Slashdot Mirror
Does Sophos' Switch Argument Hold Water?
Wednesday's press-release-borne message from security firm Sophos that the best way for Windows users to compute untroubled (or less troubled) by malware is to switch to Mac OS X drew more than 500 comments; read on for the Backslash summary of the conversation.
Several readers pointed suspicious fingers at Sophos' motive for issuing the message in the first place; no one can call a company whose products are meant to offer "protection from viruses, Trojans, worms, spyware and spam" a disinterested party in evaluating OSes. Techguy666, for instance, writes "We use Sophos at our workplace. I also use other antivirus and antispyware — often to clean up the crap that Sophos doesn't find. Speaking as someone who's familiar with Sophos, I think it's curious that Sophos is telling home users to consider buying Macs. Go to Sophos' website and try to find a home user product ... They don't seem to promote any. If I were a conspiracy theorist, I would think this is a warning shot aimed at Microsoft because of MS's sudden focus on security, to the detriment of companies such as Sophos; send Microsoft's small clientele to the enemy &mdash it's no skin off of Sophos' corporate nose. ... They're talking to an audience that they don't serve or interact with."
(To this, an anonymous reader writes "Sophos has a number of fat contracts with institutes of higher learning, like mine. Every student has access to a fully licensed copy of Sophos if they so choose — available for Windows 98-XP, Linux, and OS X.")
A subtler gripe comes from Kope, who calls the metrics used by Sophos "misleading," and writes that "[s]aying that the most common malware only effects Windows, therefore Macs are more secure is simply bad reasoning. ... I'm sure that 'out of the box' Macs are better. But it's not 'out of the box' that I care about. My concern is level of security during actual operation. I have no problem believing that Macs are more resistant to malware, but this measure doesn't show that to necessarily be the case."
ZachPruckowski agrees that Sophos's claim is based on a "dumb study," but not that there's an easy line to draw between out-of-box and long-term use: "For 75 percent of the world, 'out-of-the-box' == 'during actual operation.' It's those people who get infected by malware. Don't expect users to do any extra work beyond going straight to Office or IE or their email app. Thus, 'out-of-the-box' is a pretty important state."
Whatever the company's reason for issuing what many Slashdot readers would consider the farthest thing from a discovery, no reader's comments seemed to cast doubt on the conventional wisdom that Mac users are at present far safer from malware than are typical Windows users — the reasons behind that situation, though, are hotly contested. One version of the story is that OS X, by dint of its design (including UNIX-style multi-user orientation and compartmentalization generally) simply can't help being more resistant to viruses and spyware; Windows intentional integration of operating system components has let security flaws in one small part of the operating system (such as Internet Explorer or Outlook) become flaws in all the others, too.
Reader cwgmpls, for instance, doesn't buy the argument that OS X is safe only because it's more obscure than are the various versions of Windows.
"Even if OS X is only 5% of all PCs in the world, surely there are a good number of hackers out there who would love to release an OS X virus into the wild, just to prove it can be done. Besides, the total number of OS X installs today is certainly greater than the total number of Windows installs that existed at the time the first Windows virus was released.Most hackers don't need a huge number of installs to stroke their ego. The opportunity to prove that OS X is just as vulnerable as Windows should be more than enough to motivate someone to release an OS X virus into the wild. Yet no one has done it.
There must be more at work here than OS X's small market share. OS X must be inherently more secure than Windows to not have a virus in the wild six years after its release. Certainly there are enough hackers out there who would love to show their prowess by writing an OS X virus, even for the relatively small number of OS X installs that exist; but nobody has been able to do it yet."
Several readers assert that the real reason has little to do with the hardware or the software used by the rival camps, and is mostly an issue of user education and sophistication. Typifying this argument is reader WombatControl's (unsurprisingly contested) conclusion that "the Mac userbase tends to be a lot more savvy than the Windows userbase." His argument, in short:
"I'd hazard a guess that the vast majority of Windows malware comes not from the inherent insecurity of the Windows platform but from users doing dumb things. Someone who installs some stupid little weather applet and gets infected with spyware got infected not because of a flaw in the system, but because they didn't bother to determine whether or not the source of their software was credible or not. Even if they got a prompt like Vista and OS X present they'll still authorize the program. There's no patch that can be applied to a system to prevent stupid users from mucking it up. ...
Macs are more secure because Mac users have a much tougher stance towards crapware. Mac users tend to be much more technically proficient than the average. If that "zero-tolerance" policy changes, I'm not so sure we'll see an increase in the amount of malware targeting Macs.
OS X does a great job of providing technical barriers against malware, but nothing can prevent malware that uses social engineering to do its work. Mac users are safer because they choose to be - but if you get a group of users who have no awareness of security and will blindly execute anything they come across, even if the system specifically tells them not to, that could change very quickly."
Several Windows users agreed with the thrust of this argument — namely, that no system is truly safe from a determined, malicious attacker unless users (or their trustworthy proxies) head off not just automated attacks, but social-engineering tricks that really have little to do with the OS a user is interacting with. Their approach is based on heading off malware.
Readers like snwod (a sometimes user of Mac, Linux, and Windows) offered a level-headed synopsis of this approach: "I run a good firewall/anti-virus combo along with using Ad-aware and the rest. I don't click on banner adds and I don't install strange pop-up programs. Pretty simple really." Result? "[I] haven't had a virus or malware problem in years."
To this line of reasoning, though, aphor says "My grandma's Mac isn't infected, and she clicks on everything! I'm calling bullshit. Please produce the infected Mac. One synthetic test does not make a real-world case. I run the system updater on my grandma's Mac about 3-4 times a year. That's probably 1/10th (liberal estimate) of the exposed vulnerability that a [Windows] box has."
Even if sophisticated trickery might fool any user, Savage-Rabbit thinks avoiding mechanically the more widespread script-kiddy attacks is nothing to sneeze at: "I bet there still is a fair number of Windows users who envy the Mac zealots for not having to waste their time pruning Norton/Panda/Macaffee/etc... anti-malware suites with monotonous regularity never mind the endless nag screens these anti-malware suites throw at you."
The status quo has a way of not staying that way in the long term, though, and reader spyrochaete contributed one of the several (and sane) cautions against hubris on the part of OS X users, though the same logic applies to Linux and other systems whose security may be real and considerable but is grounded in part on being a smaller target for online vandals and thieves than is Windows. As he writes, "They said the same thing about Firefox, but that's starting to change. Mozilla is fixing holes all the time and I'm starting to see ads that get through Adblock (stupid Mediaplex). This is just an article about security through obscurity — the best kind of security according to too many Apple fans I've talked to. ... Faith in obscurity means you'll be totally unprepared when disaster strikes."
Amen!
Thanks to all who took part in the discussion, especially those readers quoted above.
This story-about-a-slashdot-story idea must have come from 'management'. Soon to be featured in Dilbert.
Out of the box may be one thing, but continuing use is something else.
Don't let anyone tell you macs have no malware, it's just not true. from Renepo the rootkit, to php worms that send out spam infecting message boards, to word macro viruses to the recent oompaloompa, they affect macs as badly as they can affect windows.
One thing that tells mac users they have fewer viruses is poor antivirus software. A friend of mine works in a mac shop and often people will come in with bizarre problems with their macs. No networking working, slow networking, random crashes, won't wake properly from sleep. Scanning with an antivirus package shows no viruses, yet a software reinstall fresh from scratch fixes many of those problems. What does that tell you caused the problems? Some malware running on the machine is what.
When mac software gets up to scratch in detecting the worms that are out there for macs, that is the only time people will get the truth about maleware infections. Sophos need to get off their ass and make something more worthwhile for macs and then we'll see who goes saying what about security.
This isn't news. It's just pulp to get people riled up and screaming. Besides, it's nothing we haven't seen before.
No matter what OS exists.
I believe the anti virus firms are doing normal users a service by keeping lists of known bad software and preventing its spread.
That software might come in from an exploitable hole in the OS or it can come just as easily by invitation through the front door because the user believed the catch line.
3 simple words: i love you have been enough in the past, what will it take in future...
liqbase
Is OS X's attack surface smaller than Windows? Sure it is. Is it impervious to user stupidity? Absolutely not. No operating system is. Linux and OS X will probably eventually get there, and the complain we'll be hearing instead of M$ is teh fuxxorz will be well, what do you expect? users are stupid!!.
Just wait, and you'll get there eventually.
[This post is brought to you courtesy of the 300 million absolutely clueless Windows users who think it's OK to run executables in password-protected ZIP files that arrive in their inboxes with lead-ins such as "hello, teh info yuo requesteded is in the attachments". We can't wait for you to take them away]
Web2.0: I love when people Flickr my cuil and digg my boingboing until my google is reddit and I start to yahoo
...is that their argument would have held water if they had done a bit more work. i.e. Instead of saying, "the top 10 viruses only work on Windows", performing an analysis of what flaws were exploited would have been more useful. Then they could have claimed that, "based on the flaws exploited by the most dangerous viruses today, it seems that Mac users will remain more secure for the time being."
Javascript + Nintendo DSi = DSiCade
Very interesting synopsis of the arguments presented without BS. It's definitely worth a read.
Obviously it helps that there haven't been any worms on OS X, but in principle writing OS X viruses isn't technically difficult. Spreading them is.
In addition, Microsoft finally appears to be concerned about security, as demonstrated with XP2 and as will probably be demonstrated in Vista. So the security advantage of OS X is, I suspect, likely to dissipate over time. Still, I plan on using OS X for the foreseeable future.
Goddammit moderators, it's this kind of moderating that makes the problem worse. I run a mac house, and word macro viruses are the bane of my existence. Word is absolutely ESSENTIAL to our business, and currently no mac antivirus software properly rids a mac of word macro viruses, fullstop. We've been through them all, and over & over we end up with client documents coming in, infecting other client documents, leaving us sending out infected files.
It's not a nothing problem you can just sweep under the carpet with a quick moderation, people, it's going to come up and bite you in the ass, and bite HARD.
Don't be ignorant shits.
* swearing included so you can have a reason to mod me down. bah.
Their motives were questionable. Their evidence was lacking. But they were right. No matter how much the Microsoft trolls talk the fact remains that there is far less malicious software for OS X, even if you take into account its relatively tiny market share. It's also more secure by design, no matter how many minor flaws they find they haven't even come close to what has been (and is currently) wrong with Windows.
I'm not really surprised that everyone supporting an illegal monopoly has been brainwashed, but it's still kind of sad.
Haiku for you!
On the last you might want to look into PDF Equation. If you then need it in jpeg (or PNG) format, then Preview.app can help you out with that.
And a crash a week is too much. You probably have something gone wrong there.. like bad memory or a peripheral that is not happy.
My thought is that there's three reasons Macs and *nixen have fewer viruses.
Unfortunately, we don't have capabilities yet. Capabilities would allow everything to be sandboxed like that for free performance-wise, and you would see "Do you want ZOMG_TEH_EVIL_VIRUS to be able to see your address book?" and "Do you want ZOMG_TEH_EVIL_VIRUS to connect to your email account?"
Please, for the good of Humanity, vote Obama.
She currently runs:
- a-squared
- xoft spy
- Ad-aware
- Windows Defender
- Symantec anti-virus corporate edition
- spybot S&D
- BigFix
and her computer runs almost as slowly as it would with a nasty case of malware. She doesn't want to uninstall any of the programs, so she has the cleanest, and possibly the slowest, windows XP machine I've seen. You just can't win. *sigh*The Cheese Stands Alone.
When you talk about security things and security software people like to have numbers, it makes them feel good. Like the Snort IDS has 3000 signatures (I'm not sure what the latest number is but I imagine it's around 3k) or Norton AV detects 50,000 viruses where non-Norton AV may only detect 20,000 known viruses and some other IDS may only have 100 signatures. Does that make Snort and Norton AV better because they have bigger numbers? For certain types of audits it might be better but for real security it doesn't matter that much. At any given time you're probably only realistically concerned with a smallish handful of IDS signatures or viruses. The old "stoned" viruses for example (of which there are dozens of variants) simply aren't interesting or even terribly important today. This has a direct correlation to desktop security. Basically, the number of holes as a raw metric isn't so interesting, you're really concerned about the holes you have that people don't know about (or maybe they do) Fundamentally though, at any given time there are only a handful of interesting viruses that are active or interesting exploits that people are really using, big databases of them look better but don't mean much.
Mac OS X isn't built using some exotic technology (or maybe not exotic, Ada or Java would be exotic for an OS) that somehow creates fewer bugs. It's in C, C++ and Objective-C, not that different from windows. It has gone through some porting which might lead to better code and coding practices. Relatively speaking the bug densities should be fairly similar. Apple is different from MS in a somewhat larger way though, they don't have the same resources and so they probably generate a lot less code. They also have to please Steve and rather than adding feature after feature which has kind of been the MS way, they've taken a much more simple route. Less code is less bugs. More features probably does mean more bugs but I'm not sure I've seen that really established as a general truth anywhere.
The crapware point is an interesting one. Personally, since I've been Mac OS Xing it, my taste and tollerance has changed. I don't know that it's particularly more secure but I do expect things to work and I think I have a higher standard than I have in the past. I know on windows (which I don't use much) I've been less expectent of things working. In the wildwildwest days of Linux I got really use to v0.4 and 0.7 of various things working enough to get some stuff done. On OSX I pretty much demand that things work, I demand that apps are "good." (TM) There are some emotional things that may result in better security, I don't just willy-nilly install stuff, I like some vendors better than others, Apple for example has a track record of building really good software for OS X, I'm more likely to use their shit. Nagware is simply a no-go. To be completely honest, there isn't that much stuff that I really *have* to install on it to get it up and running and productive. I can't remember not "enhancing" a Linux install or windows install before it was "useable"
Maybe the other biggest thing and I couldn't back this up with real science anywhere, MS has a tremendous legacy to support. Simply removing DCOM or OLE or Active-X might fix a ton of security problems but windows wouldn't keep working. I think Apple may have learned some of those lessons form AppleTalk back in the day; I don't even know if you can make OS X do it, I really have no need.
The fact of the matter is that more people are going to believe a simple quantified statement than an abstract technical discussion; so Sophos is making the argument that will convince the most people, rather than an argument that would convince, say, the more technical folks on Slashdot.
Oh, you want the technical reasons? Okay, here goes my list:
- "History shows again and again how nature points out the folly of men" -- Blue Oyster Cult, 'Godzilla'
I'm a SQL Server DBA.
... enjoy!
Install the free Aqua Data Studio database admin tool.
My parents would but they do not like change. They had enough issues upgrading from Windows 98 to Windows XP.
This is more a matter of social engineering. Some people fear change, while other are taught only applications, not resourceful thinking.
My brother would but he plays WoW and he is not texh savy to get OSX to run on his PC.
Take the same WOW cds and put into your Mac. Double-click the install icon. Did you forget that WOW (and pretty much every Blizzard title) is cross-platform?
Those who laugh at you for you having a Mac.. are the people who constantly call you to fix their PC.
There you go. The reason sex exist at all and why monocultures are dumb. Diversity and variation makes life very difficult for diseases.
In fact the security advantage of OSX isn't likely to dissipate all that much, a monoculture will always be more likely to spread diseases, all it takes is a single flaw and there are going to be plenty of flaws in millions of lines of code.
Deleted
The article and the thread still spout the same uninformed reasoning about why there aren't OS X viruses. Let's take a look at each of the bogus reasons.
"It's because there aren't many OS X machines."
Bogus. 4% might be a small percentage, but there are tens of millions of Macs out there. Not only that, Apple users tend to be smug and Apple itself puts out a constant vibe of superiority, plus a very visible chain of elitist boutique retail stores. Is there not a hacker on Earth motivated to take down those arrogant Mac users?
On top of that, with millions of OS X machines out there, the number of self-propagating viruses in the wild should be greater than zero. But the number is actually zero.
Surely something more than "security through obscurity" is at work here.
"Mac users are more sophisticated."
Bogus. Aren't Macs supposed to be the computer "for the rest of us," the non-technical, the artsy-fartsy, the writers, the musicians, the English majors? Those people are NOT technically savvy, yet they are the Mac's core users.
Macs have fewer viruses even though their users are not technically oriented and are not security savvy.
"All you have to do is trick a Mac user into entering their root password."
Bogus. The root user is not enabled by default in OS X. The non-technical users mentioned above are not going to know how to turn it on.
You might be confusing the root and administrative passwords, since there isn't that much of a barrier between the two in Windows.
The Mac is safer because of the nature of Unix architecture and Apple's own safeguards, not because of obscurity or user sophistication. There are things you can get away with in Windows, like certain e-mail-based viruses, that are simply not allowed in OS X. Mac OS X is not invincible, but clearly there are structural advantages to how OS X is set up for security.
Remember, the number of viruses in the wild for Mac OS X is not proportional to market share, user base sophistication, or anything. It's pretty hard to correlate the number of viruses to any single cause when the number is ZERO.
We all know a lot of exploits make use of weaknesses in code like buffer overflows to run the attackers code instead.
Well what happens now that the whole Mac architecture is shifting to Intel? It's substially harder (almost impossible) to write a buffer overflow attack that works on two different processor architectures. You have to choose which architecture your attack is going to execute code for.
So then if there are not enough Macs around to write exploits for today, it stands to reason that there will not be any significant Mac exploits until the number of mac users at least doubles from current figures, possibly even more.
Yes there are also attacks that attempt social engineering on a user but they often work in conjuction with more classic code exploits to gain more permission than they would have otherwise.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
The fact that Mach was designed with security in mind is why no one sane used it. Mach checked port rights on every message send, which made a Mach system call and order of magnitude slower than a BSD system call. While people might be willing to sacrifice 10-20% of their power for security, 90% is too expensive. This was exacerbated by the fact that Mach required a lot of context switches to get anything done. On OS X, this is irrelevant. The entire XNU kernel runs in a single address space, losing the memory protection benefit that a multi-server Mach-based OS (like Mach/HURD) gains. In addition, Mach messages are only used at the Mach layer (and for a few low-performance things, like notifying the GUI of kernel-related changes), removing this benefit.
I am TheRaven on Soylent News
Create your equation in either Grapher.app or the Equation Editor tool that comes bundled with Appleworks. (Equation Editor is more powerful and flexible and has a certain classic charm, but it's very old and a little clunky. Grapher is newer and easier to use).
Select and copy the equation to the clipboard. Open Preview.app. Select File->New (or hit Cmd+N); this creates a new document containing the image in your clipboard. Select File->Save As (or Cmd+Shift+S) and save as the filetype of your choice.
You can also paste equation as PDF directly into TextEdit, or Pages, or OmniOutliner, or any other fine application.
ENDUT! HOCH HECH!
So there is no way possible for Mac user without proper tools (which he dont have and dont want to use) to identify and report any intrusion.
Huh? What's wrong with typing "netstat -a" and "ps -aux" in the console?
Thats all the tools I need to detect unathorized connections and programs.
"I am the king of the Romans, and am superior to rules of grammar!"
-Sigismund, Holy Roman Emperor (1368-1437)
No question in my mind. I'm not saying they are invulnerable. Heck, the community is so tight knit that if you could get something downloaded (say that MacSaber program a few weeks ago) and put something in it, you could get the virus out there. It may be found fast, but you got it out there and by then you may have done damage.
That said, if I were to run MacSaber for the first time (or some little game or widget or whatever) and I suddenly got a box asking for my root password, you can bet I would be stopped dead in my tracks. You just DON'T SEE those boxes unless you are doing system updates or installing software like Office. If you just download a program and double click on it and get that, you have to wonder what it's doing.
Now before I switched last year, I had a PC and I ran AV and all that stuff, but it never did any good. The fact is I had a clue and could have run with nothing but my firewall and been fine. You are not guaranteed to get malware on Windows. But let's talk about my little sister and my parents. They download stuff. And since they don't know where the reputable sites are, who to trust, which programs are good, etc... they find that stuff easily. Every time "the computer is broken", it is almost inevitably malware. That or they turned something off I installed they shouldn't have (Disk Keeper, for example, which is practically required to run Windows IMHO). Same thing with neighbors I help. Even if they are somewhat savvy and can use the computer and install hardware, it still happens to them. It's pathetic. There have been viruses that you just have to preview in Outlook to get your OS infested. That is just plain bad design.
After using my Mac, it is clear to me that any idiot who sits down and uses a Mac day to day is less likely to end up with Malware. From the root prompts, to the fewer security holes, I think there is a clear reason for this divide. Mac users are not smarter. There is a very sizable portion of them that are just like introductory Windows users. They do the same stupid things. The fact they aren't ravaged by malware says something.
Now I won't deny that the Mac's market share has played a part, you'd be an idiot not to. However, I think the virus-in-the-wild count for OS X (hint: 0) means something. It means instant fame for the first person to make a good virus for OS X. You get it out there, even if it doesn't do much but change people's wallpaper or whatever and you get your name EVERYWHERE. Slashdot, Digg, all the Apple sites, the mainstream computer media (PC World, et all). That is a REAL tempting target. Let's not forget that every time a story like that gets published, it is just someone publishing a big bulls-eye on the Mac. But the market share helps with the pop-up ad problem. How many ads do you see on the 'net that look like a Windows dialog box telling you "Your computer is infected, click here". Guess what, people do. In my house people do, my neighbors have. It tricks 'em. Most people on a Mac wouldn't be fooled by that (just because it looks different). So that kind of thing does make a difference. That report the other day that 80% of users can't tell the difference between a real toolbar and a picture of one was scary.
Macs aren't immune. The OS is better designed.
As for Linux, it's better designed too, but it also has some other influences (for example, it would be tough to make a virus that worked reliably across different kernel versions and distro configurations). But again, there are SO MANY Linux servers out there that there must be enough run by idiots that if it was just as bad as Windows we would see a reasonable number of viruses out there (ie.. more than next to none).
There was a report in my PC World today (I think it was) that was basically scare tactics about viruses ("10 Myths That Make You Vulnerable" or some such). The one about Macs and Linux being safe really made me mad. While they are not immune, Windows for the average computer user is a leaper colony compared to running Mac or Linux.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
They're there affecting their effect.
try Seamonkey..really, it's better. Pages look better, load faster, stuff like that. You can just install the browser part if you want. It really is better than FF now. I run both back to back all the time just to check, every new stable release-Seamonkey wins hands down. FF has the press and all the bloated extensions, the things that can take the "small fast" browser concept they pushed into the humongous memory bloated hog that it is now. Plus, Seamonkey isn't dumbed down into kiddie candy land status in the preferences panel like FF is, and it has the "normal" one large URL window you can *read* and two buttons (go or search), instead of two tiny cramped URL windows. That part has always been a WTF? for me with FF, because it is clearly lame.
Why the difference in rendering, etc, I cannot say, just "is" is all.
Sure, OSX could/can have viruses. Yes, Word on a MAC can introduce macro viruses. Yes, PHP exploits can run on a Mac. But folks, the proof is in the pudding. If you switch to a Mac, at least now, you will have less virus and malware trouble. It's a fact. Whatever the reason, it's a fact. And people should be doing it. I'm encouraging everyone I know to do it. I've spent countless hours rebuilding systems and/or cleaning them when I can see that if they had a Mac their problem never would have happened. Windows is a sloppy, virus nursery. Yes, OSX or even Linux may/will one day have their share of viruses but today, July 7, 2006 switching is the quickest way to rid yourself of virus and malware issues.
I'm using adblock and flashblock on Seamonkey, and they both work great. I didn't bother with a speelchecker, as my grammer is great, but I'm sure that would work liek a charm, too.