For years Apple fanboys have been using the security benefits of using anything other than a Windows machine as justification for their dogmatic view around Apple products and services.

Of late I’ve been hearing more reports of viruses specifically targeting the Apple operating system – surely this is a function of the rising popularity of the products out of Cupertino – the more popular they become, and the more fanboys proclaim the security benefits of Apple products – the more motivated the dark knights of virus, phishing and spam infamy will be to invade the Apple products.

It was interesting to see then that Apple’s seriously plagued MobileMe service has been the target of a phishing scam.

Yet another nail in the coffin of the fanboy’s dogma?

2766152822_dfb86b55f1_o

Ben Kepes

Ben Kepes is a technology evangelist, an investor, a commentator and a business adviser. Ben covers the convergence of technology, mobile, ubiquity and agility, all enabled by the Cloud. His areas of interest extend to enterprise software, software integration, financial/accounting software, platforms and infrastructure as well as articulating technology simply for everyday users.

13 Comments
  • Yes, but… A phishing scam is an attack on a naive/greedy person – not on a software or hardware flaw.

  • It’s attacking naive/greedy persons by taking advantage of a software flaw. So it is Apple’s fault, and they will likely have many more issues, especially with the iphone and the iphone store. The apps that are being allowed to be sold on there are a joke, and there is no quality control at all.

  • Oh dear. More fud from the fairies.

    Please provide some references for *accurate* virus threats on the OS X platform.

    No OS vendor can protect people fully against stupidity (as Mauricio observed), yet this is what you are suggesting Apple is failing at.

    BTW Ben have you seen the new iPhone plans? Enough datapoints to suggest a trend to you? :O)

  • Robin – I apologise – rather than saying Apple OS I should have said Apple products. However semantics aside, for years I’ve been berated by fanboys saying that “Apples” (all apples) were better than the other because they didn’t get attacked by viruses or whatever. Fanboys seem to think that the halo surrounding anything emanating from Cupertino is impregnable.

    What I’m saying is that attacks like this show up ignorant dogma for what it is – sure you can say Apples are better because they’re sexier or whatever but glib, dogmatic and generalistic statements don’t help anyone

    Capiche?

  • What you linked to – as I understand it – was a phishing email. The same sort that targets banks, Paypal and other services where basically people use one website to impersonate another in the hope of stealing credit-card details, etc.

    This has zip to do with Apple, Apple OS, Apple security, or the price of fish. It doesn’t show up any dogma whatsoever.

    Regarding fanboys and Cupertino: straw man.

    I can tell you, however, that “Apple OS” has quite a different architecture to Windows of any flavour. It is inherently harder (an order of magnitude) to infect with a virus/trojan/ than Windows. So much so that you’d have to be pretty paranoid on OS X to even bother with AV.

    Bah! Who’s peddling “glib, dogmatic and generalistic statements”? References please …

  • @robin… I don’t believe it. any “drive by download” could entice a Mac user with, let’s say “a new Skype beta”, which after being download AND EXECUTED BY THE USER actually runs a trojan in the background.

    Just like the actual Skype client or the MSN Messenger client, users on Mac have all the power to install programs that can actually do some damage. There’s no OS that can fully protected against users clicking the INSTALL button and then entering their passwords.

    The fact is that malware developers target Windows OS because there’s a much bigger user based around the world – so it’s just economy of scale.

    I wouldn’t trus any OS.

  • @ Mauricio

    To be clear: any OS that allows a user to do anything potentially destructive is exposed to the type of attach you describe is potentially at risk.

    But it is a matter of degree. In OS X under the scenario you describe the trojan would certainly be limited to that user’s documents. The potential for infection or compromise of that computer is so much more limited on OS X providing the user doesn’t provide the virus/trojan/whatever with an admin login. Ordinary “Users” on OS X do just that: USE the damn computer, and relatively safely compares with the alternatives.

    The fact is that yes there are more Windows-type OS installs and therefore many more potential victims for miscreants but at the same time, the resources that Microsoft have dedicated to creating as safe an architecture for their OS as desirable (key word; security and usability are a balance) are simply pathetic and they know it. Compare with OS X which has a much more comprehensive security-aware architecture for a smaller install base.

    I don’t accept for a moment either that Microsoft couldn’t do better if they wanted, or that if OS X *just* benefits from the fact its market share is <10%.

    My claim is *not* that OS X is 100% safe (as you observed, no OS is) but even if the install base figures were reversed (Windows / OS X) you wouldn’t see the same scale of compromise with OS X that you do with WIndows.

  • @robin… This is more of a problem brought upon us by developers.

    If you read the security bulletins issued Microsoft you will see they (most of them, I don’t read all to know) have the “in the user context” clause meaning the malware is limited to the user logged in. The problem is that most programs only run as Administrators because developers couldn’t bother update their applications to run under a user context.

    Now, if a trojan or worm is installed on a Mac OS machine by users that click install and enter their password on the install dialog, what could prevent the program to spewing out mass e-mailings or being part of a botnet engaged on a DDoS attack?

    Nothing really.

    My point is that while some malware use stealth behaviour, many users don’t even know what to look for.

    If a Mac user installs such a program and the install exist with “Sorry couldn’t install” but it actually drops a trojan in the startup, what the user knows?

    Actually, if you read the Apple updates you will see they issue a few security updates every month. not one or two, but many more. These are exploited because people don’t want to. We saw proof of concepts in security competitions and events where Mac OS machines were “pwned” because of vulnerabilities in third party software.

    Anyway, we both agree there’s no such a thing as a secure OS, so I will stop at this.

  • No such thing as a secure OS, correct. It is a matter of degree, and that is my point.

    BTW Apple releases security updates on the run while MS as a rule release in packages (I know which I prefer). Your “many more” comment is incorrect in fact. I receive these update notifications and I can tell you that,in contrast to your inference, they are relatively infrequent. The proof of concepts you refer to are largely (but not exclusively) bogus and part of the myth and confusion to which I refer above.

    Bottom line: it’s not a religious argument, but one of usability, a balance of security and utility, and lastly, good taste (or a lack thereof).

  • Back in April a couple of guys managed to get control of the just released Macbook Air in two minutes http://www.macworld.com/article/57481/2007/04/machack.html and http://www.infoworld.com/article/08/03/27/Gone-in-2-minutes-Mac-gets-hacked-first-in-contest_1.html. It doesn’t look bogus to me.

    I have two Apple machines at home (iMac and Mac mini) and I am contemplating buying a Macbook Pro while here in SFO (the Apple store is across the street from the hotel and I can see it from my window) so I know how it works. I am just real about these things – I use them, but don’t preach them πŸ˜‰

  • @all

    I have to admit I’m out of my depth here – but glad I started this interesting conversation. My bottom line is that I love Apple as a brand and for its design – I don’t however love being preached to by Jehovas Witnesses, eco warriors or Apple fanboys

    (oh and Robin I’m not accusing you of preaching either)

    nice

  • @ Mauricio: you should be ashamed of yourself! That’s no proof of concept, and as far as we know the attack gained access to the user account, which is a far cry to gaining control of the computer (unless it’s running Windows, for the reasons you outline above). If you “know how it works” you would see the inherent differences in a second. They are significant, but will not protect you or anybody else from a lack of commonsense.

    @ Ben: Sounds like you just don’t like being preached to by anyone. Fair enough. Personally, I don’t care. Some of those JWs have some interesting ideas (don’t go jumping to conclusions – you’d probably be wrong!).

    Cheers

  • @robin – correct – the only preaching i like is my own

    πŸ™‚

Leave a Reply to robinCancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.