An Apple a day keeps the viruses away? - TechCentral

An Apple a day keeps the viruses away?

[By Alistair Fairweather]

If you’re one of the planet’s approximately 1,6bn Microsoft Windows users, then chances are you’re pretty used to viruses. They come at you from every angle — e-mail, websites, flash memory sticks — and if you’re sensible you have some sort of anti-virus chugging away in the bottom right-hand corner of your screen.

That’s never been true of Apple’s Mac range. Ask many seasoned Mac fanatics about anti-virus software and they will snort: “Macs don’t get viruses, man, everyone knows that.” But that changed earlier this month when one of the first Mac viruses was discovered “in the wild”.

I say “virus” but to be strictly correct it falls into the broader category of malicious software (or “malware”). Unlike a virus It doesn’t spread secretly and automatically by hijacking communications between users. Rather it relies on the user giving it permission to do its dirty work.

But who would give it permission in the first place? That’s the whole trick: the malware masquerades as anti-virus software called Mac Defender. It lies in wait on fake websites built specifically to attract Mac users and, when they visit the site, “warns” them that their beloved computer is infected with a virus. When, in a panic, they click any of its buttons, the malware installs itself.

Luckily this particular malware is fairly benign, simply nagging you to supply it with credit card details to “register” it and refusing to remove the threats it has “detected” until you do so. Unless you supply those details you are in little danger of losing anything. If you have given it your credit card already then for goodness sake get it cancelled immediately.

Although it took three weeks, Apple has now issued instructions on how to remove the malware. That seems pretty slow, but is still extraordinary. If Microsoft had to do that for every Windows-based virus, they would get nothing else done. That’s why the PC security business is worth tens of billions of dollars — a lot of people need a lot of help, constantly.

The only entertaining thing about this development is the ensuing cat fight between the Mac devotees on the one hand and the Windows loyalists on the other. Just before news of the infection surfaced, Ed Bott — a perennial Microsoft booster — warned that “serious malware” was about to hit the Mac world. John Gruber — an even more staunch Apple supporter — scoffed at this idea.

In Gruber’s defence (and bad timing aside) this same refrain has been heard for literally decades and has never borne any of its poisoned fruit. There have been breaches here and there, but Apple has always moved quickly to seal them.

What’s different this time? It may simply boil down to market share. For decades Macs accounted for less than 2% of the world’s market for computers, now they account for nearly 8% worldwide and nearly 14% of the developed world, and that number is growing rapidly.

Creating malware is a skilled and time consuming process, and virus architects want a decent pay off (either monetary or ego boosting). Why aim at 2% of computer users when you can aim at 90% of them?

The Internet is also a vital component in this security breach. As the world of computing has become more interconnected, so these threats have become global. This merely mirrors our physical reality. The first truly global plague was the flu epidemic of the 1920s. Why? Because rapid intercontinental travel had become relatively commonplace for the first time in history.

But, as Gruber points out, this isn’t really a virus at all. It relies on the ignorance and credulity of users — factors that no amount of anti-virus technology can ever cure.

Will a “true” virus ever hit the Mac world, one that spreads like the biological plague it was originally named for? Mac lovers are still dismissive of this idea. They argue that, user stupidity aside, Macs are simply better built and that makes them immune to infection.

As a besotted Mac owner I’d like to believe them. The cult of Jobs is an alluring one, and it’s always tempting to feel superior to your fellow man. But writing an operating system completely invulnerable to viruses is like building a bank that’s impossible to rob.

Everyone knows the money is there and even if they have to resort to hijacking armoured cars or holding the bank manager’s family hostage, motivated thieves will find a way in. Until now, Apple’s bank has been small, safe and well staffed enough to avoid being knocked off. But, given that they were recently crowned “biggest technology company in the world”, the honeymoon is probably over.

5 Comments

  1. “one of the first Mac viruses” – Really? Here are two lists which tend to disagree heavily with that statement:
    http://macscan.securemac.com/spyware-list/
    http://www.iantivirus.com/threats/

    “ignorance and credulity of users” – I would say that of anyone, regardless of platform not having a anti-virus solution.

    “Macs are simply better built and that makes them immune to infection” – MacOSX being based on Unix has a inherit additional security, that being you are never root (unless you escalte to it) this limits the attack surface in a major way. Linux has the same advantage. Windows, until Vista, lacked this and even now many people turn it off. On Windows Vista or Windows 7 with UAC enabled the security is fairly equal. However all are still vunerable to viruses that spread through vunerabilities in the OS and stupid users.

  2. >>Although it took three weeks, Apple has now issued instructions on how to remove the malware. That seems pretty slow, but is still extraordinary. If Microsoft had to do that for every Windows-based virus, they would get nothing else done.

    That’s why MS offer a free anti-malware and anti-virus product, that it injects into Windows Update. They *DO* issue instructions on how to do it: “download our protection product”. I’m sure they get tons of calls about Malware/AV. I’m sure that Apple will do exactly the same thing when there’s enough threats out there to justify doing it. They already include a rudimentary AV built right into OSX.

    3 weeks of denial followed by a half-hearted response is what we’ve come to expect from Apple. Par for the course.

  3. Yea life’s too short to pay to avoid (and compromise & muck with viruses), worms, trojans, malware and spyware. If you get any of the above on a mac, send me a postcard.

    It’s profoundly ‘good living’ with Apple. Enjoy.

  4. >>MacOSX being based on Unix has a inherit additional security, that being you are never root (unless you escalte to it) this limits the attack surface in a major way.

    That was true until about an hour ago.
    http://arstechnica.com/apple/news/2011/05/new-mac-defender-malware-variant-drops-admin-password-requirement.ars

    Things just got interesting. Looks like the first user you create on osx gets some admin permissions and this is used to run installs as root without asking. As I’m sure the malware writers are saying: “It just works.”

  5. Interesting one. There was always Melissa back in the 90s that effected Macs.

    My query lies when everything is cloud based and someone infects a server there. Carnage!

    Mac virus problems were bound to happen at some point. It’s just nice that we could wait 20+ years before needing to do a single thing.

© 2009 – 2019 NewsCentral Media