Ads by TechWords

See your link here
Receive the latest technology news and information.
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

Apple's antivirus advice 'big to-do about nothing,' says researcher

December 2, 2008 12:00 PM ET

Active Comments
-hh says: Check the Apple page in question in the Wayback Machine...the previous (June 2007) version made the same recommendations. It can...
Anonymous says: I notice that they didn't recommend ANY of the free Anti-virus scanners out there, that already work on Mac.


The fact of the matter, continued Storms, is that security professionals urge users of all platforms to defend their systems with layers of protection -- only one of which may be antivirus software -- and make the same recommendations to everyone when it comes to current threats.

"It's the human and the human information that is at risk today," said Storms. "Criminals just want your private information, your online bank account or credit card or Social Security number."

Yet Storms understands how a short Apple support note can generate interest far above what something similar issued by, say, Microsoft, would create. "If Apple would say something about security, like 'We've said this before, this is just an update,' it wouldn't have been such a big deal. But it won't."

Storms has been critical of Apple's security procedures in the past, most recently in September when he took the company to task for its ad hoc scheduling of patches for Mac OS X and its other software.

"People have this conception that Macs can't have malware," said Charlie Miller, a researcher at Baltimore-based Independent Security Evaluators. He seconded Storms' theory about why a simple notice from Apple got so much attention. "Obviously, that's false. I've written exploits [for the Mac], and there's nothing inherent in the [Mac] OS to stop someone from writing a virus. But at this point, no one's taking the effort to go after the Mac."

But Miller, who regularly roots out Mac and iPhone vulnerabilities and is perhaps best-known for walking away with a $10,000 prize for hacking a MacBook Air laptop in under two minutes last March, pooh-poohed Apple's recommendation using the same logic as many longtime users.

"Windows has 90% of the market, but [attackers] give it 100% of their time," he said, echoing the idea that hackers target the largest pool of victims.

Criticizing security software for its cost -- both in dollars and in the processor cycles it consumes -- Miller admitted that he doesn't bother running any on his Macs. "I don't think it protects me as well as it says," he argued. "If I was worried about attacks, I would use it, but I'm not worried."

He acknowledged, however, that he isn't a typical user, and he noted that the time may come when he would have to eat his words. "When Macs make up 30% [of the computer market], maybe then there would be an explosion [of malware]."

"Macs do get attacked," Storms added. "They've died two years in a row at 'PWN to OWN'," he said, referring to the contest that Miller won this year, and that New York-based researcher Dino Dai Zovi won in 2007 when he broke into a Mac laptop using a Safari browser bug.

"It's true that the Mac is not a large target," Storms said. "It's still not. But we're not in the old world of viruses, we're in the world where [malware] grabs passwords. It doesn't matter if you have a Mac or a Windows machine; criminals don't care."

Read more about security in Computerworld's Security Knowledge Center.



Jump to comments

Apple

Additional Resources

EFD vs. HDD - What You Need to Know
WHITE PAPER
Enterprise flash drives provide a new Tier 0 storage layer capable of delivering high I/O performance at a very low latency. Proper use of EFDs in an Oracle environment can deliver increased performance compared to fibre channel drives. Read the recommendations for identification of the best DB components for EFDs.
Gartner Research Report: Magic Quadrant for Application Delivery Controllers, 2009
WHITE PAPER
The market for products to improve the delivery of application software over networks remains dynamic and innovative. Vendors focused on solving enterprises' most-pressing application problems have become the top players.
Eight Criteria for Server Load Balancing
WHITE PAPER
Server load balancers are a simple yet highly effective means to scale an application environment while ensuring its availability. Today's solutions should also address application performance and security. Read about the top eight criteria you should consider when choosing a server load balancer and how Citrix NetScaler meets those requirements.

What People Are Saying

White Papers & Webcasts

Death to PST Files
Download Now  

Web 2.0, Social Media and the Dark Web - A Web Criminals Paradise?
In this discussion, learn about the challenges of protecting your users from the potentially unsafe content hidden in the "Dark Web".

eGuide: Enterprise Security
Smart Security Strategies for 2010. Read now!  

Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...


IT Jobs