Summer of Mac Love - Week 1 - Malware

July 8, 2008 – 9:45 pm

agt_virus_mid.png
The first and most often cited advantage of the OS X is the absence of Malware. The Windows advocates always state that this is due to the comparatively small market share that OS X holds as compared to Windows. Half of this statement is true, unfortunately the second half is neither here nor there.

It is a fact that there are far more Windows computers in use. However this is irrelevant. The argument states that if there were more OS X computers in use there would be more viruses. This is changing the subject. It may prove true that malware attacking the Mac may increase in the future but we are discussing the best platform today, what may or may not happen in the future is extraneous to the discussion.

The Facts

None of the computer security companies (Norton, McAfee, Grisoft, etc) provide the actual number of Windows malware in existence.1 However, according to F-Secure estimates, that number will reach 1 Million by the end of 2008. Although the number itself does not give us a number for today, it can give as idea of the scope of the problem.2

As of May 2008 there are 764 Windows viruses in the wild.3 Meaning that these 764 viruses are in active circulation. This figure is for viruses only. Meaning that spyware, which is more prevalent, is excluded.

At last count the number of Mac OS X malware in the wild totaled 5.4

According to SANS a Windows PC connected to Internet will be infected in less than 50 minutes. My Mac has been connected for 270,720 minutes (and counting) without infection.

The Criteria

  • Capability: Does the tool perform the job?
      It is common for malware has been known to reconfigure settings on the computer disabling functions such as web browsing. Malware can achieve this by performing redirects on all outbound traffic. As web browsing is by far the most common use of a computer, disabling this feature definitely makes the computer less capable.
  • Availability: Is the tool available and working correctly when it is needed?
      The more destructive malware has also been known to delete files such as documents or operating system files leaving these documents missing or crippling the operating system. For many users, a malware infection will require repair by a technician rendering the computer unavailable while it is under repair.
  • Usability: Is the user able to intuitively work the tool?
      In this case usability is not applicable as malware does not affect how the user interacts with the computer, rather it affects the outcome of this interaction.
  • Efficiency: Does the tool perform the job with as little effort as possible?
      A sudden loss in efficiency is one of the most common symptoms of a malware infection. Malware by definition infiltrate a computer and perform tasks without the users permission. The accumulation of unauthorized tasks generated by malware can quickly consume a large portion of the available resources of the computer leaving legitimate tasks with less resources and subsequently slowing them down.

The Results

  • Capability: Does the tool perform the job?
      Browser redirection is one of the most common results of a spyware infection on a Windows PC. Examples include Trojan.DLoader/LX, Zlob.Downloader, and so on. RSPlug.A will perform the same trick on a Mac. However this virus requires the user to download, extract and enter the admin password to install the virus in order to infect the Mac.
  • Availability: Is the tool available and working correctly when it is needed?
      Three of the Mac viruses (PokerStealer, MacSweeper and Imunizator) will provide a method for deleting files through ssh access. Numerous malware infections (Nyxem, W32/Nopir-B, etc) on a PC will delete files. Although both systems are vulnerable, the Windows PCs have far more attack vectors than the Mac. Fewer attack vectors means that protection is far simpler for a Mac.
  • Usability: Is the user able to intuitively work the tool?
      In this case usability is not applicable as malware does not affect how the user interacts with the computer, rather it affects the outcome of this interaction.
  • Efficiency: Does the tool perform the job with as little effort as possible?
      As previously stated the number of malware programs for the Windows PC is well into the hundreds of thousands. A large majority of these can be considered resource thieves as their main function. Mac OS X again has but according to Symantec it is not very prolific, in fact they cite less than 50 infections.

The Winner

Although OS X is not immune to viruses as some claim, the fact remains that there are only 5 malware programs that infect OS X. Compared to the fact that malware programs for the Windows PC number in the hundreds of thousands, the Mac is the clear numerical winner.

Obviously Anti-Malware programs for both platforms can mitigate this problem. However the key issue here is the affect on the user. Anti-Malware software on a PC requires far more resources (disk usage, CPU cycles, RAM, and etc) to scan for all of the Windows malware. Given that Mac anti-malware apps only have to look for 5 things, far less resources are consumed. Although not recommended, Mac users can get by without installing anti-virus software.

I have never installed any in the four years since I switched and I have never been infected. This saves the Mac user both money (no software costs), time (no time spent waiting for the computer to complete a scan) and repair costs.

Although malware for the Mac is likely to increase, it must be considered that Windows malware will also increase at the same time. This fact will preserve the resource advantage as the Macs will not likely catch the Windows platform in the number of malware programs. That is unless everyone gets rid of their Windows PCs and switch to the Macs all at once. Given that scenario, the Mac would eventually bypass Windows.

OS X wins this one by a long shot.

1: According the PR office at Symantec this changes too frequently for them to keep track. This seems more than a little fishy. We all know they maintain a database in the form of their virus definitions. Querying this database for a total would be trivial. I suspect that they are motivated by other reasons not to make this number public. Draw your own conclusion….

2: I use this number as it was the only one provided by any of the AV companies. A reasonable conclusion of the number of viruses in existence today can be inferred by comparing the numbers that they do provide.

3: Wildlist is monitoring group, see their website for details. 764 is likely a very conservative number considering the criteria upon which they generate the list.

4: These would be PokerStealer, Imunizator, MacSweeper, RSPlugA and Oompa-LoompA as per Integoa Mac anti-malware vendor.

Share and Enjoy:
  • Digg
  • del.icio.us
  • Google
  • E-mail this story to a friend!
  • StumbleUpon
  • Technorati

  1. 4 Responses to “Summer of Mac Love - Week 1 - Malware”

  2. Brilliant!

    By SheeheriArics on Aug 2, 2008

  1. 3 Trackback(s)

  2. Jul 18, 2008: Summer of Mac Love - Week 2 - Software Updates | Binary Rescue
  3. Aug 2, 2008: Bookmarks about Malware
  4. Aug 29, 2008: Summer of Mac Love - Week 7 - Foundations | Binary Rescue

Post a Comment