It appears that Apple can’t do anything these days without confronting the “Big Spin!” from certain journalists who seem to type faster than they can think. Take the most recent Security Update for Panther and Tiger users. It contained loads of fixes for security-related issues; over two dozen, in fact, for 10.4 users.
While I don’t want to minimize the importance of security leaks that cover networking, Internet access, image files and so on, there’s one compelling fact about all this: There is no published report, anywhere, indicating that anyone has been harmed by any of these issues! Not one!
That takes me to a certain misleading article entitled “Cybercrooks constantly find new ways into PCs” from USA Today’s Byron Acohido. On the surface, you’d think it covers the newest techniques used by these Internet criminals to hack into personal computers, but a lot of it spreads more unvarnished fear-infested nonsense about the vulnerability of Macs to malware.
The spin starts with two quotes from Marc Maiffret, who is identified as “lead researcher at security firm eEye.” The first is that “it’s more than a Microsoft world,” which sounds innocuous enough on the surface.
Then Acohido uses the next sentence to frame his argument: “People are starting to realize it’s a lot easier to find vulnerabilities in third-party software that doesn’t have the level of scrutiny of Microsoft’s products.”
The implication here is that hitting targets that are not normally on the radar may be a better way for criminals to succeed at their dirty work. This seems true, so far as it goes, and it doesn’t seem to be an effort to trash Apple. But it comes soon enough.
First there is the report that “since January 2005, Apple has had to fix 65% more security holes than Microsoft,” listing 262 vulnerabilities for the former, compared with 157 for the latter. Mozilla had 150 and Adobe had 45.
Aside from Microsoft, how many users were actually infected by these security holes? Acohido quotes Apple’s Lynn Fox as saying that “There has never been a widespread attack on any software Apple has produced.”
Is this being disputed? Well, Acohido points claims that “At least two Apple attacks have been detected this year,” and mentions the infamous iChat virus, Oompa-Loompa, as one of them. He doesn’t include the known fact that the worm, which masqueraded as an alleged set of photos of the next version of the Mac OS, maybe impacted a few hundred people at the most, and then only on local or Bonjour networks, not on standard iChat connections, which use AOL’s AIM network.
Throughout the article, you’ll find claims about potential infections, not reality, and, when you ignore the spin, you come away with the same conclusion: Malware still affects Microsoft’s operating system and applications. While there are security leaks elsewhere too, the Cyberbrooks aren’t necessarily using them as alternatives to gaining control of PCs.
In other words, the title and the implication in the article that Macs are in immediate danger are basically false!
Update: The September 2006 issue of Consumer Reports continues the FUD. In an article on “Cyber Insecurity,” it is estimated that the total damage caused to personal computer users in the U.S. in the past two years is $7.8 billion. Fair enough, but the anonymous authors don’t make any effort to break down the damage so the reader knows which computing platforms are affected, and to what degree. To muddy the waters still further, the article spreads the illusion that Mac users are impacted, stating that “far fewer Macintosh users reported such infections” and goes on to list alleged vulnerabilities with Mac OS X and Safari.
Sorry, Consumer Reports, but that won’t cut it. That horrendous damage figure is all Windows, despite your implications to the contrary.
However, this isn’t to say that a Mac security leak can’t or won’t be exploited. It would be irresponsible to suggest that it can never happen. But as long as you and I remain vigilant, and Apple continues to plug holes whenever they are found, the dangers will be reduced.
At the same time, I would recommend that, if you share files or mail with Windows users, do everyone a favor and install some Mac virus protection software. Even if there’s no immediate threat to Mac OS X, there will be, and the companies that develop this software will protect you as soon as they learn about it. In the meantime, you’ll be protecting the people you know who use Windows, because these same programs also block infections that impact that platform too.
When it comes to virus protection, my favorite right now is Intego’s VirusBarrier X4. It seems to have little or no impact on system performance, and doesn’t add lots of junk to your operating system.