• Explore the magic and the mystery!
  • The Tech Night Owl's Home Page

  • Discover the power of GraphicConverter 10

  • The Safety Through Obscurity Myth

    March 23rd, 2010

    In the early days of the Classic Mac OS, we had a few virus infections. I recall working at a design studio in the late 1980s, when we’d get loads of floppies that were infected by a so-called desktop virus. Without going into boring detail, the malware embedded itself into the desktop files used by the system to determine which application icons to display and which applications opened a specific document.

    That outbreak wasn’t terribly severe, the potential harm relatively minor, and one of several anti-virus apps available at the time would eliminate it, but we felt the obligation to let our clients know that they sent contaminated media.

    Over the years, the Mac virus repository reached several dozen, a tiny fraction of the outbreaks regularly recorded on the Windows platform before Microsoft ultimately decided they needed a “trustworthy computing” initiative to begin to set things right.

    The arrival of Mac OS X, a Unix-based operating system, was reputed to provide far greater native resilience to malware. Although there are Unix viruses, you don’t hear of them turning thousands or millions of computers into “spam bots,” where they spread junk mail misery or outright malware throughout the planet. The action is still largely confined to the Windows platform, and Microsoft’s famous “Patch Tuesday” is designed to fix problems before potential outbreaks can infect your PC; that is, of course, if they are applied. The big problem is that, because a patch may also break a few things in the OS, system admins are apt to hold off applying the fixes until they can do a proper round of testing.

    According to noted security expert Rich Mogull and others who have explored the state of Windows 7, it’s actually a pretty safe operating system, although you still want to install security software.

    When it comes to the Mac, you know that Apple sells several times as many as they did just a few years ago. With market shares moving into the upper single digits and low double digits, you have to wonder when the malware scourge us going to arrive. The usual excuse is that Internet criminals let the Mac slide because there weren’t enough users to make much of an impact. That may have been true when Mac OS X arrived in the spring of 2001, but not in the spring of 2010, where Apple sells roughly three million Macs every single quarter.

    This isn’t to say there are no Mac OS X viruses. Some are confined to the laboratory and there have been limited outbreaks. The most serious problem is the Trojan Horse, where a file masquerades as something you really want, such as an illegal version of a Mac app downloaded from a torrent site. You retrieve the file, install it, and you open yourself up to mischief. But that’s social engineering, and it’s possible to place something bogus and harmful in most any file that you execute or launch.

    There are also a smattering of Mac security apps designed to protect you from known malware and potentially serious files. I’m sure they work precisely as advertised, but the larger question is whether you really need them. Now some of these apps also guard against Windows-borne malware, and that’s where they might have some value, since it’s always possible you might accidentally send an infected file to a Windows user. Surely you want to practice safe computing, and you want to make sure they are protected even if you don’t approve of their use of a PC. On the other hand, the malware software they should be running ought to do that anyway.

    Of course, if you’re using a virtual machine app to be able to run Windows on your Mac, or even Apple’s Boot Camp, you’ll want to protect yourself. No, the Windows malware may not be able to wreck your hardware as it can with a regular PC, but they can still cause lots of grief if you run the system unprotected. Fortunately, both Parallels Desktop and VMWare Fusion come with a year’s subscription to an effective security suite, and installation is but a few clicks away. But don’t forget to renew after the expiration date. Having out-of-date security software is no better than having not at all.

    But if you never touch Windows, the need for malware protection on the Mac is not yet proven. Apple regularly updates the OS and key apps, such as Safari, with security updates. Sure it’s true that they have been heavily criticized for not acting fast enough to deliver immunity to newly-discovered security holes, so there’s always the potential for trouble. I would hope they’ll react faster, because, when it comes to a major malware outbreak on the Mac platform, it’s never been a question of if but of when.

    You may not need security software today, but you should be careful anyway, particularly when it comes to downloading software from unknown sources. And be ready to acquire a malware protection app should the need arise.

    | Print This Article Print This Article

    Tech Night Owl Comments

    Your email address will not be published. Required fields are marked *