<div class='os_post_top_link'><a href='http://tech.yahoo.com/blogs/null/117188' target='_blank'>http://tech.yahoo.com/blogs/null/117188</a><br /><br /></div><p><em>"Security firm Intego said that just 20,000 machines had been infected as of January 21 but that the risk of ongoing infection was "serious, and users may face extremely serious consequences" if they are stricken with the malware. Mac users are suggested to use common sense -- that is, don't try to download and installed pirated software -- and to update any antivirus definitions immediately. If you're a Mac user and aren't using security software, well, this might be a good time to start."</em></p><p><img src="http://images.thoughtsmedia.com/resizer/thumbs/size/600/at/auto/1233060093.usr18053.jpg" /></p><p>I have <strong>so</strong> had it with these "Macs are vulnerable" stories.&nbsp; Let's be blunt about something: if every Windows worm, virus, and exploit got the press that every isolated Mac issue got, we'd be hearing nothing but Windows infection stories.&nbsp; Instead, the tech press jumps all over these stories as proof, somehow, that Windows and OS X are somehow equal.&nbsp; They're not.&nbsp; They never were.&nbsp; They never will be.&nbsp; For all the talk about how Apple gets a pass on its security for OS X, every single exploit is considered front page news worthy of days of multiple stories.&nbsp; The impression given is that "we both have viruses, so we're equally insecure."&nbsp; That's simply ridiculous.</p><p>Particularly riling was this dopey comment from a dope reader of Christopher's column:</p><p><em>"I'm almost happy. Maybe it'll take attention off of Windows...."</em></p><p>Really?&nbsp; Will it?&nbsp; Let's analyze this trojan.&nbsp; You have to seek out a pirated copy of Apple Software, download it, then run what you've downloaded from a questionable source.&nbsp; At the same time you have to be logged in as an administrator (a no-no to begin with) for the install to happen.&nbsp; In other words, along every step of the way you have to interact with the process using, at best, bad computing practices, to get this "infection" on your Mac.</p><p>Compare that to a certain other operating system and then let's also open up a dictionary and look at the word equal.</p><p>I guess I shouldn't be this annoyed.&nbsp; The fact that every single tiny exploit in OSX (whether it's in the OS, in an application, or requires a user to throw caution to the wind and do something stupid) gets all over the tech news outlets while flaws in Windows are generally just perceived as de rigeur to using a Windows computer is proof that there really just isn't some massive security problem for the Mac, nor is this looming threat that we've been hearing about with every single iteration of OS X as pressing as it was made out to be.&nbsp; For the last 8 years, we've heard that one day it would all be over as far as Apple's security.&nbsp; At the current rate of infection, we'll have a full-blown security problem on our hands by 2043.</p>

To play devil's advocate, Vista is much, much better about this. Windows remains a more tempting target due to its install base, but run Vista out of the box as a non-admin account and pay attention and you'll be as well off as a Mac user, and perhaps better (Apple took their sweet time updating some of the open source daemons like BIND in OS X last year, for example.)

Yes! I agree! Why spend so much time posting on a single vunerability when Windows is so much more?

I find it disconcerting that, however, roils you up so much.

I'd love to put some perspective on this kind of story. I'm a Windows user. I run Windows as an administrator always, do whatever the heck I want to, and use minimal security software. I use Windows Defender, Windows Firewall, and the protections built into IE and Firefox. I've only had one successful security exploit in at least the last 5 years or more, and it was just plain stupidity on my part.

These stories tend to reflect a level playing field and take into account only one perspective: the operating system and the lack of the purchase of a security suite. I'm sure these security researchers aren't doing this for their own well-being. They're probably at least partly funded by somebody who would benefit from the sale of security software.

In any case, these studies fail to take into account a variety of factors, not the least of which being whether or not the user knows what he's doing. If the user just got his or her first computer and believes those stupid email chain letters, like Bill Gates is testing a new email tracking program and will pay you $1000 for each idiot you spam, then that person is likely to get exploited.

For experienced users who know what they're doing, chances of being exploited are very low, even if your platform of choice has an inherent invulnerability.

I personally put very little stock in these security vulnerability reports. I don't keep a "Mac-Windows-Linux" scoreboard next to my desk like some people who get worked up over these reports seem to. I only consider these things news if a major vulnerability is discovered and the respective supporting group refuses to correct it.

I find it disconcerting that, however, roils you up so much.

It's more of an annoyance with the same drumbeat over and over again. I'm tired of hearing about every individual mac bug as if it'll be the death of the platform. Every tech news outlet is rushing to be the first to say "See? Look! The Mac is vulnerable!" No kidding? The only people who don't think so are the mythical Mac users that think nothing can go wrong with a Mac. Ever.

I personally put very little stock in these security vulnerability reports. I don't keep a "Mac-Windows-Linux" scoreboard next to my desk like some people who get worked up over these reports seem to. I only consider these things news if a major vulnerability is discovered and the respective supporting group refuses to correct it.

I don't care about the report, it's the tech news analyst pundit idiots that drive me up the wall. Obviously Intego has a vested interest in you being terrified of vulnerabilities and viruses. I'm not keeping score in any way, but I could only imagine what tech news would look like if Windows vulnerabilities were publicized with the same vigor that Mac OS ones were.

I'd love to put some perspective on this kind of story. I'm a Windows user. I run Windows as an administrator always, do whatever the heck I want to, and use minimal security software. I use Windows Defender, Windows Firewall, and the protections built into IE and Firefox.

Indeed. I haven't run any anti-virus software on my PC in, hmm, at least eight years. Some of my tech peers think I'm crazy, but Windows security is far better than most people think if you as a user aren't an idiot. Sadly, there are a healthy percentage of idiots out there - people who open everything they're prompted to open, surf porn & warez sites with abandon, but worse yet, people who are still running Windows 95/98 computers, people who ignore Windows Updates, etc. Some computers just will not die...they keep going and going, and many people (understandably so to some degree) will not replace something until the first one breaks.

OK, maybe they're not idiots, but if Microsoft is trying to protect them with Windows Updates, Service Packs, and new, much more secure operating systems, but they don't want to take advantage of them, there's only so much pity I can feel for those people when they lose all their data.

Just like there's a certain level of responsibility when it comes to driving and owning a car, so too there is with a computer.

I don't care about the report, it's the tech news analyst pundit idiots that drive me up the wall. Obviously Intego has a vested interest in you being terrified of vulnerabilities and viruses. I'm not keeping score in any way, but I could only imagine what tech news would look like if Windows vulnerabilities were publicized with the same vigor that Mac OS ones were.

Are you f'in kidding me? Seriously? You're whining that Mac OS vulnerabilities are being over publicized?!? For crying out loud, Windows vulnerabilities were decried for YEARS. Were you under a rock for the first half of this decade when every PC worm was front page news for a week while Macs were held up as safe havens both by pundits and the media. Apple still proudly proclaims that you don't need no stinkin' virus protection here (even in Japan -- see the link). Give me a break. Mac's ARE safer than XP (assuming XP sans virus protection), but Apple spent so much time telling people that they were protected that it is about time someone finally let the uninformed masses realize that, in fact, Mac OS is written by human beings and the Steve "Zeus" Jobs won't be smiting viruses and trojans from on high. Take the coverage as a reality check for the "mythical Mac users" who are obviously not mythical (probably even a majority).

Maybe also just view it as payback for years and years of anti-Windows body blows delivered by both press and Apple. :)

http://www.videosift.com/video/Japanese-Mac-vs-PC-Commercial-Security

Are you f'in kidding me? Seriously? You're whining that Mac OS vulnerabilities are being over publicized?!? For crying out loud, Windows vulnerabilities were decried for YEARS. Were you under a rock for the first half of this decade when every PC worm was front page news for a week while Macs were held up as safe havens both by pundits and the media.

A: No I'm not "effing kidding you." Seriously. I'm not even trying to kid you. B: I was talking about the gloom, doom, and overall hyperbole each individual vulnerability is reported with. The year before last, we had to endure "the month of Mac vulnerabilities," and out of 30 of them, ONE was an actual Apple vulnerability.

There isn't ONE OSX virus in the wild. Period. You can debate the reason for that until you're blue in the face, but the only reason a Mac user would have for anti virus software is protecting themselves from dopes who use Windows and forward hot pictures of Anna Kournikova in e-mail.

Take the coverage as a reality check for the "mythical Mac users" who are obviously not mythical (probably even a majority).

If you say so.

I have now had my first Mac for approx 5 months or so. Primarily a Windows user for most of my life as I have been a Networking Engineer for a company.

I also have never had a virus on any of my home PC's or Malware. I just don't do dumb things. I am still puzzled by the amount of people that just click on anything.

I believe that people don't waste their time developing malware for the Mac as the user base has always been to small. More people use windows and their are more programmers/developers for that OS. You will probably find more Malware and Virus problems as the user base grows with the Mac OS.

I also find it funny that Vista got blasted for adding UAC, when it is essentially on Mac and Linux already. Nobody makes a big deal when a Mac asks for your Root password for access to system changes, but blasts MS for taking a security measure.

I don't particularly find the Mac Os better or worse than Windows. There are pros and cons to both. I do love the MacBooks from a hardware perspective. I use bootcamp to run Vista for a few programs if the need arises. Both OS's run great on the Macbook.

Vincent, I didn't mean for you to think I said anything to you personally. I think the whole security vulnerability reporting industry is a little childish myself, which is why I don't pay any attention to it. There are people who apparently do keep those kind of scoreboards, but at one point all of the reporting was directed at Windows. Microsoft earned it at that point, but did manage to turn things around.

Vincent, I didn't mean for you to think I said anything to you personally. I think the whole security vulnerability reporting industry is a little childish myself, which is why I don't pay any attention to it. There are people who apparently do keep those kind of scoreboards, but at one point all of the reporting was directed at Windows. Microsoft earned it at that point, but did manage to turn things around.

Fair enough. ;)

A couple things I couldn't leave unchecked:

<p>Really?&nbsp; Will it?&nbsp; Let's analyze this trojan.&nbsp; You have to seek out a pirated copy of Apple Software, download it, then run what you've downloaded from a questionable source.&nbsp; At the same time you have to be logged in as an administrator (a no-no to begin with) for the install to happen.&nbsp; In other words, along every step of the way you have to interact with the process using, at best, bad computing practices, to get this "infection" on your Mac.</p>

You realize that modern Windows "exploits" require similar amounts of interaction, yes? Infected files might be sent via email or IM, but otherwise... Pretty similar. The number of "automagical" worms has dwindled since the Win95/-98 days to a very very low number, if not zero. It's simply easier to attack the user as the weakest point in the security chain, which is a fact taught in all modern computer security courses.

I will admit, something I wish would happen in Windows is to have administrative accounts not be the default. I myself use a user-level account for daily purposes.

That said, if the user knows the root password, and is trying to install "random must-have cracked program x", no amount of access-level trickery or UAC-type systems is going to protect them. I for one would simply have my program check for root access, then pop-up a dialog that states "You must have root-level access to install random must-have cracked program x." Few users would stop long enough to think about it... Vast majority would log into root immediately and try again. This is because they trust the computer to tell them the truth and to know better than them.

As a partial aside to help prove my point, I read a story once about a user that had trouble exiting a program. When the program was told to close, it would pop up the (familiar to most users) dialog "Are you sure you want to close random program x?" The user immediately assumed that they made a mistake, since otherwise the computer wouldn't be asking if they were sure, and so therefore hit "No". (Trying to find link for this now...)

EDIT: Found it (http://www.joelonsoftware.com/uibook/chapters/fog0000000062.html). From Joel on Software, no less. Just search for "exit".

Every tech news outlet is rushing to be the first to say "See? Look! The Mac is vulnerable!" No kidding? The only people who don't think so are the mythical Mac users that think nothing can go wrong with a Mac. Ever.

I think you meant to say, "the mythical Mac users that think nothing can go wrong with a Mac. Like all the ones that believe Apple's massive advertizing campaign saying just that, which I suppose makes them not very mythical after all."



A final point, the majority of exploits now are for turning systems into spam-bots. In other words, a computer infected translates into a given amount of money for the spammer.

Homework: Given this, along with market share of several platforms, one of which is above 80%, please explain which one you would expect to be targeted.