), then why all of a sudden are certain people with a VESTED interest in selling AV software trying to scare Mac users into spending money unnecessarily? Let's just stop saying "Oh, when OSX is more popular then it will be a popular target." That argument is CRAP. What bigger ego booster could you get if you created a successfully propogating worm or spyware app for Mac OS X, a supposedly supreme Fort Knox of operatin system?
f m?ID=1765
I'm a long-time Mac admin and user. I don't have AV software on my home machine and as of now have no plans to either. I think Symantec, McAfee, Gartner and a few others are teh ones who have a hidden agenda.
All to pr0n you need: http://excaliburfilms.com/partner/mainaffiliate.c
Most Mac users are not tech-savvy... many claim to be, but believe me they are not. :) There are, though, some real tech-savvy mac users, but they're in the minority.
Just because you pay more for your computer doesn't mean that you are more computer-savy.
Mac users tend to be mac users because they want things to "just work". If anything, they may be less tech-savvy, since they don't need to delve into the inner working of the OS as much. And, therefore, they should be *more* prone to get viruses/trojans. Except, of course, Mac OSX is built with security in mind, as opposed to Windows 95/98/98SE/ME/NT/2K/XP/etc.
Help! I'm a slashdot refugee.
They have produced some good-looking graphs; however, the number of viruses observed (about 2 per year for the last decade) means that the substantial upturn could be little more than statistical noise.
I think it speaks for itself that, according to that PDF, the macintoshes with 1/50th of the market share have 1/1315th of the number of identified viruses, somewhat disproportionate to their decreased market share.
Have got MacAffee antivirus installed as corporate policy on my business peesee, and it humbles what is otherwise a fairly able laptop. Perhaps Apple's move to a more powerful architecture means that they can now shoulder the MacAffee burden too?
The guy is flat out wrong. Most Mac users are no more tech savy than your average Windows user. The walk into the Apple store and see shiny computers/pretty OS X is a damned secure OS. Especially with it's default root account disabled, among other things. I don't know what sickens me more though. The FUD from McAfee and Symantec as they salivate to capture another market, or the snottiness of a bunch of geek-wanna-be's in black turtle necks sipping red wine and eating cheese acting like they are invincible.
As long as they turn off the administrator account and back up their personal files it doesn't matter. It is incredibly hard to write a Mac virus that does anything malicious, especially to the system. The easiest thing a virus could do (and it would not be easy at all) would be to mess up a user account and delete personal files Mac users are also not the cutsey dumbasses you see in Apple commercials. For the most part they educated and know their way around their computer. Most would know something wrong is happening if the administration security prompt pops up asking for their password. The ones that don't know wouldn't even know how to access and turn on their administration account.
And forget about the old market share argument explaining why Macs don't get malicious viruses. Don't you think there would be some prestige for any writer who could create the first malicious Mac virus? Especially with Apple and others touting it's security for years? How come it hasn't happened yet?
Saying that anti-virus is vital piece of protection on platform that hasn't yet seen any serious viruses IS spreading FUD.
I work for an IT outsourcing company and we handle a TON of medical offices as well as their home stuff. Almost ALL of the docs have Mac's and have no idea how to use them. Sure they know how to do their basic email, web surfing, music stuff but beyond that they have no clue. They use PC's at their offices and have no issues. It has nothing to do with being smarter in doctors cases. It's all about being an elitist for them. They look at Mac's and say if I get one of those i'll be cool. The exact same way they purchase a car.
My sig of choice is Marlboro
Nice Mac you got there. Would be a shame if anything were to... you know... "happen" to it. Just sayin'...
As a cross-platform user I'm tired of these popular memes on slashdot. Do you think all those affluent mac users work in creative areas? A number of us work in IT developing and/or supporting software on the windows platform but prefer macs at home.
Let me try to get this through your thick head. OS X has a completely different security model from windows. It is based on a BSD and System V. You will find both open source and closed source unix components on OS X.
There is always a risk of some virus appearing and wiping out your personal data or some catastrophic hardware failure and because of this, you should backup often. It would require a great deal of user interaction to compromise the entire machine as nobody runs as root unlike XP.
Jesus was a compassionate social conservative who called individuals to sin no more.
Ok, so i see a pattern here. over the last twenty years all i ever heard about the mac was about how dead apple was, and how they were going to vanish and the company was going to go under.
Now all i hear about is that 'any day now' All the macs on the planet are going to be suddenly and utterly destroyed by the impending virus rush.
Look, I don't encourage people to run any system without security. My macs are all behind a nice firewall. However, I think that, given the record of some clever young programmers to break industry strength security in short order, i wonder when all of these virus writers are going to come over and focus on the mac? i mean, the mac market hasn't really changed much in the last year or two. (in terms of numbers) and the hardware change doesnt seem to have made it any easier to infect the systems.
Mac users and the mac community in general have been snobbishly touting the no viruses thing for quite awhile now. There are tons of clever hackers out there who can break all sorts of security, yet all we have so far are a few lame-ass trojans that you have to type your password in to install. (which, really are not viruses so much) So apparently the big carrot of 'first mac virus that actually was a virus' is really not that big of a carrot.
While i am a software engineer on macs, my expertise does not lie in the virus-area, so i can't really say if it is really much harder to write for the mac, or if it is just unappealing in a business sense (for the virus writers).
my opinion: if i measured my income with each thousand machines i added to my botnet with a virus i wrote, then i think i would stick to the 95% of the market that is fairly homogenous in terms of security. (ie all windows) and leave the outlying OSes (mac, linux) because even if both mac and linux double or triple their respective marketshares in the next five years, windows will still be the easy choice for virus makers.
Before everyone gets too excited, perhaps this claim can be read to refer to 'non-technical knowledge'. Being in the minority, even average - i.e. 'non-technical' - Mac users at least tend to know about alternatives. That is to say, they tend to know something about the 'other' operating platform, for either they are switchers or they use Windows at work or they were strongly advised not to buy a Mac by Windows users who claim that there are no programs for the Mac, that Macs are slow, that they suck etc. Moreover, I would venture to guess that Mac users tend to know what a web browser is, i.e. that there are alternative browsers such as Safari, Firefox, Explorer, Camino etc. In my experience, many Windows users at the same 'non-technical' level of expertise don't even know what a browser is even though they use it every day. This is because IE is so tightly integrated into Windows (desktop icon, can't be uninstalled) that many users simply equate the internet with IE, just as AOL users used to equate the internet with what was offered by their service provider. Mac users, I would say, generally don't have this non-reflective sense of 'givenness'.
I consider myself primarily a Mac user, even though I typically use Linux, OS X, and Windows every day. I do the vast majority of my work on my Apple laptop, and it is the platform I feel most comfortable with. The interesting thing is I've only been a Mac user since the summer of 2004. At my last job we purchased a large XServe G5 cluster (256 nodes), which at the time was probably the 3rd largest Apple cluster in a university. I used a Linux workstation at this point, and I was having doubts about running OS X on a cluster. I flew out to the WWDC while the ink was still drying on the PO. I was impressed with the developers tools I saw at WWDC, and with the whole OS experience. I ordered a iMac G5 for my desk the very day they were available for sale. We had to work at porting some applications to OS X, and there were a few issues with being one of the earliest large HPC clusters (especially one that ran large MPI applications over Ethernet - lots of early Mac clusters ran embarassingly parallel stuff, or infinniband line VT). I took a new job where I spend a good chunk of time writing scietific sofware for Linux based clusters - I insisted my employeer provide me with a Mac (we have about 1,200 employees and run about 40% Mac desktops, but no one in my group had a Mac).
Oh yeah, in our IT department a TON of the people have powerbooks/macbook pros
I'm sorry, I'm sure I'll get 'modded down' like it appears the others have, but that is the single worst statement I have ever heard. We sell enterprise level hardware at my work and recently started supporting Mac's. I've yet to have a user call in who even knew how to set an IP address. Terminal, what's that? At least the windows users know what I'm asking for when I tell them to open up a command prompt...
Mac users by and large have become complacent when it comes to basic security principles. They are even more at risk of infecting their machine when viruses and other threats start to spread on the Mac platform.
I think the problem wasn't that Mac or Windows users were any more complacent than each other, but one system was more prone to viruses and malware.
One of these systems had the following problem:
1. Getting spyware by visiting webpage with default security options
2. Getting viruses just by opening or previewing an email
3. Getting a Virus just by being connected to the internet.
Both systems still can have:
1. Viruses from opening attachments from email
2. Viruses from opening files downloaded from the internet
The first set of issues was nothing that you would consider to be safe security practices. That is unreasonable to think the user could not do these things within reason (Yeah... Back when the Outlook express viruses were going around I turned off my preview pane and avoided unknown senders like the plague but this is a hard practice to keep 100% reliable (you know accidentally opening an email from someone you know or hitting enter key at the wrong time).
Yes, one of those operation systems developers did fix the problem with many various security patches, but the other one never had such widespread issues and was usually quick to address any security hole.
I use OS X primarily for my surfing and email, but I still keep my habits from the windows days.
Don't download files from questionable sources.
Don't open emails attachments from questionable sources.
If I don't do either of those, then I believe I should not have to have an anti-virus.
Plain. Meet simple.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
There is, but they're going to have difficulty because of the Macs LOW MARKET SHARE. Until a large percentage of machines your Mac would communicate with when transfering the virus are Macs too, a Mac virus isn't going to get off the ground.
OS 9 had a ton of viruses and they had even a smaller market share than OS X.
For some reason I don't think market share is related to this.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
"Self-selected" does not imply "chosen ones". It's a common statistical term.
I have read this today and was about to post to Mac usenet groups, decided to post /. instead.
It is a very interesting article about the real problems of anti virus companies (yes, no mac viruses mentioned) by Mr. Kaspersky himself. It also includes the problems antiviruses have including their products.
http://www.kaspersky.com/eugenearticle
As a guy gave up running win32 for 3 years, I still check their site/blog as well as F-Secure one.
As a side note (hopefully not needed)
KASPERSKY DOES NOT PRODUCE MAC PRODUCTS. No FUD there.
I'm writing from a publishing company that has been running on Mac *exclusively* since 1987 (in business since '69). We have *never* owned a PC or Windows. Our IT dept is exclusively Mac. We do everything from desktop publishing to Web development and serving, database development and serving, Unix system administration, etc. No PCs, no Windows--ever. All Mac, all the time. And I am definitely not going to overgeneralize, but many IT people I have met know Microsoft and that's about it. Many Mac IT people I have met know Mac, Linux, Windows, Solaris, etc. The general trend I have noticed is that IT people who use Macs have a broader scope of technical knowledge overall than the Windows only IT departments.
That used to be true, but these days, people who know nothing about computers like to use "normal computers", by which they mean MS Windows. In my experience (which is fairly extensive), current Macintosh users break into a couple of groups:
There may be a couple others, but those are the major groups I can think of. And none of them are using Macintoshes to avoid knowing about computers. In fact, most of them believe that they're using Macintoshes because they know better than 90% of the people out there.
How this crap got modded Insightful I'll never know.
I'm not so sure after seeing the new Apple commercials saying how PCs have all of these Viruses; however, Macs are not susceptible to them. This could get more people to purchase Macs and while it might not be as large a target, if the majority of the community isn't being cautious it could be seen as an easy target. You will see outbreaks of Mac viruses. It's only a matter of time.
I think we've already discussed to death that Mac virus security is not due to obscurity but rather due to sensible security practices built in. We've been hearing "it's only a matter of time before a virus brings the whole Mac community to their knees" drivel for years. Still waiting on that service pack?
As for Mac purchasers being more computer savy. I don't really consider the majority of the artsy, yuppies that are the majority of the Mac audiance to be over savy.
I'd have to say that with a Unix command prompt and OS X/WinBlows/Linux dual- and tri-boot capability you're gonna see a lot more fascinating possibilities for tinkering that appeal to true geeks. Perhaps not so much to the poltroons whose idea of originality in computing is to casemod a neon light and window onto their beige hunk-o-junk, or who use their (e)machines simply as pricy game consoles. If that makes me a artsy yuppie for wanting to delve into my computer's innards, then I'll switch my 2600 shirt for a cardigan and my ratty sneakers for penny loafers.
OK, have at me. I can take it!
I was network engineer for many years, then I became programmer, which I've been doing for many more years. At work I use a PC, but at home it's all Macs. And now that my Macbook Pro runs Windows so d@mn well, my next work computer will probably be a mac also.
Why? Simple: Mac = *nix (which I love on servers) + great windows manager
That's my reason, period. For things which I don't want to fuss with (music, digital photos, updates, etc) OS X is simple and I don't have to worry about it. For things that I do want to fuss with I have BSD, XWindows, and everything else you find on your linux distro. Best of both worlds, although at a higher price and being locked into one hardware company.
Over the years I tried and tried to replace Windows with a good Linux desktop distro. There was always something that was lacking. Then I found OS X.
I think you will find more and more technical people moving over to OS X, at least *nix ones. Now I have to admit that also enjoy design work, so I really appreciate beautiful things, wether that being perfectly simple elegant code or the PowerBook, so perhaps you should ignore everything I said above.
Niche status is essentially Security through Obscurity. It may be a more obscure platform with different means and ways, but it still can be taken down like any other of man's creations. The goal is likely the same as anything targeting windows: Denial of Service, Information theft, etc. Just because it *only* has 12,000 systems like parent mentioned doesn't mean it can't be an attractive target.
Consider this: If something as important as the Fed used an obscure platform, don't you think people would be dying to get into it? While I think the whitepaper and TFA are no more than 'FUDvertising' there is a serious threat to leaving yourself with minimal security... no matter what you use.
Heck, lets chuck the PC metaphors all together. Condoms are only one layer of security (like security through obscurity) and if you have nothing to fall back on when that fails... you are screwed.
Windows has detected an undetectable error.
Building your own computer makes you technically competent in the same way that paint-by-numbers makes you an artist.
Your post is almost entirely wrong:
1) OS 9 had hardly any viruses, just like OS X
2) OS 9 had a higher marketshare than OS X
If you see a list of classic MacOS virues (nVir and so on), you have to understand the the vast majority of those date from the 1980s and didn't run under System 7+.
Whenever I hear the word 'Innovation', I reach for my pistol.
"This is part of the explanation for the number of IIS viruses being greater than the number of Apache viruses, even though Apache has a significantly larger market share."
IIS6 has a significantly better security record than does Apache2.
Apache2's vulnerabilities 2003-2006
IIS6's vulnerabilities 2003-2006
-- "I never gave these stories much credence." - HAL 9000
Wow dude, you had me in hysterics there... Seriously, coffee out the nose hillarity. Thanks for the laugh
Building your own box (by which psuedo-geeks mean "assembling six pre-built components into a working PC") makes one sooo technically superior. I mean, you probably have to have like what, a post-grad education to correctly install the MB and insert the PCI cards, right? Those PCs are just so complicated these days.
I used to build my own PCs... about 10 years ago. Then I grew up, got a life, and stopped spending my personal time fritzing around with hardware. I may work in the software industry, but I'll be damned if I'm going to spend my free time doing IT work. Give me a Mac any day.
Interested in a Flash-based MAME front end? Visit mame.danzbb.com
The appeal for Macs is different for each person, some people like Virginia Tech like to make super-computers, others like to composite special effects, and there are lots of people who just want to be able to use their computer with having the OS get in their way because of shoddy design. And some people just think the computers are pretty.
Stop pretending that Windows users are somehow the salt of the earth while Mac users are elitist, especially considering you use the exact same techniques to try to convince people that Windows or Linux is somehow better.
Accept the fact some people like the Mac, it's effective for what they want to do, and the hardware is not 2x as expensive and you know it and the G5 and Intel Duo Core are very powerful parts of very well-designed machines.
If everyone who had a Mac sold it and bought a PC would life be suddenly better for you? If not, then shut up.
Anyone who whines about being modded down should be.
Thank you for your concern regarding OS X and viruses. Because of this information you have put forth, I will pay more attention to the coming virus threat to OS X. If, and when that should happen, I will be sure to follow your advice and get some anti-virus software. Unfortunately for you, it won't be your product. I'll download ClamavX instead.
Thank you for your concern,
A very "frightened" OS X user.
of ClamAV to Mac OS X (10.2, 10.3, 10.4). It is called clamXav. It does have on access scanning and a GUI.
...did I say it is free ?
I use it on my PowerBook, it is quite easy to install, configure and use.
--
Having said all that, very rarely would you need to use the command prompt to install features. You must be thinking of hacking the UI through unsupported means. I used to do that when I was a windows user at home. You might be surprised to find out that much of the UI in OS X in far more hackable and Apple even provides you with the tools to do it in the form of the Developer tools.
Jesus was a compassionate social conservative who called individuals to sin no more.
Wow, we could have spent 10 times more money in the long run due to lost productivity and hardware repair by buying systems at one fifth the cost. No thanks. Number of hours we've had in down time due to hardware malfunctions, viruses, etc.--0. Not bad for 20 years. I'm sure we are a rarity and have been very lucky but we have never had one of our Macs die or require any major repairs.
The biggest threat to OS X users are the 'virii' an AV will not protect you against - poorly written software and drivers.
People trust the CDs that come with their latest printer/scanner/multi-function, but in my experience they are the biggest memory-hogging, system crashing, bloatware you could find.
Examples: Brother multifunction drivers install a 'ControlCenter' that loads (in the background) and prompts EVERY user to set up the printer, even if it is already configured. It is hidden away in the printer driver directory (/Library/Printers - not obivous given it is an application - though one you can't launch or control or quit yourself). It loads about 3 or 4 'agents' that run in the background and use over 100 MB of memory footprint each! WTF!
I found the HP scanner programs are just as bad - the acutal program to scan is great, but the bloatware you have no choice but installing (in random places) alongside makes me feel dirty inside.