Tuesday, December 02, 2008

lifehacker's mac anti-virus poll

if there's one thing that never fails to disappoint me it's the failure of the wisdom of crowds principle to work when it comes to malware-related topics, and this ask-the-reader style post on lifehacker lives down to that standard quite well...

you've got some people like astrosmash saying "There are no OS X viruses" - which ignores both the fact that there are in fact os x viruses (osx/leap.a is an overwriting file infecting virus, among other things) and the fact that anti-virus software targets non-viral malware too (of which there has been more than a few for the os x platform)...

you've also got people like texizboy saying:
I don't run A/V on some of my windows machines. All boils down to common sense in my opinion. Webmail services have helped out on this front also, to give credit where it's due, I believe there are less viruses getting around due to them.
despite the fact that email is just one of many different attack vectors that malware have been known to use for some time now, and despite the fact that not all malware is obvious enough for common sense to help (nevermind what they say about common sense)...

then there's people like kilianamphitrite saying:
The real strength of the Mac is that in general, when a Mac is running an untrusted bit of code, it is not doing so with system management privileges. Most of the time (and especially for home systems) Windows users run untrusted code as privileged users.
which incorrectly assumes that you need privileges to do bad things... a lot of windows malware depends on privileged access not because it's necessary for the ultimate goal of the malware, but rather just because such privileged access was almost always there so malware authors didn't have to think of alternatives...

on top of that you've got people like insomniac who says:
The idea of "Mac/Linux/Unix do not have enough market share so people don't develop a virus for them" is only partially true. Unix and Linux based systems are just a lot more difficult to infect because of their architecture and security design than a Windows machine (Vista does a much better job than previous versions of Windows).
which ignores the fact that the first academic treatment of the computer virus phenomenon back in the early-to-mid 80's had viruses successfully spreading in a professionally administered unix environment without aid from privileged users like root...

or how about sverrip who says:
I mainly surf around pages I trust, and don't download and open setup files like "Free-XXX.exe" on my Windows machine.
apparently ignorant of the fact that there is no such thing as safe/trustworthy sites, not to mention ignorant of the existence of the drive-by download vector... even the cbs website can serve malware to unsuspecting victims... and it's not like macs are immune to drive-by downloads - remember the safari carpet bombing flaw?

sad, isn't it? that people believe these fantasies about why they don't need anti-virus software on their mac (or in some cases even pc) computers... i have my doubts as to whether apple's quiet urging of people to use av is going to do anything at this stage of the game... the baseline level of ignorance about malware issues was bad enough but add to that apple's previous arrogance (which no doubt resonated with a lot of their fans) about security and the damage done is all but complete - the only thing left to do is wait for the fallout...

2 comments:

Didier Stevens said...

And AV also protects you during drunk web surfing sessions. ;-)

Can't always rely on your brain to take the correct decision everytime.

kurt wismer said...

ha - that sounds like the voice of experience...

i wouldn't have thought of drunk browsing (i suppose it can be as regrettable as drunk dialing) but that's a great point... i'll have to remember that one in future...