Friday, December 03, 2004

Macware, not Malware

One of the good (and getting better) reasons to use a Mac instead of a Windows box is the virtually nonexistent amount of "malware": viruses, spyware, etc. But most of the time when you bring this up, somebody like your stupid brother claims that this is the case only because Macs have such small marketshare. The thinking is that the evil hackers and miscreants that are behind the various types of malware ignore the millions of Macs because they represent only a small percentage of potential victim machines. That may be part of it, but I believe the main reason is that Mac OS X is just harder to attack. A decent write-up in the comments of a Slashdot story the other day ("Clean System to Zombie Bot in Four Minutes"), spells it out pretty well. Show this to your stupid brother (or mine) next time.
Even a completely unpatched Mac OS X 10.0.0 [current version is 10.3.6 - Ed.] machine would not be vulnerable to any kind of remote attack, because no ports whatsoever are open to the outside world, and on most consumer Mac OS X systems, never will be. The fundamental and intrinsic security design and considerations of Mac OS X are just better, period. Even local exploits, such as might travel freely and easily on Windows via email, aren't as possible or practical on Mac OS X (e.g., a potential Mac exploit of this nature that spread via email would have to have its own MTA or a lot more complexity than a simple script on Windows where Outlook and the OS does all the work for you). Yes, marketshare, i.e., the chances of the next host encountered being a Mac, certainly doesn't hurt, but that is not the sole or primary reason Macs aren't vulnerable. No effective automatic vectors of infection or spread, either local or remote, exist, period. When external ports are opened, they usually represent open source services such as apache and OpenSSH, which as a matter of course are usually updated long before theoretical exploits become reality because of the intense scrutiny and peer review such products receive by the community.

When will people learn, that after three and a half years of Mac OS X, with the market growing, it's not just because of "marketshare" that Macs are rarely affected by these types of issues? Can people admit that it's possible that security decisions that were simply and fundamentally better than those of Microsoft were made? I get a kick out of articles that trumpet "MACS JUST AS INSECURE AS WINDOWS" when a text shell script is "discovered", one that must be run by someone with root or physical access no less, with no worthwhile vector or method of automated propagation of any kind! This is in the face of completely remote and automated exploits that can hit a Windows machine in minutes of being on the network, or exploits that own your machine by simply visiting a web page, or viewing an email message in Outlook (yes, these have continued to exist, some even very recently).

0 Comments:

Post a Comment

<< Home