Apple's antivirus advice 'big to-do about nothing,' says researcher
The fact of the matter, continued Storms, is that security professionals urge users of all platforms to defend their systems with layers of protection -- only one of which may be antivirus software -- and make the same recommendations to everyone when it comes to current threats.
"It's the human and the human information that is at risk today," said Storms. "Criminals just want your private information, your online bank account or credit card or Social Security number."
Yet Storms understands how a short Apple support note can generate interest far above what something similar issued by, say, Microsoft, would create. "If Apple would say something about security, like 'We've said this before, this is just an update,' it wouldn't have been such a big deal. But it won't."
Storms has been critical of Apple's security procedures in the past, most recently in September when he took the company to task for its ad hoc scheduling of patches for Mac OS X and its other software.
"People have this conception that Macs can't have malware," said Charlie Miller, a researcher at Baltimore-based Independent Security Evaluators. He seconded Storms' theory about why a simple notice from Apple got so much attention. "Obviously, that's false. I've written exploits [for the Mac], and there's nothing inherent in the [Mac] OS to stop someone from writing a virus. But at this point, no one's taking the effort to go after the Mac."
But Miller, who regularly roots out Mac and iPhone vulnerabilities and is perhaps best-known for walking away with a $10,000 prize for hacking a MacBook Air laptop in under two minutes last March, pooh-poohed Apple's recommendation using the same logic as many longtime users.
"Windows has 90% of the market, but [attackers] give it 100% of their time," he said, echoing the idea that hackers target the largest pool of victims.
Criticizing security software for its cost -- both in dollars and in the processor cycles it consumes -- Miller admitted that he doesn't bother running any on his Macs. "I don't think it protects me as well as it says," he argued. "If I was worried about attacks, I would use it, but I'm not worried."
He acknowledged, however, that he isn't a typical user, and he noted that the time may come when he would have to eat his words. "When Macs make up 30% [of the computer market], maybe then there would be an explosion [of malware]."
"Macs do get attacked," Storms added. "They've died two years in a row at 'PWN to OWN'," he said, referring to the contest that Miller won this year, and that New York-based researcher Dino Dai Zovi won in 2007 when he broke into a Mac laptop using a Safari browser bug.
"It's true that the Mac is not a large target," Storms said. "It's still not. But we're not in the old world of viruses, we're in the world where [malware] grabs passwords. It doesn't matter if you have a Mac or a Windows machine; criminals don't care."
Apple
Additional Resources



White Papers & Webcasts
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
