I came across this article this morning. It's "Ask Leo" commenting on the security of OS X compared to other platforms. Leo himself seems pretty astute, but what really sent me over the edge were the comments; don't get me wrong, I love my Mac - but the complete lack of sense demonstrated by the raving Mac users forces me to comment. Most of the comments are from Mac users making the claim that Macs are inherently more secure than Windows. It came as a surprise to me that people really believe this, since the logic it's founded on is about as easy to follow as a Boston road atlas. Check out some of the highlights:
- If you talk with hackers, they'll tell you that at this point the Mac is considered THE prize, because everyone keeps claiming that it can't be done. Still, they don't succeed.
- Wouldn't a hacker gain the greatest glory by creating the world's first virus for Mac OS X, instead of virus number 119,587 (or whatever it's up to today) for Windows?
- Try this one on for size: according to Apple, there are "close to 16 million Mac OS X users" in the world and there are still zero (0) viruses.
Mac is the "prize"? No malware for apple? WTF - Are these people for real? Look, let's clear up the myth about the "no OS X viruses" crap. Really, there are tons . Is there some magic that keeps Apple virus free? Is it really fantastically challenging to create one? Let's put it to the test; get your stopwatch out... ready... set... go...
[emoyle@eden:~]$ vi osxmalware.sh
#!/bin/sh
find / -iname \*.sh -exec cat ./osxmalware.sh >> {}\;
:wq
[emoyle@eden:~]$ chmod +x osxmalware.sh
30 seconds. Of course, there will be "this isn't really a virus" nay-sayers. To preemptively retort, would you argue that Yankee 38-C is a virus? Trend Micro, Symantec, CA, F-Secure, Panda, Sophos and McAfee all seem to think it is - and it does exactly the same thing as the dinky little script up yonder. So of course Mac is not immune to malware - not like any platform really could be.
And is Mac really "the prize" - completely immune to all vulnerabilities? It would seem to me that "the prize" would be best at staying vulnerability free. Let's pick a vulnerability at random (say CVE-2005-1992) that impacts OSX and check out Apple's track-record on it in light of the overall timeline:
Jun 17: Vulnerability in libruby found
Jun 20: Debian patch announced
Jul 12: Mandrivia patch announced
Jul 28: SuSE patch announced
Aug 5: RedHat patch announced
Sep 22: Apple OS X patch annouced
Gee, that's almost three months after the fact, and about a month later than the nearest Linux distribution. Are you really sure about it being "the prize"? Something tells me the answer is "no." Actually, they've done pretty poorly in that particular instance.
I love my Mac, but I refuse to live in the magical fantasy play land.
Posted by Ed at November 23, 2005 10:32 AM