Virus and worm problems not just due to market share; Windows inherently insecure vs. Mac OS X

“Between the Blaster worm and the Sobig virus, it’s been a long two weeks for Windows users. But nobody with a Mac or a Linux PC has had to lose a moment of sleep over these outbreaks — just like in earlier ‘malware’ epidemics,” writes Rob Pegoraro for TechNews.com. “This is not a coincidence.”

Pegoraro writes, “The usual theory has been that Windows gets all the attacks because almost everybody uses it. But millions of people do use Mac OS X and Linux, a sufficiently big market for plenty of legitimate software developers — so why do the authors of viruses and worms rarely take aim at either system?”

“Even if that changed, Windows would still be an easier target. In its default setup, Windows XP on the Internet amounts to a car parked in a bad part of town, with the doors unlocked, the key in the ignition and a Post-It note on the dashboard saying, ‘Please don’t steal this,'” Pegoraro writes.

Full article here.

17 Comments

  1. Anyone who knows the security differences between OS X and Windows would never fall for the market share excuse BS!

    Its no wonder why the people who use that excuse all over the web are the clueless ones who fall for every piece of anti-Mac FUD they can lay their ignorant hands on.

  2. “millions of people do use Mac OS X and Linux, a sufficiently big market”

    I wonder why I should trust this writer, who doesn’t proove what he says. Is the market actually sufficiently big ? IMO, if I consider the whole network, it seems to me rather obvious that the best propagation efficiency lies in the Windows sub-network, not in the Mac sub-network. It’s a matter of level of density.

    Moreover, if linux machines don’t get globally virused, they usually get individually *hacked*. So the mac machines could be.

    Sure, there are “security differences”.
    And there are serious security holes is macosx, too. Macosx’s is a motorbike with keys in ignition, which postit says : “I’m not a car.”

    Nothing more, nothing less.

  3. Nobody ever seems to ask the question…

    What is the point of viruses ?

    There must be many reasons, and the only way to find out would be to ask the people responsible for these things.

    Everyone seems to talk about viruses as if they are a REAl part of nature, and not a man made vendetta, or a suicide bomber or some other implement of a madman.

    I heard that the mblast worm was designed to bring down MS’s servers.

    What is wrong with that ?

    If the guy who wrote it had asked a few million people, I bet most people would have willingly let him use their machines for that task.

    The reason I think most viruses attack pc’s running MS products is because most hackers/virus writers hate MS. Period.

  4. LOL Arthur. Keep using Windows and enjoy the vast larger number of software titles you may run on your PC… like MSBlaster.

    Serious security flaws like … NO virii in over two years?

    Yeah right. Wintel virii exist because it is the only platform that actually HELPS virii to spread by design. That is why virii author concentrates on Windows. They cannot find elsewhere a dumbest OS ready to obey virii with cheerfull stupidity.

    The same dumb people who say “it is market share” are the same that state “if Mac had market share the same virus would affect them. Virii authors do not target them because they are so few”
    LOL They can’t distinguish virus from a worm from a trojan from a legitimate application on their PCs.

    Lemmings.

  5. ROFLMAO:

    “The “Remote Procedure Call” feature exploited by Blaster is, to quote a Microsoft advisory, “not intended to be used in hostile environments such as the Internet.”

    This is too much!!!!!! LOL

    The only Wintel secure machine is a shut downed one!!!!
    AND hidden under your bed!!!

  6. Just as a reminder:

    Hackers 2003 Competition Score table
    Hack Windows (any flavor): 1 POINT
    Hack Linux: 3 POINTS
    Hack OS X: 5 POINT!

    Looks like they know something Windows morons keep deny.

    Oh wait: I know the perfect lemming answer: “It is because it is 3 times more difficult to find a Linux computer on the net and 5 times more difficult to find an OS X one”

    Sux bit time to be so a frigging stupid Windows loser.

    Guess what: Not one in the competition hacked an OS X machine and the reason was: “It would take so much more effort to even try hacking one than getting into 50 Windows PC” Everybody went for Windows to score points.

  7. That article does say some things I disagree with–like blaming the user for not plugging MS-created holes. “The chance of a patch wrecking Windows is dwarfed by the odds that an unpatched PC will get hit.”

    I’d have to take odds with that statement. Most holes are never exploited–you just never know which one will be, yet enough are to be devastating! This article…

    http://www.csoonline.com/read/080103/patch.html

    … argues very convincingly that, out of the HUGE number of patches and security fixes a business environment (juicier targets than homes) must deal with, the chances of any ONE hole being exploited is remote. The chances of it “wrecking Windows”–in your particular configuration–is much higher. That’s why it takes longer for companies to test and trust a patch than for a virus-writer to exploit it. That’s why the system of writing bad software and releasing patches is not a workable system. That’s why it’s MS’s fault and not the users who gave MS their money.

    I’m trying to imagine what it would be like to have my important business and personal data sitting on a Windows computer. I think I’d have an ulcer.

    Oh… and a criticism of Apple: turning on the OS X Firewall is just a matter of clicking Start in the Firewall tab. Simpler than Windows maybe, but let’s hope they follow Linux’s lead with Panther: turn the Firewall on by DEFAULT.

  8. Arthur seems to have contradicted himself… first questioning the number of people using Mac OS X and/or Linux, with a ‘prove it’ slogan? He then turns around and says (with confidence) that Mac OS X has ‘serious security holes’, I wonder where his proof is?

    There’s no doubt that because of Windows popularity will cause more virus attacks, but that is only half the problem… ” width=”19″ height=”19″ alt=”tongue laugh” style=”border:0;” />

    and by saying OS X has major security issues, you probably just tried to debunk BSD’s best selling point, SECURITY!

  9. 1) People don’t hack machines, they crack them. There is a BIG difference.

    2) People don’t crack a machine because it is easy, they crack it because it is difficult. When these person(s) go off to their friends, what are they most likely going to get kudos for? hacking something that is easy, that is, using a known vulnerability OR will they get kudos for hacking something that is challenging.

    Believe me, a person cracking a Windows machine is a dime in a dozen, it is like training wheels for script kiddies and n00b crackers. It may sound nice in the beginning but believe me, if you’ve been cracking for 3 years and still stuck on Windows boxes, don’t expect to get patted on the back by your pairs.

    3) Microsoft Windows is badly designed from the ground up. From day one they lacked direction, documentation, a properly written design.

    Sure, UNIX wasn’t written from the ground up, it gradually evolved, however, it evolved within an an environmet where by small groups worked on specific parts. Designing, documenting and implementing just that specific part ensured that no one group was being distracted by what other groups were doing.

    The problem with Windows is that when originally thought out, it was a great idea. Micro kernel, modular and using the latest efficient design.

    Then as the years parts, things were hacked onto the side of it. A protocol here, a GUI there, an API there and a service here. This continued and still continues to day.

    The kernel of Windows NT in its current form could be cleaned up and become the core of a good operating system, however, Microsoft has a habit of putting backwards compatibility infront of security and stability.

    The various subsystems that make up Windows are the bain of its existance. Anything security wise that happens in Windows can be squarely blamed on Win32 but unfortunately they (Microsoft) have not provided a viable alternative to it and unfortunately until people changing and send a clear message to Microsoft, Microsoft will continue to produced half baked OS’s based on a fundamentally flawed design.

  10. Some supposed cyber security nitwit on CNN last night said, basically, that Macs were safe because they had such a small market share, and that they were just as susceptible as Windows. Then he said that Unix/Linux was safer! Apparently he has a full-time job advising people on cyber threats. Amazing.

  11. Arthur, do some research please….

    “Moreover, if linux machines don’t get globally virused, they usually get individually *hacked*. So the mac machines could be.”

    Linux & OSX’s only similarity (from a security point of view) is that they have an X in the name. 2 completely different OS’s, configured out of the box completely differently. You have generalisied, compared Linux to an OS you obviosuly know nothing about & are completely wrong.

    “Sure, there are “security differences”.
    And there are serious security holes is macosx, too. Macosx’s is a motorbike with keys in ignition, which postit says : “I’m not a car.”. Nothing more, nothing less.”

    What security holes? Where? And your analogy concerning MacOSX & the motorbike is lost on me, what are you on about?

    Mac OSX is a motorbike with several steel cages around it, that are impossible to get past. Go on, try it.

    Complete, total FUD.

  12. I agree a missed a point talking about cracking (sorry about “hacking”). Someone cracks a professionnal computer/network, and viruses, virii, are designed for personnal computers, OK.

    I’m googling for “density threshold graph theory spreading”, I hope I’ll have some more info which could explain why viruses are not developped for macs.

    Yes, I’m biased, and my bias is that I don’t even *care* if macosx is the most secure os – I’ve worked on Solaris, Sun’s OS, patched-to-deatch OS, one of the most professionnal unix on the market, very expensive, hyper serious, boring as you could expect, which actually has security holes (just look for “solaris security hole”).

    When my mac asks me to install a security update, I do, and I’m so happy I’m one of the happy fews. My boyfriend isn’t… He didn’t dare reading his emails this week-end – I congratulated him (I’m used to get upset because he opens any piece of crap he gets), and he read it yesterday on my mac. This alert was over.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.