Dumb Windows users write dumb things about malware. News at 11.

Over at PC Pro, my old chum Chris Brennan is conducting a brave experiment. As an ardent Mac user, in the cause of science, he’s put aside his Mac and is living with Windows 7 for a while (catch up with his posts here.)

After a couple of weeks, a story about some Windows 7 security issue prompted him to install Microsoft Security Essential (free, not bad security software). He posted about the experience, and has promptly been jumped on by a bunch of sneering Windows folk, with comments like “totally pointless article” and “He’s clearly a Mac fanboy. Any further articles are totally pointless. He’ll choose a Mac no matter what windows 7 does.”

Now read his post, and there’s nothing there that’s actually wrong – and unlike some Mac commentators, Chris’ writing is entirely reasonable. He’s not jumping up and down and lying about security, which I’ve seen some Mac zealots do. But it appears Chris’ (entirely factually accurate) post has hit a raw nerve with some of the commenters there.

No matter what the reasons, malware is a problem for Windows users in a way which it just isn’t for Mac users. Now I’m largely on the side of the epidemiological theory: Macs are less of a target because there’s less of them, and because there’s less of them it’s much more difficult to spread malware. Malware is a lot like disease: it takes a critical mass of vulnerable people in a population before a disease can spread effectively.

But what the commentors have ignored is the key point that Chris is making: anti-virus software isn’t (and never will be) 100% effective, and different packages protect to different degrees. While Security Essential is a decent package, as PC Pro’s review points out, there are some kinds of malware against which it will offer little protection.

The point is this: if you’re a naive computer user, you need to know not only to install malware protection on Windows, but that not all packages are equal, and how to differentiate between them. Unless you read computer magazines avidly, you might not know any of this.

And that, in my book, is another reason just to get a Mac if you’re not a geek. The Mac’s lack of significantmalware might not last if it ever gets to 20, 30 or 40% installed base – but until it does, take advantage of the lack of worry.

Reblog this post [with Zemanta]
  • http://jearle.eu/ @jearle

    I agree wholeheartedly with the driving point of this article, but I’m no longer a subscriber to the epidemiological theory. My personal take is that malware is on Windows because malware writers have always written for Windows.

    The obvious vectors (open RPC ports and auto-executed VB in OE) meant malware was trivial to write for Windows, and as it got harder, those who cut their teeth on Melissa variants just buckled in for the ride.

    Windows exploits are more common because the point of entry was lower when sploiters/VXers got started.

    Just because Windows is hardening doesn’t mean the malware community will move on. They’re entrenched.

  • Ian Betteridge

    Yeah, that’s true Jared. And it’s notable that in the past few years in the Windows world, as Windows has hardened, there’s been a lot less “script kiddies” and more hardcore, seriously-smart (well-planned and executed) malware.

    But having said that, for Mac users it’s also a worry – because the best malware writers have the kind of coding talent which will allow them to exploit the holds in OS X which undoubtedly exist, should they choose to focus on the platform. Many of the principles of exploiting (buffer overflows, misc injections, etc) are really cross-platform – they’re the kind of things you look for no matter what OS you’re targeting.

    Hopefully, though, we’ll never have to find out.. ;)

  • http://www.interconnectit.com David Coveney

    Uhm, the post *was* pretty dumb, and with an inflammatory title. He said Windows 7 made him worry about security with the implication being that he’d never worried about it before.

    Well sorry, but Duh.

    Pwn2Own has shown that an intelligent, motivated hacker can get into a Mac just as easily as any other machine.

    What anyone should do is to consider mitigating and dealing with what happens if someone gets past one layer of security and then into the next because security is a multi-part problem. Many exploits rely on social engineering which is as simple on a Mac as on a Windows machine.

    Ultimately, telling someone to buy a Mac because it’s somehow magically more secure is really just like telling someone to buy an apartment because apartments get burgled less frequently. Unfortunately, it doesn’t make up for vulnerable behaviour like leaving the door open….

  • Ian Betteridge

    I don’t think the title was inflammatory at all. It was just accurate: Windows 7 *has* forced him to think about security. There’s nothing inflammatory about that. It’s just true – that’s his experience. He’d never had to think about it before, as he was a Mac user. Now, he does.

    I’ve argued many, many times before that there’s nothing magically secure about the Mac – and I’ve been pilloried by Mac users for it. But it is more *safe*, because the volume of malware for it is still very, very low. As a Mac user, you’re just less likely to encounter an infected file. On those grounds alone (and there are others), Macs are safer.

    The burglary analogy is quite apt. Live in the middle of the country, and you’re less likely to get burgled than in a city simply because there’s less burglars around and they have to make more of an effort to get to you. Your house isn’t any more *secure* than the same building would be in a city: but you are more *safe*. Leave your door open, and it’s unlike anyone will actually wander past to take advantage of it.