Sophos Says Switch to Mac

So, in case you didn’t notice, I’ve been on vacation – so sorry about the slowdown in blogging activity. I’m back in the swing of it now, so the activity on this humble forum should once again increase. Anyway, in reviewing the million or so news or stories that collected in my box while I was relaxing in the sun, I came across this tidbit from last week where Sophos warns all computer users to switch to Mac. Check it out:

Macs will continue to be the safer place for computer users for some time to come… [That is] something that home users may wish to consider if they’re deliberating about the next computer they should purchase.

Interesting. I’m surprised by this for a few reasons. First of all, it’s reflective of a mixed-message from Sophos. If 10 out of 10 viruses don’t infect Mac, why is Sophos warning Mac users that they need virus protection? Seems like a bit of a muddle, doesn’t it?

Second of all it’s myopic; here’s Sophos giving generalized advice based on one very narrow view of the facts. Yes, it’s true that Mac’s have traditionally had less malware. However, they’re also slower to patch vulnerabilities than Microsoft by a wide margin, thereby increasing the attack surface for a malicious user. So while it might be less likely to get spyware, it might be more likely to get h4x0red. So, is it Sophos’ position that users are better off getting hacked than getting malware? Or is it just that Sophos (being an anti-virus company) has too narrow a focus to include this other information in their analysis? I’m going with the latter, in which case it begs the question, “what else are they not considering?” For example, Larry Seltzer, Gartner and others tell us that the Intel Mac – via bootcamp and parallels – is a veritable breeding-ground for malware. Of course, I’m not convinced they’re right, but what if they are? Has Sophos investigated these technologies to support their analysis or are they just shooting off the cuff?

Look, I’ve said this before and I’ll say it again. I think it’s irresponsible for AV companies to give generalized advice to users based solely on perceived trends in malware. They do it to get press, which is understandable; saying that everyone should switch to Mac is something guaranteed to get you a front-page somewhere. But what about the users that listen to it? What about the folks who’ll hear this advice and actually heed it. If they did, they’d be buying a system they’re unfamiliar with, requireing tens or hundreds of hours to learn how to use it, they’ve had to potentially invested thousdands of dollars, and they may or may not be better off overall. After all, they certainly could get malware anyway from the windows side of Boot Camp. Were they well served?