Slashdot Mirror
Want Security? Make The Switch
Lord_Slepnir writes "Security firm Sophos Security has released a report claiming that Macs will be more secure than Windows for some time to come. The report listed the 10 most common kinds of malware, and noted that they can only infect Windows systems."
As more users make the switch, so will the malware coders.
That said, it will be years before OSX overtakes Windows, if it ever does. Still, with OSX's mature tried-and-true UNIX core, I don't see as many problems as with MS's OS.
There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
Wow, they managed to predict the present.
diegoT
..people want to attack bigger targets more than smaller ones.
I'm just going to keep all my important stuff on a TI-99/4a from now on. Let's see the botnets get hold of that!
Slashdot Burying Stories About Slashdot Media Owned
Well sure... follow the money... There is no point in compromising a Mac but if you hack Windows you have a marketable product. After the pigs sprout wings and Macs take over the 95% market share lets see how many proffesonal hackers turn there attention away from Microsoft's products. Saying OSX is more robust than Windows XP is irelivant... where there is a will there is a way.
I don't give a damn for a man that can only spell a word one way.
Mark Twain
Maybe the OS-dependent malware is on Windows but not MacOSX, but there are still some serious computer-delivered attacks that don't depend on the operating system. Social exploits like phishing and pay-forward scams still attack the gullible on any platform. Cross-site scripting exploits can still put web services such as PayPal and Amazon at risk. This has little to do with the platform, and I think many MacOSX fans are falsely smug over the whole thing.
[
If you really want to follow the security through lack of marketshare model then you should install os/2 or dos.
Linux, right? Seriously, though, this is going to start the usual flamewar, with both sides refusing to budge on the views about their systems. Nothing new. I run Windows (for games...and Linux for most everything else...and I do like Macs, but haven't been able to get one recently), and haven't had a virus or malware problem in years. I run a good firewall/anti-virus combo along with using Ad-aware and the rest. I don't click on banner adds and I don't install strange pop-up programs. Pretty simple really.
these things happen to other people
The user is the most infectious part of any system.
If a user has permissions to run any program he wants then malware will remain.
In a corporate environment, the users' rights should be such that unknown applications cannot run.
Home users don't have the same protections and must rely on virus checkers and spyware scanning to tell them that "this screensaver your mum sent you is infact a trojan which will send itself out to all your friends".
Windows, Linux, Mac, BSD are all susceptible to users' bad decisions.
(and the critical mass of malicious folks exist in Windows, but that could change quite quickly)
liqbase
When firefox came out, there werent any problems with it at all. Pops wouldnt happen as often. No 'ZOMG ACTIVEX WILL EAT YOUR FACE' or anything like that. But mostly because 95% of all people were using IE and firefox was about 2%. Now that firefox is more popular, people have found ways around it. Firefox is still great and they do a great job at patching it up (much better than IE). But the Macs are in the same boat. Its a small market right now, but as they get more popular, there will be viruses and exploits for it just like windows. The only argument is will they fix it faster than microsoft does?
The article doesn't say that Macs are more secure than Windows. It only says that they are less targeted by malware. Two different things. Bad, Slashdot, Bad!
*Troll*
-Matt
True.
I think we'll never see mass-migration influenced by arguments like those on the article.
People has been saying that security is THE good argument for switching forever, be it Linux, Solaris, BSD or Mac folks, but this has never been a sufficient argument to fuel the switch.
Maybe what we need is not a system with better security and similar software suit. People will only change when we have a system with better security and SAME software suit (or at least one that has similar interface).
Most users are lazy, and they don't want to learn how to use new interfaces.
Utinam logica falsa tuam philosophiam totam suffodiant!
Saying that the most common malware only effects Windows, therefore Macs are more secure is simply bad reasoning.
What matters is rate of contact and rate of infection after contact.
A well configured Windows machine, with a good up-to-date virus/spyware scanner and firewall which prevents unauthorized registry changes is pretty hard to actually infect.
I'm sure that "out of the box" Macs are better. But it's not "out of the box" that I care about. My concern is level of security during actual operation.
I have no problem believing that Macs are more resistant to malware, but this measure doesn't show that to necessarily be the case.
They said the same thing about Firefox but that's starting to change. Mozilla is fixing holes all the time and I'm starting to see ads that get through Adblock (stupid Mediaplex). This is just an article about security through obscurity - the best kind of security according to too many Apple fans I've talked to.
Faith in obscurity means you'll be totally unprepared when disaster strikes.
Why would I write a piece of malware that would only target a small segment of the market? If one wanted to further one's nefarious plans wouldn't it be smart to go after the biggest slice of the pie?
That would depend upon your goal, now wouldn't it? For botnets, it is probably too difficult compared to the return to go after OS X boxes, but for other types of malware it makes some sense to add OS X as a secondary vector for a cross-platform worm. If, for example, you're gathering credit card numbers and accounts to online stores, you'll get a better return from OS X boxes than from Windows machines since you eliminate the chunk that is pirated and running in the third world, and basically limit yourself to the wealthy first worlders, and usually even the higher end of that group. You also, unfortunately, are targeting a lot of the security expert crowd, almost guaranteeing early detection of your worm.
If, however, your goal is hactivism or prestige, well the first worm that targets OS X machines and actually propagates significantly in the wild will be big news and generate a lot of press. It is an ideal target, if you can pull it off.
There is plenty of motivation to attack OS X boxes, but the difficulty of doing so, due to more reasonable security and architectural choices and because the skillset of malware authors is usually very Window's platform specific has played a big part in making sure that it has not yet been a concern.
I love my mac too (all four of them). There is a bit more to it than that. A large part is the predominant number of windows. To effectively spread, a virus must have reasonable access to new hosts to infect. Also, the harder it is to infect, the more hosts the virus must have access to in order to spread. The concentration of macs is low enough that this significantly inhibits the ability of viruses to propogate.
But there are also other issues. The article notes that email virus have become the most predominant malware. Certain email client programs are much more suceptable to these viruses that others. A large number of Windows users switching email clients would reduce the number of viruses significantly. I can tell everytime a new virus comes out, I suddenly see
Atlas stands on the earth and carries the celestial sphere on his shoulders.
However, the BBC article linked to says:
Kinds of malware means categories - eg trojans, viruses, etc. That's absolutely not what the BBC article says.
It's official. Most of you are morons.
What does it all mean? Sort this out for me, Slashdot.
I wonder what goes through the mind of the average person, when thinking about buying there next computer. Do they buy PCs because that is what they always have had, and it is what everyone they know has? Or is it a certain love for applications that aren't on macs. (surely not) Is it the salesmen in the stores, pushing pcs?
In other news, a team of scientists has collected a list of the 10 most common human illnesses, and has concluded that it's much safer to be an ant since they're invulnerable to them.
The AACS key is NOT 0xF606EEFD628B1CA427BEA93A9CA9773F
I'd imagine it's the first option, in the main. Computers are expensive purchases and no-one will take a risk with something totally unknown, unless they know what they're doing. For the average person, I'd imagine that Macs & Linux don't even register. They might think they're different versions of Windows. They won't know what an OS is.
Therefore, articles like this will only encourage switching in that section of users who understand the differences (and even then it might not succeed). Which, in my experience, is a tiny fraction of the general computer-using population.
We use Sophos at our workplace. I also use other antivirus and antispyware - often to clean up the crap that Sophos doesn't find. Speaking as someone who's familiar with Sophos, I think it's curious that Sophos is telling home users to consider buying Macs. Go to Sophos' website (www.sophos.com) and try to find a home user product... They don't seem to promote any.
If I were a conspiracy theorist, I would think this is a warning shot aimed at Microsoft because of MS' sudden focus on security, to the detriment of companies such as Sophos; send Microsoft's small clientle to the enemy - it's no skin off of Sophos' corporate nose. As a PR exercise, Sophos otherwise just released a piece of fluff. They're talking to an audience that they don't serve or interact with.
It has never been about what is easier or better, or even cheaper really... Remember, the reason Windows won was that everyone already had service contracts with IBM, so DOS won (in large businesses with IBM mainframes). Then they already had contracts with Microsoft, so they won. There really is not much more too it.
Existing software, compatibility with work environment, what your friends have, existing periphals and what you know. Until the Mac can overcome all of that it's a tough row to hoe.
When buying a new computer most consumer want to re-use some of their software (games, financial programs (e.g., Quicken, MS Money, and maybe productivity software). Even if the Mac has an equivalent program, the added expense of re-buying stuff that you already own pushes up the mac cost. Also, many large companies have licenses that allow for home use of MS Office suite... on the Mac this will add another $100 to the cost.
Consumers may also want to recycle their existing printer, scanner, camera and may be concerned (rightly or wrongly) that it willn't work with the Mac.
Finally, there is a learning curve with the Mac...things work differently... maybe better, but different.
I've come to the conclusion that the biggest reason for why the Mac is a more secure platform isn't because of technology, but because the Mac userbase tends to be a lot more savvy than the Windows userbase.
I'd hazard a guess that the vast majority of Windows malware comes not from the inherent insecurity of the Windows platform but from users doing dumb things. Someone who installs some stupid little weather applet and gets infected with spyware got infected not because of a flaw in the system, but because they didn't bother to determine whether or not the source of their software was credible or not. Even if they got a prompt like Vista and OS X present they'll still authorize the program. There's no patch that can be applied to a system to prevent stupid users from mucking it up.
John Gruber wrote a really astute article on why Macs don't have the level of malware that one would think they would. If Apple has roughlt 5% marketshare, why isn't 5% of the total malware population targeting Macs? I think he's right when he notes:
Macs are more secure because Mac users have a much tougher stance towards crapware. Mac users tend to be much more technically proficient than the average. If that "zero-tolerance" policy changes, I'm not so sure we'll see an increase in the amount of malware targeting Macs.
OS X does a great job of providing technical barriers against malware, but nothing can prevent malware that uses social engineering to do its work. Mac users are safer because they choose to be - but if you get a group of users who have no awareness of security and will blindly execute anything they come across, even if the system specifically tells them not to, that could change very quickly.
Most users are lazy, and they don't want to learn how to use new interfaces.
Well... We'd better not tell them about the Windows/Office Vista menu changes then.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
I don't think you've not subscribed to the Slashdot "group think" since there is no such thing to subscribe (or not) to. From the sound of it you are in a niche market (professional graphics work) and probably more technically able than most graphic designers (hence your choice of Windows). But you are apparently not really into technology for what it can do overall. You're only into what it can do for your specific task. Considering that most graphic designers don't know much about networking, scripting or coding, they tend to prefer the Mac. Again, it doesn't sound like you're quite down at that level (not to disparage graphic designers, but the best of the lot rarely have any technical ability at all. They simply have great eyes and know how to use their apps).
.Net devel suite on your box and have downloaded the Windows source code via P2P to get things tuned right...). These failings don't really make either OS "bad" per se. But there are some simple facts to take into account:
For me... it's all about "free" in both senses of the word. I exclusively use Linux at home for everything. There are tons of applications that do everything I need. Since I don't need to go to print with my graphic work, GIMP works fine for me. As does GIMPrint for printing out family photos and the like. When it comes to the professional audio and video work I do, GIMP is leaps and bounds ahead of what the Windows platform provides and way cheaper than most decent Mac solutions. The amount of time spent getting mys systems configured (from source typically as I despise pre-packaged software) is not any greater than the amount of time I spent tweaking my Windows systems when I used that OS in the past. This is because for many of us, we like to get every ounce of performance out of our hardware and no matter what OS or platform we're on, we're going to investigate EVERY option all the way down to the code itself. Linux is not hard and the GUIs are much more polished and feature filled than anything that the Windows platform offers. But yes, you do have to spend some time learning the new approaches. I did and it was worth every second.
It still an argument that's stupid and pointless though. It's not about "Good OS" vs. "Bad OS". It's about a "Good for Me OS" vs. a Bad for Me OS". For me, Windows is too limiting and far too expensive when you factor in how much you have to spend on extra apps to actually make it useful. For you the GUI options on Linux didn't suit you, likely due to the learning curve and possibly due to the time you tried it (Development is moving fast and both GNOME and KDE are far better than the Explorer interface in my opinion). Linux also failed you in that you probably aren't the kind of person who likes to work all the way down to the metal to get the most out of your machine (again, not an insult just a basic fact based on what you posted. I don't know, so I can't say 100% that this is true. You might have the
1. I used Windows all the way from DOS/Win3.1 to XP and I only got hit with one exploit through a stupid move (putting my XP laptop directly on a DSL link in an emergency with no firewall at all Pre-SP2). I found that putting my Windows boxes behind a decent firewall (typically linux based) stopped a whole host of problems. Even without EVER using any antivirus software (I simply avoided Internet Explorer and any version of Outlook).
2. Nearly every Linux distro I've used has come with everything I've needed at a basic level and the only extras I ever install are typically because of my interests in the rarer fields of computing. Linux is certainly more complete when compared to Mac or Windows, but that's only if you're willing to put the time into learning it.
So there you have it. I hope you can see the wisdom in this piece and take no offense as none was meant.
-"...bad old ideas look confusingly fresh when they are packaged as technology" - Jaron Lanier (Digital Maoism on Edge.o
You're not the only one by a long shot, but I have to point out the inherent logical absurdity of "Macs are going to be 'Just As Bad' when X percent of the people adopt them!". This entire worldview assumes that all system design decisions are security/malware neutral; this seems obviously absurd to me, no matter what system you apply it to. I mean, someone can certainly attempt to make a case explaining how the security model of OSX is inferior to Windows', or the other way 'round (which I think more likely), but to jump on the whole JAB bandwagon is abandoning reason in favor of politics.
I agree with the first part of your final line - "Real security comes through proper training of administrators and users." But the operating system is an integral part of that. Ever used any trusted platform? (a real one, like trusted solaris or hpux) There's some os-down security enforcement!
All security decisions are a compromise between usability and security. All of them. I can make my windows boxen 99.999% secure by unplugging them from the network and controlling all physical access. But in the real world, a useful system is attached to a network, and the OS is a vital part of that security arrangement.
Anyone who truly believes that *nix isn't attacked constantly, or for that matter, by very high-level attackers, is too limited in experience and not in a position to have reality impinge upon his or her preconceptions. Watch the firewalls protecting any *nix network - say at a bank - and then tell me that there just aren't that many attacks on *nix. Or - try this... run up your linux box, rename your root user to something else, and create an unprivileged user named root. Then log in to any IRC server that will let you, join #linux, and watch your firewall go stupid as script kiddies and various other bored hackers try and 'pwn' your system. The reason there aren't many worms for *nix at all is mostly because the security model makes it extremely difficult to build a useful worm/virus, and it's likely to stay that way.
Thinking outside my Head
Most hackers don't need a huge number of installs to stroke their ego. The opportunity to prove that OS X is just as vulnerable as Windows should be more than enough to motivate someone to release an OS X virus into the wild. Yet no one has done it.
There must be more at work here than OS X's small market share. OS X must be inherently more secure than Windows to not have a virus in the wild six years after its release. Certainly there are enough hackers out there who would love to show their prowess by writing an OS X virus, even for the relatively small number of OS X installs that exist; but nobody has been able to do it yet.
Umm, obviously you're just looking for some way to criticize Microsoft without actually knowing what you are talking about. Whether it says 'OK' or 'RUN', a dialog is a dialog. The fact is, people don't read them after they've popped up a handful of times.
Read a book on interface design. Most all of them will cover the "ok/cancel mistake." It is classic operant conditioning. By providing the same two buttons over and over again, buttons that are not actions, and by not providing the user with the means to make a good decision, users are conditioned to always click "OK." If, however, users are provided with buttons that are actions and which are pertinent to the question asked the response is very different. On Windows users reflexively click the "OK" button that is always there and which is always in the same place and which means "keep working" to the average user. On other systems the user can't just click the same button in the same place, because they are not given that option. Instead they see the buttons, "don't run the program" and "run the program." Simply be reading these buttons the user is made aware that it is a program about to be run and not a picture about to be opened. It takes them a half a second and they have to think. At this point users that know what they want click and those that don't pause, and most read the dialogue box looking for help.
This has been demonstrated time and again in usability studies and human/computer interaction experiments. The key is having different choices for different situation, using actions as button names, providing regular English in the dialogue messages, and providing reasonable choices. Windows does a terrible job of this and even after moving to another system, some users (but not most) take a little while to break conditioning and not just click on a random option all the time. Many other OS's and applications have varying levels of success with their implementation of this concept. OS X is one of the better ones, although far from perfect.
Please, if you are going to comment and sound credible, at least know what you are talking about.
I've studied UI design both formally and informally for years. I've read quite a few good books, and reviewed quite a few experiments. I've attended conferences and conducted usability testing. Using Google you should not have too much trouble finding information on this concept. UI design is part engineering and part psychology, but it is a maturing field. Windows is a poster child for what not to do in this case (although they do manage some other good UI design here and there in Windows). The fact is, people do read dialogue buttons and boxes as is appropriate, if they are presented with the proper frequency and in the correct way, instead of in the terribly broken way Windows has implemented them.