…though since my last post gave WordPress spam filtering the vapours for some reason that wasn’t explained to me, I provide these with some trepidation.
- Kurt Wismer rants about the mac malware phenomenon
- Roger Grimes asks Seven Questions about the Mac Malware Scare
- Charlie Miller tells Wired that it isn’t necessary for every Mac user to rush out and buy AV. I’m not sure what he thinks about free Mac AV, but perhaps Sophos does. ;-)
- Macalope jumps up and down on Adrian Kingsley-Hughes and Tony Bradley.
- And Dan Raywood quotes me again in a follow-up opinion piece on “Malware hits the Mac but is it worth worrying about?”
For what my opinion is worth, this isn’t quite the tipping point some people are saying it is: it’s a pretty successful attack in terms of the number of people affected, but I suspect that the figures I’ve seen reflect enquiries from worried customers more than they do actual infections. And numerically, this is very small beer compared to the fake AV volumes that afflict Windows.
That doesn’t make it a straw man: if you’re a Mac user who falls for this scam, it’s a pretty big deal. I’ve no patience with the zealots who argue that if it only affects a few people (whatever you understand by a few) it doesn’t count, especially if it’s social engineering rather than a vulnerability.
On the other hand, I agree that if you use a reasonable amount of common sense about what you install, you don’t necessarily need AV. Good job this is a marketing-free zone…
David Harley CITP FBCS CISSP
Small Blue-Green World