Someone posted a very rude comment to my last post here. I originally approved it, despite the ugliness of the way it was expressed, because it made some points worth addressing. However, as I composed my reply, I got increasing irritated with the allusions to pimps and touting and fabricated statistics, so I made up a policy for this web site on the spot.
I don’t have a problem with dissent and debate, even heated debate. I don’t mind if you have a poor opinion of the AV industry in general, though I’d point out that we are individuals, not “types”. But I will not approve any comment that isn’t reasonably polite and badmouths individuals gratuitously.
Bill, if you want to resubmit your comment in a way that doesn’t suggest that I, or respected colleagues in the security industry, are crooks, charlatans and liars, I’ll be happy to approve it. In the meantime, I’ll attempt to deal with the points you made: briefly, since I have a plane to catch.
You don’t see the information about Mac threats because you’re not looking for it. Some of the threat types that concern us are actually described (not in detail) in the 2010 EICAR paper available from the resources page. I’m also building a Mac-specific information resource here, but because I’m not being paid for maintaining this site, it has to be done when I have time, and that doesn’t happen very often. It is time-consuming because, whatever you may think to the contrary, I intend it to be accurate.
The list in that paper is not a complete description of every threat type, let alone every variant, just a rough indicator. The point is that vendors have many hundreds of unique binary samples of OS X malware. That’s a fleabite compared to the 40 million or so Windows-targeting malicious programs we see right now, and it’s not necessarily the best way to measure, but it’s certainly more than three.
The number of Apple machines or users affected is indeterminable. ESET does gather some statistics (not at all surreptitiously) from users who choose to allow the anonymised and automated reporting mechanism in the product to operate, but it only gives a snapshot view of a subset of the computer-using population, which is why we never publish data based on those figures. To do so would certainly be more misleading than helpful.
I know for a fact that it’s very compared to the numbers of people affected by Windows malware. So? No-one is saying Mac users have to take precautions against OS X – targeting malware. If you want to gamble, be my guest: at the moment, the odds are on your side, if you don’t fall for social engineering trickery.
AV products are silently updated several times a day. But that’s what people expect from them. Apple, however, has added detection for just one item of malware since Snow Leopard was introduced. As a countermeasure against malcode, that’s pathetic, but what’s iniquitous about it is that the company is doing it silently because it’s still pushing the “there is no Mac malware” line even while trying, however ineffectively, to counter Mac malware. That’s obviously for marketing reasons. I don’t expect any business not to do any marketing, but that is edging towards deception. What, you don’t think Apple is in the marketing business? Hmm…
I know where most malware comes from. And I was an advocate of on-access scanning long before I was assimilated by the security industry. The point about Apple’s flawed implementation is that it looks for specific malware in a context in which it won’t find it. Intego’s report is quite comprehensive and detailed on that point: I suggest that you read it before you denounce it (or me) as wrong.
David Harley CITP FBCS CISSP
Mac Virus Administrator
Small Blue-Green World
AVIEN Chief Operations Officer
Also blogging at: