It seems I have some buttons that can be pressed that cause me to spew out a blurb of text when I'm properly motivated (or perhaps, not motivated to be doing something else :-) I was sent the following:

Some interesting comments and counterpoints on Mac security
Security, damned security and Symantec

I found that article to be appropriatly aggravating to write up the following on it:

It appears as if the original article that's referred to was in fact poorly thought out and written.

However, I'm also not really following some of the counterpoints brought up by Ron Carlson.

Mac's do have a security architecture that has been working for them much better than does that of Windows. The original article is also correct though, that there have been more vulnerabilities found in Mac's recently. And Mac users tend to handle that well with quick upgrades.

However, I'm ultimatly not convinced that the reason there aren't more worms, viruses, and spyware for that Mac isn't simply because of the Mac's smaller marketshare.

Carlson counters that there are a number of worms wandering the Net attacking Linux, why aren't there similar worms for Mac? He points to an article that shows how desktop based Linux systems are similarly numbered to Mac.

But that's key -- those are *desktop* systems. According to IDC, Linux has 3% of the desktop market (about the same as Macs). However, IDC also shows that Linux has a 24% market share on the server:

Linux Inc
(search for "strange ground", which is midway through the article)

Linux *servers* are what run the services these Linux worms are targeting -- services like BIND, Apache, sendmail/postfix, DHCP and so on. You'll notice that all these are tools which are common to see on other UNIX systems, including Sun's Solaris, AIX, HPUX, and can even run on Macintosh. I think Carlson can get away with calling them "Linux worms" simply because Linux has the market share to be hit hardest by them, not because they only effect Linux. Further, most Linux admins have their systems updated far before they're affected by this. Mac users tend to be the same way.

My point is that I feel a large reason that Macintoshes don't see more "malware" is simply market share. There's nothing about the way that, say, Apache, works on Mac that makes it inherintly more secure than the way it works on Linux or Windows.

Another example -- the Firefox browser, a new derivative of Netscape, has a 6% market share:

Firefox Eats More Microsoft Market Share

It has had a flurry of security problems in the last few months (I count three groups of vulnerabilities this year for Firefox):

Gentoo Security Advisories

That competes with the amount found in IE. Firefox is commonly seen on Windows, Macs, and Linux. I have yet to see anything that takes advantage of any of these Firefox vulnerabilities, though it happens all the time in IE on Windows.

If something isn't soon done about the vulnerabilities in Firefox, we may start seeing spyware that takes advantage of vulnerabilities in it. At the moment, it's simply not worth the time, as only 6% of the people use it. This would be further divided by platform, as spyware in it's current form is generally going to be OS specific.

However, people using Firefox tout that it's more secure than IE. Well, that may be true. It also has a lot of other incredibly useful features. But it's a lot easier to say your castle is the strongest when the bandits are all attacking someone elses castle :-)

If today, someone wrote code to take advantage of one of these vulnerabilities in Firefox, and used it against someone who hasn't updated their browser, it would work. And they would be capable of at least installing the first spyware to be found in Firefox.

The same way, there are vulnerabilities that have appeared in the Macintosh that would allow people to take advantage of a system that hasn't yet been patched. They key is that they A) have been patched, and B) that it was done before someone bothered to write something to take advantage of it.

I am not suggesting that if Windows, Linux, and Mac's all had equal market share, that we'd see an identical amount of problems. Macs and desktop Linux systems tend to run less remotely accessible services (thus reducing exposure). I do think that none would be able to say they aren't hindered by problems. They'd probably be too busy fixing security problems in their apps :-)

Hey Nate,

Yes, that's a very good point. I fully agree that many products can be considered more secure, or even just better written, than others. Often, these better written programs are OSS.

In your response to your statement that "MS just doesn't care", I guess MS doesn't have to care. They have to make it usable that someone is willing to pay $100 for it. And secure enough that people aren't breaking into it every day and taking control of Windows computers with mindless bots which submit information back to some central database in clear text to be sold to anyone who wants it. Oh wait.

My main point is that, if someone wanted to, they could take a Firefox flaw, and write spyware which would function on a Macintosh after breaking in through this flaw. People write spyware because it benefits them. They profit from the data that is obtained.

It's my feeling that the primary reason that Mac and Linux users can run around saying that they aren't infected by various malware is because it's not worth a malware authors time to do so. If someone wanted to, we've seen the flaws -- it is possible.