Posted on 05/18/2009 1:24:44 AM PDT by Swordmaker
May 16th, 2009
Daniel Eran Dilger
Everyone seems to get lost in their own words when talking about security and Apple. The Daring Fireball recently cited security blogger Dennis Fisher, who insisted it was demonstrably false to say there were not any virus attacks on Macs. However, rather than pointing out what a horrible pile of trash Fisher’s article was, John Gruber praised it (apparently to be nice) and then got lost in his own semantics on the subject. Sometimes you need to say he’s wrong, here’s why.
Instead, Gruber wrote, That [blogger's article] probably sounds like clueless trolling to many of you reading this but its not, and it highlights an important distinction. Security is about technical measures, like the strength of the locks on your doors and windows. Safety is about the likelihood that youll actually suffer from some sort of attack.
.
Safety or Security?
Let’s first briefly wade through the semantics. In the dictionary that ships with Mac OS X, security is defined as the state of being free from danger or threat and safety is similarly defined as the condition of being protected from or unlikely to cause danger, risk, or injury. Security comes from the Latin securitas or securus free from care while safety comes from salvitas or salvus meaning safe.
So if there were any real nuance of difference between being safe and being secure, then security would have the edge in meaning feeling safe, while safety could be said to imply actually being safe. You can have an impressive but flawed security system making you feel safe when you’re really at serious risk, and you can terrorize yourself about hypothetical security vulnerabilities when in reality there may be few actual dangers. Typically however, safety and security are interchangeable.
Given all that, it’s too bad Gruber didn’t instead describe how completely bat-nuts Fisher’s predictably ignorant screed was, and why stereotyping 25 million Mac users as being a lockstep group of same-thinking automatons who comprise a giant strawman dubious of his own mortality is a tired way to begin one’s attempt to say something interesting about security in relation to Apple. Fischer presents himself as a security expert, so this isn’t some run of the mill CNET blogger giving the predictably sensationalized, anti-Apple click bait rant.
The Difference Between Security and Safety
Real World Security on Macs and Windows
The real discrepancy that needs to be pointed out between security on the Mac and Windows is that while Microsoft has recently invested more into building a fancy security infrastructure in the Vista version of Windows that most Windows users don’t actually use, Mac users continue to both feel safer and to actually be safer in the sense of being free from danger or threat, whether that threat might relate to:
There is clearly no immediate or impending threat to Macs, and there is little in the way of market forces or that wishful thinking pundit invention of hacker pride that will result in something to turn Macs into the disaster that has dogged Windows since the late 90s. Fischer’s capacity for speculating a scenario where Macs fall prey to virus attacks is not the same as Macs actually being at any risk of being attacked by viruses.
No amount of highly publicized security contests (where one of the half dozen men on earth who track Mac security vulnerabilities arrives and shuts down the contest with a prepared exploit that has no value outside of such a contest) changes that fact.
There are currently no viral threats on the Mac to worry about; the only malware anyone has yet reported for the Mac are ham-fisted efforts to trick users into manually authorizing software installations that do bad things. This short list of malware is simply not a real world risk to users, and certainly is not even close to being anything like the problems that plague Windows, no matter how much sensationalistic emphasis the tech press attempts to frost over reality with.
Trying to equate things on the Mac and Windows behind words that lack much meaning is like trying to equate a hangnail with an ebola virus infection by calling both health issues.
InfoWorld Publishes False Report on Mac Security
Inventing a Problem for your Solution
Will the risks facing Mac users gradually change as the Mac installed base grows? Apparently that can’t happen fast enough for the anti-virus companies who want to sell Mac users unnecessary software. Their pundits love to equate low risk, self-injury actions that are unlikely but possible on a Mac (and impossible to stop with security software) with high risk, difficult to escape from events that are routine on Windows and can be addressed by their lucrative security software subscriptions. This is straight up misinformation mixed with fear, uncertainty and doubt to defraud the public.
For example, nearly everyone is claiming that:
is the same as:
They are not the same, and only a liar would keep suggesting that Mac and Windows users face the same dangers and threats. If you’re paying attention, you’ll notice that those who keep suggesting this almost always work for an anti-virus company working to make money off of Mac users. This shouldn’t require any help in dot connection.
Kaspersky Sells Mac AntiVirus Fear Using Charlie Miller
Fischer Price
How exactly Fischer benefits from regurgitating a bunch of tired misinformation about Mac security I don’t know, so I’ll assume there was more incompetence than malice involved. From his first paragraph, he insists that the idea of there not being virus attacks on the Mac is demonstrably false by linking to his site’s own paraphrasing of a ZDNet report, which left out the original article’s statement that the discovery in question is not currently spreading in the wild. Fischer also saw no reason to cite the article’s hype deflating paragraph, which stated:
Excluding such notable OS X pieces of malware such as last years ARDAgent-based trojan exploiting a local root escalation vulnerability in Mac OS X 10.4 and 10.5, the rest of the newly discovered OS X malware continues relying on social engineering tactics (fake codecs such as CodecUpdate.v1.18.dmg; License.v.3.411.dmg etc.) in order to spread.
Fischer’s conclusion that Macs are somehow now under virus attacks (just not in the wild, and only if they install prototype trojans and activate Apple Remote Desktop first) is just plan irresponsible.
Fischer then suggests that the plague of Windows Powered spambot networks was some ancient problem related to Outlook, which he only seems to concede may have inconvenienced someone in a former life in another universe. But the game now is about owning the machine itself, Fischer claims, entirely without bothering to explain why, or without recognizing the difference between different types of attack and different targets.
One might as well say that car break-ins used to be a problem, but now everyone steals money by setting up a Ponzi Scheme, because that’s what you hear around in the newspapers lately. In other words, don’t worry about your car being stolen, but be terrified about investing money, because that’s far more dangerous apparently, at least when pundits are making up harebrained logical fallacies.
Ask Enderle!
Oh but it gets worse. This has led to the inevitable debate over which new OS will be more secure, Snow Leopard or Windows 7, Fischer insists. He then hauls out analyst Rob Enderle who according to Fischer, unsurprisingly, puts his money on Windows 7.
I wonder if that’s because Enderle a paid shill who will put his money anywhere you pay him to put it? Enderle is the same guy who read my article explaining why Windows 7 was headed toward the same fate as the Zune for similarly copying Apple’s strategy despite lacking Apple’s circumstances and position, and cited it to mean that Apple was helping to make Windows 7 better.
Enderle has been triumphantly discovering and lauding golden kernels of corn in Microsoft’s poop for years. And while he can spin anything in Microsoft’s favor in his frequent blog postings, he can’t actually manage to do anything to affect reality. His incessant demonizing of the iPhone ended up flaccid and impotent, and his efforts to advise Dell on how to deliver a killer new Windows Mobile smartphone in reaction were so ineffectual that the carriers ultimately told Dell to come back when they had a product that wasn’t boring.
For Windows Enthusiasts who can’t fathom Apple being successful and Microsoft failing, the only way to interpret the last decade is to insist that up is the new down and that success isn’t owning the future, but having monopolized the past. Let it go, folks.
Why Windows 7 is Microsoft’s next Zune
The Big Lie
Fischer then claimed that the reason why the dramatic expansion of Mac adoption over the last few years hasn’t had any impact on new Mac malware was only because Windows dominates in the enterprise, which is where the most valuable data is. Ergo, that’s where the attackers go. Oh really? Then why are attackers causing such a mess for home Windows users?
I’ve done a lot of antivirus and malware cleanup for a lot of computer users, and I’ve never encountered a PC that wasn’t chuck full of adware junk, but have never seen a Mac that had any significant infection from malware. It’s a pretty big lie to suggest that the plague of consumer malware which caused Microsoft to spend the first half of the decade working on patches to XP and spending much of its resources to develop a security infrastructure in Vista… simply didn’t happen.
The other reality is that, of the billion people who currently use Windows, only a minority actually use the patched and fixed editions Microsoft has recently released (which themselves are still not immune to viruses in the way these pundits like to suggest). The next article will look at what Microsoft is doing about that in its attempts to get people to adopt Vista under its new name: Windows 7.
Security is a complex topic
There are few useful generalizations to be made on the topic of security. Pundits, please stop saying that Mac users are all self-assured that their platform is invulnerable to viruses. Everyone I’ve talked to is aware that the Mac is a safer platform because there’s simply fewer existing problems and fewer reasons for anyone to want to introduce them.
There’s also far fewer old Macs sitting around which are connected to the network but without Software Update turned on, while the Windows platform is full of such dead wood fueling the viral forrest fires: all the old legacy Windows PC systems sitting around running cash registers or browsing the web in a cafe where nobody knows how to properly secure it.
I’ve earlier pointed out how Microsoft has itself participated and encouraged the adware/spyware business because it thought it could make money at it. The company also willingly attracts the kind of cheapskate consumers who are most likely to respond to the sorts of pandering adware offers that fuel viral malware. None of these problems are shared by Apple, meaning it’s not a safe assumption that the Mac’s success is fated to inherit Windows’ security crisis.
The Unavoidable Malware Myth: Why Apple Won’t Inherit Microsoft’s Malware Crown
News media, please do your jobs.
In view of all of this, the most shocking and disappointing thing that can be observed about this mess is how the media is lapping up the near denial that Microsoft bears any guilt in regard to today’s multi billion dollar PC security crisis, that it should only be commended for taking some recent stabs at polishing up its tarnished security record, and yet how much attention goes into covering the wagging finger of security experts who chastise Apple for not doing enough to keep the Mac free from imagined threats that could theoretically exploit known vulnerabilities.
(Gratuitous liberal political comment follows. You can stop reading now and not miss anything pertinent to the article. Swordmaker)
This seems creepily too much like the media’s approach to torture, where Dick Cheney is given a free pass for approving it, and yet somehow Nancy Pelosi as a legislator is vilified for not doing more than the executive branch to stop it, after being informed via classified reports she could not legally have taken public.
Especially when it is an ignorant alternative view that takes its information from the breathless press publishing reports of three-day wonder proof-of-concept attempts at writing malware for OS X. As of now there are ZERO self-replicating, self-transmitting, self-installing viruses and spyware in the wild for OS X Macs.
A good example of one of those three-day-wonders was reported just last month when two Symantec security "experts" published an article in an obscure on-line journal called Virus Bulletin claiming they had found malware for the Mac that was released in January that made the world's first Mac based BotNet. They further claimed this BotNet was comprised of 20,000 Macs that were mounting a denial-of-service attack on ONE (1) website. However, these guys did not even tell Symantec, their employer, about their "discovery," choosing instead to reveal it in a $175 per year subscription private journal that no one can check, and worse yet, NO ONE has found even one Mac compromised with this so called BotNet or the supposed target website. Symantec still reports the original Trojan horse, a supposedly pirated bit-torrent copy of iWork'09 Trial (a package freely available from Apple with the malicious rider, that the two BT sites where it was found report downloads in the "dozens") had infected ZERO to 50 computers. 0 to 50? How does that translate into 20,000? Others who have tested the supposed malware found it just simply did not work. Although this "malware" report was picked up and repeated by computer punditry and even the MSM, no one has found any secondary, independent sources other than Virus Reports. It made great FUD news... but apparently is just that: FUD.
The real discrepancy that needs to be pointed out between security on the Mac and Windows is that while Microsoft has recently invested more into building a fancy security infrastructure in the Vista version of Windows that most Windows users don't actually use, Mac users continue to both feel safer and to actually be safer in the sense of being "free from danger or threat,"Thanks SM. Virus writers are the scum of the Earth, so naturally they don't own Macs. ;') ;') ;')
COOL.
Does it run?
Windows made computers easy, that’s why we have one in nearly every home and most work desks.
That’s ok, you need it more that I. Fairly common for mac users.
<<
Losing what war? MAC users are the only offensive thing I see around here.
>>
Which is why you expend so much time and effort to come to a Mac thread and piss.
Still waiting for your PC to reboot?
Didn’t realize only mac users were allowed to make comments regarding mac security. Very 1984 of you
No it isn't.
is there anything on the Macs worth stealing?
You would target OS X because of the instant worldwide recognition. You would forever be known as the first person to create a self replicating virus/malware/spyware etc. for OS X. People could google “virus and OS X” and your name would receive thousands of hits. New software products would immediately start selling in large numbers because of you. You would probably be paid large fees for your consulting services. So fame and fortune alone would cause someone to target this market. Creating a virus for Windows is like making a Big Mac at McDonalds, with a very small amount of training anyone can make one.
<<
Didnt realize only mac users were allowed to make comments regarding mac security. Very 1984 of you
>>
Yeah. That’s exactly what I said.
Typical democrat troll.
In addition to that, I’m not sure the “market share” argument is relevant at all.
At least not as far as software goes. Other than games (and there are more and more games written for Macs now anyway), I don’t know of any significant program (like the suite of Adobe programs, such as Acrobat and Photoshop, or the Office suite, etc) that isn’t also written for a Mac.
Even as few as 5-7 years ago that may have not been true. And this was because of the small “market share” that Mac had.
Even though it may be arguable that Macs still don’t have much more of a share than back then, any significant program that’s widely used can be found written for a Mac as well, today. I’d challenge anyone to find a significant program that can’t run on a Macintosh. Which really, is the only valid argument when talking about “market share”.
So this “market share” argument is *little more* than a question of “popularity”. And who really cares about that? Like the old adage your parents told you, “If everyone wanted to jump of a bridge, would you?”
That’s about the only “reasoning” behind the “market share” argument anymore.
Two words for you, my Windoze loving FRiend:
market value (Mkt cap)
Apple Inc.
Open: 123.84
High: 126.70
Low: 121.57
Volume: 16,268,573
Avg Vol: 18,718,000
Mkt Cap: 113.00B
********************************
Microsoft Corporation
Open: 20.33
High: 20.60
Low: 20.24
Volume: 45,440,230
Avg Vol: 68,277,000
Mkt Cap: 183.33B
******************So, lowly Apple is only worth 2/3 of what the giant Microsort is worth, and their shares are only 600+++% of MS....
Yep, they are doing something wrong at Apple! /sarcasm
Maybe, maybe not.
I don't like to get into the argument that "Windows made computers easy". Why? Because the whole subject is a matter of opinion anyway. Besides, even if Windows had never been written we would still have a computer in nearly every home and office. :)
If you wanted to maximize chaos and hurt lots of people, tainting Big Macs would be a good way to do it.
“I don’t like to get into the argument that “Windows made computers easy”. Why? Because the whole subject is a matter of opinion anyway.”
Opinion? The vast majority are windows. Apple was going downhill and of little use.
” Besides, even if Windows had never been written we would still have a computer in nearly every home and office. :)”
You call the fact that windows mnainstreamed computers to be opinion but then state we would have computers everywhere even without windows.
Prove it.
So says the guy using a liberal icon.
<<
So says the guy using a liberal icon.
>>
As opposed to that stalwart conservative, Bill Gates?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.