On Dec 6, 2008, at 10:37 AM, Bill Spencer wrote:
> Note this sentence about halfway through: > > "For now, Appleās Macintosh computers are more or less exempt from the > attacks, but researchers expect Apple machines to become a larger > target as their market share grows." Like the imminent "Death of the Internet" this has been a staple predictions of malware discussions for years, irrespective of Apple's actual market share. Bluntly, these folks know not their ass from a hole in the ground. Apple's market share has surged (estimates that up to 30% of home- based systems are Macs; enterprise PC's are generally well-protected against malware...the vast majority of botnet zombies out there are home systems) yet the malware count is vanishingly small (indistinguishable from zero, in fact) OS X's design mitigates against malware as a matter of structure. Are we invulnerable? no. But it will be MUCH harder for malware to spread on a Mac. In fact, as the market share of Macs (and to a much lesser extent Linux) grows, the whole malware ecosystem will shift: malware has largely spread so far and so fast because the computer ecosystem is like Ireland in the 1840's: a potato monoculture. Monocultures not only encourage plagues by presenting a large population of vulnerable hosts, but also by the lack of 'firewall' crops between the vulnerable ones to hamper the spread of infection. Malware attempting to indiscriminately infect hosts will be discovered much more rapidly when a large number of hosts are not vulnerable. Thus Dan's intimation that cross-platform codes are the next major wave of infection. However, all of these programs (Flash, Acrobat,etc) STILL rely on different underlying host OS mechanisms for their action, and so malware targeting a Flash vulnerability is still likely to only affect a single OS, because underneath the plugin-code there's different OSes. What this WILL force is much greater 'intelligence' on the part of the malware; either sending larger programs with three payloads, or as in the drive-by web site infections, installing the proper infection for the reported OS. That is easily blocked by simply mis-reporting your OS or just not reporting it at all. Why the HECK should a web site need to know what kind of OS you run? It's a convenience, Mozilla or Apple can automatically offer you the correct download of Firefox or Quicktime, but this is also handleable on a more secure basis by the website ASKING you what OS you run and remembering it. Can't do a drive-by infection if the malware has to ask pretty please. This comes back to the fundamental difference in security between Windows and OS X: Windows admin rights assume the right to do things, OS X admin rights assume the right to ASK to do admin things. Vista has gotten it sort of right, but in an intrusive fashion largely because Windows users have NEVER been asked this before. I remember the same wailing and moaning over OS X when it first came out: "It doesn't feel like MY computer...it keeps asking me to authenticate to do things!" Many folks were quite vehement about this 'impersonality' and 'evil greed-head corporate way of doing things'. Well, time and habit have largely muted that and we accept that we're asked to authenticate when stuff wants to affect our computer. 10.5 even keeps track of where things come from and if a program was downloaded it'll ask the first time, before anything runs, whether you want to do this. Vista could be better, they SHOULD ask for a login/password instead of just clicking on Yes, and IE is still far too deeply borged into the OS for it to ever be safe as a web browser. OS X users, like any others are still heir to PBECAK trojans, but OS X tries to mitigate that danger. Ultimately, the true solution is to sandbox your computer...outward facing programs: mail, Web Browsers, etc run in their own VM with limited interconnects between the system and their memory space and operational ability. This is how enterprise networks are properly constructed, with a private local network, and outward facing systems like web servers in a DMZ. The inner 'protected' system can only interact with the outside world in a few restricted ways, and the outer 'DMZ' systems cannot use the inner systems abilities at all. So a web browser can connect to the outside world all it wants but anything it brings back has to be checked and vetted before it can be allowed to do anything in the system. This limits malware almost completely...it would have to download, essentially, a complete OS to the limited 'outside world' sandbox of the web browser to do it's work. And when the web browser (or that thread, in a Chrome-type browser) quits that VM, with its memory allocation vanishes along with the malware. The system can never be infected. persistent data storage can be enabled and split between private and DMZ data as well. This will never completely eliminate malware, but it will make it a lot harder to propagate and continue running. This requires considerable processing power, since we're talking about running numerous VMS simultaneously with with much higher interoperability than today, but Moore's Law will make that happen. This also require a considerable re-writing of computer OS'es, but I believe that OSX is better suited to this than Windows is. -- Bruce Johnson "No matter where you go, there you are", B. Banzai --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to Low End Mac's iMac List, a group for those using G3, G4, G5, and Intel Core iMacs as well as Apple eMacs. The list FAQ is at http://lowendmac.com/imac/list.shtml and our netiquette guide is at http://www.lowendmac.com/lists/netiquette.shtml To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/imaclist?hl=en Low End Mac RSS feed at feed://lowendmac.com/feed.xml -~----------~----~----~----~------~----~------~--~---
