Columnist tries the ‘security through obscurity’ myth to defend Windows vs. Macs on virus front

It’s time for another columnist’s mea culpa on the order of David Pogue and David Zeiler. This time it’s Paul A. Gilster. His article, based on myth, not fact, has just hit the presses, so we’ll have to wait for (or help along) the mea culpa part.

In reference to the worm and viruses plaguing Windows PCs, “Some recent correspondents have said the solution is to get away from Microsoft altogether. After all, you don’t see huge virus attacks on Macs or Linux machines. But that response skirts the real issue. Yes, Microsoft’s security has been inadequate for a long time, but the reason Windows is being attacked is that it is the most widely used operating system and therefore the biggest target,” Paul A. Gilster writes for The News & Observer out of Raleigh, North Carolina.

Gilster continues, “I’ve been critical of Microsoft for many reasons, but not about this. What Microsoft is dealing with is pure human cussedness, a digital form of vandalism that would be turned on Apple or Red Hat or any other platform that became popular. Because of it, we have to slow our computer performance by adding anti-virus tools and firewalls, making the assumption that to be on the Internet is to be in danger. What a commentary that is on human nature. What a shame that a helpful tool has been hijacked, another reminder that the penalties for virus-writing need to be revised. How does the phrase ‘serious jail time’ sound?” Full article here.

MacDailyNews Take: Wrong, Paul. Mac OS X is not more secure than Windows because less people use OS X, making it less of a target. Mac OS X is more secure than Windows. Period. Read David Pogue’s mea culpa here for reference. Paul A. Gilster can be reached at gilster@mindspring.com.

Related MacDailyNews articles:
Is Mac OS X really inherently more secure than Windows? – August 26, 2003
BusinessWeek’s Haddad gets it wrong; thinks low market share spares Macs from viruses – August 28, 2003
Shattering the Mac OS X ‘security through obscurity’ myth – August 28, 2003
Fortune columnist: ‘get a Mac’ to thwart viruses; right answer for the wrong reasons – September 02, 2003
New York Times: Mac OS X ‘much more secure than Windows XP’ – September 18, 2003

26 Comments

  1. There may be some truth there.

    It is not impossible to make an Applescript that reads a user’s Address Book and emails people with an attachment of itself, being bright enough to target just the “.Mac” addresses for the greatest effectiveness.

    It is also not impossible for it to spread in the same manner as the author describes such as resembling an “OS 10.2.9 Upgrade” attachment to an email. It could only be 25k in size, but 99% of Mac users are NOT computer savvy, and would probably do it.

    If it looks official, it can be easily “installed” by the user, thus bypassing all security and passwords, and then install itself into the user’s “Log In” items as hidden and never be seen on the dock. If the user sees “OS 10.2.9 Upgrade” in the “Log In” items list (as if many users go there), they wouldn’t think twice and just leave it there thinking it is important.

    During an “install” isn’t it possible to reset the Firewall and file sharing settings, or indirectly by installing a UNIX subroutine, then the virus could examine the current IP address transmit the info to another computer so a remote user can gain access to their Mac?

    Are you 100% certain this cannot be done?
    I have seen many installs play with my System Preference parameters as well as install themselves into my Log In items then demand that I “Restart” my computer. I had to go in and undo what the install had done.

    I would be interested in knowing how the Mac is impervious to these types of “User installed” email virii.

  2. Those folks are still trying to figure out wheather to serve red or white with possum down in ol’ virginee. I would not give too much credance to anything those red necks say.

  3. Ary,

    for one thing Mac users, even if not savvy should know now that Updates comes with the Software Update utility, not via email.

    Anyway, no OS is 100% secure so I give you that with some effort one could get access to an OS X machine, convince the user to cooperate and then set the machine so to allow remote login and bypass firewall.

    Now you – the cracker – got access to ONE machine. Does that give you access to another? Nope. You have to do the process again with a second machine and so on.

    How long does it takes to infect ~one million machines as per the MSBlaster case on Windows?

    If a virus needs the cooperation of the user it is not a threat for the larger community which could take proper action and counter measures well before any significant spread.
    Security officerd do not aim to a perfectly secure system but to a system where ANY spread is far slower than any counter measure.

    On WIndows spread is much faster than security interventions, on other systems it is much slower. That is why crackers LOVE Windows.

    Remember: Windows is NOT the most attacked OS but it is the one causing the avalanche effect in a matter of hours.

  4. I’m sure it’s not 100% impossible to do, but it’s a fact that it would be much more difficult to pull off. I’m sure in the 3 years or so that OS X has been around, at least ONE person would have tried something. I hear these stories about obscurity, but the fact that there hasn’t been a single OS X virus in all that time leads me to believe there is a whole lot more to it than that. Besides, in that kind of scenario, it would require even more ignorance on the part of a user than any Windows virus would require to execute. Plus, hackers love publicity and a destructive OS X virus would be a coup for them since it’s not been done before, so I’m sure it’s not something that has been overlooked simply due to “obscurity.”

  5. Oh I did not see that (only 25k). Well, I would say 99% of Mac users KNOW that OS updates are far larger then that. Especially those on dialup ” width=”19″ height=”19″ alt=”wink” style=”border:0;” /> An update that does not take 1 hr to download?

  6. from Gilster’s article:

    …”I’ve been critical of Microsoft for many reasons, but not about this. What Microsoft is dealing with is pure human cussedness, a digital form of vandalism that would be turned on Apple or Red Hat or any other platform that became popular.”…

    Apple’s Mac OS X and Redhat’s Linux is popular. Why do you think you’re mentioning them in the first place?!

  7. kennylucius:

    In terms of sheer numbers, Linux is attacked far more. That is a product of it running the majority of web servers. What is being attacked, though, are the sites and applications on the servers. And the impact is clearly isolated to those particular sites or apps and does not spread like the Microplague.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.