Saturday, March 11, 2006

mac computers and viruses

there's been a lot of coverage lately of the issue of mac security, unix, and viruses, and i think it's time to dispell a few myths...
  1. macs are immune to viruses...

    they most certainly are not... OSX/Leap is an overwriting virus and instant messenger worm that operates on the mac osx platform...

  2. macs were immune to viruses...

    they were never immune to viruses - no general purpose computer system can be immune to viruses...

  3. macs were virus-free before OSX/Leap...

    OSX/Leap wasn't the first mac virus, it was just the first virus for mac osx... previous versions of the mac operating system had other viruses... not to mention some ms office macro viruses were able to operate on macs just like on windows machines, because ms office is a platform in and of itself...

  4. the fact that it took so long for mac osx to get compromised means that mac osx is more secure than windows...

    it actually means no such thing... because of the smaller user-base a compromise of the mac osx platform has less payoff for the attacker community, therefore they aren't as interested in it, therefore there are fewer people working on it, therefore there are less man-hours going into the effort, therefore it takes longer and/or has a lower probability of success... mac osx may or may not be more secure than windows, but the key to it's apparent resistance to attack is that it's a lower risk platform (there's a big difference between security and risk, but i'll leave that for another time)...

  5. mac osx is more secure and/or immune against viruses because it's based on unix...

    the first academic study of viruses was carried out by fred cohen on a professionally administrated unix system and the virus(es) still worked (see this paper for details)... unix is just as capable of supporting viral infection as any other OS...

  6. mac osx is more secure than windows...

    maybe (and so this isn't technically a myth) but that doesn't mean there aren't security vulnerabilities or that mac users don't have to worry about security... with the release of viruses for the platform and the discovery of arbitrary code execution exploits it's clear that macs have many of the same security problems that windows has and as macs become more popular more and more effort will go into finding them... also consider that, due in part to these myths, mac users are less accustomed to thinking about security and so can be fool by less sophisticated ploys... users are a big part of the security of the system (often users are the weakest link in that security) so mac users really should not be taking security lightly as they're at greater risk than they probably realize...

0 comments: