Sophos makes stupid security recommendation

[Steve]

Security firm Sophos, in all its wisdom, has advised that consumers should consider purchasing Macs as a means of protecting themselves from viruses, trojans and other nasties. The BBC reports:

[Sober-Z] infected computers running the Windows operating system, but was not designed to infect Apple Macs.

"It seems likely that Macs will continue to be the safer place for computer users for some time to come," said Mr Cluley

Of course, the fanboys are already up in arms at the title of this thread and its content thus far, but let's put it this way: How can the 'security' of an operating system be quantified by the number of exploits for it, when the operating systems have varying levels of popularity? It's the age-old argument that if Macs were more widely used, then virus and trojan writers would concentrate on MacOS and its apps, rather than Windows. Of course, the reality is it's impossible to say which is more secure, but granted, right now, with a Mac you've less chance of catching something nasty.

Still, it's an unusual piece of advice for Sophos to make, one that's sure to spark a lot of debate, which we reckon is the real reason for the recommendation.

My advice is not to rush out and buy a Mac, but to be sensible, keep your firewall on, your virus scanner up to date, and try to educate other users on what not to click (hard, I know, but we've got to try).

[Paranoid2000]

How can this advice be called stupid? Windows has the most malware, no question and will continue to do so for some considerable time to come. Much of this has been due to bad design decisions from Microsoft (tying Internet Explorer into the OS, having services enabled by default that most users don't need, adding functionality without considering the security implications) which Apple seem to have avoided as well as Windows' widespread usage.

Whether OSX manages to remain relatively malware-free is open to debate but Sophos' advice makes good sense for those considering their first computer - and it does everyone else a favour if it prevents the emergence of another spam-spewing, port-scanning, DDoS-driven zombie. Sophos are quite correct to highlight the exponential growth in Windows trojans and these are becoming ever more sophisticated in terms of resisting detection (many now including rootkits) and removal to the extent that even Microsoft recommends reinstalling Windows from scratch to recover from infection.

A similar point can be made about GNU/Linux and the xBSDs but these are less approachable for newcomers than OSX.

[chuckskull]

An OS not being attacked doesn't make it secure

By his logic I'm immortal (well I aint died yet have I?). Theres plenty of proof of concept attacks for macs, just not an attractive target.

No matter what your OS, a bit of sensible web-browsing (never google for the word 'free', no warez etc.) and a well setup router/NAT/firewall and you have a very secure system.

I no longer run any softerware fw/av solutions (except for scans) and the worst infection I've had in a year is a couple of tracking cookies.

I'm not a windows fan-boy or any other OS for that matter (I go where the games are), but swapping your enitire OS and machine is not a valid security idea.

The weakest link in any security system is that monkey with the keyboard.

[Paranoid2000]

An OS not being attacked doesn't make it secure

The point being made in the original article was that the vast majority of current threats are Windows only. Therefore getting a non-Windows system is a straightforward way of avoiding them. "An OS not being attacked..." is rather like "If a tree fell in a forest with no-one to hear it..." - a fine philosophical debate with no bearing on the advice being discussed here.

No matter what your OS, a bit of sensible web-browsing (never google for the word 'free', no warez etc.) and a well setup router/NAT/firewall and you have a very secure system.

Not necessarily - your risk is less but if a website you visit is compromised (malware pushers have and will continue to target mainstream websites) and you use a vulnerable browser, your firewall will do nothing to protect you (unless it has web filtering).

I no longer run any softerware fw/av solutions (except for scans) and the worst infection I've had in a year is a couple of tracking cookies.

I suggest a more accurate phrase would be "the worst infection I've noticed" - the most dangerous threats are those that hide themselves best (rootkits notably) and blocking these requires software capable of controlling driver installs (e.g. Process Guard, System Safety Monitor, App/RegDefend). Kaspersky 2006 has added a Proactive Defense module that offers the same functionality, but most other AVs haven't addressed this yet.

If a rootkit does get installed, the only sure method of detecting it is to boot your system from a known clean source (e.g. a Linux distro CD) and run a scan from that. Is that part of your regular routine?

...swapping your enitire OS and machine is not a valid security idea.

Surely that depends on the effort/cost required to change versus the benefits? Someone who uses basic applications (email, word processing, web browsing) has no specific need of Windows so switching here would likely make more sense. Malware authors have a great deal of Windows-specific expertise which has taken years to develop. An alternative OS would require them to start almost from scratch, so even if the alternatives had the same problems as Windows it would still take a couple of years for them to be fully charted and exploited.

[Koolpc]

But surely Mac's will one day be inundated with trojans etc etc? Just the Microsoft is 'The' target at the mo?

[chuckskull]

An alternative OS would require them to start almost from scratch, so even if the alternatives had the same problems as Windows it would still take a couple of years for them to be fully charted and exploited.

Well then lets all go buy a mac now, and next year sophos will be raving about how vista is never attacked and is secure.

Or even better lets all jump around operating systems every six months and really confuse those malware peddlers.

Surely that depends on the effort/cost required to change versus the benefits? Someone who uses basic applications (email, word processing, web browsing) has no specific need of Windows so switching here would likely make more sense.

They probably do have a need of the money it will cost to swap their windows box for a even a bottom end mac (£800?+)

[Paranoid2000]

But surely Mac's will one day be inundated with trojans etc etc? Just the Microsoft is 'The' target at the mo?

In the distant future maybe - in the near future (1-3 years) very unlikely. Safari has a far better security record than Internet Explorer (the main infection vector on Windows systems) and OS X, being based on BSD Unix, doesn't have some of the more "unusual" architectural features of Windows that help malware along (being able to create threads in other processes or send messages to other applications' windows) and has the "root" user (the Unix equivalent of Windows' Administrator/Owner) disabled by default.

See Windows Vista Beta 1 vs. Mac OS X "Tiger" (Part 2) for more discussion on OS X's security.

[robg1701]

Oh wonderful, now security firms have been eveloped in the Reality Distortion Field ;p (TechReport'ism re: macs ;p)

[DavidM]

My notepad never suffers from virus threats.

Mind you, it is made out of paper.

[chuckskull]

My notepad never suffers from virus threats.

Mind you, it is made out of paper.

What kind of framerates you getting in BF2?

[kalniel]

Why don't they advise people to stand in a cupboard with their hands over their ears instead?

[Howard]

My advice is not to rush out and buy a Mac, but to be sensible, keep your firewall on, your virus scanner up to date, and try to educate other users on what not to click (hard, I know, but we've got to try).

Too right. I can't remember when I last had a virus or trojan, on any of my machines. A little common sense goes a long way.

[Mike Fishcake]

The best advice to not be under risk of computer viruses?

Turn your computer off, seal it in a lead box and drop it into the middle of the Atlantic Ocean.

Problem solved.

[Howard]

It's at that point you hope your OS doesn't have any holes...

[BEANFro Elite]

We've already had this discussion [ sigh ] its down do lack of education that most people get spyware and viruses.

I personally have never had a virus on my PC ever but outbreaks of spyware on my pc are such a rarity that anti-spyware apps. are a mere early warning center as my own methods for getting rid of spyware are so effective.

One final point, if Sophos have scare-mongered enough people to switch, we're talking at least half of the amount of people who use windows, then Apple will start getting more viruses n spyware catered just for them.

[Paranoid2000]

...its down do lack of education that most people get spyware and viruses.

Yes, but also consider the amount of information a new user needs to learn to keep themselves safe:

• What a firewall is and how to use it (which also means understanding the basics of networking);
• What an anti-virus scanner is and how to use it (in particular the importance of keeping it updated);
• What types of online behaviour are "dangerous" and likely to result in infection (e.g. downloading anything from anonymous sources, clicking on links in spam emails);
• The risks of "rogue" anti-spyware applications (or why Google sponsored links may be bad for your PCs health);
• The effects and dangers of different classes of malware (viruses, trojans, keyloggers, rootkits, etc).

That's a lot to absorb in one go - and that is just the basics of online security since a prudent user will also need to cover:

• Using a web-filter to remove ActiveX/Java/Javascript from unknown or untrusted sites;
• Installing and using alternative browser/email clients;
• Online privacy issues (cookies, referers, web bugs, etc);
• Knowing how to identify when their web traffic is encrypted (https) and the dangers of phishing;
• Not running as Admin/Owner except when absolutely necessary (and the hidden "Run As" option in Windows).

Even these don't cover all the problems that can be encountered (Sony rootkit anyone?) so a "full" security setup on a Windows platform should include:

• Running a secondary malware scanner to cover items that the primary may miss;
• Checking periodically for rootkits and keyloggers using specific detectors (not all anti-virus software covers these items properly);
• Installing and configuring a system firewall (e.g. Process Guard, System Safety Monitor, App/RegDefend) to control what programs are run and what actions they can take (which in turn requires understanding techniques like hooking, code injection and DLL injection and when these are likely to be legitimate and when malicious).

Mac users do not have to worry about all these issues currently and are not likely to have to for some time yet.

One final point, if Sophos have scare-mongered enough people to switch, we're talking at least half of the amount of people who use windows, then Apple will start getting more viruses n spyware catered just for them.

The "Windows is a target only because it is popular" is a myth. Windows' popularity is part of the reason for it being a target but the main reason is that it was never designed from the ground up to be secure - and this has been exacerbated by Microsoft's design decisions as mentioned above, making them easier to infect (most exploits have been application-specific targeting Internet Explorer or Outlook rather than Windows itself). Macs have been around for long enough (longer than Windows) and have a more attractive demographic of (generally) wealthier owners to be a very attractive target for malware writers so the incentive is certainly there.

In summary, Windows is a malware war-zone and new users need to be aware of that beforehand, following guides like CERT/CC Tech Tip: Before You Connect a New Computer to the Internet. If a new user is not prepared to do this, then it is far better for everyone else that they get a Mac or Linux system since they are then less likely to be hijacked, become part of a botnet and pose a nuisance to others - Sophos' advice should be commended for this reason alone.