Posted on 09/23/2009 10:59:20 PM PDT by Swordmaker
Myth 1: Macs Are Safer Than PCs
Thanks to aggressive marketing from Apple, Mac users often think they are impervious to the viruses, Trojans and numerous other assaults that have plagued Windows users for decades. Security experts say that if Mac users are less susceptible to attack, it's simply due to the fact that there are fewer viruses written for Macs than for Windows. That is rapidly changing, however, as Macs gain market share. Meanwhile, users who have the unfortunate experience of being attacked by information-stealing Trojans will likely have their systems compromised and their data stolen ... just like every other PC user out there.
Myth 2: Macs Have Fewer Vulnerabilities Than Windows
Not true. In fact, studies have shown that Macs actually have MORE vulnerabilities than their Windows counterparts, experts say. The reason? Constituting a "seek and ye shall find" phenomenon, it was simply a matter of attention, experts say. Some maintain that Apple's credibility in the security community increased as it gained traction in the marketplace. Others contend that a disproportionate amount of researchers in the field prefer Apple, and subsequently put their efforts into finding Windows' vulnerabilities instead. But once security experts began to seriously research Apple, the number of vulnerabilities increased exponentially, experts say. However, whether exploits target those vulnerabilities is another question.
"We can compare it to the situation with Internet Explorer and Firefox. Lots of people were saying that [Firefox] was so much more secure than IE," said Roel Schouwenberg, senior antivirus researcher for Moscow-based Kaspersky Lab. "It actually gained in popularity. Now all of a sudden a lot of vulnerabilities were being found in Firefox. I don't think you can underestimate the importance of market share."
Myth 3: Mac OS X Users Don't Need A Separate Antivirus Solution
Not so. Not even Apple says that anymore, even if it has downplayed the fact that users also should equip themselves with third-party antivirus software. There are just too many Mac Trojans and viruses out there that can evade Mac's built-in security systems -- and the numbers are growing.
"If you look at the Apple consumer base, and how they generally tend to think about security, the vast majority of Apple users will assume this is all they need," Schouwenberg said. "It's really nothing fancy and it can be easily bypassed."
Fortunately, there also are a number of antivirus offerings specifically designed for the Mac OS X platform.
Myth 4: The Antivirus Feature In Snow Leopard Is Enough To Protect Users
Or not. If anything, experts say, the antivirus feature lulls users into a false sense of security -- that is to say, even more than the one they already had. Apple turned heads earlier this month with the release of its Mac OS X version 10.6 Snow Leopard, which touted that it came equipped with antivirus and additional security features. However, upon closer inspection, security experts said that the built-in antivirus feature was designed to block a whopping total of two -- yes, two -- Mac Trojans, despite the fact that researchers have detected dozens of malicious threats that target the Mac OS X platform. According to researchers at Intego, the built-in antivirus only scans files on a handful of applications, including Safari, Mail, iChat, Firefox, Entourage and a few other browsers, but fails to scan from other sources, such as BitTorrent or FTP files.
Myth 5: Most Mac Exploits Target The Operating System
No. Actually, experts maintain that most of the attacks targeting Mac OS X will exploit the Web browser, and ultimately, the user's behavior. As in any PC, the biggest threat typically starts with the user and quite often via e-mail -- falling for phishing sites, clicking on malicious links, surfing infected Web sites, etc.
And as with their PC counterparts, Mac Trojans are becoming more sophisticated and stealthy, frequently designed to steal information and evade antivirus software. This means that as Mac's market share further grows well into the double digits, users can only expect to see more Trojans, worms and other Web-based threats taking over their favorite machines.
"The main danger for Mac comes not from the operating system but it comes from the behavior of the user," said David Perry, director of global education for Trend Micro. "Falling for bad phishing Web sites, responding to ads on Craigslist -- that is enough so that the end user requires additional protection."
Myth 6: Apple Is Just Like Microsoft And Has An Army Of Security Henchmen
Er, no. In fact, the company's historic lack of emphasis on security issues has left Apple vastly underprepared to deal with the barrage of anticipated Mac malware coming down the pike. Experts contend that Apple lacks the necessary manpower to create and test patches on a monthly basis and still needs the extensive specialized team needed to develop significant changes to Mac OS X internals that would make the platform more resilient to sophisticated malware attacks. And security experts also emphasize that Cupertino needs to stay on top of security issues in its open source projects and third-party components.
However, Apple appears to be trying. In light of a groundswell of Mac OS X malware, Apple recently hired its first security guru, the former head of security architecture at One Laptop Per Child (OLPC) Ivan Krstic, to oversee the security division at Apple.
Myth 7: Apple Needs To Implement A Monthly Update Cycle Like Microsoft
Not necessarily, security experts say. This is simply due to the fact that there still isn't the necessary volume of vulnerabilities to warrant a monthly update cycle. However, experts agree that Apple could definitely stand to address security bugs in a more timely manner. After all, there are more efficient ways to repair vulnerabilities than with a patch that averages 70 to 80 fixes every few months. Meanwhile, Apple scrambled to repair a six-month-old critical Java vulnerability this spring after -- but only after -- researcher Landon Fuller published a proof of concept exploit exposing the flaw six months after it was first detected. Yowza.
However, Apple will likely consider a more frequent patch cycle as malware authors more frequently find ways to launch attacks that exploit its vulnerabilities.
Myth 8: Unlike Windows Viruses, Mac Malware Is A Recent Phenomenon
Actually, some of the first and most destructive viruses were initially written for Mac, experts say -- back in the 1980s when Mac still had sizable market share. Viruses for Macs dropped significantly in the mid 90s, along with Mac's market share and credibility in the marketplace. But the viruses have since experienced a resurgence as Mac gained popularity after 2001 with its Tiger, Leopard and now Snow Leopard operating systems.
Myth 9: There Is Only A Handful Of Mac Malware, And It's Pretty Benign
Granted, the number of Trojans and worms targeting the Mac platform does not even come close to the number for Windows platforms. That said, some of the current malware is pretty destructive. Last year a Mac Trojan swept from machine to machine, forcing users to download bogus antivirus software. Earlier this year, Mac users were pummeled with two variants of a Mac-only iServices Trojan distributed via pirated versions of Apple's productivity suite iWorks and cracked Adobe Photoshop CS4 applications. The Trojans later developed into a full-fledged global botnet that infected more than 40,000 Macs. And experts say that Mac users can expect to see more drive-by and browser attacks.
Myth 10: Mac Users Will Surely Complain When Security Issues Become A Problem
Here's the thing -- experience is always the best teacher. Unlike PC owners, Mac users are simply not used to dealing with rampant malware, experts say. As a result, Mac users are much more likely than their Windows counterparts to underprotect their machines, or not protect them at all. PC owners acknowledge, in fact expect, that their machines will be riddled with security flaws, which leaves them susceptible to all kinds of malicious code. If their PCs are a little slow or erratic, most will simply download that antivirus upgrade they had been meaning to install and go about their day. Not so Mac owners, who often assume that they're perfectly safe, even when they're not. So the upshot is, Mac owners don't know what they don't know. And that could likely be the biggest mistake of all.
By definition, this means that right now, security issues are NOT a problem.
Game, Set, and Match to Apple.
Cheers!
Propaganda knows no boundaries, does it?
More FUD for sure.
Gonna put a helmet & great ready for all those trojans coming down the pike. :)
Appreciate your time and expertise on the Mac threads.
My democratic Mac geek hubby signed up to FR just because of you!
Great way to expose him to more right thinking folks!
Thanks for all your work on this thread, Swordmaker. I appreciate your clear explanation of the real facts.
No. Actually, experts maintain that most of the attacks targeting Mac OS X will exploit the Web browser, and ultimately, the user's behavior.
BINGO, and if this was point one and the subject of the headline, this article could be quasi-useful.
The whole geist of the claim about Mac superiority with regard to security is that if the Mac user exhibits just an iota of common sense he is secure, whereas the PC user regardless of good habits still requires AV and frequent updates and STILL is more likely to come down with a case of malware.
I liked comparing the security of OS X of today with Apple of the 80s.
I know MACs have many superior features and are less subject to evil things, but the whole mindset that they are wholly secure and wholly without issue, is incomprehensible to me. MAC users view their machines with something like a religious fervor. Truth, in the current environment, all machines are at risk through the portals of the web browser and e-mail. Users who view those portals realistically for the potential dangers they represent, will suffer less disruption from viruses and the like regardless of the operating system they use.
I knew they virus's but didn't know which ones. That's when I started running AV software to protect those windows boxes.
Obviously, it is seriously unwise not to back up data regardless of your OS, but what other steps do you recommend a Mac owner take?
Windows 7 must be close
as there is already talk
in the trade journals of
Windows 8
Mad Hatter: Have some more tea.
Alice: I've had nothing yet, so I can't have more.
Mad Hatter: You mean you can't have less. It's very easy to have more than nothing.
Ah, then, Mr. Mad Hatter Tech Writer, let's have some Mac OS-X viruses now, please!
[...crickets...]
What does Media Access Control have to do with the relative security of OS X?
> Windows 7 must be close as there is already talk in the trade journals of Windows 8
So let's see...
Win2000 is NT 5.0
WinXP is NT 5.1
Vista is NT 6.0
Before Vista bombed, Microsoft had already started talking about the Next Big Thing, a huge departure from the Vista/NT codebase (hopefully a major re-write), that would be "NT 7.0", and the project was code-named "Windows 7" as a result.
But when Vista bombed, they had to rush out a "fixed" version (Vista SP3, as it were). Due to the negative reputation of Vista, and the positive outlook for "Windows 7", Microsoft Marketing stole the project codename and applied it back onto Vista SP3.
Vista SP3 - NT 6.1 - was thus named "Windows 7".
So what will "Windows 8" actually be inside? NT 7.0? or merely NT 6.2? Will they force the programmers to skip over the "NT 7.0" and go straight to NT 8.0 so they don't have the current confusion propagated into the future?
Stay tuned for Microsoft's next complete disconnect from sanity....
My bet is that enough code already existed from the REAL Windows 7 project, with the label "NT 7.0", that they will have to keep on with that, for the so-called "Windows 8" product.
Microsoft must be spending some big bucks for all these “experts.”
Great posts, thanks.
Name 1 (or actually several, as the numbers are supposedly growing).
What an inane sack of crap. The absolute ONLY antivirus I have run on a Mac since OSX's debut - running in VirtualPC to protect the Windows install there.
If I had an Intel mac with parallels or bootcamp with some flavor of Windows - then I would run antivirus on that particular area.
How many millions of active OSX machines out there? And if they are supposedly such easy targets, then wouldn't that make an appealing target for any hacker trying to score zombie machines or compromise data? MS is constantly having to pump out security updates (often daily+). Again - a platform that is getting sometimes daily security updates, that is often protected with daily updated antivirus software - or millions of supposedly unprotected machines? Seems like a no-brainer for a hacker.
So why not a huge library of attacks on Macs?
And to add to your statement - there is no way to "patch" the most vulnerable weak link in the computer security link- the operator.
The school where I use to teach - there were certain teachers who had computers constantly getting infected- some infections that would spread to other computers... Yet those machines had the same level of antivirus as all the other machines that NEVER got infected (including the one in my room). The common thread - these women would open any and every attachment that ever came through. So even when filters would block some - all it would take is one to show up and they would open it - even after repeated warnings by the tech person and the rest of us. District finally implemented for a time - a block on all emails with attachments. That messed things up worse - because of so many emails with style sheets/Vcards, etc. Hardly any mail at all was getting through. Having been gone from there for 15 months - that is one thing I definitely do not miss!
I have never owned a Windows machine, though have used them (mostly against my will) in work. The one at my last work - an XP machine, went through 3 power supplies, a hard drive, and an optical drive in the 3 years it was in service. The HP laptop I use for work - hard drive died in it at 11 months (having been used VERY lightly in that time). It died after a Windows auto-update.
Which brings up one other difference between average Apple hardware and Windows-running hardware - quality standards by the manufacturer. Most PCs are built from the lowest-price commodity parts at a given time to make them as inexpensively as possible. Apple tends to have somewhat higher standards, and though they do shop around, they have typically higher standards from their suppliers, thus components that are a bit more expensive. This contributes at least part of the perceived cost difference to consumers. But even with Apple's higher standards, they have been bitten a few times - like the Sony-supplied battery cells that had to be recalled.
But your point is well taken - regardless of how reliable a computer might be (or not), there are some good practices that carry over regardless of platform (kind of like a Ford truck vs. Chevy) - do your regular maintenance, don't drive like a total idiot, etc. and it will work better, regardless of brand.
And even the very best of the best manufacturer of anything has a bad day and lets a less-than-great product out the door. That is what warranties are suppose to be for.
Have a great day!
Why? How did he lose data? What was wrong. It sounds to me as if he has a problem hard drive rather than anything invading the Mac. I administer numerous Macs and have had to re-install a Mac OS only once in over 8 years... and no data was lost. Doing a clean install on a Mac is easy and no data will ever be touched. I think you are claiming something that did not happen, Roses.
Oh, goody... A Mac v. PC thread! Yay!
Maybe THIS will be the thread that settles the matter once and for all!!
:-)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.