Slashdot Mirror
Game Theory, Antivirus Improvements Explain Rise In Mac Malware
Sparrowvsrevolution writes "Four years ago, security researcher Adam J. O'Donnell used game theory to predict in a paper for IEEE Security and Privacy when malware authors would start targeting Macs. Based on some rough assumptions and a little algebra, he found that it would only become profitable to target Apple's population of users when they reached 16% market share. So why are we now seeing mass attacks on Macs like the Flashback trojan when Apple only has 11% market share? O'Donnell says it turns out he may have underestimated the effectiveness of the antivirus used by most Windows users, which now makes overconfident Mac users a relatively vulnerable and much more appealing target. Based on current antivirus detection rates, O'Donnell's equations now show that victimizing Macs becomes a profitable alternative to PCs at just 6.5% market share."
How it security by obscurity treating you now?
We all know it's due to momentary lapse in prayers to the Almighty Jobs.
In all of the fights between Windows and Mac users over the disparity in viruses for both platforms, I've never seen a Windows user point out the fact that Windows is often used on infrastructure that is valuable to compromise. No major business runs their corporate infrastructure on Macs. No major sites with valuable data I know of are hosted on Apple hardware. What has changed with the marketshare is that now Macs are used by the upper-middle and upper classes extensively at work and at home. So even at 6.5% of the market, you're far more likely now to compromise a Mac with valuable data or access to it now.
Compromise a Mac today and you might get access to a corporate network, a richer man/woman's bank information, etc. That wasn't true 10 years ago.
Back in the 1980s, Macs were very tempting virus targets. They had multitasking operating systems at a time when the rest of us were running DOS or CP/M (although Amiga users and users of DOS multitaskers like DESQview had a small market share). Luckily this was before the internet, so the only real risk was downloaded software.
He says himself that the equation is vastly oversimplified, and a small change in antivirus detection range changes the answer from 16 to 6%. That means the equation is all-but useless and pointless to try to "predict" anything except, apparently, in hindsight.
I could have plucked any number I liked out of the air and wrote a (reasonable) equation to make it come out with whatever answer I wanted, even basing it on "game theory" (which has very, very, very little relevance here, actually) - I could have done that even before I graduated in mathematics (including Game Theory) over a decade ago.
When enough Mac's exist to make it viable (and market share has little to do with it compared to "number of computers active on the Internet" of that particular model), viruses will target them. Guess what, same for every other platform on the planet. If someone miraculously sells a popular device based on MINIX that millions start buying, eventually someone will write a virus for that platform.
Seriously - don't give it the press.
Which is why one of the selling points for Macs on Apple's website is that they're immune to "Windows viruses"
Let's see what our wise men can come up with:
1) Write a "scientific" paper, make assumptions, use some "algorithm", predict event A
2) Wait
3) Observe empirical evidence
4) Revise initial paper
5) Bask in peer admiration
Did I miss anything?
Now even you can quote Game Theory thanks to Stanford Engineering online course offerings!
come on fhqwhgads
Tis a feature, allowed by the Almighty Jobs as a test thy faith in Apple .. so only mayest the True Believers be granted the next iDevice.
While I realize there may be some outrage over the "overconfident" label, it does make sense in terms of learned behavior. More specifically, Windows users have known malware has been rampant for so long that:
A) they're used to having to use antivirus, firewalls and other "security" type apps
B) Windows has steadily improved its built-in firewall and anti-trojan features to combat real and perceived vulnerability
C) Windows-based PC OEMs and system builders install anti-virus by default and have for quite some time now.
I can't say whether Macs get a/v software by default but despite our joking about macs not being susceptible to malware, that view is held by far too many mac users. While it might be true statistically speaking relative to Windows, it is unhelpful in being a rightfully vigilant denizen of this wretched hive of scum and villainy we call the Internet.
How exactly is OSX more secure than Windows 7, assuming both are patched and not used by total morons that click Yes to everything?
Probably failing to take into account the value of the targets compromised was the biggest flaw.
Since the average apple user will be far more profitable (apples are a luxury good and thus will have a higher percentage of wealthy users) to compromise than the average pc user, he needed to adjust the numbers downward to take that into account.
http://www.apple.com/why-mac/better-os/#viruses
Is this true? Yes, but only because the malware they are talking about was written specifically for Windows. It has nothing to do with the "built-in defenses in Mac OS X that keep you safe". It is at best disingenuous because the average user reads that to mean "Macs can't get malware".
http://www.theregister.co.uk/2011/07/21/mac_os_x_lion_security/
http://blog.laptopmag.com/mac-os-x-lion-vs-windows-7-which-is-better/9
http://www.eweek.com/c/a/Enterprise-Applications/Apple-Mac-OS-X-Lion-Bests-Microsoft-Windows-7-10-Reasons-Why-647298/ (slide 4)
http://gadgetwise.blogs.nytimes.com/2011/07/29/lions-upgraded-robust-security-features/
I think you get the point... all of these I found on the first 2 pages by Googling "lion security vs windows 7".
There are two ways to read the GP's quote. Guess which one most Mac-heads use?
I am John Hurt.
Two examples I've ran into:
Limiting it to just people who have IT experience that I know:
(1) One person literally told me that it is impossible for a mac to get a virus.
(2) One has said that, since he uses Chrome and MacOS, he can't get malware, period.
That's maybe 10% of the MacIT people I've dealt with, the rest have been in the 'it is less likely' camp.
From the non-IT Mac users, it's closer to closer to half, that fall into one of those (or similar, change the web browser), categories.
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
It's a factor insofar as it is part of the process of turning Macs into status symbols. Price alone is just one variable; it's the price factor which separates the product from the hoi polloi who couldn't stomach a $2000 professional laptop when a $500 meets their needs easily. It's everything from the packaging, to the build quality and taste, to the marketing and product integration.
Macs were always expensive, but 10 years ago, they were more of an eccentricity or specialty than a high quality replacement for a Windows PC for most people with some money.
It doesn't matter the platform. Mac, Windows, Linux. Stupid users get viruses. They're the ones clicking on every farking attachment in every farking e-mail they receive without first doing a simple visual check of the email (ie. reading it). They're the ones downloading executables from unknown or untrusted sources and running them on their computers. They're the ones that believe every little farking web browser pop-up informing them that their computer is infected and THEY MUST CLICK HERE NOW!!!!! (Hint: web browser != anti-virus )
The first variant did. The second did not.
Just hit up the previous Slashdot Flashback article and you'll see the article title that specifically said that it could go "without user interaction." -- i.e. it was a drive by that installed itself without user interaction.
Sounds like a virus (by anon's definition) to me.
I have a different interpretation: Trojans are applications that pose as legit programs (like codecs or games) that trick you to run the program. Viruses (trojans being a subset of viruses) is any software that was specifically written to do bad stuff (delete files, spam, etc). This may or may not be with user interactions.
/slam head against desk
Difference between Virus and Trojan:
Trojan disguises itself, pretending to be something else, to get into your system (named after the Trojan Horse.) A program that says pretends to be a photo file (with a jpg icon) or pose as an antivirus installer would count as a Trojan.
Virus simply activates and goes into your system when, lets say, you insert a floppy disk or visit a website. As long as it can infect a machine without the user opening it up, it's considered a virus.
The last java based Flashback was a virus, not a Trojan.
Not only did it require the user to provide a password, as oh_my_080990890 points out, but even if it hadn't, it still wouldn't be a virus, and it still would be a trojan. Trojan versus virus is not a case of "happens with or without user interaction". Viruses infect files - VBS viruses can even infect .html files (ie: Code Red and others from a while back), or image files, or anything else, but they do need a file there to infect, of whatever type of file that virus is intended to infect. Yes, the boot sector on a floppy disk is also a type of file. Trojans pretend to be some other type of program, and get the user to run them - in this case, by being a Java applet in a web page, which of course means that if you've shut off Java running in your browser (I do because it annoys me. The only site I commonly use that wants to run Java is my work webmail, which oddly works better with Java disabled completely...) it's not a problem, regardless of your operating system, and it's not a virus, it's a trojan. Even the article Tharsman (at ars technica) linked to calls it a Trojan, and not a virus. Same with the initial article way up at the top.
The Mac people (and their advertizing) have been saying "We don't have viruses", and they're still right. (For now.) Regardless of the coyotes eating people's dogs, there still isn't a skunk problem.
Linux on the other hand, actually does have a virus available - there were several slashdot articles about it a few years ago, provided by a security researcher at an AV company. In order to get it to run, you need to install a specific version of the Linux kernel, and then apply a patch kindly provided by Linus Torvalds after he analyzed the code to figure out why it wouldn't work for him. It takes advantage of three separate kernel vulnerabilities which, sadly, never all co-existed in the kernel simultaneously (unless you install the patch). Much like just about everything else fancy at the time (expensive video cards, TV tuners, ...), getting the virus to actually work required re-compiling your own kernel.
The exploit was because of Java and you blame Apple? That's rich. OS X was not at fault. If Oracle got it's act together this would not have been a problem.
And the fanboi shows his colors. Apple was at fault. That java patch was fixed and a patch deployed for every other system well in advance of that news report. Oracle did have it's act together, and resolved the issue. Want to guess why OS X was the only system exploited? Here, I'll give you the answer. Apple maintains (controls) it's own implementation of Java, and is consistently behind the times. That lackadaisical approach (by Apple, not Oracle) is why this outbreak occurred. Apple's fault, NOT Oracle's.
Show me real exploits within OS X. Show me the same type of exploits that exist in Windows in OS X. Show me OS X can reach the level of exploits that Windows has.
You want for free what costs money. Zero days exploits are found and sold on the black markets. Talk to them if you want to see the exploits, and be sure to bring large amounts of untraceable bills. Otherwise, wait with the rest of us and find out on the news aggregates.
That's not do to market share, that's do to the technology. OS X is safer than Windows because it has less exploits, because it is a more secure OS.
*rollseyes* I guess the reality distortion field is still in effect in some areas...
Problem is... everyone is getting all butt hurt over stupid semantics. Virus and trojan cannot be compared, because one is payload, one is methodology.
Here is a really simple sentence that in summary, to anyone intelligent, would end all of this.
[Potentially] every computer/OS combo and variant is susceptible in some form or fashion to have code executed with or without specific intent and resulting in undesirable effects.
Right? I didn't say any of the "bad words". So, everyone agree? Good, let's end the bickering.
-AI
For me, it is far better to grasp the Universe as it really is than to persist in delusion
It didn't. It attempted the user to enter a password to dive deeper into the system, but it was perfectly functional without the extra priviledges.
That's just BS. Apple makes a half truth "A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers.", The second part of the statement is an out and out lie, there is no possible reading of the second half of the statement that can be taken as factual. "That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part." This is a LIE. They are safe from windows malware because OS.X doesn't run windows programs, there is no built-in defense keeping a Mac user safe. Even if you ignore the outright lie the whole statement is misleading to the people that malware defense is most valuable too, i.e. the uneducated user, the one that doesnt't know why OS.X can't get a windows virus. Personally I am suprised the false advertising laws haven't jumped up and bitten them in the arse on that statement in many countries.
Mac owners tend to occupy a higher-income demographic, increasing their attractiveness to criminals. Would you target someone with a $500 bank account or a $50,000 account?
This factor helps Linux, with its third world popularity, but complacency is always the Devil's playground.