Tag Archives: Malware

Malware, the Mac, and the wolf

John Gruber’s delivered a list of previous claims that the Mac is about to succumb to malware real soon now under the title of “Wolf!

The analogy John’s making is that the pundits should all remember the tale of the boy who cried wolf. But, as my friend Graham pointed out, John’s missing something: at the end of the tale, on the last occasion, there actually was a wolf.

There is no such thing as a perfectly secure operating system. Sooner or later, there will be a wolf.

Enhanced by Zemanta

Dumb Windows users write dumb things about malware. News at 11.

Over at PC Pro, my old chum Chris Brennan is conducting a brave experiment. As an ardent Mac user, in the cause of science, he’s put aside his Mac and is living with Windows 7 for a while (catch up with his posts here.)

After a couple of weeks, a story about some Windows 7 security issue prompted him to install Microsoft Security Essential (free, not bad security software). He posted about the experience, and has promptly been jumped on by a bunch of sneering Windows folk, with comments like “totally pointless article” and “He’s clearly a Mac fanboy. Any further articles are totally pointless. He’ll choose a Mac no matter what windows 7 does.”

Now read his post, and there’s nothing there that’s actually wrong – and unlike some Mac commentators, Chris’ writing is entirely reasonable. He’s not jumping up and down and lying about security, which I’ve seen some Mac zealots do. But it appears Chris’ (entirely factually accurate) post has hit a raw nerve with some of the commenters there.

No matter what the reasons, malware is a problem for Windows users in a way which it just isn’t for Mac users. Now I’m largely on the side of the epidemiological theory: Macs are less of a target because there’s less of them, and because there’s less of them it’s much more difficult to spread malware. Malware is a lot like disease: it takes a critical mass of vulnerable people in a population before a disease can spread effectively.

But what the commentors have ignored is the key point that Chris is making: anti-virus software isn’t (and never will be) 100% effective, and different packages protect to different degrees. While Security Essential is a decent package, as PC Pro’s review points out, there are some kinds of malware against which it will offer little protection.

The point is this: if you’re a naive computer user, you need to know not only to install malware protection on Windows, but that not all packages are equal, and how to differentiate between them. Unless you read computer magazines avidly, you might not know any of this.

And that, in my book, is another reason just to get a Mac if you’re not a geek. The Mac’s lack of significantmalware might not last if it ever gets to 20, 30 or 40% installed base – but until it does, take advantage of the lack of worry.

Reblog this post [with Zemanta]

Got root on your Apple keyboard?

Now this one is fun. According to ZDNet, it’s possible to hack the firmware of some Apple keyboards in order to install malware on it. Yes, on the keyboard – not the Mac. In fact, even if you wipe the computer entirely, the malware can persist.

“Apple’s sleek $49 Mac keyboards can be hacked and infected with keystroke loggers and impossible-to-detect rootkits, according to a security researcher presenting at this year’s Black Hat/DEFCON conferences.

The researcher, known only as “K. Chen,” found a way to reverse engineer and tamper with the keyboard’s firmware upgrade. With the firmware under control, an attacker can subvert the keyboard by embedding malicious code that allows a rootkit to survive a  clean re-installation of the host operating system.”

Now this isn’t exactly a usable exploit – it’s a lot of fuss to get something that can installed on a machine much more easily using a bit of social engineering. But it highlights the potential issues we have as peripherals get smarter and smarter. I didn’t even know that the keyboard had firmware, let alone that it was hackable.

If you want to read the technical paper with all the details, it can be downloaded in PDF form here. Video demo below.

Reblog this post [with Zemanta]