A View From The Handbasket

Friday, February 17, 2006
Posted by neros_fiddle at 9:40 AM
I've been using DOS/Windows PCs almost literally since day one -- my father worked for IBM and brought home the very first IBM PC in 1982, with a whopping 64K of RAM and a single 160K floppy drive. (An upgrade from the standard 16K and cassette port!) By the time his employee purchase was processed, they'd upgraded DOS to version 1.1, so I can't claim to have used *every* version, but you get the idea. I've seen floppy boot sector viruses, Trojans, and all sorts of nasties float by over the years.

About this time last year, I bought a Mac mini to play with, and was won over by OS X. It's more elegant, stable and secure than Windows. It's far from problem-free, but I find it much more pleasant to use than Windows (which, to be fair, has reached a fairly impressive state with XP).

I say all this to explain why I'm shaking my head with wonder at the ballyhoo over what some are calling the first OS X virus/worm/Trojan.

Anyone who thinks OS X, or any OS, is completely immune from malware is kidding themselves. Some of the most effective malware utilizes social engineering to bypass OS security, which is exactly what this thing does. The user double-clicks what they think is a JPG, and instead runs an executable that does Nasty Things. There's lots of user interface tweaking that can be done to alert the user in these cases -- Apple has done a lot, and will surely do more. (A little overlay on the icon marking it as executable, similar to the little arrow that denotes shortcuts/links, seems like a good approach.) But the root problem (no geek pun intended) is and always will be overly trusting users. You can't prevent the user from running apps, so a Trojan is always possible.

Savvy Windows users have learned this lesson -- now we're seeing previously insulated Mac users start to realize it as well. This says nothing about the relative security of Windows and OS X (OS X is better than Windows, though Windows is a lot better than it used to be -- I'm still convinced that Windows-style silently-spreading infestations are a lot less likely on OS X) and everything about the experience of the user with malware.

And it's that relative experience that I find most interesting here. Something like this is so common in the Windows world that a new one emerges literally every day, if not several times a day. Thousands of users can get hit with these and no one ever notices. I'll bet a sizable fraction of Windows PCs are currently infected with three or more distinct pieces of malware.

A single harmless Trojan (all is does is try to send itself to people via iChat, and rely on the recipient to run it) gets downloaded by a handful of people on a Mac forum, and it's front-page news on the Washington Post web site.

Welcome to the mainstream, OS X.

2 comments on this post