RE: Apple Fans Are Clueless About Security, Hacker Says

Before I say anything about this, please read the original article from PCWorld.  Don’t worry, I’ll still be here…

Have you read it yet?

Alright.  I want to first say that I completely agree with Marc Maiffret in that computers running Windows as an operating system are in fact more secure than computers running Apple’s OS X.  Don’t get all huffy and say I’m biased as I work on 4 Windows based computers, 2 Macs and my server is Linux. I’m even writing this on a Mac. But the biggest reason I agree with Marc is market share.

“…they try to market themselves as more secure than the PC, that you don’t have to worry about viruses, etc. Anytime there’s been a hacking contest, within a few hours someone’s found a new Apple vulnerability. If they were taking it seriously, they wouldn’t claim to be more secure than Microsoft because they are very much not. And the Apple community is pretty ignorant to the risks that are out there as it relates to Apple. The reason we don’t see more attacks out there compared to Microsoft is because their market share isn’t near what Microsoft’s is.”

Let’s take a look at the Fortune 100 companies:

Fortune 100 Companies List 2009

I guarantee you that over 80% of these companies rely on Windows based servers and computers. And why not since Microsoft is geared towards business execution. The other 20% is probably divided into Mac OS X, proprietary operating systems and Linux/Solaris. But what does this have to do with security? Microsoft doesn’t want to push out horrible products that could cost companies millions upon millions of dollars. Could you imagine the lawsuits against Microsoft if they had security holes the size of… you get my picture. So of course Microsoft would have the need to invest a lot of their time, research and money into making their products more secure… but nothing will ever be 100% secure as that is the nature of computational entropy. Yes, that biological entropy only in the digital context. With Apple holding less than 20% of the market share, they also have the need to be more secure, but no one has really attacked Apple’s operating systems yet. And why bother with such a small market presence?

That is where the hacker mindset comes in. Having been there once before (something I’d rather not divulge), you need to dig into the psyche of a hacker. The question of “What can I do to wreck as much havoc as possible with little effort?” is what every hacker is after (I am generalizing virus-makers and malware creators as hackers). Microsoft with an almost 80% market share immediately makes it the number one target. You just need one virus, one malware to crash and affect thousands upon thousands of computers, making companies lose millions of dollars in downtime, data loss and productivity. Yes, that is right… This is what hackers think about. It is all about the e-peen so to speak. If your virus/malware/code does enough damage worldwide, you’ve done yourself a great job! And remember, this is worldwide… if the United States Fortune 100 companies are 80% Windows, what about the rest of the world? What are the downstream consequences from your one code? What is the downtime of companies? What about companies that specialize in anti-virus software? How long until they make a fix? For our sakes, we hope it is less than a day. For hackers, the longer it takes, the better.

So let’s get back to Apple. If someone was to write a virus/malware/code to crash/disrupt all Apple computers, what damage is there to be done? Financially, not very much. Sure there would be a lot of complaints and those companies who have solidified their networks with Apple servers and computers would go down, but how many of those “really important” companies are there? How many are there world-wide? In the grand scheme of hacking, it is all about impact. And right now, Apple just doesn’t have the presence in companies to make that big of an impact. So there really is no need to spend the time to create a virus/malware/hack for Apple products… yet!

Apple’s partnership with Intel has really increased the sales of MacBooks over the past 3 years. Couple that with great advertising, and rabid marketing, Apple is starting to make a bigger name for itself and is starting to infiltrate into the mainstream market. Give it a couple more years and Apple’s market share will be over 30% and I am certain that we will start to see a rise in Mac viruses/malware. Apple is everywhere now… iPods, iPhones, iPads, MacBooks… it is becoming so popular, hackers might start to switch from Windows to OS X and start their malicious attack there.

So for all those current Mac users who feel all immune for the past 10 years, please don’t be so smug and confident thinking that your computer is safe. People comment that they click on links and on Windows, Ad-wares/malwares will infect their computer. And it is true. Over 30% of the links out there are complete garbage and will fill your computer up with trouble. But think about this: why are you clicking on the links? I present to you this t-shirt:

[Click the picture if you want to buy the t-shirt from ThinkGeek]

PEBKAC: Problem Exists Between Keyboard And Computer. In other words? You. Most problems from viruses and malwares come from the users not knowing what certain links are, how to spot suspicious emails or ads.

Eventually, this won’t be a problem just for Windows users. It will be a matter of time before someone out there cripples Macs and then you’ll be singing a different tune. And remember, I have 2 Macs… I won’t be thrilled when that time comes either. But at least I have 4 Windows PCs that have been safe…

Stay safe out there on the internet… it can be crueler than the real world.

[Digg]