by - November 2nd, 2004
Worms and viruses have been featured a lot in the news of late. Of course, that's nothing new, but what is new is the types of virus-related stories that are appearing: The Bagel virus -- this one a variation of the original theme -- is spreading, stories from IT security experts warning of a new wave of malware that uses social engineering to get past whatever protection you may have installed, and, of course, the first Mac worm has reared its ugly little scripted head.
One article in particular caught my eye; Larry Seltzer, over at eWeek, penned an interesting piece in which he says that Macs and Linux boxes are just as vulnerable to malware attacks as any Windows box because of social engineering. He cites the user as being the weak point in IT security regardless of the platform, and that Mac users, more so than the average Linux user, could easily fall prey to a well engineered digital plague. From Mr. Seltzer's article, Mac and Linux Not Immune to Viruses :
Talk about "security through obscurity"! The only thing keeping these scourges off of Linux and the Mac OS is that it's not worth the work to get such business. The exact same thing is true of spyware and adware. Of course you could write such things for the Mac and Linux and they would work.
Well, technically they would work. If I wrote a mail worm for Linux and seeded it well enough (I could even use infected Windows systems for the initial seeding with a special Windows virus just for the purpose), I suspect it still wouldn't get very far, because very, very few typical consumers run Linux systems. Linux users are on average, simply by virtue of their running Linux, more sophisticated than typical consumers.
The Mac is different. I suspect a typical mail worm for the Mac could get some traction if it spread enough copies and had a good social engineering scheme. But the most immediate reaction to it would be that more than 90 percent of the recipients wouldn't be able to run it. There are a few little tricks you could put into such a worm, such as preferring harvested addresses with domains at "mac.com" and at universities and companies standardized on the Mac, that would assist it.
Check out the rest of Mr. Seltzer's article at eWeek.com.
Come on, Larry; you gotta give us Mac mavens more credit than that! We are not road-kill on the Information Highway, we are not sheep who blindly follow Big Redmond's lead (We may blindly follow Jobs, but that's a different issue.)
See, I don't believe that the average Mac user would fall prey to socially engineered digital nastiness for the very reasons you believe that Linux users would be less prone to those attacks; Mac users are generally a technically savvy bunch.
There are reports that show that Mac users are more educated, and better paid than their Windows-using counterparts, and that the average Mac user is more comfortable on the Net than Windows users. Being well-heeled and smart doesn't mean much in and of itself, but it does mean that we are less likely to be duped.
I also believe that Mac users tend to be more knowledgeable about their computers than the average Windows user. I have nothing to back up this belief other than anecdotes, but given that Mac users choose to be Mac users implies that they made the choice after putting some thought to it.
Also, Mac users tend to administer their own computers, even in a business environment. While it is true that Apple makes administering Macs easier, you still have to understand your computer, its OS, and how things are generally connected. Mac users generally know what's on their network, because they usually are the ones that put the network together.
In situations where Macs are used in a Windows centric environment, Mac users, not Windows admins, are usually the ones who troubleshoot any connectivity and compatibility problems.
It is by necessity that Mac users become savvy; Apple just makes what it offers easier to understand, in my humble opinion.
I'm not saying that Mac users are as computer savvy as your garden variety Linux user, but how smart do you have to be to know that you shouldn't give your root password to some unknown entity just because an e-mail asks you to?
So, Larry, while I agree that Mac user can fall prey to socially engineered malware. I don't believe it would happen nearly as much as it might with PC users, and we might even possibly be on par with Linux users.