Apple malware is a foreign country...

Picture this: some monstrous creature out of a fairy tale arrives at your house, knocks at the door, is let in, and abducts your wife away to the circus. What do you do? Well, if you're PCWorld or some of its readers, you blame the house builder...

Share

Picture this: some monstrous creature out of a fairy tale arrives at your house, knocks at the door, is let in, and abducts your wife away to the circus. What do you do?

Well, if you're PCWorld or some of its readers, you blame the house builder for not encouraging the purchase of after-market anti-malware products.

I am torn by the PCWorld article - not just because it's another IDG site - but because it has helped me better understand the underlying problem in the recent hoohah about Mac Defender - and through gritted teeth I have to admit that they sort-of have a point... but it's presented the wrong way.

First I'll present my old thinking which some may regard as Mac-propaganda but I've been running Unix and Linux at home since 1993 - and at work since 1988 - and the observations apply to both:

  • Mac OSX (indeed all Unix platforms) are highly malware-resistant; the security model of Unix is very good, coming from a multiuser heritage where it is a pre-requisite to have strong walls separating users, and to keep users away from privileged operations.

  • If you consider traditional PC viruses - which I define as malware that self-propagates as static data or via execution of infected static code - then there are far fewer viruses on Unix-based platforms. This is not due primarily to "lack of popularity" - a common excuse by Windows fans - but mainly because of several factors of Unix heritage: the inaccessible superuser owns the bulk of the codebase, software is frequently open-source and variations in software revision make binary patching hard, permission bits may need to be set, and so forth.

  • By contrast: Unix users fear security failures in network daemons far more than viruses; a series of network daemon buffer overflows enabled the Morris worm of 1988 and set the blueprint for Unix security risk for the next 20 years, and as recently as 2007 Solaris got hit by a worm - malware that self-propagates by infestation of network-connected code that is currently executing.

In short: Windows systems are famous for suffering viruses - threats where third-party anti-malware software may be of help by mitigating risk until the vendor can fix the vulnerability - whereas Unix users, including Mac users, tend to fear network buffer overflows - threats where anti-malware software will not be of any help.

But the new problem is in the increasing third class of malware: the trojan horse where users bring malware into the system - or access it over the web - and thereby compromise the security of their systems and data.

Whose fault is this? We might blame the user, or those responsible for the user - eg: the parents; or we might blame browser manufacturers for not making their software artificially intelligent enough to save the user from doing something stupid. Even if there was a popup like:

FOR GOD'S SAKE DON'T CLICK ON THAT LINK YOU FOOL! DON'T YOU REALISE IT'S A TRAP? IT'S NOT REALLY ANTIVIRUS SOFTWARE IT'S A SCAM! IT'LL DOWNLOAD SOFTWARE AND TELL YOU TO INSTALL IT! AND THEN IT WILL STEAL YOUR CREDITCARD INFORMATION! THEY MAY EVEN TELEPHONE YOU! OH THE HUMANITY!

...it would probably still be ignored.

My take is that there are always two parties to blame - one for the message and one for the medium; the message blame is due to the malware author - if they didn't create it then there would be no malware. The other half of the blame is due to the medium in which the malware propagates - the person who created the buffer overflow, the administrator who removed privilege requirements from a system... or the person who opened the gate to a trojan horse.

So: is there an argument for putting anti-malware software on a Mac? Perhaps.

Some users could benefit from nannying - but speaking as an educated user I don't think I need it. At some point doubtless my Mac will be thrashed by a virus using some subtle buffer overflow in Mail.app attachments to re-mail itself to several dozen of my friends and pillage my system for sensitive data ... but that could happen in a dozen other ways too, and there'd be a tremendous cost in usability and performance between now and then...

Oh to hell with it. I'll survive without.

Follow me as @alecmuffett on Twitter and this blog via the RSS feed.

Find your next job with computerworld UK jobs