
Ars Technica Investigates the State of Malware on the Mac - shawndumas
http://daringfireball.net/linked/2011/05/20/cheng-malware
======
ROFISH
Actually I wouldn't be surprised to find Norton on a Genius Bar Mac, mostly
because an anti-virus is required for PCI compliance to handle credit cards.

~~~
wtallis
Last time I bought something at an Apple Store, my credit card was swiped
through an iPod Touch, not a Mac. Do you think that the iPod was running a
virus scanner?

------
hahainternet
To me this seems like Gruber doing damage control for Apple again.

There's no doubt that simple scams like this will increase as marketshare
does, and pretending like it's not already happening is fooling nobody.

~~~
joebadmo
Yeah, I really don't understand Gruber's position on this. It seems fairly
obvious and inarguable that as Macs become a bigger target, there will be more
and worse malware on them. Is he saying that there's something inherent to Mac
OS that makes malware harder? If so, what?

~~~
rimantas
Gruber wrote more then once in the past about market share argument. It's been
going on for years. And there were more viruses for Mac OS versions prior to
OS X with even smaller market share. I think one advantage OS X always had
compared to Win < 7 that users never had a habit to run with administrator
rights all the time.

~~~
joebadmo
Sure, that's one advantage, but it doesn't seem like a decisive one, really.

I must have missed his arguments re market share. I've only ever seen him post
the historically periodic articles about how people have always been saying
it's about to happen. What are his actual arguments?

If anything, I feel like Mac OS X will potentially be more vulnerable. To make
the anatomical analogy, Windows has always had a lot of exposure to malware,
and as a result there's a fairly robust anti-malware ecosystem, like anti-
bodies in an immune system. OS X, on the other hand, hasn't. It's evolved in
the absence of many attacks, and has a proportionally weaker immune system.

Ok, I'm not sure I buy that completely, but the market share argument seems
like a straightforward one.

~~~
wtallis
Most iterations of the "market share argument" I've seen imply that at some
time in the future, Mac market share will reach a tipping point and writing
viruses for OS X will be lucrative enough that there will be a dramatic
increase in the amount of malware being flung at Macs.

It has the same problem that plagues every other apocalyptic argument: the
world keeps not ending.

Nobody ever says how _much_ market share OS X needs to reach this tipping
point, which makes it pretty hard to falsify. Meanwhile, the Mac market share
keeps growing, year after year, with only minor increases in the prevalence of
malware, and no major botnets or worms of the sort that were rampant on Win9x
and early XP.

Claiming that OS X is (or will be) a soft target also serves to further
undermine the market share argument: Windows has been getting more secure over
time, which should help make OS X a more attractive target if it really is a
softer target than Windows.

~~~
mishmash
>Mac market share will reach a tipping point and writing viruses for OS X will
be lucrative

Playing with the $59.99 "price" of Mac Defender it's probably only taken a
dozen or so purchases to get a return on the design/HTML/CSS, the Cocoa, and
hosting, etc. general development time required to put this together.

Depending on the numbers (un)reported - it's not hard to imagine:

    
    
       a) Mac Defender is already profitable
       b) it could become very profitable
       c) other malcontents will likely recognize this...
    

So I think it reasonable to speculate the OS X malware inflection point is
now.

~~~
wtallis
One successful product does not necessarily lead to a thriving market. The
authors of Mac Defender have probably made a good return on their investment,
but what counts in the long term is whether their customers have, in the form
of stolen credit card numbers or botnet membership or whatever.

If Mac Defender and it's forthcoming copycats aren't very effective tools,
then we probably won't see an explosion. There will be some short-term growth,
but Mac malware would quickly become a low-level endemic problem, instead of
the multi-year epidemic that would be necessary for OS X to get to the state
Windows is in.

Mac Defender may mark the start of the arms race between malware authors and
Apple, but I don't think there's any evidence yet to suggest that the arms
race would proceed as quickly or as embarrassingly as it did for Windows.

------
ansy
Original source: [http://arstechnica.com/apple/news/2011/05/malware-on-the-
mac...](http://arstechnica.com/apple/news/2011/05/malware-on-the-mac.ars/)

From the Hacker News Guidelines[1]: "Please submit the original source. If a
blog post reports on something they found on another site, submit the latter."

The fact Mac OS X is a security pushover is pretty well known[2]. I wouldn't
be surprised if more macs weren't rooted with something much stealthier than
Mac Defender. Disclaimer: I use a mac.

[1] <http://ycombinator.com/newsguidelines.html>

[2] [http://www.washingtonpost.com/blogs/faster-
forward/post/ie-s...](http://www.washingtonpost.com/blogs/faster-
forward/post/ie-safari-iphone-blackberry-fall-at-pwn2own-chrome-firefox-
android-windows-phone-7-escape/2011/03/14/ABjqQGV_blog.html)

~~~
bdhe
_The fact Mac OS X is a security pushover is pretty well known[2]._

That raises the question then, why aren't we seeing more Mac viruses and
malware? Is it purely a question of economics that market share answers? Is it
because there's more technical "know-how" and experience floating around about
Windows vulnerabilities? Is it because it is easier to profit off of Windows
vulns? These are genuine questions to which I'd love to hear some answers.

Edit: The fact that OS X Lion was shared with security researchers in
advance[1] is a good move on Apple's part. Does Microsoft do similar things?

[1]<http://news.cnet.com/8301-1009_3-20036218-83.html>

------
Kylekramer
I assume Gruber is talking about engineers in Cupertino never using Norton,
while Ars is talking to Genius Bar employees. It is that far fetched to assume
Apple trusts the former more than the latter?

------
wiredfool
Perhaps "Slipping a Norton" will become the new mickey.

