Bits from Bill

Technology thoughts leaking from the brain of "Bill Pytlovany"

Sunday, March 05, 2006

Consumer Reports on Mac Spyware

As if to throw down a challenge, Jeff Fox from Consumer Reports recently insisted the Macintosh is “less hospitable” to spyware and it wasn’t just because the Mac had a smaller installed base. I mentioned these remarks last month in my report on Mac Malware at the recent ASC Conference on February 9th.  Ed Skoudis from SANS Institute, warned Mac users not to be lulled into a false sense of security. He noted that, “OS10 has had a number of significant security flaws” and that they’re not as widely publicized because they don’t impact as many people.

Apparently the Mac is more hospitable then Mr. Fox thought.  One a week later, Symantec discovered the OSX.Leap.A worm spreading via the iChat Instant Messenger program.  The next day, Symantec published information on OSX.Inquanta.A which uses an Apple Mac BlueTooth Directory Traversal Vulnerability.  On Feb 21st, SANS Institute reported about a “Serious flaw on OS X”  discovered by Michael Lehn according to Heise Online.

This past week I had 3 requests for a Mac version of our WinPatrol program. I’m sorry to report we don’t have a MacPatrol program.  I would recommend Mac users check their Safari preferences and deactivate the option “Open Safe Files after downloading”.  It would also be a good idea to visit and check out any security updates.



Share on Facebook


Anonymous Anonymous said...

So we have 3 instances of possible malware on the Mac. One affecting only iChat, a barely used feature, and the malware doesn't do anything. Another in which you have to be in blue tooth range, and it really doesn't do anything drastice either. And a software bug involving a misconfigured browser (not malware, a bug). And you don't think the Mac is more secure.

On windows hundreds of pieces of malicious code are still unpatched, some having been discoverd after years. A piece of Malware on Windows is generally not isolated to a specific app. And most important people are having their privacy compromised and lost massive amounts of money due to fraud.

To top it off Windows users are subject to significant system degradation by Malware, and by the massive resources the antimalware programs require, not to mention the hundreds of dollars in extra expense absolutely required if a Windows user wants even a chance of not being compromised.

I just read in information week that companies spend, on average, $1.5Million a year to battle malware and spyware. Yeah, Windows machines are cheaper.

The bottom line is Macs are more secure for 3 reasons. First, they are a smaller target. This will change and more attempts will be made. The second reason is difficulty. It is much harder to concoct malware for the Mac. This of course compounds with the smaller target. Finally, because of the way Mac (aka *nix) is designed the damage malware does is necessarily limited given a properly configured system (which it is out of the box).
These three factors, maybe only the last 2 going forward, make the payoff far too small to put the Mac at serious risk, ever.

And to top it off, the Mac is a far more productive and less expensive machine.

I wish you all the hapiness in your sheep pen.


7:51 PM  

Post a Comment

<< Home