A Mac virus vs. a Windows virus

So.  Big news on the net this week; Mac’s have a malware program running around the Internet.

Die hard Mac haters are cheering.  “See,” they say in a chorus of sneering.  “Mac’s aren’t so safe after all!  You can get infected too!”  They’re toasting each other on what they have believed is the inevitable destruction of the Mac users smug arrogance when it comes to Internet security.  They are moving through fits of ecstasy at the thought that so very soon, the Apple store’s shelves will be filled with box after box of anti-virus and firewall software to protect the foolish masses of Mac computers out there in the world soon to be raped by malware designed to zombify them and/or give over precious private data.

They blog and report on websites around the world, reminding us once again, about their theory that the only REAL reason Mac’s have been ‘safe’ for so long is due to their unpopularity.  If only more people bothered to use and purchase Mac’s (and why would they when there is so little software available for Mac’s?), they have said for decades, then the worms and Trojans and malware would come out of the woodwork’s in droves.  But right now, they have always said, it’s just not in the interest of the people who create such things to do so for such a small user base.  They write stories with titles like, “Paradise Lost” to really hammer home the concept that the party is over.  No longer are we Mac users safe, they say.  Time to become slaves to the Internet Security Behemoth Windows has built over the decades.

We’ve heard it for so very long.  It’s utter bullshit.

Yes, Mac has a malware attack out there in the ether and yes it can zombify your machine.  If you’re stupid. Let’s take a look at the differences between how a Mac computer can become infected with something like this versus how a Windows machine becomes infected.

On the Mac, you must actively download and install the program.  In the case of the one going around right now, it’s inside/attached to a pirated, trial copy of iWork.  How do you stop it from infecting your computer?  Um, don’t download the pirated copy of iWork?  Since the majority of Mac users in the world probably won’t do that, the chances of this thing becoming a huge big deal are pretty slim.  Install anti-virus?  Um, no.  Why would you?  The only way for this piece of malware to infect your computer is for you to download and install it.  It won’t come through your browser.  It won’t come through your mail.  It won’t simply find you on the web, download and install itself and then run rampant.  You have to choose to become infected.

As a side note – the key to all of the anti-virus software out there is that once your computer is infected, the anti-virus software will clean the infection off your machine or quarantine it so it can’t do any more harm.  You didn’t actually think it proactively protected you, did you?  Cuz it doesn’t.  It waits for the damage to be done, then it reacts, so it wouldn’t help you unless you’re already infected, which again, unless you’re stupid, won’t happen.  So don’t worry about it.  You don’t need any of that crap for your Mac.

So, all in all, there’s a mac-specific malware out in the wild that can’t hurt you unless you invite it in, ask it to sit down and hand it the keys to your house.  Are there people out there who will invite it in because they want the pirated copy of iWork?  Sure.  And they’ll always be at risk of things like this because they are being stupid and there’s nothing that can be done about that except to hope that they don’t breed.

Let’s compare that scenario with how a Windows machines becomes infected.  First up, I feel that it in the interest of good faith disclosure that I inform you that the chances are, during the time it took you to read the text above, several attempts to infect your machine were tried by various bad people all around the world.  I am not one of them.  Hopefully they failed.  On an unprotected XP machine, it’s something like 4 minutes on the web before the damned thing is infected with something.  4 minutes!  On Vista… why the hell would you be on Vista?  Are you just looking to be punished?  Do you have some sort of narcissistic need to cause yourself pain and frustration?  You probably beat yourself with one of those studded belts across the back like in ‘The DaVinci Code’, don’t ya?  But I digress…

See, the fundamental difference is that the Windows user doesn’t really have to do anything to become infected by something nasty.  Just being connected to the Internet means they can find you and infect you.  That’s why you have firewalls and anti-virus, and user credentials and closed ports and a slew of other stuff to try and make that Windows box ‘safe’.  Unlike the Mac malware attack above, you aren’t really a part of the equation in your Windows box becoming infected, it’s not a choice that you have to make – the bad stuff out there doesn’t really need your permission to run or install.  They run in the background, while you’re playing Bejeweled or surfing porn or whatever else you enjoy on the web, and they do so silently and quickly.  Like Ninjas!  Wait, does that make them sound cool?  They’re not cool.  They are anything BUT cool.

Opening up Internet Explorer and visiting websites can infect your machine.  That’s because they like to specifically target the security vulnerabilities inherent in IE to infect your machine and again, you don’t know that it’s happening until its way too late.  That’s why and how ‘Patch Tuesday’ evolved; as vulnerabilities were identified, Microsoft had to address them through weekly patches to combat whatever nasty thing was floating around that week.  Occasionally, something will come along that is particularly nasty and they will issue a special security patch on a different day.  Same goes for other entry points – all you have to do to become infected by certain email bugs is view the infected email.  Open the email, you’re infected.  That’s why these types of programs try to send themselves to everyone in your address book first thing, because your friends, colleagues and family are more likely to trust and open something from you versus some random piece of junk mail or spam.  Neat huh?  Nothing to run, just open it and you’re screwed.  Then your computer tells two friends.  And they tell two friends.  And so on.  And so on…

Better close that preview pane in Outlook.

They even came up with a way to infect your machine by viewing an image.  That scared a lot of people last year.  Open an email or a browser with an infected .jpg on it and you were infected.

All of these things hit Windows machines through vulnerabilities in Windows and other Microsoft software products.  These vulnerabilities can be innocent in inception, a port defaulted to ‘open’ because some legitimate piece of software or a driver or something, somewhere needed it to be.  But in the wrong hands, it suddenly becomes something much more sinister and a way to enter in and do bad things to you, your computer and your private data.  Is the Mac OS more secure?  Yes, it is.  So is Unix, but you don’t want to use Unix.  Command prompt bad.  BAD COMMAND PROMPT!  NO!  NOT ON THE CARPET!  NO!

*cough*  Is the Mac OS invincible?  Of course not.  But it is better protected thanks to how it is developed and because of the thinking behind it and the new versions of the OS as they are developed  – Apple is not trying to support legacy machines from 10 years ago with each new OS released, which I think makes a huge difference.  They don’t have all of that baggage and they don’t have to try and please every Tom, Dick and Harry manufacturer of BLAH in the world who is trying to create the next, cheap piece of crap hardware to go into the Windows box.

Is it less of a target because of the smaller user base?  I really don’t think so.  It could be, but I don’t believe that it is.  I don’t think that is the motivation behind the attacks and the development of this stuff.  Given that a lot of this crap specifically targets Mircosoft software and vulnerabilities in various versions of the Windows OS, I’m actually inclined to think that this is more likely a war against Microsoft itself.   Glee is taken by those who find and exploit each new vulnerability or in finding out that old ones once thought patched are now open again (happened last year or maybe it was the year before).  even as Microsoft tries to release new things that are intended to be more secure, like IE7 and Vista, these folks crack their knuckles and set about finding out just how secure they are and where they can break in and do bad stuff.  It’s like a vendetta.  A jihad, even.

So.  What does all of this mean?  Yes, there is a malware threat out there for Mac.  No, it does not signal the end of the Mac users warm and fuzzy feelings over Internet security.  Nor does it signal that the time has come for Mac users to load and mess with anti-virus bullshit.

I think it comes down to being a non-event and a non-issue.  We can only wait and see if things change, if more and more stuff comes out that attacks the Mac platform, and how Apple reacts and combats those attacks.

IF they happen.

~P