Tuesday, April 17, 2012

Mac Users Looking to Point Fingers Over Malware

Apple marketed its operating system software a...
Apple marketed its operating system software as "Mac OS", beginning in 1997. (Photo credit: Wikipedia)
There has long been this idea that Macs simply "Don't get viruses." It's long been the most popular argument that Mac users love to bust out when they're backed into a corner during a Mac Vs. PC debate. I've been warning my friends for years that this myth is just that, a myth, and they need antivirus software, some went out and picked up some good software, the rest didn't listen to me, and now they're complaining about their Flashback infection.

Not only are they complaining, but they need somewhere for the blame to go (because that's how humans work, nothing can be our fault). Fingers are flying in every direction and I'm afraid to pull out a cheese knife for fear of the repercussions. There are those that insist it's Java's (and therefore Sun Microsystems') fault, while Sun is very quick to point out that Apple has maintained their own Java distribution for years and was responsible for providing a patch (Sun had provided a Windows patch weeks before Flashback was discovered). Even if they would have wanted to, Sun could not have provided a fix for Mac users, and even if they had, Mac users couldn't have installed it.

At the very heart of the problem the blame can be pushed toward Apple. Their under-handed strategy of marketing the Mac as being "Problem Free," "More Secure," and "Virus Free" have lured users into this sense of security, where not enough actual security really exists. But there has to be truth to the statements, right, or they couldn't say it, could they?

Well, yes and no. Mac is essentially a BSD distribution with a fancy interface added, so like most *nix systems it has a native implementation of a firewall that Windows never really had. It's because of this that Apple has been touting the amazing security of their Macs. It helped, for a long time, that Macs weren't really all that popular and not worth targeting with viruses and other malware. Mac users account for at least 20% of the Desktop market and are now being seen as worthwhile targets.

Sun (Photo credit: ¯/¯ / /\/)
At the same time though you could say that Java shouldn't have left a vulnerability in their software, and you're right, they shouldn't have. Sun did, however, manage to push a patch live before Windows users were exploited, they also don't market Java as being perfectly secure. The blame again can fall back to Apple for waiting weeks, yes weeks, to provide a patch for the Java vulnerability.

At the same time though, the Mac users should have had Anti-virus software installed. It exists for a reason, and it's because Macs do get viruses. Any kind of AV would have made quick work of Flashback, if only it had been installed. But perhaps this will fix the misconceptions about Macs not getting viruses and being "problem free."

The truth is, we share the blame here. It's the job of your OS vendor to do everything they can to keep you safe, the job of the software vendors to deliver secure and safe software for us to use, but at the end of the day, you're the final line, the last person on Earth who has any chance of protecting your computer from the constantly growing and evolving pool of viruses and other "bad"-ware. After all, a few bucks for AV software is a tiny price to pay to protect that over-priced pile of hardware on your desk.


  1. A few things to consider:

    AV software both costs money uses resources, and potentially quite a lot of it. To block one malicious application every couple years, it doesn't seem worth it.

    This is by no means the first time OS X has suffered from malware. Apple have made some improvements in Mountain Lion (well, will make them: it hasn't released yet) that should stop malware, called Gatekeeper - it stops apps from being installed unless they have been verified by Apple. The best Mac haters will find ways to turn that against Apple, but it's a security feature.

    Viruses and malware are not the same thing. Sure, AV software blocks malware (usually), but it still isn't the same thing. A virus is a malicious application which exploits a bug in the software in order to install itself, and malware is a malicious application which tricks the user into installing it. You seem to have used the two terms interchangeably in this article.

    1. There is, very soon, going to be an onslaught of "bad"-ware for Mac users to contend with and you're going to need AV software.

      I used Virus and Malware fairly interchangably because honestly these days there's little distinction for most people unless you're a security expert or you work (or play) in the IT field.

    2. Oh, and I use Avast! which is free for home use and keeps me secure, no infections to date.

  2. nice opinion.. thanks for sharing..