Mac virus onslaught in 2011? Not so fast
Is it really true that it's only a matter of time before Macintosh users are under siege by a flood of viruses and malware? McAfee announced recently that 2011 would be a bad year for people using Apple computers, as hackers will be increasingly attracted by growing Mac market share. It's not at all hard to find experts who agree.
The thing is, they also agreed back on July 18, 2010, June 17, 2010, April 9, 2008, and October 20, 2006, among many other dates in the past which I didn't bother excavating from Google. Remember that horrible Christmas of 2006, when all of your Macs broke simultaneously?
How malware hackers eat
It's worth noting how computer malware comes into being. Unlike biological viruses, such as H1N1, malware doesn't spontaneously create new offspring. New viruses require the effort of "black hat" hackers, who try to create code that is easy to replicate, hard to remove, and does something to benefit of its creator.
That last bit is a crucial part of the malware environment. A few malware hackers write software attacks purely out of malice, but mostly it's done for profit. In theory, the more Mac users there are in the world, the more appealing they become as a target for hackers. This theory is pretty much the sum total of the analysis you'll see about Mac security on many general news sites.
In practice, though, there are three major components that play into the creation of viral attacks:.
Motivation: Hackers will attack where they have reason to do so. Consider the Stuxnet worm that attacked sensitive computers in Iran. If anyone knows for certain who wrote this, or how it was introduced into Iranian nuclear plants, they're not talking to Macworld. But these attacks weren’t motivated by the sudden increase of people walking around carrying programmable industrial logic controllers in their pockets.
Opportunity: When there’s vulnerability in software—from Apple or or any other vendor—the malware hacker community is almost always the first to know. After all, this is their bread and butter—give them a chance to make money, and they’ll race to exploit the vulnerability before it’s found and fixed. Serious computer security experts (who are, alas, less frequently quoted in the general media than software vendors and supposed experts who give good sound bites) classify these opportunities into vulnerabilities (theoretical avenues for attacks) and exploits (actual attacks taking place in the real world).
For example, if you go away for the weekend and forget to lock your door, but you come home to an intact house, that's a vulnerability. But if you came back to find that some scoundrel has made off with your worldly possessions, thanks to your forgetfulness, that's an exploit. Most computer security issues you read about—and especially the ones you see on cable TV news—are vulnerabilities. But we're vulnerable to thousands of things a day, including death rays from outer space which do everything from cause cancer to crash your MacBook. Unless you've already lined both your hat and your laptop bag with tinfoil, you're clearly not too worried about this. (Nor should you be—the odds of this occurring are extremely low. And the tinfoil is unlikely to help.)
Herd immunity: Herd immunity is a concept from biological infection that also applies to computers. Disease relies on a certain critical mass to spread: if your population is dominated by those who are immune to infection, it helps curtail the communication of the disease. In terms of computers, it means that so long as the vast majority of machines that your computer interacts with aren't subject to the same malware—i.e. when your Mac talks to Windows PCs—you’re less likely to get infected. When your machine talks mostly to computers that are susceptible, herd immunity is lost.
So, the assumption that is made by almost all of the doomsaying articles linked above—and thousands I didn't link to—is incorrect. There is no magic number of Macs, above which they suddenly become less secure. There is instead a theoretical protection that is offered by Macintosh market share. The actual point at which a larger market share becomes dangerous depends entirely on the nature of the threat.
As Macs are built on many of the same technologies as the iPad and iPhone, it is possible that the rapid rise of iOS devices exposes Macs to new vulnerabilities. But until an actual exploit is in circulation, this is simply a conjecture that falls somewhere between "aliens are killing cows in Montana" and "global warming will submerge Manhattan in 2050." It's my opinion that beachfront property in Pittsburgh might be a good buy-and-hold strategy, but there's still considerable debate about how the proven vulnerability of ocean surface rise will play out in human-impact exploits.
How Mac users think
There’s a second flaw in the Macs-are-vulnerable argument: the oft-repeated notion that Mac users believe their Macs are immune to attack. This is mentioned in both the McAfee report as well as the Computerworld coverage.
I beg to differ, on the basis of overwhelming—and purely anecdotal—evidence. As a Mac consultant, writer, and generic "known expert" to a bunch of folks in my community, I regularly field questions about Mac security issues. This demonstrates a general understanding that A) security issues exist on the Mac and B) people are curious enough to ask questions. No one has ever asked me whether a cosmic ray can crash their computer—although it can—or if their MacBook can come to life overnight and raid their fridge. Mac users do seem to assume they're safe from death rays and late night Mac snack raids, otherwise, I'd be asked about those threats. If people ask me about malware—and they do—I take that as proof that they don't assume they're immune.
As for what you should be doing about these attacks, that has been covered by experts numerous times in greater detail than I can address here. Given that you're reading this article, you're already doing the most important thing you can: Staying informed. When a new Mac vulnerability breaks, you'll read about it on Macworld and other Macintosh-specific news sites. When this escalates to the level of a circulating exploit, you'll see even more coverage. If and when an exploit becomes common—which has not occurred since the primary method of moving Mac files around was an 800K floppy disk—then you won't be able to avoid hearing about it if you're keeping up on Mac-specific news.
Conversely, you should take any information you get about the Mac from a general news site with a grain of salt. Unfortunately, many tech and computer news websites can fall into the "general" category here more often than they probably should. If you hear about a threat, but it doesn't seem to concern editors at Macworld and other reputable Mac sites, then those general sites are likely missing something. When something is genuinely dangerous, you'll hear about it here from Mac-specific writers and editors. You'll also be told how to protect yourself, if such a method exists.
Critics often accuse Apple of touting the imperviousness of its systems, but it’s worth noting that the company acknowledges its imperfections. For example, it still recommends that Mac users scan downloads from untrusted sources with antivirus software. (Users looking for an antivirus package have a number of options to choose from.) Apple itself builds a wide range of security measures into the Mac OS, including—in OS X’s most recent incarnation—a limited malware-detection system. Security requires a proactive approach, but Apple helps users out by enabling most of those measures by default.
In the meantime, despite the many varied technical debates to the contrary, you can generally rest easy—unless you enjoy getting lost in the weeds where Mac experts and geeks like to hang out. You'll find many debates among Mac experts about theoretical dangers, and these can sometimes make it into the general media. But that doesn't mean you need to take action every time the hint of a threat pops up in your RSS reader. The vaunted grain of salt and information from reliable sources should see you right.