What's easier to manage — 200 Mac OS X systems without antivirus or 200 Windows systems running a leading antivirus package?
"We're processing gigabytes of malware daily," says Alex Eckelberry, Sunbelt Software. (Source: Sunbelt Software)
The question came up during a discussion I had at the Ruxcon security conference at the University of Technology Sydney last weekend. I was chatting to independent security researcher Nishad Herath about Morro and why Microsoft decided to give the software away for free.
Herath reckoned at least one driver for Microsoft was that some "security conscious" organisations — law enforcement agencies etc — were increasingly turning to Mac OS X because managing malware was easier on a Mac than on Windows.
With Morro, Microsoft would level the playing field with Apple when it competed for this type of business, Herath hypothesised.
"I did a bit of research into this," said Herath. "I found that because of the high volume of malware directed to Windows environments [in general] and the significantly lower stream of malware targeted to OS X, they [OS X administrators] had an easier time detecting malware."
At least some administrators would rather deal with targeted attacks than the possibly millions of accidental pieces of malware that might affect what are likely to be a pre-Vista Windows systems.
Cisco's chief security officer, John Stewart, raised a similar question about antivirus at this year's AusCERT conference. Stewart wondered why businesses were spending money on antivirus when they were still clearly spending money remediating malware-affected systems. He called the "cost equation an entire waste of money".
But these are strange times in computer security. Administrators know phishing and browser-related attacks can work against users from both camps; so it's not as if by deploying Mac OS X, users are immune to all threats.
But if part of your job is to prevent malware, you can't escape the fact that PC-targeted malware has exploded while predictions of the same fate for Macs have not materialised.
And if antivirus is your answer to malware, what about flaws affecting antivirus software? Is there any product that hasn't suffered an exploitable flaw? Norton? McAfee? Trend Micro? ClamAV? Kaspersky? Here's a link to a search on our record of AV software where flaws have been discovered.
As Herath pointed out, "introducing any additional code in to the system increases your attack surface".
Meanwhile, antivirus vendors such as McAfee have all but admitted that they can't keep up with the volume of malware being generated for PCs. Malware has also put Symantec under pressure to create less intrusive security software.
While some elements of a security package are worth the cost, the commoditised component of it, the bit that Microsoft has promised to give away in Morro, is clearly not. Morro is the nail in the coffin for this cash cow.