“As part of its current ad campaign, Apple suggests that Macs aren’t vulnerable to the same Internet security problems PCs are,” Todd Spangler writes for Baseline Magazine.
“But according to a new study by security vendor Symantec, the number of vulnerabilities identified in Apple’s Safari browser in the first half of 2006 doubled over the prior six months—and it increased its window of exposure to Net-based exploits from zero days to five,” Spangler writes.
Spangler writes, “Microsoft’s Internet Explorer browser still has a longer window of exposure—the time between when code exploiting a vulnerability appears and when a fix is available—and a greater total number of security holes. But Apple ‘is headed in the opposite direction’ with respect to its browser’s vulnerability to Internet-based threats, says Dave Cole, director of Symantec’s Security Response team.”
Spangler writes, “Apple’s marketing campaign implies Macs are not vulnerable to the same kinds of Internet security threats that Windows PCs are. In a recent Apple TV ad, an actor playing the Mac character says to the PC character: ‘I run Mac OS X, so I don’t have to worry about your spyware and viruses.’
Spangler writes, “Symantec’s Cole says it’s a fallacy to claim that any Web browser is inherently safer than another. ‘The reality is, Apple has lower market share’ than Windows PC makers, he says. ‘Attackers are driven by money, so they go after the bigger market. If you have lower market share, you’re not more secure—you’re just less interesting [to a hacker].'”
Full article here.
[Thanks to MacDailyNews Reader “Stormy” for the heads up.]
MacDailyNews Take: Ooh, we’re shaking with fear. Let us know when Macs are hit with spyware or viruses in the wild, okay? Until then, we’re not buying what Symantec et al are peddling. While smaller market share is no doubt yet another advantage for Mac security, Mac OS X is inherently more secure than Windows. With 20+ million Macs in the world, why has there been no single successful Mac OS X virus in 5+ years? Shouldn’t there be a few or at least one?
Remember, do not download, authorize, and install things on your Mac from untrusted websites.
By design, Mac OS X is simply more secure than Windows. Period. For reference and reasons why Mac OS X is more secure than Windows, read The New York Times’ David Pogue’s mea culpa on the subject of the “Mac Security Via Obscurity” myth here.
Macs account for roughly 10% of the world’s personal computer users — (some say as much as 16%) — so the first half of the myth doesn’t even stand up to scrutiny. Macs aren’t “obscure” at all. Therefore, the Apple Mac platform’s ironclad security simply cannot logically be attributed to obscurity.
There are zero-percent (0%) of viruses for the Mac OS X platform that should, logically, have some 10-16% of the world’s viruses if platforms’ install bases dictate the numbers of viruses. The fact that Mac OS X has zero (0) viruses totally discounts “security via obscurity.” There should be at least some Mac OS X viruses. There are none. The reason for this fact is not attributable solely to “obscurity,” it’s attributable to superior security design.
Still not convinced? Try this one on for size: according to Apple CEO Steve Jobs at WWDC, there are “19 million Mac OS X users” in the world and there are still zero (0) viruses. According to CNET, the Windows Vista Beta was released “to about 10,000 testers” at the time the first Windows Vista virus arrived. So much for the security via obscurity myth.
Related articles:
Chicago Tribune falls for the ‘Security Via Obscurity’ myth – August 14, 2006
Oxymoron: Microsoft security – August 12, 2006
With exploits in wild, Microsoft Windows braces for yet another critical worm attack – August 11, 2006
Microsoft’s oft-delayed, much-pared-down Windows Vista hacked at Black Hat – August 07, 2006
Ballmer analyzes Microsoft’s One Big Mistake, Vista… er, ‘One Big’ Vista Mistake – August 02, 2006
Symantec details more security holes in Microsoft’s Windows Vista – July 26, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Sophos: Apple Mac OS X’s security record unscathed; Windows Vista malware just a matter of time – July 07, 2006
Sophos Security: Dump Windows, Get a Mac – July 05, 2006
What Microsoft has chopped from Windows Vista, and when – June 27, 2006
Security company Sophos: Apple Mac the best route for security for the masses – December 06, 2005
Apple: ‘Get a Mac. Say ‘Buh-Bye’ to viruses’ – June 01, 2006
Apple Macs and viruses: Fact vs. FUD – May 26, 2006
‘Mac security’ garbage reports continue to proliferate – May 10, 2006
ZDNet: Reduce OS X security threats – ignore security software – May 05, 2006
Unix expert: Mac OS X much more secure than Windows; recent Mac OS X security stories are media hype – May 03, 2006
Macs and viruses: the true story – May 02, 2006
Anti-Mac FUD machine shifts into overdrive – May 01, 2006
FUD Alert: Viruses don’t catch up to the Mac – May 01, 2006
BusinessWeek: Apple should hire security czar to combat uninformed media FUD – March 09, 2006
Spate of recent Mac security stories signal that Microsoft, others getting nervous – March 06, 2006
Mafiasoft: Microsoft to charge $50 per year for security service to protect Windows – February 07, 2006
Computer columnist: anti-virus software purely optional for Apple Macs, not so for Windows – November 01, 2005
Hackers already targeting viruses for Microsoft’s Windows Vista – August 04, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Vulnerabilities ≠ Exploits
Symantic and Dave Cole:
Nattering Nabobs of Negativism.
or to quote Moe Howard:
“I’d knock your brains out if you had any!!”
Old, old, old, news.
We really do have to blame Symantec for leading these idiots astray.
Apple is set to grow exponentially. And Symantec will earn precisely ZERO from those billions.
Good thing I say.
MDN: enjoy repeating its own crap over and over.
Point made: MDN not yet totally self convinced.
Results: childish takes and pointless shouting.
Oh Lord, not “Symantec says…”, again. Haven’t we learned not to learn from Symantec yet?
And, is anybody really saying that Macs are totally invulnerable, without any possibility of any viruses (in the future)? Is anybody really saying that? I don’t hear anyone saying that. If Macs are going to become targets by virtue of market share, then lets get there first, then start worrying about viruses that may or may not take advantage of vulnerabilities. And that’s assuming Apple, for some crazy reason, stops releasing security updates.
No, I’ve got to believe that this kind of rhetoric is ulteriorally motivated.
Apple more secure than Windows? Well, Duh!
Wait, WWDC was yesterday!? CRAP! I missed it!!
(MDN, you might want to edit your take a little bit…
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />)
“Attackers are driven by money, so they go after the bigger market”
Um ok, tell me exactly how these people are making a profit from creating viruses?
Attackers are driven by ego.
Symantec is shooting themselves in the foot. In a feeble attempt at spreading FUD – fear, uncertainty and doubt – they are proving themselves to be an unreliable source of real data. The “obscurity myth” is old, dead and buried, and for a company that should be actually looking to real vulnerabilities to spew rumors and falsehoods as facts totally underlies ANY credibility they may have.
I also have issue with BaseLineMag.org for using an obviously biased company as a source of factual information.
Aren’t there ANY REAL JOURNALISTS out there any more?!!!
A story about how Macs are more secure than Windows? This is a certainly a first for MDN. You guys should cover stories like this more often.
Death, taxes, MDN stories about Mac security.
Good point, Macromancer. Hackers don’t make any money from their activities. What is Symantec talking about? Perhaps Symantec is really talking how THEY make money from hackers’ activities?
Wonder how many hackers Symantec pays off the books, working night and day, to develop a hack, virus, worm, trojan, anything Apple based.
They see they will lose much $$ as Apple expands.
Ultimately, it doesn’t matter WHY Macs are more secure. No one (not even a FUD spreader) argues the point THAT Macs are more secure. Far more secure…
Symantec is just looking to sell their shitware to the clueless by using FUD, that’s all. Just don’t be stupid enough to fall for it and you’ll be fine.
Hackers that write malware for “ego” usually like to make a splash and that means revealing the exploit and creating havoc in the process – this still happens but is less common than they more damaging kind of “commercial” malware that is today’s threat.
Malware authors make money by compromising internet-connected personal computers and using them for botnets that can then relay spam or participate in DDOS attacks. They get a return for each machine that they provide for the network. They may also install key loggers or other software used to harvest and forward identity information for whatever purpose you choose to imagine. These security breaches are not useful to the attackers if they reveal themselves, since the owner would then take steps to remove the intrusion (usually this means reinstalling Windows and rebuilding the system). Root kits are the ultimate in stealthed exploits, since they become invisible to the OS itself.
Windows users who also use IE for browsing are particularly vunerable to attack, but social engineering can make it possible for a user with the proper privilages to unwittingly install maware on any platform.
Even Mac OS users would be well advised to not routinely run as administrator (or as root in a Unix/Linux box). There is a known weakness in the Mac OS where a user running with aministrator privilages can install a package that requires root privilages without getting the authentication dialog box – run as a normal user and this weakness is not an issue, you will always get an authentication request. Listen to the last Macbreak Weekly podcast for discussion of this issue.
“Spangler writes, “Symantec’s Cole says it’s a fallacy to claim that any Web browser is inherently safer than another. ‘The reality is, Apple has lower market share’ than Windows PC makers, he says. ‘ATTACKERS ARE DRIVEN BY MONEY [emphasis mine], so they go after the bigger market. If you have lower market share, you’re not more secure—you’re just less interesting [to a hacker].'”
My question to this ‘logic’ is this… “Who the h*ll is paying for hackers to attack *any* OS or browser???? I mean, if MONEY is the objective of these ne’er-do-wells, just EXACTLY who is paying them???
I propose that Symantec’s Cole is shoveling a huge, steaming pile of FUD and needs to StFU.
MW: effect… As in, Dave Cole needs to be aware of what type of effect his stupid opinions have.
If you believe that you can find the source of motivation by following the money trail. It doesn’t take much to figure out who has the biggest financial stake in insuring that malware remains a threat.
RE: dpp
Ummmm, ok….
Answers that question.
MDN,
Why do you post articles under headlines that state the opposite of what the article says?
I read the article with the expectation of finding another ‘expert’ who had come to his senses about security. Instead, I find another misguided fool. I have no need to hear from this person.
Your ‘take’ should never be the headline.
I agree with DanieIN. I am an avid Apple user and fan. But don’t appreciate when MDN changes article Titles for their own spin. Agree with above 100%
To answer the question how hackers get paid for finding and using exploits.
Just look at your well used email account, full of spam right?
Fools click on this spam and actually buy stuff. Some are phishing scams where people click a link in a spam and actually enter their vital banking login information.
Some people are taken by the email scams too.
So what does this have to do with exploits?
Simple, every email can be traced back to a IP address that sent it. Even if the headers are altered a bit. If spammer uses their own IP address they can be shut off by their ISP.
So what spammers need is botnets of unsuspecting users machines to spam from to hide their identity, grab new email addresses and propogate viruses to start the hole process over and over again. This is where hackers come in.
When a spam makes it to a suspects email box, it usually has a image that needs to be downloaded from a spammers server. This tells the spammer your IP address and chocks up a reward $$ for the hacker.
PharmaMaster taught me everything I know.
” width=”19″ height=”19″ alt=”raspberry” style=”border:0;” />
As Apple’s market share continues to increase over the next few years and could be poised to enter the double digit domain. What this means for Symantec, who has to deal with Windows One Care or Live Care or whatever they are calling thier software they sell to protect an inferior product that they also sell. In either case Symantec loses money. If I was Symantec’s marketing department I would exploit every piece of FUD I could to generate my cash flow.
“Attackers are driven by money, so they go after the bigger market.”
Actually, most are not driven by money (yet).
I’m a big MDN fan, but I agree that this is a very poor headline (“Apple Macs are far more secure than Windows PCs”) for this article. I can see where MDN didn’t want to include a headline that just propagates the article’s misinformation, but instead their headline misrepresents what the article said.
Perhaps a better headline would be:
“Symantec again spreads self-serving FUD about Mac OS X”