≡ Menu

Daring Fireball on commercial malware vs commercial non-malware

First, apologies for the hideous title the post, but I couldn’t really think of a better way of putting it. Commenting on my previous post on Mac security, John Gruber asks:

“But, and I’ve argued this before, it doesn’t explain why the Mac has, effectively, none. If it’s true that malware developers who want to make money will only write software for the vastly larger Windows market, then why doesn’t the same logic apply to non-malware commercial developers? “

This is an interesting question, but the answer is fairly simple: distribution methods differ. Let’s look at the differing scenarios.

You’re a legitimate Mac developer, and create “Wongo!”, a lovely little widget for the Mac. You create a web site, post about it in a blog, people come and buy it. You send out a few review copies, it gets reviewed, and lots more people buy it. Word of mouth spreads, more and more people come to your site and buy it. Eventually, you’re the Bill Gates of Mac software.

Now, for malware. You write a nasty trojan for the Mac, disguised as, say, a codec required to view porn. You upload it to a dubious site, where a relatively small percentage of people in general go. Of the people who see it, only 5% will ever be able to run it. Of that 5%, most won’t bother downloading it at all. You can’t advertise, or send out review copies, or – in fact – promote your “product” in any way. No one who downloads it is going to write blog posts about how amazing it is, recommend it to their Mac-using friends, or write letters to Macworld urging them to review it.

Compared to commercial software, Mac malware is like a small niche product which few people will ever encounter, and which you’re not allowed to promote. What’s more, it will never get any word-of-mouth coverage, positive blog posts, or reviews.

Comments on this entry are closed.

  • gareth

    So, as the Apple market share will never overtake the Windows market hare, Apple users are hereby doomed to have virtually no malware of any kind attacking their platform of choice.
    Damn it, that’s harsh!

  • Wes

    Well, not until there’s a critical mass of idiot, inattentive, and/or undiscerning users who — for instance — doesn’t check VersionTracker or MacWorld before downloading some special program to view porn or see that “Christmas card from grandmom” or get a funny pop up that says “Your computer may be at risk” and clicks OK unaware that that pop-up was lying and tricked them into downloading some bit of ransom-ware.

  • http://profile.typekey.com/ianbetteridge/ Ian Betteridge

    Wes: I’d add to that “idiot users who’ve been told time and again by other idiot users that because the Mac has had no malware in the past, this makes it completely immune from malware in the future – so they don’t need to worry about about security and can install anything with impunity” :)

  • Pingback: Why Blog Comments Are Bad()