Can the Mac catch a cold?
- 2 Dec 08, 16:20 GMT
Update Wednesday 1041: Please see my follow-up post.
Oh dear - even as I write this, I can see the smug smile spreading across the faces of Windows users - and I can hear the clatter of keyboards as thousands of Mac fans compose angry messages. But here we go - Macs are not immune from internet infections, and [story updated since original post].
The news came on 21 November when Apple put up a little note [link no longer live - see follow-up post], explaining that "Apple encourages the widespread use of multiple antivirus utilities." The company did not highlight this warning, and in fact nobody noticed it for some days. Now it's become a big story, and reignited the row about the respective strengths and weaknesses of Mac and Windows when it comes to security.
Because the one thing you have never needed to worry about when you get an Apple computer is spending money on expensive anti-virus software. What's more, you are not continually pestered with those annoying pop-ups asking you if you've updated the security package.
The lack of viruses and other malware targeted at the Mac OS was largely due to its relatively small share of the PC market - if you're an ambitious virus writer you want to aim at the largest possible "audience" and that means Windows users. But as Macs win a bigger share of the market, they present a more attractive target.
Now Apple seems to be telling its customers that the golden age of innocence is over, and they will have to start shoring up their defences. It's even directing them towards a couple of anti-virus products on sale in its own store. Many will ignore that - and wonder if this is just another marketing ploy by the security industry.
So do they need to worry? I've spoken to a couple of security experts.
Greg Day at McAfee admitted that the threat to Mac users was relatively tiny compared to that faced by someone using Windows. "There are about 10 million unique 'threats' in the Windows space," he told me, "compared with about 150 threats to the Mac OS." But he went on to explain that a lot of new malware was now targeted not at an operating system but at cross-platform applications, like web browsers, and that meant there was a growing threat to Mac users. "It is common sense to take precautions, even if the threat is relatively small."
pointed out that his firm had been turning up examples of Mac OS malware for some time. One recent case involved a bogus webpage, supposedly containing a video, which then directed users to download some code to enable them to watch the movie. Not a good idea, of course.
Mr Cluley says the Mac malware threat is "still a raindrop in a thunderstorm compared to Windows" but he says there are still good reasons to take precautions. "The Mac is no longer the safe haven that people think it is." That's partly, he says, because a lot of new people are coming to the Apple platform." It's no longer just black polo-neck wearing, cappuccino drinking, beardy zealots," he said, in a phrase which will effortlessly offend millions of Mac fans. "There are a lot of naive new users - so there will be people writing malware who will see that as an opportunity."
Now it's obviously in the interest of security firms to play up the threat as they try to invade the one section of the computer market which has so far resisted their blandishments. But it's interesting to see Apple also promoting that message. Mind you, it's just the support team saying it very quietly at the moment. I've just watched the which shows the PC guy coughing, spluttering and falling over, while the cool Mac guy remains immune to his virus. I wonder whether Apple's marketing department will decide that's a line which doesn't play so well any more?
Update: Comments are open in this updated post.
The 成人论坛 is not responsible for the content of external internet sites
Comment number 1.
At 2nd Dec 2008, Sarah125 wrote:I suppose it would be too cynical to ask if Apple has signed a deal with any of the anti-virus software companies it recommends, would it?
Though presumably it wasn't Sophos.
Complain about this comment (Comment number 1)
Comment number 2.
At 2nd Dec 2008, HermitElectric wrote:Apple's move is well advised. Although their OS is inherently very secure, and for the most part the user has actively to participate in the installation of 'malware', there's no harm in being cautious. Given Windows is sliding slowly and steadily down in market share (see "), greater malicious effort will be directed at the Mac.
Complain about this comment (Comment number 2)
Comment number 3.
At 2nd Dec 2008, HermitElectric wrote:Sorry, that link should be:
Complain about this comment (Comment number 3)
Comment number 4.
At 2nd Dec 2008, Hooligooner wrote:The 成人论坛 is a completely impartial news service, not in any way Apple centric. It's just there's been nothing of any interest from any competitors of late...
...(cough, cough) Nokia N97 (cough).
Complain about this comment (Comment number 4)
Comment number 5.
At 2nd Dec 2008, nenslo wrote:"...the one thing you have never needed to worry about when you get an Apple computer is spending money on expensive anti-virus software".
To be fair, this is also true of Windows if you know what you're doing. I haven't paid for anti-virus software for my PCs in the past 5 years. The few times I did get infected were because I did something I knew that was likely to get me infected.
The vast majority of viruses are not unique or clever, they rely on the ignorance of users. There should be stronger emphasis on educating people on the danger signs and how to clean up your own PC if you are caught out. I would probably advocate this being taught in schools along with the dangers of social networking sites and chat rooms.
But yes, I am happy that this day has come, since I have had many smug Apple users in the past tell me that they're "virus-proof".
Complain about this comment (Comment number 5)
Comment number 6.
At 2nd Dec 2008, nenslo wrote:hahaha, I also love the fact that all these posts are pre-moderated!
Complain about this comment (Comment number 6)
Comment number 7.
At 2nd Dec 2008, SheffTim wrote:The Mac mags have been running articles like this, at least once per year, for as far back as I can remember.
As when buying house insurance, don't assume that because you're such a nice person with such a nice house no-one would ever wish to burgle you.
Complain about this comment (Comment number 7)
Comment number 8.
At 2nd Dec 2008, Graham-Cluley wrote:Bad news: Apple malware exists, and isn't just a theoretical threat.
Good news: It's nothing like as common as Windows malware.
Bad news: You don't care about that much if your Mac gets infected by it.
One of the problems that some in the Apple community can't seem to get their head around is many people's belief that Mac OS X is somehow immune from malware, and in some way inherently superior to - say - Vista.
What this belief ignores is that malware isn't actually a technological problem but a human one.
For instance, Apple Mac malware has been planted on websites, posing as a program to allow you to watch a saucy video. Guess what? When you install it, the malware downloads additional malicious components from a third party server.
That鈥檚 exactly the same way so many Windows attacks work. You visit a website thinking you鈥檙e going to watch a naked video of Paris Hilton, Angelina Jolie or some other hollywood celebrity and it tells you you don鈥檛 have the right codec, or the right version of Adobe Flash to watch the movie. And when you upgrade yourself - POW! - you鈥檝e been infected.
Now, if only we could roll out a security patch for our brains that would stop us clicking without thinking then both Windows and Mac users would be much safer.
PS. I was wrong to say beardy zealots. I'm sorry about that. That's obviously the Unix lovers.
Regards
Graham "I have a Mac too" Cluley, Sophos
Complain about this comment (Comment number 8)
Comment number 9.
At 2nd Dec 2008, Greg wrote:Either Mr. Cluley has withdrawn his quote, or you need to reference your source, especially when it's as contentious as that!
Complain about this comment (Comment number 9)
Comment number 10.
At 2nd Dec 2008, afrizell wrote:"on 21 November when Apple put up a little note on its support site"
Apple put the note up some years ago - around 2005, in fact. 21 November was when they ported the note to the updated knowledgebase system - the "Old Article: 4454" tag that isn't shown on the screen cap on your article makes that clear.
Not a story in other words - maybe factcheck a little better in future?
Complain about this comment (Comment number 10)
Comment number 11.
At 2nd Dec 2008, Roger Hyam wrote:Can't you find a security expert who doesn't work for an anti virus firm. We can all predict what these guys will say and they are marched out whenever this topic is mentioned. How about some one different?
I am a Mac user but I recently ran a PC for a couple of years without anti virus software - but then I was very careful and used a hardware firewall.
Complain about this comment (Comment number 11)
Comment number 12.
At 2nd Dec 2008, drapetomaniac wrote:"The lack of viruses and other malware targeted at the Mac OS was largely due to its relatively small share of the PC market "
I'm tired of hearing this - what is this based on besides repitition? Windows has change their OS to match the security behavior of Linux and Mac over the years. There is a reason for that.
Complain about this comment (Comment number 12)
Comment number 13.
At 2nd Dec 2008, Nitjanirasu wrote:Since Apple now uses Intel hardware, the company has been encouraging users to install Windows as a dual-boot as thus recipients of Windows-targeting malware. Even if the Apple computers themselves were in little danger, they can easily become carriers and transmitters of that malware.
Complain about this comment (Comment number 13)
Comment number 14.
At 2nd Dec 2008, JosephAD wrote:Rory this article has been on Apple's support website for ages!!
You've probably only noticed it because it has only just been added to the new knowledge base....or you've been reporting on stories from other blogs without doing your homework (again!).
Complain about this comment (Comment number 14)
Comment number 15.
At 2nd Dec 2008, orangeBillygates wrote:You do know that Apple have given AV software as part of their .Mac (now called Mobile me) for a good few years don't you ?
To say Apple is only starting to claim users need AV software is a wrong, I'm amazed you didn't do a bit of digging to find this out.
It always raises a smile with me the sheer amount of errors the 成人论坛 tech sites make.
Complain about this comment (Comment number 15)
Comment number 16.
At 2nd Dec 2008, donelson wrote:Yet more sensationalism from the pro-PC 成人论坛 staff.
You say that there are 150 viri for Mac, and 10 million for PCs, but then go on to say "The Mac is no longer a safe platform."
Well, if you were exposed to 10 million viri, 40% of which are NOT detected by PC anti-virus software until 2-3 days AFTER release, then taking your chances with 150 make the Mac look VERY SAFE INDEED.
But, you must sensationalize to make yourselves feel important and "different"
you're not.
Complain about this comment (Comment number 16)
Comment number 17.
At 2nd Dec 2008, stesat wrote:I have been a Mac user for almost 20 yrs and there are a number of oft-quoted myths and misconceptions about this wonderful platform. Not least of these is the mac's invulnerability to viruses. In fact, it is documented that one of the very first computer viruses was written on and for a Mac. The other misunderstanding is that viruses are seldom cross platform. They either effect PC's or they effect Mac. Not both. In my numerous years as a Mac user I have had several viruses on my computer but, because they were PC viruses they had absolutely no detrimental effect on my system. However, you are correct in pointing out that the growing popularity of the Mac, based in part on it's lack of viruses, may well be it's un-doing!
Complain about this comment (Comment number 17)
Comment number 18.
At 2nd Dec 2008, OllyW1964 wrote:Oh dear 成人论坛, you haven't done your homework on this story.
The 'new' web page you are talking about is a new update to an existing article that was last updated in June 2007.
All that is different on the new article is the updated software version numbers of the anti-virus packages referenced in the original article.
The page you have based your story on even refers to the original page, Old Article: 4454.
Now you have posted this blog to stir it up even more.
Well done 成人论坛!
Complain about this comment (Comment number 18)
Comment number 19.
At 2nd Dec 2008, Alec the Geek wrote:You want smug?
Yo Suckers! I'm on Linux and no no stin'kin maleware or viruses attack me. Nah Nah...
No sure about all those Linux netbooks though. Don't some of the default user accounts run with elevated privilege?
Complain about this comment (Comment number 19)
Comment number 20.
At 2nd Dec 2008, phelim123 wrote:Oh Rory. Get off your high and misinformed horse and calm down.
That knowledge base article's been up since at least 2007. See:
Complain about this comment (Comment number 20)
Comment number 21.
At 2nd Dec 2008, StuartAB wrote:As others have said, this is old, old, old news.
Nothing that has happened in the last year has made Apple change their advice. They suggest using anti-virus software to be on the safe side.
In practice, most Mac users don't bother. There's no real need if you act sensibly with Mac OS X's built-in firewalls. I've been on-line for a decade, on broadband for most of that. Never used anti-virus software, never had a virus. Ditto for around a dozen Macs which I oversee.
PC users would love to be able to crow, but you've crowed far too early, Rory. This is not a news story, unless you want 18-month old news.
StuartAB
Complain about this comment (Comment number 21)
Comment number 22.
At 2nd Dec 2008, U9746596 wrote:I have been without anti virus for over months now. My computer runs a lot faster and I have not yet been infected by a virus.
Why?
I'm not stupid, as long as you don't go to a dodgy site and have a good firewall (like comodo which is free) you will be fine.
Just to make sure I run some of the free virus scans from eset and kaspersky from time to time, I've had nothing yet.
All that being said, I personally can't wait for a real user friendly version of linux to become available. At the moment windows is the better of two evils, and switching over to a mac and selling them my life really isn't an option.
Complain about this comment (Comment number 22)
Comment number 23.
At 2nd Dec 2008, _Ewan_ wrote:as they try to invade the one section of the computer market which has so far resisted their blandishments
Um, hello. Those of us in the real beardy zealot camp have been ignoring the virus industry's blandishments for a long time too, and will continue to do so.
Complain about this comment (Comment number 23)
Comment number 24.
At 2nd Dec 2008, _Ewan_ wrote:Also; what's with the change in moderation policy? This is not an improvement.
Complain about this comment (Comment number 24)
Comment number 25.
At 2nd Dec 2008, mr_lizard13 wrote:Sorry, nothing to see here, move along.
Apple haven't just posted this article. It was posted on the 8th June 2007. It was recently updated to reflect the change in version numbers of the AV products listed.
Here's the original page:
Complain about this comment (Comment number 25)
Comment number 26.
At 3rd Dec 2008, m_surtees wrote:"That's Official."
It was official over a year ago when originally posted at Apple.
I need to get a job at the 成人论坛. Looks like you can be pretty loose with the "official" facts.
Complain about this comment (Comment number 26)
Comment number 27.
At 3rd Dec 2008, Vague Disclaimer wrote:[quote]The news came on 21 November when Apple put up a little note on its support site, explaining that "Apple encourages the widespread use of multiple antivirus utilities." [/quote]
No Apple didn't. It updated a previous article about being a good net citizen with the patest version numbers for various AV packages.
Does anybody fact check stories any more?
Complain about this comment (Comment number 27)
Comment number 28.
At 3rd Dec 2008, fmindlin wrote:No one has yet mentioned ClamXAV, an open source anti-virus from the Unix community, ported to Mac. What was noteworthy about the Apple piece was that it mentioned only commercial anti-virus and did not mention CalmXAV...
Complain about this comment (Comment number 28)
Comment number 29.
At 3rd Dec 2008, PsychoSafari wrote:In relation to HermitElectrics Comment that Windows has been slowly sliding down in market share the keyword here is slowly. At this rate macs will be as popular as PC's in about 100 Years. And this is despite the fact that Vista maybe the most frustrating MS OS has release.
Please check out the following webstats at:
Complain about this comment (Comment number 29)
Comment number 30.
At 3rd Dec 2008, solidsteel wrote:The knowledge article has now been removed by apple after they were alterted to it presence. Maybe you should have contacted apple before running an inaccurate story.
Complain about this comment (Comment number 30)
Comment number 31.
At 3rd Dec 2008, Paul Freeman-Powell wrote:This comment was removed because the moderators found it broke the house rules. Explain.
Complain about this comment (Comment number 31)
Comment number 32.
At 3rd Dec 2008, hackerjack wrote:Of course Apple users should use anti-virus software, apple is just being sensible in making their users aware of this.
The number of threats may well be considerably smaller for the mac (this also counts for linux users) but that is absolutely no comfort to those who get infected. Indeed I would say that an unprotected mac is just as likely to get infected if not mroe so than a PC with only the most basic protection.
I dont know about the mac but for the PC there are some very good free anti-virus packages out there so the idea of them being expensive is pure nonsense.
Complain about this comment (Comment number 32)
Comment number 33.
At 3rd Dec 2008, MrWibbler wrote:Yes Mac OSX malware exists, there was malware for OS 9, it just wasn't wide spread.
There is another reason why Mac users should use anti virus software though, Mac users are still capable of being stupid enough to pass on virus ridden emails and files etc.
A file infected with a windows virus might not affect your mac but you could still pass it on without realising.
Complain about this comment (Comment number 33)
Comment number 34.
At 3rd Dec 2008, Ed Lyons wrote:It's worth noting that this KB article has existed in some form for years... The echo chamber effect of the internet is amazing - nobody bothering to check facts...
Complain about this comment (Comment number 34)
Comment number 35.
At 3rd Dec 2008, calumma wrote:Rory
I must say I am really quite disappointed with the 成人论坛 and particularly with you, with your inaccurate and sensationalist blog post. As many others have already stated, the validity of this story could so easily have been checked before the news item was published. I guess this type of blather is something we just have to accept nowadays from the 成人论坛.
The real concern is how many other news items are also so poorly represented with inaccurate information? Errors such as the one you will now be remembered for (and let's face it, it was a clanger) will be picked up by folks when the item is relatively well known. But, my concern is for the less well understood news stories, where serious reporting errors such as the one you have made are never detected and/or acknowledged.
As a mac user, I do want to ensure that my computing experience remains virus and malware free. Unfortunately, your poorly researched blog item has now reinforced the very notion that your story attempted to dispel and that's official...
Complain about this comment (Comment number 35)
Comment number 36.
At 3rd Dec 2008, PhilT wrote:"But as Macs win a bigger share of the market" - I'm not convinced an increase from 7.6 to 8.9% would change anyone's behaviour.
"The support note recommended that Mac owners install one or more of three anti-virus products." - isn't installing more than one antivirus usually a recipe for disaster ?
Complain about this comment (Comment number 36)
Comment number 37.
At 3rd Dec 2008, Jimmy James wrote:Wow Rory, that's some pretty awful research you've done for this hit piece.
The reason Macs are safer than PCs? POSIX Permissions, clean file/folder structure (so malware etc. has nowhere to hide), open source... I could go on, but it seems the 成人论坛 are so blatantly in bed with Micro$oft they will even try to hype up 18 month old news and claim that now Mac users should purchase anti-virus.
Anti virus is an oxymoron anyway, best thing to do is be pre-emptive, something Apple are miles better at than Micro$oft and their spaghetti code OS.
Complain about this comment (Comment number 37)
Comment number 38.
At 3rd Dec 2008, FatRunner wrote:This knowledge base article has been up in various guises since 2002. Must be a slow news day in the blogosphere.
I had AV software installed on my Mac Plus many years ago and it once found a virus on a floppy disc. Even the fact that Macs can get infected isn't really news.
Complain about this comment (Comment number 38)
Comment number 39.
At 3rd Dec 2008, topchat wrote:#28
It should be noted that since its inception Mac OS X Server has had the ClamAV anti-virus software as part of the package.
If you frequently receive and pass on Microsoft Office documents then you should act as a good citizen and check these for viruses and malware before passing documents to others. ClamXAV for client Macs is as good as the commercial solutions, kept current, and free. Why else would Apple package the base product as part of its server software?
Complain about this comment (Comment number 39)