On Not Wanting to Eat Crow


To much of the general public, a computer is an enigmatic box, a semi-magical creation which is simultaneously a portal to a half decent encyclopaedia, countless reams of porn and a lot of free music, a free messaging service and a good way to send long, rambling letters to people you don’t want to see face-to-face, a games console that lacks the convenience and controllers of real consoles but sometimes makes up with better graphics, and maybe a half decent typewriter. Whether the processor within is a PowerPC or something descended from Intel’s cruellest mistake (the x86; ask anyone who programmes it low level), whether the operating system is Windows XP Home, Mac OS X or Linux 2.6, most people don’t care as long as it does what it does. To most people, Macs are just prettier. “What? Macs don’t run Windows?” Admit that you’ve heard it said.

And with computers come viruses. Doubtless aided by users who are suddenly unquestioningly trusting, viruses have grown to be one of the great plagues of the Windows world, riding roughshod over PCs across the globe, facilitated by various “features” in Microsoft’s operating systems. And for the reasons mentioned above, most people consider this a fait de vivre of computers. Computer have viruses, Macs are computers, so Macs must have viruses. And McAfee, Norton, Sophos are all making a killing because of this.

Of course, there are plenty within the Mac community who are more than happy to extol the Mac’s many virtues, some supposed and some quite genuine. One of these is the lack of any real virus threat on the platform. I remember explaining to one iBook convert that her running virus software was a very charitable act – she was giving up memory and processor resources so that Windows users could be virus free. The software – Symantec’s Norton Anti-Virus for Mac, by the way – quickly disappeared.

But is the blasé attitude extolled by evangelists like myself warranted? Is it OK to tell prospective Mac users that they never need to worry about viruses ever again? Probably not, because it is in large part this trusting naïveté which has led to the situation that Windows users are in today, and in all honesty, the situation could feasibly change at any minute. Although Mac OS X lacks certain of the features that Windows has which makes it much easier for scriptkiddies and the like to run amok and wreak havoc on your hard drive, it’s certainly not an impregnable fortress. Social engineering is the favoured attack vector these days, of course, and I think we can safely say that it wouldn’t take much to get a Mac user to put a password in just to get rid of “those damn boxes”. And after a machine gets rooted in this way, it’s not much good saying then that “Oh, yeah, you shouldn’t have put your password in,” and talking about stuff like the superuser and root privileges. Fact is that the Mac’s small market share has helped and is continuing to help keep viruses off the platform.

Apple’s stance on the issue is perhaps most telling. In recent times especially there have been calls for Apple to start pushing the virus-free angle in its marketing campaigns, but it has kept silent on the issue, preferring to focus on any of the Mac’s other virtues. Tempting though the argument is, such a taunt to the black hat community might be enough to get them to prove Apple wrong. This article from AppleInsider contains an interesting titbit:

Commenting on security and viruses, Jobs said that since all computer makers face these challenges, it’s not in his view to market machines that way. “One thing you never want to do in dealing with security and viruses is be cavalier,” he said.

For all the mastery of image management that Jobs usually appears to possess, he can be remarkably uncomplicated at times – his reaction to loose lips at ATI is well known, a response which earned him not a small amount of criticism for his rather childish ways. But on the virus issue, where the stakes are quite a lot higher, he seems much wiser. With the prevalence of always-on Internet connectivity, security has naturally become a very well publicised issue, with coverage no longer restricted to the tech press but making the front page of newspapers when hackers bring down financial or government systems.

So attacking Microsoft on security, as, say, have proponents of Mozilla Firefox, is a dangerous game, unless one can be sure that one’s record is and always will be whiter than white. There has been some suggestion that Mozilla/the Firefox team have taken a bit of flak in recent weeks for a number of security holes that have been discovered in the browser, and whilst it would be unfair to infer that Firefox is unworthy of consideration because of this, the residual doubts are embedded in some people’s minds. In a similar way, Theo de Raadt, the lead developer of OpenBSD, had to take something of an ego hit when a security hole was found in the OpenSSH remote access software it ships with enabled by default. Its previous claim of “five years without a remote hole in the default install” was quickly changed, but BSD detractors wasted no time in taking de Raadt to task for it.

With Apple, the stakes are even higher. Bad publicity means a drop in share prices. And more importantly, at the end of the day, Jobs just doesn’t want that sort of dent in his ego.


Rich Trouton

Mac OS X’s virus situation, outside of macro viruses, has been a godsend to me as a system administrator. I’ve got to worry about supporting my desktops, worry about my servers, worry about learning the new software coming out this year, and worry about migrating everyone (again) to a new version of OS X a few months down the line. The fact that I can put my virus and remote exploit worries on a slightly lower setting is a beautiful thing. That doesn’t mean I don’t have to worry about them, but it does mean that the danger is still theoretical as opposed to being in my face today.


Macs are a hundred times better looking inside the screen and out. I don’t know who designs Macs but they must make a crap load of money.

Rene C

“reams of porn…” ha. You probably meant realms of porn, but that’s not as funny.

Seriously, there have been and will be social-engineering attacks, and porn will be involved at some point.

Comments are closed.