'

Talkback Tuesday: Apple's AV non-announcement

I was traveling the eastern seaboard all of last week, visiting family, friends, and old work colleagues in Philadelphia, New York, and Boston, so I didn't have much opportunity to provide feedback to what had become the most heavily discussed blog post I have yet generated.Two weeks ago, people got all hot and bothered because Apple appeared to have posted and retracted a recommendation that people run anti-virus software on their Mac.

I was traveling the eastern seaboard all of last week, visiting family, friends, and old work colleagues in Philadelphia, New York, and Boston, so I didn't have much opportunity to provide feedback to what had become the most heavily discussed blog post I have yet generated. Two weeks ago, people got all hot and bothered because Apple appeared to have posted and retracted a recommendation that people run anti-virus software on their Mac. Several bloggers felt it necessary to either bash Apple, or praise their amazing architecture, or rip into the market share argument. I felt it necessary to weigh in with my support of the market share argument, based upon my game theory work in the area. I received several comments that I wanted to directly address.

Timiteh believes that people write malware for Windows because they hate Microsoft and love other platforms. In general, modern malware writers write attacks purely to make money. They will write attacks for Windows systems before they will do so for Macs because there are far more Windows systems and therefore a greater return on investment of time. It has nothing to do with emotions.

Many people, including Akulkis, believe that the privilege separation between root and user accounts on Unix systems is a large factor in preventing malware on Macs. Privilege separation, as it is implemented today, can easily be defeated using a little social engineering. If a malware writer were to target a Mac, they could claim that a video on a website cannot be viewed unless the user applies their update to Adobe Flash that also requires the administrator password for the upgrade to occur. This is already a standard technique on the Windows side of the world.

Alaniane writes that Unix systems have had malware, like simple fork bombs, for a long time, and that the claim that Macs don't have malware is disingenuous. He is correct in that there have been plenty of proof of concept attacks created for the Mac. It is just so unbelievably rare that from a statistical standpoint it does not exist in the wild.

If you, the reader, enjoy the topic of non-Windows malware, please comment as so. It appears to be a topic that people would like me to cover, and I will continue to do so if you find it interesting.