I saw this posting on CNN about Viruses Catch up to the Mac and had to respond to the faulty, sensationalist claims.
First off, there is a difference between a virus and a trojan horse. It sounds like what this guy (seemingly, knowingly, intentionally) ran was more a trojan. I have my doubts that just by clicking on some links that this ‘virus’ was able to execute. I also have my doubts that he was looking for ‘pictures of an unreleased update to his computer’s operating system’ (pr0n, perhaps?).
And have no doubt, it is an epidemic, having effected the guy in the story and “at least one other person“. This is great too: “It just shows people that no matter what kind of computer you use you are still open to some level of attack” — particularly if you do foolish things, like run scripts and programs of which you have no idea of the origin.
Let’s also be happy for self-congratulatory ‘researchers’ (like the one quoted in the article) who make generally true statements that could be applied to any software with no specifics required: “… malicious web sites can exploit the holes without a user’s knowledge, potentially allowing a criminal to execute code remotely and gain access to passwords and other sensitive information”. Has there been a single documented case where this has happened on a Mac OS X system? It is important to note how he is careful not say that this has happen with a Mac.
Yes, theoretically it is possible — how about some facts? Ah, yes, there is this a bit further in the article: “Apple plans to patch the holes … and there have been no reports of them being exploited … [an Apple spokesperson] disagreed that the vulnerabilities make it possible for a criminal to run code on a target machine.” You wont find the previous excoriating quotes in or near the headline.
Near the end of the article there is a four bullet list of security issues that have been identified on the Mac. Great. In any sufficiently complicated software (like an operating system), I would expect some bugs. Perhaps even some that truly are security vulnerabilities. Notably, however, there is no accounting of how the number of Mac vulnerabilities compares to Windows (just to get a relative sense of the problem they are sensationalizing discussing).
But the grand prize for misleading statements goes to the claim that “With new Macs running the same processor that powers Windows-based machines, far more people will know how to exploit weaknesses in Apple machines than in the past…” Huh? The vulnerabilities in Windows can’t be blamed on Intel-based processors, it can be blamed on a poorly designed, bloated excuse for an operating system (Windows) that has had several unsuccessful attempts to layer on security well after the fact. I would guess that a very, very large number of security vulnerabilities in Windows would be stopped cold by OS X when run as a non-root user.
technorati tags: apple, mac, security, virus, poorjournalism