Apple Quietly Recommends Antivirus Software For Macs

Barence writes "After years of boasting about the Mac's near invincibility, Apple is now advising its customers to install security software on their computers. Apple — which has continually played on Windows' vulnerability to viruses in its advertising campaigns — issued the advice in a low-key message on its support forums. 'Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.' It goes on to recommend a handful of products." Reader wild_berry points out the BBC's story on the unexpected recommendation.

Sophos

[gammygator]

I've been running Sophos on both my Macs for a year or so... Not so much because I felt I needed them... but because I come from the PC world and felt nekked without an AV program... and my work covers the license costs which made the decision a no brainer.

Interestingly enough... to date, they have only detected MS based viruses.

Re:a way to make money

[YttriumOxide]

Maybe the Mac has starting to reach that point where virus writers and security aficionados have enough a base to target their efforts?

Perhaps, but I am still waiting to see a real "virus" that hits MacOS. There's been a few trojans (such as the one mentioned in TFA), but nothing that qualifies as a virus yet as far as I know. It is likely much harder to write a real virus (rather than a trojan) for MacOS than Windows as you'll need to find a privilege escalation exploit (need I say, without local access) in one of the standard services first, all of which tend to be pretty robust and having a core that comes from the open source and Unix worlds... as far as I know, there aren't any such exploits known right now.

Trojans can of course still be fairly nasty, as there's a lot of stupid users in the world (of any OS)

Disclosure: I do use MacOS X as my primary OS at home, but I'm definitely not a "fanboy" (I also have Linux systems at home and use primarily Windows at work - I consider myself "OS agnostic").

Re:Herd Immunity

[maztuhblastah]

The only reason macs have been able to get away with claiming such great security records (statistically) is herd immunity.

Indeed. Just look at Linux. It had a great security record up until the start of this decade. Then, once it gained a lot of popularity on servers, we started to see millions of infected Linux servers, linked together in botn...

Oh. Well damn. It seems that despite being the near ideal target for virus-writers (always on, very fast links, powerful hardware), the most popular server platform on earth doesn't have a major virus problem. Huh. Maybe an OSs security record isn't directly linked to its popularity...

Re:a way to make money

[squiggleslash]

I wish people would stop parroting this fallacy all the time. Market share has nothing to do with how easy it is to break into a system.

Look at AROS! It has no security whatsoever, not even memory management between processes, so despite only having a hundred or so users, it must have zillions of virusses. But, of course, it DOESN'T. So far as I'm aware, nobody's bothered to write one, and it's unlikely any AROS virus would actually be effective.

All viruses require a reasonable level of market share to operate, because one of the principles they rely upon is a network effect, and you just plain cannot get a network effect without a decent market share. So marketshare is, very much, a pre-requisite for a successful virus. It's not the only one, but when people say "Mac OS X hasn't been attacked yet because it doesn't have enough marketshare", they're right. That's one fundamental reason. And unless you can show that any other reasons apply, it's likely to be the only reason.

If you have something like windows where security is bolted on after the fact, and OS that was never meant to be a multi-user OS connected to the internet (all these were added as features later on and done poorly) then you will have a system that is much harder to keep secure.

UNIX on the other hand was designed from day one to be networked multi-user OS, and security and separation of concerns was there from beginning.

It's frankly hilarious that Unix, on which the first worms operated, can be held up as some system that had security built-in from the start. It's also untrue that Windows, that is, the operating system known as Windows today, was "never meant to be a multi-user OS connected to the internet". Unless you're talking about Windows Me and its predecessors (98, 95, 3.1, et al), then that's completely false. Current versions of Windows (XP, Vista, 2003, et al) are derived from Windows NT, which was designed, from the beginning, to be "a multi-user OS connected to the internet".

In fact, Windows NT and its successors have a more advanced security model than Unix, allowing more than a separation of users and groups.

The issue with Windows is two fold. First, marketshare. And second, an over complex user-environment where too much functionality is available on the "user" side of the security wall. Both of these issues affected Unix up until the mid nineties, where its disproportionate share of Internet nodes and the amount of stuff running as the default user (which in Unix was root, which also happened to be the account with the most rights.)

There's little reason to believe that Mac OS X is protected from viruses by anything other than its low market share at this point. There's not a large enough group of users for network effects to take over. It is not an inherently secure operating system. The default user is generally set up with administration privileges, and it just takes a buffer overflow or other ordinary vulnerability in a client application like a web browser plug-in for a virus or worm to have complete access to the user's files, and enough access to be able to modify many of the applications the user is likely to run.

Fundamentally, Mac OS X has the same problem as Windows, and the same problem the "run-everything-as-root" Unixes did in the eighties and early nineties: too much functionality available to the default user. To fix this, you need to change the model somewhat. The very least Apple could do is set Mac OS X up so that the installer actively discourages setting up the default user as an administrator.

Re:a way to make money

[LO0G]

Good points all, but I think you forgot one major aspect of the "market share" argument.

There hasn't been a true "virus" out there in the wild for years (to me, a true virus means self propogating malware - malware that modifies existing binaries and relies on those modified binaries being distributed). Instead there's a TON of malware intended on converting machines into botnet clients.

The vast majority of malware (maybe as much as 95% or higher) these days is really "crimeware" - software intended to aid in criminal activity (identity theft, click fraud,etc).

As a criminal, let's say that it's going to cost me $10,000 to hire some eastern european hacker to develop malware for my criminal enterprise (number totally made up). I get to chose which platform I have the hacker target - I can target Windows with 90% of the market, I can target OSX with 8% of the market or I can target Linux with 2% of the market (market share numbers also made up, but probably in the right ballpark).

That means that if I'm interested in profit (and this IS a criminal enterprise, so profit is the primary motive), I want to have my hacker target the platform with the highest ROI. That means that the hacker's going to go after Windows and ignore OSX and Linux.

As the Mac's market share increases, it is going to be an increasingly more attractive target for hackers, because the ROI is higher.