Dear Friends,
I’ve been informed that my radio piece on increased Mac malware will air on Morning Edition tomorrow!
It will be available on any of these stations (and their Internet streams).
New York – 5 am to 9 am Eastern – WNYC – 820 AM – www.wnyc.org
Washington, DC – 5 am to 10 am Eastern – WAMU – 88.5 FM – www.wamu.org
Los Angeles – 2 am to 9 am Pacific – KPCC – 89.3 FM – www.kpcc.opg
Boston – 6 am to 9 am Eastern – WGBH – 89.7 FM – www.wgbh.org
San Francisco – 3 am to 9 am Pacific – KQED – 88.5 FM – www.kqed.org
It will also be archived at npr.org and here if you miss it.
Lemme know if you hear it!
Update: Audio is here!
Nice inaccurate story. Where is the evidence? What are the sources? Some guy’s say so at F-Secure, a company that makes money from computer security? No one else is claiming that there are this many new threats to the Mac. There’s not a single Mac virus in the wild, and no other worms or other kinds of malware that can propagate without user intervention (like the recent porn site video “codec” download).
Just because F-Secure makes money from computer security doesn’t mean that they’re lying. Consumer Reports ranked them #1 in its Security Roundup in 2006.
No, it doesn’t mean they are lying but it does mean they have a business interest in their being threats to the Mac. What solid evidence did they offer you? I didn’t hear any in your story. You ignored those questions in your response. Where is the evidence? What are the sources?
I have to agree with Tom, Cyrus. To make that statement, without any facts to support it, well… I expect better. Show me even THREE Mac maleware, just three. He stated there were, what, over a hundred? Where? As a Mac writer since 1995, I would KNOW about these things. It’s simply not true, at least until someone actually proves it.
Where is the proof?
Tim
Tom:
So by your logic, is the same true of all anti-virus protection and anti-malware protection, on any platform? Do you really take that cynical of a view?
Tim:
10 seconds on Google turned up these several examples of Mac malware:
http://wiredblogs.tripod.com/cultofmac/index.blog?entry_id=490271
http://db.tidbits.com/article/4864
http://www.theregister.co.uk/2006/11/24/mac_os_x_adware/
http://www.sci-tech-today.com/news/Mac-Users-Targeted-with-Nasty-Malware/story.xhtml?story_id=0010004EEIGO
http://www.intego.com/news/ism0705.asp
http://www.macworld.co.uk/news/index.cfm?newsid=19553
While I agree that such malware is extremely miniscule and there has never been a widespread example of anything coming remotely close to what exists on the Windows side, when a respected security firm says that there are over 100 pieces of malware for the Mac, I believe them. I’d agree with you that in my many years of being a Mac user, I’ve never encountered one — but that doesn’t mean that they don’t exist.
No, I don’t take that cynical a view. To repeat a bit, I think the 2nd half of my comment from this morning is the more important part, and I’m still waiting for an answer: “What solid evidence did they offer you? I didn’t hear any in your story. You ignored those questions in your response. Where is the evidence? What are the sources?”
You addressed the first part of my comment, and I agree with you. Companies like Symantec & McAfee don’t overstate threats & they definitely want people to buy their software. But they give the details which your report lacked.
All I want to know is what evidence did F-Secure provide you with, because I didn’t hear it in your story. Here’s a ZDNet article with good solid evidence included:
Mac versus Windows vulnerability stats for 2007
“So this shows that Apple had more than 5 times the number of flaws per month than Windows XP and Vista in 2007, and most of these flaws are serious.”
http://blogs.zdnet.com/security/?p=758
For the purposes of my 90 second radio piece, there wasn’t a whole lot of time to get into detail, which obviously would have made it stronger.
The evidence that they provided was that they said they had seen a noticeable uptick in Mac malware since October, which is what I did say. Look, all I can tell you is I was reporting that this is the trend that they had observed. I had 90 seconds to explain that.
While it may have been better to outline the reasons and the specificities of the threats as ZDNet did in their piece, recall that NPR has a non-tech audience, and again, the entire piece was 90 seconds long. If you’d like to re-write what I did that explains this situation better than I did in the allotted time, be my guest.
The 100 new variants of malware for the Mac cited by Cyrus can be attributed to DNSChangers, which silently reconfigure the computer’s DNS server settings. Once the DNS settings are changed to their servers the bad guys can take control of the Web browser’s destination.
In October of 2006 DNSChangers began appearing on the Mac OSX platform. The last new variant we got was yesterday (18 Dec) and new ones are coming in at a rate of about 1 per 3-4 days at the moment.
All of this links back to our belief that now that Macs are becoming a big enough target for the bad guys to take an interest they’re starting to look for things to exploit. In the case of DNSChanger they’re exploiting user behaviour. The next logical step would be for them to use a vulnerability instead. We’ve already seen a number of Quicktime vulnerabilities exploited in PCs and similar vulnerablities have been found on Macs, they just haven’t been exploited. These findings on Mac malware were part of our overall report on security trends for 2007 which can be found in full here:
http://www.f-secure.com/2007/2/index.html
Patrik