Paul Wallbank – Brilliant Communications

Understanding the virus epidemic

Written by

Paul Wallbank

in

Researching last weekend’s post about the Mac Flashback Trojan, I stumbled across a bunch of articles referring to John Gruber’s 2011 “Wolf” post looking at nearly a decade of Mac malware security false alarms.

One of the rebuttals titled Hey Gruber, You Might Want to Reconsider Crying Wolf is typical, stating;

Fact is that the day will come when Macs, iPhones, iPads become equal opportunity targets for malware and all those other nasties out there and no amount of quote stuff into a quasi post by John Gruber will change that.

Nine months after that article was written the Mac malware tsunami is still being breathlessly awaited for by the Big Target school of security experts. Just as it has been for a decade.

Origins of an epidemic

The theory that the Mac, along with smartphones, tablets computers and Linux systems, were spared the virus epidemic that plagued Windows users last decade is a based on a misunderstanding of the problem.

What caused the Microsoft malware epidemic was laughable security in Windows 98, ME and the early versions of XP.

Users running Internet Explorer with no firewall in Administrator mode – which is how these versions came out of the box – could be infected in minutes. I once saw a Windows XP system infected within six seconds of going on the net, although that was partly because of the ISPs lousy security practices.

Despite the fantasies of some security “experts”, other software companies like Apple didn’t follow Microsoft’s lax security attitude of the late 1990s.

Microsoft itself has moved on. After Bill Gates’ Trustworthy Computing memo, the company tightened its security practices and the later versions of XP along with subsequent versions of Windows like Vista were far better protected.

Big target fallacies

This is why we won’t see similar malware epidemics on Windows 7, Macs, Linux, smartphone and tablet computer systems regardless of how big the targets become.
What “Big Target” advocates also overlook is the nature of crime and vandalism; most of it is opportunistic. For every bank that gets robbed by a gang of skilled, patient safecrackers there a millions of old ladies who get mugged for the change in purses.
Yet according to the “Big Target” folk, there should be a queue of cunning bank robbers standing outside every branch because, as Jesse James said, “that’s where the money is.”
What Internet users should understand is the nature of the virus threat has changed, today malware writers are looking at using well crafted social engineering scams that trick us into allowing them access into our systems and bank accounts.
One of the big concerns are rogue apps that plug into our social media services, smartphones or tablet computers – particularly those which ask permission to access our data or share logins.
A great example of this is a reported piece of malware for Android phones that uses fake Facebook requests to trick users into installing it on their phone which will then dial premium SMS numbers.

We are the weakest link

No system is truly secure and usually we, the users, are the weakest point. Serious discussions about computer security look at today and tomorrow’s threats and don’t try to spin past experiences.

Similar posts:

  • No Related Posts

Comments

Leave a Reply

More posts