Game Theory, Antivirus Improvements Explain Rise In Mac Malware

← Back to Stories (view on slashdot.org)

Game Theory, Antivirus Improvements Explain Rise In Mac Malware

Posted by Soulskill on Friday April 20, 2012 @04:20AM from the apple-blames-solar-flares dept.

Sparrowvsrevolution writes "Four years ago, security researcher Adam J. O'Donnell used game theory to predict in a paper for IEEE Security and Privacy when malware authors would start targeting Macs. Based on some rough assumptions and a little algebra, he found that it would only become profitable to target Apple's population of users when they reached 16% market share. So why are we now seeing mass attacks on Macs like the Flashback trojan when Apple only has 11% market share? O'Donnell says it turns out he may have underestimated the effectiveness of the antivirus used by most Windows users, which now makes overconfident Mac users a relatively vulnerable and much more appealing target. Based on current antivirus detection rates, O'Donnell's equations now show that victimizing Macs becomes a profitable alternative to PCs at just 6.5% market share."

34 of 319 comments (clear)

Min score:

Reason:

Sort:

Hey Apple Users... by pwnyxpress · 2012-04-20 04:25 · Score: 4, Funny

How it security by obscurity treating you now?
1. Re:Hey Apple Users... by Samalie · 2012-04-20 04:27 · Score: 4, Insightful
  
  Stupid people doing stupid shit with technology and getting viris outbreaks?
  Yeah, that's confined to ANY particular OS.
  Sorry, but if Linux had enough market share, they'd be targeted too. Computing is by definition insecure, because you'll always have stupid people doing stupid shit.
  
  --
  09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
2. Re:Hey Apple Users... by Luckyo · 2012-04-20 04:32 · Score: 4, Interesting
  
  Pretty much this. In most cases the weakest link is between keyboard and chair and chain is as strong as its weakest link.
3. Re:Hey Apple Users... by WrongSizeGlass · 2012-04-20 04:34 · Score: 5, Insightful
  
  How it security by obscurity treating you now?
  Security by obscurity was not the problem. Complacency was the problem.
4. Re:Hey Apple Users... by cpu6502 · 2012-04-20 04:35 · Score: 4, Funny
  
  So does Ubuntu Linux have 6.5% share yet?
  
  --
  My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
5. Re:Hey Apple Users... by SJHillman · 2012-04-20 04:39 · Score: 4, Informative
  
  Linux does have significant marketshare in the server and smartphone arenas. Servers are generally more secure than desktop machines (not to mention better maintained), so there's naturally fewer points of vulnerability - this holds true for Windows servers as well. As for smartphones, I've seen a lot of articles about Android malware recently although I haven't personally encountered any.
6. Re:Hey Apple Users... by ByOhTek · 2012-04-20 04:45 · Score: 3, Interesting
  
  Yes, however, I think the GP just venting due to all of the "I have a Mac, so I'm immune to malware" and "Oh, they had problems because they used a PC, they should have gotten a Mac!" that has being going on for so long, even by some here on slashdot.
  But, of course, you are correct, it is the user that is the biggest security vulnerability of a computer, in most cases.
  
  --
  Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).
7. Re:Hey Apple Users... by Drinking+Bleach · 2012-04-20 04:48 · Score: 4, Informative
  
  Generally more secure, but Linux servers are still vulnerable, especially when they are neglected from being looked after. I have signed onto a company that kept a mail server running for years with no updates -- turns out that exim had a security vulnerability and there was a rootkit living on the system for at least a couple years. If the machine was being properly monitored, the chances of infection would be very low (keep on top of updates!), and it would have been detected rather quickly even if it did happen despite that first point.
  I still don't know what the attacker gained but apparently it pays off enough to pry on mismanaged Linux servers.
8. Re:Hey Apple Users... by betterunixthanunix · 2012-04-20 04:52 · Score: 4, Interesting
  
  Sorry, but if Linux had enough market share, they'd be targeted too.
  "Linux" is not one operating system. There are very secure distributions, and then there are distributions that are not so secure, and then there are distributions that can be secure if you stick to best practices.
  
  --
  Palm trees and 8
9. Re:Hey Apple Users... by davester666 · 2012-04-20 04:59 · Score: 5, Insightful
  
  What's funny is that NONE of the anti-virus products blocked it, indicating just how useless their products are.
  
  --
  Sleep your way to a whiter smile...date a dentist!
10. Re:Hey Apple Users... by msobkow · 2012-04-20 05:00 · Score: 4, Insightful
  
  Servers are more secure than desktops in the Linux arena primarily because there is no idiot user sitting in front of the keyboard to click "Ok" when malware tries to install itself. Also, servers aren't typically used for surfing and downloading, so the malware doesn't get a chance to try to install itself.
  Only once since I started programming in the late '70s have I seen a machine that was infected without the intervention of a user disabling the anti-virus or installing pirated/downloaded software. Once.
  
  --
  I do not fail; I succeed at finding out what does not work.
11. Re:Hey Apple Users... by Charliemopps · 2012-04-20 05:05 · Score: 5, Funny
  
  as stupid as windows user are... and I'll grant you they ARE stupid... Absolutely nothing compares to the apple market. There's a price to be paid for making your OS so easy to use that you don't even need to be smart enough to tie your own shoes to use it... namely, that your OS will attract all of the people not smart enough to tie their own shoes.
  
  Now, I know all you apple "power users" are going to get all mad and scream "You're calling me dumb! I'm not dumb!" I'm not saying you're dumb... I'm saying all your friends are dumb... and you make bad technology choices... I'm sure you made a very smart, well informed decision when you chose the wrong operating system.
12. Re:Hey Apple Users... by man_of_mr_e · 2012-04-20 05:42 · Score: 3, Informative
  
  Yeah, it's not like Apple has ever done anything to encourage that thinking...
  http://www.youtube.com/watch?v=GQb_Q8WRL_g
  
  --
  If you need web hosting, you could do worse than here
13. Re:Hey Apple Users... by Khyber · 2012-04-20 05:44 · Score: 3, Funny
  
  "The odd thing is, I've never actually heard anyone ever say "I have a Mac, so I'm immune""
  Oh, boy. You must not sit around Best Buy, Apple Stores, or 4chan's /g/ very often.
  Hell, I hear that in the workplace all the time. I go over, infect their machine, and laugh at them.
  
  --
  Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
14. Re:Hey Apple Users... by beelsebob · 2012-04-20 05:48 · Score: 3, Informative
  
  Notably, "macs don't get viruses" is not the same as "macs can't get viruses". The former was true in the early 2000s.
15. Re:Hey Apple Users... by Tharsman · 2012-04-20 06:02 · Score: 4, Informative
  
  I'm sorry; I love my Macs BUT this last Flasback virus would easily get into your computer without doing anything. All you had to do was visit a page with the virulent java applet for your computer to be infected. Once infected it may attempt to ask a password off you to dive further into your system, but even ignoring it did nothing, the virus was fully active in your system.
  Some tech geeks love to think "I'm too smart for me to be infected", and blame anyone with a virus of being stupid. Ironically, those tech geeks" tend to be some of the most vulnerable users for real virus infections, since they refuse to use any anti-virus solution because it will "slow down their system" or patch their systems with latest updates because "it's working fine and I know what I'm doing."
  That’s how viruses actually work. Everything that requires you to do something to accept it is qualified as a Trojan. No amount of tech savvinnes makes anyone less likely to get virus infections (unless you are savvy enough to update asap and run some form of antivirus.)
  THAT being said:
  0.7% flashback victims were Linux machines
  0.6% flashback victims were Windows 7 or Windows 8 PCs
  0.3% flashback victims were FreeBSD
  0.5% flashback victims were machines running an unidentified OS.
  How on Earth does Linux got more Flashback infections than Windows??? Hint: I said why above. At least Macs have the excuse of Apple negligence at patching the vulnerability.
16. Re:Hey Apple Users... by Luckyo · 2012-04-20 06:02 · Score: 3, Insightful
  
  Anti-virus software is good at blocking threats that are not zero-day threats. I.e. known viruses reused. Much of stuff out there that actually does damage falls into this category (think conficker for example).
  The only thing that can protect you against zero day threats is having solid security practices on user's end. And even that is not guaranteed (think valve source code theft).
17. Re:Hey Apple Users... by Tharsman · 2012-04-20 06:04 · Score: 4, Informative
  
  To add (thanks for the edit button, slashdot!)
  Source of the numbers
18. Re:Hey Apple Users... by Ihmhi · 2012-04-20 07:02 · Score: 4, Interesting
  
  This just in, Antivirus products can't block shit they haven't seen before!
  Film at 11.
  
  --
  Random Thoughts From A Diseased Mind (Not For Dummies)
19. Re:Hey Apple Users... by mcgrew · 2012-04-20 07:18 · Score: 4, Funny
  
  Well, hey, then Mac AV will work a lot faster than Windows AV since there's only one virus in the definition database!
  
  --
  Free Martian Whores!
20. Re:Hey Apple Users... by Americano · 2012-04-20 11:04 · Score: 3, Funny
  
  I have to disagree with this. I have an iPad, and I can assure you, it really, truly is MAGICAL.
  Here's what casting a lightning bolt was like before my iPad: http://www.youtube.com/watch?v=KZ04mfAY2BU
  Here's what it's like AFTER the iPad: http://www.youtube.com/watch?v=uxYGT51JTfE
  Apple is always explicitly literal in their advertising copy, and any suggestion that they aren't is just crazy talk.
One factor frequently left out by MikeRT · 2012-04-20 04:27 · Score: 5, Insightful

In all of the fights between Windows and Mac users over the disparity in viruses for both platforms, I've never seen a Windows user point out the fact that Windows is often used on infrastructure that is valuable to compromise. No major business runs their corporate infrastructure on Macs. No major sites with valuable data I know of are hosted on Apple hardware. What has changed with the marketshare is that now Macs are used by the upper-middle and upper classes extensively at work and at home. So even at 6.5% of the market, you're far more likely now to compromise a Mac with valuable data or access to it now.
Compromise a Mac today and you might get access to a corporate network, a richer man/woman's bank information, etc. That wasn't true 10 years ago.
1. Re:One factor frequently left out by SJHillman · 2012-04-20 04:32 · Score: 4, Insightful
  
  So what you're saying is the fact that Apple overcharges for Macs is actually a factor in the increase in Mac malware? Oddly enough, makes sense.
2. Re:One factor frequently left out by Tyr07 · 2012-04-20 04:55 · Score: 3, Interesting
  
  I've frequently pointed it out to people.
  I've told many 'smug' mac users that the only reason they're not getting viruses like PC's are is because it's not worth it. No one cares about your myspace profile or your doodle you did this morning.
  Major businesses handling credit card information or valuable corporate information is ran on PCs, it has all the financial data and so on, hence the target.
  As soon as macs become popular and worth while, they'll get viruses too.
  And here we are.
Reversal from the 1980s by concealment · 2012-04-20 04:28 · Score: 3, Informative

Back in the 1980s, Macs were very tempting virus targets. They had multitasking operating systems at a time when the rest of us were running DOS or CP/M (although Amiga users and users of DOS multitaskers like DESQview had a small market share). Luckily this was before the internet, so the only real risk was downloaded software.
"Vastly oversimplified" by ledow · 2012-04-20 04:31 · Score: 5, Insightful

He says himself that the equation is vastly oversimplified, and a small change in antivirus detection range changes the answer from 16 to 6%. That means the equation is all-but useless and pointless to try to "predict" anything except, apparently, in hindsight.
I could have plucked any number I liked out of the air and wrote a (reasonable) equation to make it come out with whatever answer I wanted, even basing it on "game theory" (which has very, very, very little relevance here, actually) - I could have done that even before I graduated in mathematics (including Game Theory) over a decade ago.
When enough Mac's exist to make it viable (and market share has little to do with it compared to "number of computers active on the Internet" of that particular model), viruses will target them. Guess what, same for every other platform on the planet. If someone miraculously sells a popular device based on MINIX that millions start buying, eventually someone will write a virus for that platform.
Seriously - don't give it the press.
Winning formula by chepati · 2012-04-20 04:31 · Score: 4, Insightful

Let's see what our wise men can come up with:
1) Write a "scientific" paper, make assumptions, use some "algorithm", predict event A
2) Wait
3) Observe empirical evidence
4) Revise initial paper
5) Bask in peer admiration
Did I miss anything?
1. Re:Winning formula by Haedrian · 2012-04-20 04:45 · Score: 3, Insightful
  
  That's how Science works.
  You build a model, you predict things, you test it. If it fails, you fix your model, you test it again.
  Now we'll see how his next prediction holds and we can then judge his model
Nay! by Anonymous Coward · 2012-04-20 04:32 · Score: 5, Funny

Tis a feature, allowed by the Almighty Jobs as a test thy faith in Apple .. so only mayest the True Believers be granted the next iDevice.
Urge to deny "overconfident" by Loopy · 2012-04-20 04:36 · Score: 5, Insightful

While I realize there may be some outrage over the "overconfident" label, it does make sense in terms of learned behavior. More specifically, Windows users have known malware has been rampant for so long that:
A) they're used to having to use antivirus, firewalls and other "security" type apps
B) Windows has steadily improved its built-in firewall and anti-trojan features to combat real and perceived vulnerability
C) Windows-based PC OEMs and system builders install anti-virus by default and have for quite some time now.
I can't say whether Macs get a/v software by default but despite our joking about macs not being susceptible to malware, that view is held by far too many mac users. While it might be true statistically speaking relative to Windows, it is unhelpful in being a rightfully vigilant denizen of this wretched hive of scum and villainy we call the Internet.
Re:sigh by SJHillman · 2012-04-20 04:36 · Score: 3, Interesting

How exactly is OSX more secure than Windows 7, assuming both are patched and not used by total morons that click Yes to everything?
Re:Correct by Anonymous Coward · 2012-04-20 05:08 · Score: 5, Informative

Actually, here is what Apple says:

http://www.apple.com/why-mac/better-os/#viruses

A Mac isn’t susceptible to the thousands of viruses plaguing Windows-based computers. That’s thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part.
Is this true? Yes, but only because the malware they are talking about was written specifically for Windows. It has nothing to do with the "built-in defenses in Mac OS X that keep you safe". It is at best disingenuous because the average user reads that to mean "Macs can't get malware".
Re:sigh by StuartHankins · 2012-04-20 05:24 · Score: 3, Informative

http://www.theregister.co.uk/2011/07/21/mac_os_x_lion_security/
http://blog.laptopmag.com/mac-os-x-lion-vs-windows-7-which-is-better/9
http://www.eweek.com/c/a/Enterprise-Applications/Apple-Mac-OS-X-Lion-Bests-Microsoft-Windows-7-10-Reasons-Why-647298/ (slide 4)
http://gadgetwise.blogs.nytimes.com/2011/07/29/lions-upgraded-robust-security-features/
I think you get the point... all of these I found on the first 2 pages by Googling "lion security vs windows 7".
Re:Correct by ByOhTek · 2012-04-20 05:42 · Score: 3, Insightful

Two examples I've ran into:
Limiting it to just people who have IT experience that I know:
(1) One person literally told me that it is impossible for a mac to get a virus.
(2) One has said that, since he uses Chrome and MacOS, he can't get malware, period.
That's maybe 10% of the MacIT people I've dealt with, the rest have been in the 'it is less likely' camp.
From the non-IT Mac users, it's closer to closer to half, that fall into one of those (or similar, change the web browser), categories.

--
Self proclaimed typo king, and inventor of the bear destroying coffee table (patent not pending).