Why Mac is not beiged by spyware/viruses etc..

[aristotle-dude]

It's all about the community we have and the zero tolerance for vulnerabilities and spyware:

http://daringfireball.net/2004/06/broken_windows

I don't want this to turn into a flame war. If the windows apologists could stop for one minute, you might learn something.

The only way to secure an OS is with vigilance and a strong community. That is something the windows community is missing and they depend upon MS to fix all their issues.

When we had the "potential" URL exploits discovered for OS X a while back, a few conscientious developer released free software to deal with them (Paranoid Android and RCDefaultApp prefs pane).

I cannot for the life of me understand why the windows community is willing to put up with so much spyware.

[The_Decryptor Veteran]

I aggree with you fully

[shihchiun]

because most users have only basic knowledge... when you have most of the users, that's what happens. and again, why would anyone want to put spyware/adware on a system that most people do not use? most of these things are for advertising, so what's the point in targetting the small percentage of people who use macs?

[Debugger]

It's simply because your a mac user and canoot understand what is happening in the "PC" world. Just ask yourself, if u were a company which write spywares or just a little script kiddies who write viruses. What would be your target? The 10% of mac and linux users or the 90% of the market owned by Microsoft? Its just that... Vulnerabilities are also found in linux and other OSes everyday. But no one uses them because they have no reasons to do so.

Just my opinion, thank you

[Dazzla Veteran]

As much as I love Macs another reason is money. There's money to be made by designing and implementing spyware, it's in their interests to create this software because there's such a large userbase of novice Windows users in comparison to Macs single figure percentage market share. It's the whole virus thing again, you create them for a market with the highest potential infection, that's why Windows get's targetted and Macs don't.

As for relying on MS, we should, we buy the OS and they support it. That's why we pay for OS's, the vast majority of the Windows population wouldn't know how to utilise a third party unofficial fix if anyone was bothered to even write one.

[ms998]

Sorry the reason why the Macs aren't plagued by virii is becasue they arent such a big target. Windows is used far wider by users of all abilites. I myself am i PC user but if I used a Mac wouldn't know where to start.

Virus writers casue a headache for MS becasue they are a bug targtet. If they can egt their viruses to replicate throughout the world they will become famous. IF this happened to Macs I doubt it would even make the local news is 100% of macs were affected. (Perhaps an exergaration)

[Debugger]

Dazzla: you are totally right :)

[memNOC]

minority of the market share.

[nuka_t]

I cannot for the life of me understand why the windows community is willing to put up with so much spyware.

we dont. i scan for spyware weekly and remove it all. it never gets in the way and a five minute scan a week isnt a big sacrifice. im less likely to get spyware than most mac users.

[NetRyder]

As much as I love Macs another reason is money. There's money to be made by designing and implementing spyware, it's in their interests to create this software because there's such a large userbase of novice Windows users in comparison to Macs single figure percentage market share. It's the whole virus thing again, you create them for a market with the highest potential infection, that's why Windows get's targetted and Macs don't.

As for relying on MS, we should, we buy the OS and they support it. That's why we pay for OS's, the vast majority of the Windows population wouldn't know how to utilise a third party unofficial fix if anyone was bothered to even write one.

Excellent post :)

[Dazzla Veteran]

Look at the MSBlast worm for example, that was major TV news and crippled organisations, if there was a similar worm for OS X it wouldn't make TV at all. That's just the way it is, same applies to spyware and adware. Write it for the highest userbase and make your money? Or write it for OS X and make nothing? And the windows community does to something for spyware, Spybot and others are freeware utilites written by windows users for windows users but they're not for exteme novices, that's how these companies make their money. But no-one's gonna write a utility to fix a security whole (like MSBlast for example) because you wouldn't deliver enough of them worldwide to fix the problem, leave it to Microsoft.

I'll give you another example closer to home. ThemeXP wraps themes in spyware because the Spyware developer paid them to, that's how ThemeXP pay their hosting. In return for this millions of Windows novices will install the themes and be infected making the spyware developers their money. It's just the way of Windows life and a downside at that, but it's something that just couldn't happen on OS X because of market share plain and simple.

[NetRyder]

Another point I'd like to make is that any OS is just as secure as you make it. I've been a Windows user all my life, and I have had to install Ad-Aware/Spybot only twice so far. I run updated versions of antivirus and firewall software, and use Firefox as my browser with a cookie whitelist.

My computer has never, to this day, been hacked, I haven't had a virus in almost 5 years, and everytime I run Ad-Aware or Spybot, the search comes out clean with no results (no tracking cookies either).

:)

[aristotle-dude]

As much as I love Macs another reason is money. There's money to be made by designing and implementing spyware, it's in their interests to create this software because there's such a large userbase of novice Windows users in comparison to Macs single figure percentage market share. It's the whole virus thing again, you create them for a market with the highest potential infection, that's why Windows get's targetted and Macs don't.

As for relying on MS, we should, we buy the OS and they support it. That's why we pay for OS's, the vast majority of the Windows population wouldn't know how to utilise a third party unofficial fix if anyone was bothered to even write one.

While I'm sure that advertising was a big money maker in the past, that market is quickly waning. If a product really is useful and unique, they should consider a small registration fee (shareware) instead of loading up spyware. If software has spyware and ads, then it's not really free now is it? If the developer does not want to out price their product, they should consider say, 5-10 USD as the price for it.

As for viruses and hard to remove spyware, I believe that is largely the blame of MS for their security model which encourages home users to run their machines as root and startup items are stored in the registry. I really hope MS considers getting rid of the registry entirely.

I see nothing wrong with relying on MS for security fixes but there needs more work to be done on the community posting workarounds before the patch comes out. There have been a few instances when MS dragged their feet with a security exploit and the community should have rose to the occasion to release a "free" tool to deal with the issue temporarily. What unsanity did with Paranoid Android definitely will pay them rewards of new customers for their other non-free products based on the goodwill it created.

Noobs should be warned of what software has spyware before they go to install it. We have that in the user reviews on versiontracker.com mac section. I've never installed any spyware because of that.

To the guy above, I am perfectly aware of what is going on in the windows community. I work M-F 40+ hours a week with MS developer tools. :p So, I have a vested interest in seeing better security on the windows desktop and windows in general.

[oik]

because most users have only basic knowledge... when you have most of the users, that's what happens. and again, why would anyone want to put spyware/adware on a system that most people do not use? most of these things are for advertising, so what's the point in targetting the small percentage of people who use macs?

with posts like these, it makes me wonder how many of you actually read the article.

debugger's post is even better.

[Southern Patriot]

with posts like these, it makes me wonder how many of you actually read the article.

debugger's post is even better.

Take a look at the Yahoo tech boards sometime. Most Windows users only read the headlines, then feel empowered to discuss the Mac's shortcomings at length. Especially funny are the comments by "tardyturtlerocks".

[Dazzla Veteran]

While I'm sure that advertising was a big money maker in the past, that market is quickly waning. If a product really is useful and unique, they should consider a small registration fee (shareware) instead of loading up spyware. If software has spyware and ads, then it's not really free now is it? If the developer does not want to out price their product, they should consider say, 5-10 USD as the price for it.

As for viruses and hard to remove spyware, I believe that is largely the blame of MS for their security model which encourages home users to run their machines as root and startup items are stored in the registry. I really hope MS considers getting rid of the registry entirely.

I see nothing wrong with relying on MS for security fixes but there needs more work to be done on the community posting workarounds before the patch comes out. There have been a few instances when MS dragged their feet with a security exploit and the community should have rose to the occasion to release a "free" tool to deal with the issue temporarily. What unsanity did with Paranoid Android definitely will pay them rewards of new customers for their other non-free products based on the goodwill it created.

Noobs should be warned of what software has spyware before they go to install it. We have that in the user reviews on versiontracker.com mac section. I've never installed any spyware because of that.

To the guy above, I am perfectly aware of what is going on in the windows community. I work M-F 40+ hours a week with MS developer tools. :p So, I have a vested interest in seeing better security on the windows desktop and windows in general.

There's still money in the advertising model, I know how much these people are offering sites like ThemeXp and other sites. They wouldn't do it if there wasn't money in it. Another aspect of the Windows community is insane piracy, you wouldn't get away with charging $5-10 for app like on OS X, that's one thing I noticed when I had my Mac, people were prepared to pay for shareware aplications, more so then on windows.

And there's a difference between noobs and Windows noobs, I see friends PCs who use Windows at a glance and are riddled with Spyware so user reviews and the such isn't any good. Part of the blame of that has to be squared at Microsoft for the lax security in IE, thankfully SP2 fixes that but again, how many noobs know what SP2 is let alone will install it.

For the patch thing, the majority of times there are major security breaches in Windows there's already a patch but the very nature of Windows users means that they're not deployed. Look at MSBlast where the patch was out a month before the outbreak. A third party app will have no effect in situations like this. It's rare that Windows is caught out on a major scale without the patch being readily available.

[the evn show]

Another point I'd like to make is that any OS is just as secure as you make it.

This isn't true. It is (for practical purposes) impossible to secure DOS/Windows 3.1: all users have 'root' access, there is no protect memory, multitasking is co-operative (making it easy to cause one program to 'hog' cpu time and DOS-attack the machine), all files are read/write for the world because there is no permission structure, user applications all run with the same "do whatever you want" permissions. About the only thing saving Win311 is that it ships with no services enabled by default: something that Windows 95 trough aside. It picked up a few advances (protected memory and preemptive multitasking) but once you connect it to the internet it's pretty much swiss cheese. It's possible that your hardware and software routers and firewalls will offer some level of protection - but we've seen issues with the Linksys hardware routers, and with major firewall software so even that protection is marginal at best (at then we beg the question: what constitutes securing your OS vs what constitutes securing access to the machine it runs on?)

OpenBSD on the other hand ships locked down and has a very solid security infrastructure. You have the UNIX user permissions combine with NTFS-style access lists (though they're a bit of a pain to set up), user cannot alter drives/partitions with 'critical files' unless you specifically authorize them too. No user can become root unless you manually enable them too, no ports are listening to the outside, almost no 'optional' applications are installed, all the code has been audited for security. Non root users cannot start processes that listen on 'important' ports, you can filter incoming and outbound network traffic because it ships with the most capable firewall features in the world, etc.

If you upgraded to the latest release of OpenBSD every year the last time you would have had to worry about an exploit was when Clinton ran for office. Mac OS X is not OpenBSD but they do have quiet a few security practices in common.

Some operating systems lend themselves more to security than others do: Windows 9x and classic Mac OS tend to be less security conscious than Mac OS X and other *NIX systems. Windows XP is considerably more secure than past versions of Windows but there are still some outstanding issues that make targeting it for spyware/adware/viruses a good choice. No doubt that the mal-ware guys look at market share when writing their garbage but I bet the fact that it's easy to write that sort of thing for Windows plays a roll in their decision too.

I've been a Windows user all my life, and I have had to install Ad-Aware/Spybot only twice so far. My computer has never, to this day, been hacked, I haven't had a virus in almost 5 years, and everytime I run Ad-Aware or Spybot, the search comes out clean with no results (no tracking cookies either).

I don't wear a seat-belt and I haven't been killed in a car accident - that doesn't mean my car is invulnerable. It's a gamble for both of us, if I lose I risk dying - you risk losing your data, privacy, and identity.

I'll take the risk with the seat-belt because in this city so far there have been 10 traffic fatalities - 1:100,000 seem like pretty good odds to me (they're actually a little better, but this isn't a statistics discussion). On the other hand hundreds of thousands of Windows users in this city are effected by viruses, spy-ware and trojans. There are no Mac OS X viruses that can effect my machine (yet) and to the best of anyone's knowledge the only way to get trojanized (is that a word?) is by trying to download pirated software from peer-to-peer file sharing networks (Microsoft software to be more specific ;)) and that has only happened once _ever_.

[oik]

unfortunately dazzla, the advertising through adware and banners is dying... people ignore them now. it comes as second nature to most people. there's a study that shows it somewhere but i'm too lazy to look for it ;)

[Dazzla Veteran]

I didn't say banners, I said Spyware through distribution of normal software. Web advertising is down, but this method of software distribution is not, spyware as software wrappers is making people money. This is a very popular method of distribution because it's explicitly agreed to and is a surefire way to get their spyware onto peoples desktops as opposed to the usual ads, clickthroughs and activeX exploits.

[Matt]

i agree with dazzla on this one.

[Odyssey]

Noobs should be warned of what software has spyware before they go to install it. We have that in the user reviews on versiontracker.com mac section. I've never installed any spyware because of that.

If this could be done, that would make my life a lot easier that's for sure.

But in reality, the only warning that anyone gets, if any, during the install of their new "free" program is in the EULA. I have come across applications that specifically state that Internet Optimizer or Bonzai Buddy will be installed along with this application. As soon as I see that, I decline the EULA.

Of course I have been just as guilty as anyone else for not reading EULAs in the past. The truth of the matter is if most people do not read them, people who are new to computers will be even less likely to read them, let alone what to watch for.

[NetRyder]

This isn't true.  It is (for practical purposes) impossible to secure DOS/Windows 3.1

I'm sorry. I guess I should have worded my response more clearly. When I said any operating system, I was referring to modern day operating systems - this includes Windows OS's based on the NT kernel (XP/2000/2003), *nix flavors like Linux and *BSD, and Mac OS X.

As you yourself stated in your post, earlier versions of Windows (3.1, 9x) as well as classic Mac OS (prior to X) were both less security conscious. You pointed out that DOS/3.1 lacked memory protection and pre-emptive multitasking, which came in only with Windows 9x. This was also the case with the Mac OS. Versions prior to X lacked these important aspects as well. The only real difference is that viruses/trojans/malware existed for Windows even at that time, while they obviously didn't for the Mac OS.

I don't wear a seat-belt and I haven't been killed in a car accident - that doesn't mean my car is invulnerable.  It's a gamble for both of us, if I lose I risk dying - you risk losing your data, privacy, and identity.

I'll take the risk with the seat-belt because in this city so far there have been 10 traffic fatalities - 1:100,000 seem like pretty good odds to me (they're actually a little better, but this isn't a statistics discussion).  On the other hand hundreds of thousands of Windows users in this city are effected by viruses, spy-ware and trojans.  There are no Mac OS X viruses that can effect my machine (yet) and to the best of anyone's knowledge the only way to get trojanized (is that a word?) is by trying to download pirated software from peer-to-peer file sharing networks (Microsoft software to be more specific ;)) and that has only happened once _ever_.

Continuing the seat-belt analogy, I admit I'm living in a dangerous neighborhood where accidents are common. In fact, I currently live in university housing, and during this year, almost 60% of the people on my floor were affected by virus/worm outbreaks on the network. However, it's not that I'm not wearing my seat-belt. As I said, I run antivirus software that's updated twice every week, a software firewall in addition to a NAT router, Automatic Update checks WU for critical updates regularly, I am unaffected by ActiveX-based malware because I choose to use Firefox instead of IE, I don't have to be concerned about spyware in the form of tracking cookies since I use a cookie whitelist, and I can even open virus-infected emails in Thunderbird without the risk of getting infected or worrying about it spreading automatically, as in the case of Outlook. You see...I am actually taking care and precaution to make sure my security and privacy is protected - I am wearing my seatbelt at all times.

Admittedly, there is a possibility that I could get into an accident, but the seat-belts are in place to protect me if such a situation does arise. And as I already mentioned earlier, I haven't been in such a situation for a very long time, and I intend to keep it that way. Did I just get lucky? No. As I said, a large part of your security and privacy lies in your own hands. :)

Edited June 5, 2004 by NetRyder

[SabaTime]

thanks for the post, always wondered why.

[OoTLink]

Look at the MSBlast worm for example, that was major TV news and crippled organisations, if there was a similar worm for OS X it wouldn't make TV at all.

That's total BS. The smallest mac security holes HAVE made it onto news sites like the president would having an affair on his wife.

Granted that, OS X *IS* not that "popular" with viruses and the like for this reason, and so far all the exploits have been discovered by accident, not by some h4x0r wanting to take down the platform.

On the other hand, OS X is written as stupidly as windows. I've NEVER to this day seen any other OS so easily exploitable that it has security problems by simply plugging it into an unprotected network. Having said that, a lot of you are forgetting that the average OS X box is definitely more secure than the average XP box, out of the box and onto a fresh connection.

Even if OS X held more than 80% of the market I doubt it'd be that crazy.

[Redestium]

Even if OS X held more than 80% of the market I doubt it'd be that crazy.

Easy to say since it will never happen and therefore no way to verify. :whistle:

Also wtf is "beiged"?