It's clear that Microsoft takes this all this pretty seriously. Indeed, it seems the Seattle-based software behemoth has begun beta-testing 'Microsoft Security Essentials' which will combine anti-virus and anti-malware functions. (I guess they couldn't just sell their clients Macs instead.) Reuters says investors are closely monitoring the free service, code-named Morro after Brazil's Morro de Sao Paolo beach, amid concern it could hurt sales of products from Symantec and McAfee.
These firm's products generate billions of dollars of revenue a year protecting Windows PCs from attacks by hackers, says Reuters.
Bad people have been putting malware into useful utilities like those automating Twitter feeds. The Windows Registry has also been horribly abused, says Dana Blankenhorn of Smart Planet, creating a mini-industry of registry clean-up tools.
With a PC it's important to keep all your software up to date, not just your security software, because hackers look for holes and developers constantly patch them. Just as it's important to keep up to date with a Mac. As I've said before, Apple releases Security Updates every few weeks to close holes and portals hackers could use. Note I used the word 'could'.
And yes, Apple's relative obscurity helps. Dana Blankenhorn on Smart Planet says "If everyone were a Mac-head ... you'd be as busy fighting these battles as the rest of us."
Well, I think that's an oversimplification. When Macs made up 12-14 per cent of the market a decade-and-a-half ago, there were plenty of Mac viruses. That percentage of that 15-year-ago market represents a much lower number of actual installed Macs compared to 'just' 10 per cent of the market today.
You'd think 10 per cent of this much bigger market, coupled with our trademark Mac-user annoying smugness, would rev hackers up into targeting us. It just can't be that easy. Apple's double-system configuration (OS X on Unix) plus Apple's proactive stance must contribute to the relative safety we enjoy (and rub people's faces in).
Actually, there have been a couple of 'real' viruses lately. Apparently. There was one buried in a 'free' (pirated) version of iWork that was on a few dodgy download sites a while ago, and there's a Mac porn hack, apparently.
Security experts reckon (we always view these claims with suspicion) they have discovered two new pieces of malware targeting Apple computers.
The attacks, dubbed OSX/Tored-A and OSX/Jahlav-C, were discovered in email messages and on 'popular internet porn sites'. The porn site attack directs users to download a 'missing Video ActiveX Object' in order to view a pornographic film, but instead victims are supposed to be hit with a virus enabling attackers to control their computer.
For what, exactly? I never found out. The things I do ... I installed the full version of PC Tools' iAntiVirus (Australian $49.95 - about NZD$80 for "full support and business use") and went hunting.
This was disturbing to say the least, although it's much easier to find porn than you'd think, if you've never tried it. (I am not saying "try it" all right?)
I ended up setting Automator actions to do the work for me, downloading files from dodgy sites willy nilly (ha ha) into a watch folder that was duly scanned, then the contents dumped, all automatically.
And what did I find? Nothing. Nada. Zip. No OSX/Tored-A (surely that should have been spelt 'torrid'?) and no OSX/Jahlav-C either.
In fact, PC Tools identifies many more threats than these two, but many of them seem to be legal components of utility software (monitors, keyloggers and the like) or 'proof-of-concept' exploits – files written to prove it can be done for one reason or another, but which aren't actual viruses.
So where does the virus situation leave us Mac users? Still pretty safe, in my estimation. Leading Mac security experts, including CanSecWest winner Charlie Miller, have recommended against installing extra security software on the Mac due to the cost and performance overhead it eats up.
"I don't think it protects me as well as it says," Miller told Computerworld in an interview.
"If I was worried about attacks, I would use it, but I'm not worried." And you may also read Roughly Drafted's post called "The Mac Malware Myth."
I'm still not worried either – but note you can install the home-user version of iAntiVirus [http://www.iantivirus.com/] for free. It doesn't seem to add much overhead or tax my system that I can tell.
- Mark Webster mac.nz
