On Wednesday, March 16, 2011 4:02:40 AM UTC+1, Cédric Beust ♔ wrote: > > > Macs have about 6% market share world wide, I fail to see why it would be > worth it if instead, I can dedicate some time targetting 94% of PC users > (especially since a larger portion of these 94% is probably more careless > about security than Mac's 6%). > > 6% of a gigantic number is still a gigantic number. Why are there 0 worms? Also, where is your 6% number from?
> >> Then add the notion that mac users tend not to be security oblivious, at >> least in theory (that's the whole -POINT- of Steve's argument, right? That >> as a mac user you don't have to worry?) as well as the street cred / novelty >> value / newsworthiness of creating a mac worm and I'm flabbergasted anyone >> would claim windows is down in this comparison just because its popular. >> > > You just undermined your own argument by saying (and I agree) that average > Mac users are usually more security savvy than average Windows users. > > No I did not. Neither you nor I nor anyone else here has come up with any reasonable argument or link to research to show that mac users are more or less security conscious than anyone else. However, Steve Jobs is certainly attempting to sell that idea that as a mac user you don't have to be security conscious, which is an interesting but otherwise irrelevant sidenote to this discussion. Why do you say that mac users are "usually more security savvy"? > If you're in it to get hacking cred, you will get a lot more of that by > doing something big than doing something hard. If you're in it for the > money, Windows is still the obvious choice. > > More baseless conjecture. One easy way to get your group's name in newspapers of note is to cause a minor storm in a teacup by releasing the first mac 'virus' (that's what the media is likely going to call it, anyways). You just know that, like with anything else apple, this event will stick around in the headlines for months to come, and as the first 'real' widespread infection, you'll enter the history books for sure. For proof, I could just point at the _ridiculous_ amount of brainspace dedicated by the blogosphere by anything apple has ever done in the past 2 years, including the java posse which continues to pad the podcast by at least 10 minutes of discussion if Steve Jobs's turtleneck is 5 millimeters out of balance. And so they should; the rest of the tech world is similarly obsessed, and Joe has an obvious passionate link to the topic. Nevertheless, proof, if you will, that getting a serious mac worm going is a tasty, tasty achievement for any would-be cracker. There are also truckloads of seemingly bitter anti-apple people, both in the linux and windows camp - just google around and you'll find a billion and one blog entries. Or, you know, this very thread. Are none of those people capable enough (and ethically challenged enough) to exploit something and make a point? "Market share" just does not seem like a complete explanation. I'd love to see some real numbers here. Are mac users, presumably by way of the software updater's design, more likely to adopt security updates more quickly? Does mac's design as a system where root access is asked for with a password confirm box while you almost never need to enter it for normal operation help make users less likely to do something they'll end up regretting? Or is it truly because for whatever reason, learning how to program for macs somehow turns your black hat white? I have honestly no idea how quickly malware-infected any random Windows box installed from scratch with Windows 7 and with auto-update on, piloted by a user that knows enough not to open random executables and click OK on security dialogs, would be. Possibly the biggest contingent of botnets is simply still running antique versions of Windows XP, and if we look that far back, the marketshare of really outdated macs is indeed so tiny as to be negligible. This too could be an explanation that doesn't require extraordinary evidence. The lesson we IT professionals could take away from this, if this is indeed the right explanation, is that you should make sure your updater is in order and available from the first public release, and that being the more or less public defender of such an attack dog as the BSA might scare people into not updating anything for fear that they'll get harassed for their troubles. Or that WGA was a mistake. -- You received this message because you are subscribed to the Google Groups "The Java Posse" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
