Sunday, June 5, 2011

Mac Defender - Old Lessons, Still Unlearned

I use generic PCs and Linux because they are cheap.  I have (almost) nothing against Apple's OSX or even Microsoft's Windows except for their cost.  Now the truth is I would prefer Ubuntu, SUSE or Fedora anyway, because of the small footprint, flexible configuration and willingness to abandon legacy technology that makes the commercial OSs so huge and clumsy.  But all in all, it's really just an economic and personal preference decision.

But one of the most odious things about Windows is the hordes of clamoring, shambling malware always pawing at the doors and windows like a legion of the undead, requiring an unacceptable amount of time and money to hold mostly at bay.  I've had not one, but two computers slowly die, groaning under the weight of too much malevolent and greedy software, installed dishonestly or even surreptitiously.  It's an unpleasant and somewhat creepy feeling to know that there are constant probes and attacks coming in just under the surface, all manner of unsavory and straight-up criminal attempts to steal or break your stuff.

Now, there are two ways to protect an OS from software with bad intentions.  First, you can harden the OS.  This may seem obvious, but it requires users to understand and explicitly approve any software installation at all, and unbelievably, users seem to be resistant to this minimal effort to control their computing environment.  Second, an OS can develop an ecosystem of for-profit companies that provide subscription-based protection against MOST viruses and malware.  It is important to bear in mind that these companies would be out of business in a year if Operating System vendors actually DID ship a secure, hardened OS, so one has to be suspicious of the symbiotic profit relationship between these industry segments and wonder just how high a priority the elimination of these sorts of threats might actually be.  In fact, we already know that they have the capability to detect and defeat threats heuristically, but insist upon the older, less capable 'pattern matching' approach.  Why?  Well, could it be that pattern matching requires continual updates that lends itself well to a subscription based approach that creates a recurring revenue stream, where software intelligence that could detect and disable a threat based on its behaviors would be a one-time purchase at best?

But as for the Mac, OSX and iOS, there is no real technological impediment to creating the same kind of horrific miasma of infections, rootkits and malware as we see on Windows.  Sure, it might be a little harder to write these packages for the Mac, and it might require a little more in the way of social engineering to convince people to install them, but that's nothing that can't be overcome with relative ease.  No, the real reason that the focus has been on Windows has been the overwhelmingly larger numbers of potential targets in the field.  But Apple has been having a LOT of success, not just with the iPod and iPhone, but with their computers too, and that makes them a more 'interesting' target.  And importantly, this is a user base that has zero experience dealing with the kind of high-threat environment that is the every day user experience using Windows.

Which brings us to Mac Defender and the seemingly out-of-proportion buzz around what would, in the Windows world, be an unremarkable and garden variety attempt to extract credit card information from a particularly gullible user.  It seems to me that it signals a widening of the fetid swamp that surrounds commercial operating systems.  At least one group of MalWare authors decided that there are enough Macs in the field at this point that they now represent a viable and potentially profitable target.  And although the Mac Defender infection is a clumsy and easily avoided one, you can be certain that its success in penetrating and disrupting the Mac user community has been noted, and will be quickly exploited by both the MalWare development and Anti-Virus communities.  Think of it as nothing more than a proof of concept, with more toxic and destructive keyloggers and rootkits, along with a new marketing message to drive the adoption of commercial anti-virus software to follow.

In short, Mac users can now expect to have to spend more time and money fending off the multitude of exploits, attacks and probes that have been a constant in the Microsoft world for decades.  In that respect their life will become more like Windows users, and their experience with the online universe will be more adversarial, and much less pleasant.  The snake is loose in the garden and nothing will ever be the same again.


  1. OK, people have been saying that for years.

    But the reality is that OS X is hardened from install, and any exploits, such as MD, require the intervenetion of the operator or physical access to the computer to install.

    The assertion that Mac users are ignorant of these issues is malarkey. I suspect the percentage of users who would/will blithely fall for exploits like this is pretty much similar to Windows users.

    However, OS X offers one big safety factor over Windows; the inability for executable files to download and run without your approval. The setting necessary for MD to run is by default set to off, and if you change it, a warning appears.

    I confess I am not as knowledgeable about security issues on the iOS.

  2. also, after having installed both Windows 7 and Ubuntu on a couple of machines, I find that the OS selection is not, for me, about cost; but rather, operability.

    I have several mission-critical tasks that require commercial software, for which there is no reasonable Linux alternative. It would be pretty much impossible for me to operate in a Linux environment. Of course, as my career dies, that issue is likely to become moot.

    In the meantime, I find the modified-unix environment of OS X to be acceptable.

  3. Both Mac and Windows can be configured to require explicit approval before software executes. This is where the social engineering aspect of malware comes in. And it is only common sense that a community steeped for the decades in a sense of invulnerability will be easier to fool than a community that has been under relentless attack for 20 years.

    The larger question is why should it be possible to configure an OS to automatically install ANYTHING without intervention? Why would that EVER be a good thing? What advantage could possible accrue from such a setting (both Mac and Windows allow that configuration - just try to configure a Linux implementation that way)

    As to OS choice, yes, the availability or preference of a specific tool eliminates many choices and options. Just as a carpenter must drive a pickup truck, even if he'd prefer a Miata. That isn't part of this discussion - this discussion is around the much larger percentage of people who DO have the option to choose their computing environment (at least at home), and the fact that something of a sea-change occurred in the Mac user community this week...

  4. Yeah. THis is probably why I will go back to Windows when I get my next computer, which will probably be soon. (My computers only seem to last me around 2 years.)

  5. I've been a MSFT operating system guy since way back when Kidder, Peabody's futures department switched to the IBM PC from the Apple IIe.

    But I have to say this:

    the same kind of horrific miasma of infections, rootkits and malware as we see on Windows.

    frosts my flakes. I've fought against it as best I can, and still I've got this damned google search redirect on the winetop that is pissing me off this very moment. (Too bad pouring wine into your keyboard doesn't kill it.)

  6. well, the difference is that the Windows default setting is to allow auto-installs, while the Mac default is to not. Normal Fucking People will not bother changing those, if they even know how.

    Every time some functional Mac exploit is discovered, the same 'sea-change' is predicted. And then it doesn't happen. I realize eventually the odds are that predictions of doom will be right, but is the sky always about to fall?

    I will say that gore-crows notwithstanding, I watch my wife's PC, equipped with the most advanced firewall and anti virus tech available, slowly become unusable over the course of a year, until the HD has to be re-imaged. then after 2 years or so, it is time for new computer.

    o, VS, you're switching back to Windows becasue you mis the miasma of viruse and malware? because mikey's pronouncements of terror and crisis notwithstanding, it still doesn't happen on my Macs. When you get a new box, vs, I will take the old Mac. i am certain I can find something useful to do with it.

    And at the risk of alienating mikey forever, I have to confess I do not find anything compelling about ubuntu as an OS.

  7. So now zombies scavenge computers as well as branes?

    If it makes you feel any betta, I still haven't rendered by verdict yet. The ONE thing I do love about my Mac is the lack of viruses. But that's pretty much it.

  8. Like I said, I'm pretty much agnostic. I've used DOS, Windows, UNIX, SunOS, Solaris, AIX, SCO, MacOS, OSX, and about a dozen flavors of Linux, along with JVMs and various virtualized desktops. My personal preference is Ubuntu, and I recommend it to people because it is solid, secure, modern, flexible, undemanding of hardware and FREE. For someone making an OS decision (where there is no compelling requirement or preference - they are making a CHOICE) it's hard to come up with a reason to pay $200 for a commercial OS. If you want to, however, vaya con dios, mi amigo...

  9. dangit, I love me a good old fashioned Mac-PC flamewar.

    I miss the days when the PC users were postively giddy about the ever-imminent demise of Apple.

    Now I also yearn for the days when they were a niche manufacturer, not the tech leader.

  10. I always liked the more obscure religious flame wars. AT&T UNIX vs. BSD. PostgreSQL vs. MySQL. Cassandra vs. MongoDB. Java vs. Ruby.

    Then you have all eleven people who genuinely care involved in the argument...

  11. FORTRAN vs. COBOL....

    SCSI vs..... well, nobody really ever defended SCSI.

    I am old school.

  12. I once convinced a boss to install Sun SPARC Station 'pizza boxes' as his initial rollout of CAD stations, running Microstation. What was the OS? SunOS or Solaris? Some flavor of UNIX.

    Ridiculous fast, for the time, and inherent networking. Way ahead of the curve.

  13. This is a relying-on-people-being-dumb attack and doesn't have much to do with the OS at all - but hey, I don't use Safari EVER. It is important to remind Mac users that they are dummies too.

  14. It is important to remind Mac users that they are dummies too.

    I don't need YOU to remind me. There are plenty of local franchisees in that effort.