Chicago Tribune falls for the ‘Security Via Obscurity’ myth

“Millions of college students soon will arrive on campuses, armed with new personal computers. And while many will be reasonably computer-savvy, users should note that setting up a machine, downloading security patches and getting safely connected to the Internet all involve more than a few mouse clicks and typing a few passwords,” David Sharos reports for The Chicago Tribune.

Sharos reports, “Cupertino, Calif.-based Internet security company Symantec Corp. recently conducted tests of five PCs it purchased through various channels, including direct from the manufacturer, a national electronics retail store, a discount retailer, a national retail warehouse and a local made-to-order PC shop. Given the out-of-the-box experience most manufacturers promise, the results of Symantec’s tests may seem surprising.

Sharos reports, “We found that there were 49 mouse clicks needed to set up one of the machines, and a total setup time of 81 minutes,’ said Kraig Lane, group product manager for Symantec Consumer Products. ‘The point of our study was not about finding the easiest computer to use–it was to demonstrate these setup issues take more than 10 minutes. And if care isn’t taken, machines are going to be quickly compromised.’ Infestation by computer viruses occurs less than an hour out of the box. During a survivability study using ‘honeypots’–machines set up without any virus or spyware protection–Symantec found new machines were “infested” within 20 minutes after logging on to the Internet.”

Sharos reports that Tim Bajarin, principal analyst for Creative Strategies, “notes that until recently, Apple products were far less prone to virus attacks due to the company’s virtual control of hardware, software and patches. ‘With about 4 percent of the market, it’s foolish of the ‘bad guys’ to crack the Mac system when they’ve already done so much damage on the Windows’ side,’ he said.”

Full article here.

[Thanks to MacDailyNews Reader “Peter Tambroni” for the heads up.]

MacDailyNews Take: Bajarin must have been misquoted because there’s no way somebody would still believe the “Secuirty Via Obscurity” myth in today in August 2006, right? Sigh. It really is FUDday! Okay, so here we go again, once more for old time’s sake:

“Security via Obscurity” is a myth. Mac OS X has zero (0) viruses. For over five years and counting. No Mac OS X users affected outside of a lab with old, non-updated Mac OS versions that they intentionally infected.

The idea that Windows’ morass of security woes exists because more people use Windows and that Macs have no security problems because less people use Macs, is simply not true. Mac OS X is not more secure than Windows because less people use OS X, making it less of a target. By design, Mac OS X is simply more secure than Windows. Period. For reference and reasons why Mac OS X is more secure than Windows, read The New York Times’ David Pogue’s mea culpa on the subject of the “Mac Security Via Obscurity” myth here.

Macs account for roughly 10% of the world’s personal computer users — (some say as much as 16%) — so the first half of the myth doesn’t even stand up to scrutiny. Macs aren’t “obscure” at all. Therefore, the Apple Mac platform’s ironclad security simply cannot logically be attributed to obscurity.

There are zero-percent (0%) of viruses for the Mac OS X platform that should, logically, have some 10-16% of the world’s viruses if platforms’ install bases dictate the numbers of viruses. The fact that Mac OS X has zero (0) viruses totally discounts “security via obscurity.” There should be at least some Mac OS X viruses. There are none. The reason for this fact is not attributable solely to “obscurity,” it’s attributable to superior security design.

Still not convinced? Try this one on for size: according to Apple CEO Steve Jobs yesterday at WWDC, there are “19 million Mac OS X users” in the world and there are still zero (0) viruses. According to CNET, the Windows Vista Beta was released “to about 10,000 testers” at the time the first Windows Vista virus arrived. So much for the security via obscurity myth.

Contact info:
Tim Bajarin, Principal Analyst, Creative Strategies:
The Chicgao Tribune Business Editor:
Online Letter to the Editor here.

Related articles:
Oxymoron: Microsoft security – August 12, 2006
With exploits in wild, Microsoft Windows braces for yet another critical worm attack – August 11, 2006
Microsoft’s oft-delayed, much-pared-down Windows Vista hacked at Black Hat – August 07, 2006
Ballmer analyzes Microsoft’s One Big Mistake, Vista… er, ‘One Big’ Vista Mistake – August 02, 2006
Symantec details more security holes in Microsoft’s Windows Vista – July 26, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
What Microsoft has chopped from Windows Vista, and when – June 27, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005

Apple: ‘Get a Mac. Say ‘Buh-Bye’ to viruses’ – June 01, 2006
Apple Macs and viruses: Fact vs. FUD – May 26, 2006
‘Mac security’ garbage reports continue to proliferate – May 10, 2006
ZDNet: Reduce OS X security threats – ignore security software – May 05, 2006
Unix expert: Mac OS X much more secure than Windows; recent Mac OS X security stories are media hype – May 03, 2006
Macs and viruses: the true story – May 02, 2006
Anti-Mac FUD machine shifts into overdrive – May 01, 2006
FUD Alert: Viruses don’t catch up to the Mac – May 01, 2006
BusinessWeek: Apple should hire security czar to combat uninformed media FUD – March 09, 2006
Spate of recent Mac security stories signal that Microsoft, others getting nervous – March 06, 2006
Mafiasoft: Microsoft to charge $50 per year for security service to protect Windows – February 07, 2006
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
Hackers already targeting viruses for Microsoft’s Windows Vista – August 04, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005

35 Comments

  1. “Security via obscurity” is BS, of course. Nevertheless, I can’t let this comment by pass:

    This Security By Obscurity myth is fubar if for only one reason that the virus writers are ego-driven, not profit driven.

    ” width=”19″ height=”19″ alt=”big surprise” style=”border:0;” /> You don’t seriously believe that, do you? You can’t possibly be that ignorant! Virus writers these days are 100% driven by profit! The days of writing viruses and worms to brag to your buddies are long over. These days, it’s all about adding PCs to your zombie network and renting them to the mob!

  2. Total Mac Global market share is about 3% as of april.

    Oh and Security through obscurity is no myth dumbasses. Apple says they use it on there own f’ing website..Take your blinders off morons…

    “Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.”

    By definition of the term “security through obscurity (sometimes security by obscurity) is a controversial principle in security engineering, which attempts to use secrecy (of design, implementation, etc.) to ensure security. A system relying on security through obscurity may have theoretical or actual security vulnerabilities, but its owners or designers believe that the flaws are not known, and that attackers are unlikely to find them”

    So what is that? Its BS..Just like MDN’s typical “take” [er] {opinion}

  3. On my school network it took me about 2 minutes to set up my mac. In constrast it took me 2 hours to get one dell online and over a day to get another one online. UCLA’s reuirements are pretty strict, and include a full virus scan, up to date windows patches, and mandatory school supplied antivirus software. Unless you have a mac. In which case you just have to click the button “I already have AV software”

    off topic: is gmail down? I’ve tried getting on about 4 times in the past 2 hours and it keeps telling me the server is too busy.

  4. Of course this makes sense — if only 10 people in the world use these useless and overpriced computers no one will break into them. We all know that OSX is the swiss cheese of operating systems as Mac people are stupid and don’t know how to lock them down. As soon as Apple starts selling real computers (make that Intel) then the fun will begin. These clueless boobs will be overwhelmed by viruses, malware and other goodies with no end in sight.

    Apple support will give up and Steve Jobs will retire to the Bahamas. If you want a fast, reliable and secure computer it is time to purchase from Dell or HP and make sure you get Microsoft Windows.

  5. Ah buddy, step back from that agressive attitude. (Maybe you are cranky because your computer is running slow & needs a “cleaning.”) The myth is that Apple security is no better than Msoft’s security and that the only reason that Macs are safer is that no one cares to write exploits for 3% of the world market.

    That is a myth primarily in that OS X, being built on a Unix-like foundation, is inherently more secure.

    Permissions based systems along with Apple’s implementation of that into the interface, makes for a more secure system. Every modern OS is permissions based and whenever Msoft gets around to releasing Vista, it too will have a permissions based OS.

    So, my prickly little friend, I’m sorry that you are offened by all the Mac cheerleading going on here, but hey, it is a Mac site.

    And while Macs may be more secure because of their smaller userbase… 0 – ZERO “in the wild” exploits in what, 5 years, proves that its UNIX foundation is solid & the envy of Msoft.

    Smile buddy, it won’t hurt too much.

  6. “Security by Obscurity” really is a factor in Mac’s virtuous security. My rough guesstimate is OS X systems should suffer about 0.25% as many attacks as Windows systems. that would be … (crunch)(crunch) … several hundred – wait … THAT can’t be right!

  7. This “reporter/author” (to use the terms loosely) is doing no more research into his articles than for what I faulted previous previous writers.

    This “reporter/author” (to use the terms loosely) is doing no more research into his articles than did those I had faulted previously.

    Does this mean I’m hired?

  8. Fort Knox hasn’t been robbed, because it’s empty. It’s expired, gone to meet its maker, pining for the gold fields. There’s nothing in it but a negative-balance debit card gathering dust on the floor. It’s a Potempkin Village gold depository.

    Ask any Illuminati member. Like a Mason.

    Jeez.

  9. Total Mac Global market share is about 3% as of april.

    Also this is a myth when intended to be percentage of users. The Global (as the US or EU or any other large market) includes sales for everything, from cashier register, to airport monitor dedicated PCs to whatever. It is not human beings using a computer.

    For the Chicago % on students better woud be the percentage of LAPTOPS and Apple has risen to 12%. Or do you think a student carries a lorry with a desktop in the classrooms?

  10. Im with drunk cheney…I dont care why…life is too short to worry about crappy, virus and adaware filled, computers running inferior code. Ill take my Mac thank you. Good luck to the rest of you…because you will need it.

  11. By definition of the term “security through obscurity (sometimes security by obscurity) is a controversial principle in security engineering, which attempts to use secrecy (of design, implementation, etc.) to ensure security.

    It looks like you do not even know what yourself are writing. Windows is the one trying to use security by obscurity: its API is not totally public, its code is not on the web for everyone to d/l and look at it. THIS is security by obscurity.

    It has NOTHING to do with market share, dumbass.

    Apple Darwin and now – again – even the kernel code is Open Sourced and developers can d/l and study it. Obscurity my ass, lobster.

    AND if you think your quote “Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available.” has anything to do with security by obscurity you are even more an idiot than we all thought: you must be a Windows user.

  12. Ah buddy, step back from that agressive attitude.

    Well, you see, it is exactly the aggressive attitude that you pointed out of idiots such as the above Windows poster, full of ignorance, pretentious and sucking Gate’s and Ballmer’s dick since years that makes Mac users going ballistic.

    When you are a moron and an idiot and you keep defending Windows for its security problem with idiotic statements regarding market share – hence showing how deep your ignorance is wrt OS security – what do you expect from Mac users (WHICH for a large part are Windows users themselves)?

    That you are called out loudly for what you are: AN IDIOT, a MS cocksucker, a MORON, a dickhead, a Windblows user. It is their attitude that makes Mac users drive by the thousands on web sites, via emails, via blogs to say how it is: YOU ARE AN IDIOT.

    It is too much to ask idiots to admit they are idiots, it would require a grain of brain, but is it too much for idiots to SHUT THE FUCK UP. Go back to your hospital ward and fend off all the malware it hits your toy OS every minute.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.