Apple Quietly Recommends Antivirus Software For Macs 484
Barence writes "After years of boasting about the Mac's near invincibility, Apple is now advising its customers to install security software on their computers. Apple — which has continually played on Windows' vulnerability to viruses in its advertising campaigns — issued the advice in a low-key message on its support forums. 'Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.' It goes on to recommend a handful of products." Reader wild_berry points out the BBC's story on the unexpected recommendation.
a way to make money (Score:4, Interesting)
is this a scare tactic for apple to push some payfor software and get people to buy it. or have apple started to loose confidence in their operating system? or even worse, do they know something we dont? are they expecting an attack?
Re:a way to make money (Score:4, Interesting)
Sophos (Score:5, Interesting)
Interestingly enough... to date, they have only detected MS based viruses.
Re:a way to make money (Score:5, Interesting)
Maybe the Mac has starting to reach that point where virus writers and security aficionados have enough a base to target their efforts?
Perhaps, but I am still waiting to see a real "virus" that hits MacOS. There's been a few trojans (such as the one mentioned in TFA), but nothing that qualifies as a virus yet as far as I know. It is likely much harder to write a real virus (rather than a trojan) for MacOS than Windows as you'll need to find a privilege escalation exploit (need I say, without local access) in one of the standard services first, all of which tend to be pretty robust and having a core that comes from the open source and Unix worlds... as far as I know, there aren't any such exploits known right now.
Trojans can of course still be fairly nasty, as there's a lot of stupid users in the world (of any OS)
Disclosure: I do use MacOS X as my primary OS at home, but I'm definitely not a "fanboy" (I also have Linux systems at home and use primarily Windows at work - I consider myself "OS agnostic").
Re:Sophos (Score:5, Interesting)
When I ran a lab of Macs several years ago, we ran AV software on all the machines. It was mostly there to strip out the Word macro viruses that students would bring in from their home computers. I'm not aware of the software catching any viruses that could actually have done anything to the machines themselves.
Re:a way to make money (Score:4, Interesting)
I don't know why you want to wait, it will happen in time. This is not meant as a critique of Apple in anyway, I am of the belief that over a long enough time frame, with enough market penetration, Mac viruses will become more common. It's not that Macs are inherently that much more stable, rather the market penetration is such that it makes more sense for people creating malicious viruses to focus on the PC instead. Why create a virus that only hits 7% of computers when you can hit one that hits 85% of computers?
I also would wager that the Mac OS is probably a bit more secure than Windows, because well, it's Windows...that being said if there's enough code there will be mistakes that can be exploited that's the nature of the human element.
My campus requires it (Score:3, Interesting)
As macs are being used in Enterprise environments they can harbor virus infected files silently before going back into the network. One computer that missed new definitions can be taken down when that file gets passed to it. Its up to you but if you are in Enterprise situations you better comply.
As for multiple AV systems, that is retarded. They will fight for resources and cause performance to be brought down. Just pick one and run with it. If you want.
Re:Herd Immunity (Score:5, Interesting)
Indeed. Just look at Linux. It had a great security record up until the start of this decade. Then, once it gained a lot of popularity on servers, we started to see millions of infected Linux servers, linked together in botn...
Oh. Well damn. It seems that despite being the near ideal target for virus-writers (always on, very fast links, powerful hardware), the most popular server platform on earth doesn't have a major virus problem. Huh. Maybe an OSs security record isn't directly linked to its popularity...
It's in the Details (Score:3, Interesting)
Re:Sophos (Score:3, Interesting)
The only Trojan I've ever seen for Mac was in a Word document macro years ago. The payload was empty if you opened the file on a Windows system, but on a Mac system it would try to wipe the drive.
Comment removed (Score:5, Interesting)
Re:Herd Immunity (Score:3, Interesting)
security was bolted on to UNIX too (Score:1, Interesting)
In the apt words of Dennis Ritchie, "One of the comforting things about old memories is their tendency to take on a rosy glow."
According to one of the guys who was there on day zero, UNIX was *not* designed from day one to be a networked multi-user OS and security and separation of concerns were *not* there from the beginning.
http://cm.bell-labs.com/who/dmr/hist.html/ [bell-labs.com] In the latter half of 1971 (nearly two years after UNIX's "day one"), "with no memory protection ... every test of a new program required care and boldness, because it could easily crash the system". Sounds like somebody describing Windows a decade ago, doesn't it?
Please stop parroting the fallacy that the reason UNIX is more secure is because it has always been secure. Security, networking ... these were later additions to UNIX too, the real difference is that the additions were better architected.
Re:a way to make money (Score:3, Interesting)
Mid 90's? so win 95? how did the security of Unix compare to the security of windows 95?
Maybe they stopped laughing at Unix security because they found something else that truly showed how bad security could be. :)
Windows security model (Score:5, Interesting)
No, the Windows problem was that to migrate from DOS + Windows shell to Windows NT, was a slow, painful 10 year process with LOTS of growing pains. Windows 4.x series (Win95, Win98, WinME) were supposed to be a singular OS before the transition to NT, and was created because the uptick to NT 3.51 was low because of the RAM requirements. The original plan was 3.1 for home users, NT 3.1 for "Workstations," and Win32s was released to let people target both OSes.
As we moved through Win 3.11 w/ Win32s -> Win95 -> Win98 -> WinME, the NT systems grew in popularity. Lack of advanced DirectX support prevented NT 4.0's being the transition, Win2K was close but price kept it out, and WinXP finally merged the OSes. By that point, it'd been 8 years or so since the first 32-bit programs came out. The ones targeted mass market, originally Win32s, and later Win95/NT4 libraries, were generally assuming the consumer version. On the consumer Windows, there WAS NO SECURITY model, so it was common for applications to assume lots of access. This meant that while NT 4.0/Win2K gained market share and had the security model from the NT system, the security wasn't used and users had full access to the drive, because the alternative was broken software.
To not break applications from 1995 - 1998, in the early 2000s we were still shipping OSes with most of the system being world writable.
So while Windows possessed a security model that could work, in practice, it was never implemented, because it required locking down the system on each system, so instead of protecting OS directories, we used the "bolt on" security like Group Policies, etc., to prevent users from doing things. I worked with a bunch of Citrix systems in the late 90s, and we were able to lock down those machines, because you were only talking about locking down a single machine or two, and the defaults were more reasonable. There was PLENTY of software that wouldn't run under Winframe 1.x/2.x gold (2.0 never shipped, Microsoft pulled the license, then bought it to ship Terminal Server and Citrix moved the addons into Metaframe), not because it required the NT 4/Win95 libraries (we could always confirm that using 2.0 Gold that was NT 4 based), but because it made assumptions about access that was reasonable for Win 3.11/Win95, but not NT based OSes. Citrix, targeting big budget Enterprises could get away with that, Microsoft reaching the entire market could not.
I assume that this has been fixed in Vista, but I haven't used it, I switched to Mac OS X in the mean time.
Re:Windows security model (Score:2, Interesting)
Isn't it funny how so many people here admit to not having used a Windows operating system since 3 or 4 versions ago, yet they also seem to be "experts" on how Windows security works. That would be akin to a Windows user complaining about how crappy Macs are now because OS 7.5 was so sucky.
Re:a way to make money (Score:5, Interesting)
Good points all, but I think you forgot one major aspect of the "market share" argument.
There hasn't been a true "virus" out there in the wild for years (to me, a true virus means self propogating malware - malware that modifies existing binaries and relies on those modified binaries being distributed). Instead there's a TON of malware intended on converting machines into botnet clients.
The vast majority of malware (maybe as much as 95% or higher) these days is really "crimeware" - software intended to aid in criminal activity (identity theft, click fraud,etc).
As a criminal, let's say that it's going to cost me $10,000 to hire some eastern european hacker to develop malware for my criminal enterprise (number totally made up). I get to chose which platform I have the hacker target - I can target Windows with 90% of the market, I can target OSX with 8% of the market or I can target Linux with 2% of the market (market share numbers also made up, but probably in the right ballpark).
That means that if I'm interested in profit (and this IS a criminal enterprise, so profit is the primary motive), I want to have my hacker target the platform with the highest ROI. That means that the hacker's going to go after Windows and ignore OSX and Linux.
As the Mac's market share increases, it is going to be an increasingly more attractive target for hackers, because the ROI is higher.
Re:Does a Mac AV program really do anything? (Score:3, Interesting)
It also detects apache worms. Back in the day SuSE shipped with a vulnerable Apache build and I had to clean a server. ClamAV made it simple to remove the worm, without my having to prune every directory by hand.
Re:a way to make money (Score:1, Interesting)
Agreed. Even with 5-10% of the market share, cybercrime is worth billions upon billions of dollars annually.
You can't tell me the reason the Russian Mafia isn't exploiting Macs is because they turn their nose up at anything less than a few billion a year.
Just think. A whole OS to yourself, full of people with more disposable income than PC owners and an attitude that their Macs are untouchable. The only positivist reason the Macs haven't been hacked is because they're designed to be more secure out of the box. You can't install a program without the password, ports are stealthed as standard. It's not because Mac exploiters won't get out of bed for less than ten billion a year... it's because there aren't any Mac exploits of this nature to be had, even for that amount of money.
Re:Um huh? Apple has always recommended protection (Score:3, Interesting)
Correct. They've always had a similar article, listing antivirus solutions. This is just an updated version with current products.
Re:a way to make money (Score:3, Interesting)
Windows NT, which was designed, from the beginning, to be "a multi-user OS connected to the internet".
[citation needed]
I will grant you that NT was designed to be connected to a network, but I find it incredulous that the designers had in mind a publicly accessible one, much less the Internet as we know today. Even Billy got it wrong in the first edition of The Road Ahead and had to revise his pontifications.
Re:a way to make money (Score:3, Interesting)
Depends - those "billions" of zombies have to be defended against other bot herders, are likely to have already been strip-mined of any useful identity information (e.g. the data has already been stolen and sold) and are highly liable to simply bog down and/or die, causing the owner(s) to get a clue and fix the thing(s).
Meanwhile, you still have all those Macs sitting there, with 99.9% (or so) of their owners perfectly oblivious to anyone putting it towards nefarious use.
Sure, you have to put more work in up-front, but once you get in, you get a much greater and more long-term return, and/or get some very quality information. Why? Well... one: the owner obviously has some ducats in his wallet - he bought a Mac. two: odds are very good that nobody else has pilfered the data. three: there's almost always enough resource horsepower to go around on a Mac, so you can get a lot done on one without alerting anyone --especially the owner/user-- that you're doing it.
No matter how you slice it, you simply get a better return on busting into OSX machines... but then, crims are usually too lazy to think such things through, no?
Re:a way to make money (Score:3, Interesting)
As a criminal, let's say that it's going to cost me $10,000 to hire some eastern european hacker to develop malware for my criminal enterprise (number totally made up). I get to chose which platform I have the hacker target - I can target Windows with 90% of the market, I can target OSX with 8% of the market or I can target Linux with 2% of the market (market share numbers also made up, but probably in the right ballpark).
That means that if I'm interested in profit (and this IS a criminal enterprise, so profit is the primary motive), I want to have my hacker target the platform with the highest ROI. That means that the hacker's going to go after Windows and ignore OSX and Linux.
As the Mac's market share increases, it is going to be an increasingly more attractive target for hackers, because the ROI is higher.
Sure - market share is one factor on ROI. But it's not the only factor. Another big part of ROI is how long you get to keep control [infoworld.com] of your target. If the target doesn't remain compromised very long, then you've wasted your resources (unless of course you only needed a short window - but that's implying a targeted attack and is beyond the scope of this conversation). The thing is, if you look at malware in the wild [wildlist.org], you'll find that there are plenty of examples for Unix malware but they just don't survive long (with one exception - more on that shortly). This makes Unix platform poor ROI performers for bot herders to target.
Yet that 8% of the market issue still persists. Is that a significant enough number to warrant interest from malware producers? I don't see why not. An 8% market still a sizable number of potential hosts - far larger than most botnets. The Witty worm demonstrated that not only will small numbers be targeted, but doing so can be very successful. If the Mac's 8% were fertile territory, it would be very much in a botnet herder's interests to target it.
We know 8% market share is suitable because botnet herders are going after smaller targets; namely the 2% Linux market. But there's some caveats to this. First - we're dealing with a very different mode of attack. Researchers at Sophos believe that the attack involves a 6yr-old piece of malware - a virus called Linux/Rst-B. But the interesting thing is that if the virus is being used, it's as something of a simplified rootkit. Hosts are either being intentionally infected by this virus to provide a quick root shell or the attackers are moving around tools that are unintentionally infected. In either case, the existence of this malware is due to an already bad situation. Secondly, we're probably not really dealing with 2% - its more like ~12% of the server market. So we're dealing with a larger market share but hardly the largest (still a strike against marketshare driving attacks).
So what is making Linux worth the ROI? Smaller numbers. Compromised Linux hosts are providing stable controllers for botnets. As one needs fewer controllers than zombies in a botnet, Linux fits the bill nicely. All one needs is a mismanaged server on a stable link and a controller is gained.
So what do we get with all this? Marketshare isn't the driver that people make it out to be. Numbers are important. But there are additional factors that add weight to that importance. In the end, it's all about ROI. And that determines whether a platform makes a good target.