Chicago Tribune falls for the ‘Security Via Obscurity’ myth

“Millions of college students soon will arrive on campuses, armed with new personal computers. And while many will be reasonably computer-savvy, users should note that setting up a machine, downloading security patches and getting safely connected to the Internet all involve more than a few mouse clicks and typing a few passwords,” David Sharos reports for The Chicago Tribune.

Sharos reports, “Cupertino, Calif.-based Internet security company Symantec Corp. recently conducted tests of five PCs it purchased through various channels, including direct from the manufacturer, a national electronics retail store, a discount retailer, a national retail warehouse and a local made-to-order PC shop. Given the out-of-the-box experience most manufacturers promise, the results of Symantec’s tests may seem surprising.

Sharos reports, “We found that there were 49 mouse clicks needed to set up one of the machines, and a total setup time of 81 minutes,’ said Kraig Lane, group product manager for Symantec Consumer Products. ‘The point of our study was not about finding the easiest computer to use–it was to demonstrate these setup issues take more than 10 minutes. And if care isn’t taken, machines are going to be quickly compromised.’ Infestation by computer viruses occurs less than an hour out of the box. During a survivability study using ‘honeypots’–machines set up without any virus or spyware protection–Symantec found new machines were “infested” within 20 minutes after logging on to the Internet.”

Sharos reports that Tim Bajarin, principal analyst for Creative Strategies, “notes that until recently, Apple products were far less prone to virus attacks due to the company’s virtual control of hardware, software and patches. ‘With about 4 percent of the market, it’s foolish of the ‘bad guys’ to crack the Mac system when they’ve already done so much damage on the Windows’ side,’ he said.”

Full article here.

[Thanks to MacDailyNews Reader “Peter Tambroni” for the heads up.]

MacDailyNews Take: Bajarin must have been misquoted because there’s no way somebody would still believe the “Secuirty Via Obscurity” myth in today in August 2006, right? Sigh. It really is FUDday! Okay, so here we go again, once more for old time’s sake:

“Security via Obscurity” is a myth. Mac OS X has zero (0) viruses. For over five years and counting. No Mac OS X users affected outside of a lab with old, non-updated Mac OS versions that they intentionally infected.

The idea that Windows’ morass of security woes exists because more people use Windows and that Macs have no security problems because less people use Macs, is simply not true. Mac OS X is not more secure than Windows because less people use OS X, making it less of a target. By design, Mac OS X is simply more secure than Windows. Period. For reference and reasons why Mac OS X is more secure than Windows, read The New York Times’ David Pogue’s mea culpa on the subject of the “Mac Security Via Obscurity” myth here.

Macs account for roughly 10% of the world’s personal computer users — (some say as much as 16%) — so the first half of the myth doesn’t even stand up to scrutiny. Macs aren’t “obscure” at all. Therefore, the Apple Mac platform’s ironclad security simply cannot logically be attributed to obscurity.

There are zero-percent (0%) of viruses for the Mac OS X platform that should, logically, have some 10-16% of the world’s viruses if platforms’ install bases dictate the numbers of viruses. The fact that Mac OS X has zero (0) viruses totally discounts “security via obscurity.” There should be at least some Mac OS X viruses. There are none. The reason for this fact is not attributable solely to “obscurity,” it’s attributable to superior security design.

Still not convinced? Try this one on for size: according to Apple CEO Steve Jobs yesterday at WWDC, there are “19 million Mac OS X users” in the world and there are still zero (0) viruses. According to CNET, the Windows Vista Beta was released “to about 10,000 testers” at the time the first Windows Vista virus arrived. So much for the security via obscurity myth.

Contact info:
Tim Bajarin, Principal Analyst, Creative Strategies:
The Chicgao Tribune Business Editor:
Online Letter to the Editor here.

Related articles:
Oxymoron: Microsoft security – August 12, 2006
With exploits in wild, Microsoft Windows braces for yet another critical worm attack – August 11, 2006
Microsoft’s oft-delayed, much-pared-down Windows Vista hacked at Black Hat – August 07, 2006
Ballmer analyzes Microsoft’s One Big Mistake, Vista… er, ‘One Big’ Vista Mistake – August 02, 2006
Symantec details more security holes in Microsoft’s Windows Vista – July 26, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
What Microsoft has chopped from Windows Vista, and when – June 27, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005

Apple: ‘Get a Mac. Say ‘Buh-Bye’ to viruses’ – June 01, 2006
Apple Macs and viruses: Fact vs. FUD – May 26, 2006
‘Mac security’ garbage reports continue to proliferate – May 10, 2006
ZDNet: Reduce OS X security threats – ignore security software – May 05, 2006
Unix expert: Mac OS X much more secure than Windows; recent Mac OS X security stories are media hype – May 03, 2006
Macs and viruses: the true story – May 02, 2006
Anti-Mac FUD machine shifts into overdrive – May 01, 2006
FUD Alert: Viruses don’t catch up to the Mac – May 01, 2006
BusinessWeek: Apple should hire security czar to combat uninformed media FUD – March 09, 2006
Spate of recent Mac security stories signal that Microsoft, others getting nervous – March 06, 2006
Mafiasoft: Microsoft to charge $50 per year for security service to protect Windows – February 07, 2006
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
Hackers already targeting viruses for Microsoft’s Windows Vista – August 04, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005


  1. Man! MDN is right – it must be FUD-day. So much unresearched and ignorant rantings and ravings going on out there on our beloved “internets”. And I’m not even talking about us here in the MDN forums!

    ” width=”19″ height=”19″ alt=”tongue wink” style=”border:0;” />

  2. Seems like the Chicago Tribune is no better than it was many years ago when I ripped one of their tech writers apart, line by line — and cc’d all the editors above him — which led to a job offer writing for them (which I have not done for over eight years).

    This “reporter/author” (to use the terms loosely) is doing no more research into his articles than for what I faulted previous previous writers.

  3. This Security By Obscurity myth is fubar if for only one reason that the virus writers are ego-driven, not profit driven. What better way to stroke your own ego and be able to gloat to the hacker community than to put these smug, no-virus having Mac users in their place by creating a Mac doomsday scenario using trojans and viruses.

    Yet they haven’t done it. Why not?

  4. i really doubt that there is a linear relationship between the number of users of an operating system and the number of viruses. there is almost certainly an hysteresis effect involved. that said, 10% ought to be big enough to see some viruses and 16% is certainly enough. i think the bigger effect comes from the fact that unix was designed from the start to be a networked system and windows was not.

  5. Here we go again… It’s the ole “if Macs were as popular as Windows- then they would get viruses / spyware too” theory. I try to explain to these “knowledgeable” people that OSX is based on a UNIX kernel- UNIX was built with security from the BEGINNING. It wasn’t an afterthought / bolt-on.

    A simple demonstration- have a Windows user make a user account with full administrator rights, Have the user change network settings, have the user edit the hosts file. In every case- not once is the user required to supply an administrator password. Now- try that with OSX. That’s just a very small example of what the differences are between the enviornments. Yes- Vista is trying to implement this now- but in a typical pain in the ass Microsoft “you’re stupid” way that bothers / harasses the user.

    Did you ever try to run Windows software WITHOUT being an Administrator or having administratror rights? – most of the time- the software won’t run correctly. Not so with OSX. Unless it’s a system utility or system related app- the apps will run just fine- you DON’T need to be logged in as an Administrator- hence- the OS is better protected against malware.

    Again- this is just the tip of the iceburg when explaining why OSX is so much more secure than Windows.

    Note to college students: Get a Mac.

    BTW- I’m not a Mac fanboy- I’m in IT- I use both and I’ve seen the light a long time ago.

  6. I personally don’t believe in the “security via obscurity” myth, but MDN’s following argument isn’t valid:

    “Still not convinced? Try this one on for size: according to Apple CEO Steve Jobs yesterday at WWDC, there are “19 million Mac OS X users” in the world and there are still zero (0) viruses. According to CNET, the Windows Vista Beta was released “to about 10,000 testers” at the time the first Windows Vista virus arrived. So much for the security via obscurity myth.

    Even if Vista is beta, it is still Windows, and therefore part of the 90% user base which does not equal obscurity. And besides, beta testers are more likely to be virus writers than your average Joe.

  7. I read the whole article. Its scary that a paper as big as the CT hires people who have NO idea what they are writting about.

    “Hey, I use a pc,I get by, so I must be an expert. Ignore the guy behind that curtain, he’s an IT drone, they don’t really do anything. Its all me.” Al -la- wizard of OZ. lol ” width=”19″ height=”19″ alt=”grin” style=”border:0;” />


  8. The worst part of the article is this: ‘Infestation by computer viruses’ because it promotes the idea that all computers are vulnerable. It’s important to get these so-called journalists to recognize that there is no such thing as a computer virus. There are only viruses that target specific OSes and applications.

  9. Trevor,

    Vista is supposed to be an all new OS, with new ways of doing things. It’s supposed to be secure, precisely because it isn’t the same code. Because it’s different code, it can’t be part of the current user base.

    Even if your argument about beta testers being more likely to write a virus is correct, 10,000 is just over one twentieth of a percent of 19 million. Put another way, if all 10,000 were actively trying to write a Vista virus, there would still be very few attempts compared to OS X if only 1% of Mac users were attempting to write a Mac virus. That would be aproximately 190,000 people attempting to write a Mac virus vs 10,000 on Vista! Why no Mac virus when Vista has already had one? It cannot be obscurity.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.