|Home » Learning Curve
FUD: On Snow Leopard Anti-Malware
It's coming from the security cottage industry.
There's a dangerous story circulating, emanating from within the security cottage industry; more specifically from Intego, a company brandishing the tag line 'Leading Internet Security and Privacy Software for Mac'. As most aware punters know by now, the best 'security and privacy software for Mac' is already in place - it's called Unix.
What does the Apple product page say about Unix? This about the server edition but the Unix on both server and workstation is the same. Read it.
Mac OS X Server is built on a fully compliant UNIX foundation. This battle-tested core provides the stability, performance, and security that organizations require. And full UNIX conformance ensures compatibility with existing server and application software. Mac OS X Server is the ideal platform for deploying groundbreaking enterprise applications and services.
A few salient facts before continuing.
- Unix was developed as a research project at Bell Laboratories in Murray Hill New Jersey. The key researchers were Ken Thompson and Dennis Ritchie. Thompson and Ritchie won the 1999 Technology Award and Bill Clinton was present at the award ceremony in Washington.
- MS-DOS was developed by Tim Paterson and his Seattle Computer Products. It's won no awards.
- Unix is a true multiuser system. MS-DOS is a hardware interface. The acronym itself stands for 'disk operating system'. It's not an operating system - it's a disk operating system. It doesn't deal in access control or ownership. It's a hardware interface.
- The Unix we use today is based on the original Unix from Bell Labs.
- The Windows lusers use today is based on MS-DOS. Not the internal architecture to be sure - that architecture is based on the 'VMS' work of David Cutler - but the system's security is based on (crippled by) good old MS-DOS.
- Web servers everywhere run Linux and Apache Stronghold and practically speaking they're impenetrable - this because Unix was built the right way from the start.
- Windows will never be secure because it wasn't built with security in mind (or much else for that matter). And that's just a fact.
Now onto the FUD.
Anything for a Euro
The security cottage industry players have been raking it in for years. Solely because they get to play in a market where computer systems have no protection or an inner security model. Microsoft security is a joke - it doesn't exist - and these carpetbaggers have the field wide open. Their livelihood depends on Windows maintaining market share so they can continue peddling their drugs.
The day people start waking up and abandoning Windows is the day they're all out of work and on the chow line and they know it. Theirs is a despicable way to make money; if they were at all interested in the welfare of their customers, they'd tell them point blank to get off Windows - and everybody knows it.
But they won't. They'll ignore non-Windows platforms, pretend they don't exist, do all they can to keep people in the dark so they just go on assuming all computer systems were always as insecure as Windows, and so forth.
The only other tack available - and they definitely see the end of the road and are preparing for that sombre day when they reach it - is to hoodwink non-Windows users into believing they need those silly products as well.
Time for Intego. Not the first time and certainly not the last.
The following was published on the Intego blog. Commenting on this is bound to cause a reaction but who cares. The post headline reads 'Snow Leopard Contains an Antivirus' [sic]. A screen dump was taken of the entire post - there's namely a risk the post will be redacted later. This article continues below the image.
Anatomy of a FUD Campaign
The article admits 'we're not sure yet exactly how this works' and that's good. Snow Leopard is still under NDA and even publishing this image might incur the legal wrath of Cupertino. The article goes on to make fun of Apple's latest (and really hilarious) 'Get a Mac' ads, painting the overall situation in demented terms. At this point the reader has two interpretations to use.
- Either the Intego people are seriously trying to hoodwink people by giving them a simplistic view of the world commensurate with the general perception of the computer security IQ of Joe Windows Luser; or
- The Intego people are themselves that stupid, meaning you'd never want to trust their software anyway.
But realistically this is just yet another attempt to spread FUD and rake in some more euros.
- Fear. Can my Mac computer be hacked? The alert does use the word 'damage' in bold.
- Uncertainty. Nobody's really sure how this works. Start shaking in your boots, everybody.
- Doubt. People used to say Unix was secure - what happened?
What happened is Apple gained market share, their 'Get a Mac' campaigns are finally hitting home even with people who haven't made the switch yet, more and more people are discovering the quality (and security) of Apple products, more and more people are sick and tired of all the spin coming out of Redmond, and so forth.
The Redmond empire is crumbling and the vassals in Windows security are scared of the invaders at the gate.
What It's All About
There have of late been a series of attempts to hack into Apple computers. We all know this. The above screen dump, if authentic, represents a Good Thing™. There's been an 'antivirus' [sic] added to the system. This is good.
But equating this 'feature' with what Intego are trying to hoodwink people into believing is tantamount to claiming Kevin Mitnick's impeccable social engineering was the same as endemic computer system security weaknesses. You can fool anybody almost all of the time - just look what Intego are trying to do to you.
As pointed out over and over again at this site: exploits based on social engineering are not an indication of shortcomings in a security model - they're a reminder it's hard work curing stupid.
There's no computer system in the world - not even in theory - that can protect itself from a proprietor who gives away the keys to total strangers. As long as you don't give away the keys the damage will always be contained - as long as you're not on Windows.
Fort Knox; the Federal Reserve; Buckingham Palace; the Forbidden City; Langley; you name it. Pick the most impenetrable building in the world and then postulate you have one fool guarding the gates. Postulate Fort Meade security has been turned over to someone from Intego. The bits and bytes don't matter if the shit behind the keys is a fool.
It's a good thing Apple are trying their best to clue in the clueless. Sensible users would never take a download like that anyway. But there's something else at stake here, something Intego and the others would like to see go their way. For marginal sales from a tiny portion of idiots in a single digit market share is one thing - and continued reliable sales from the great mass of Windows idiots is another.
That article wasn't written primarily for users of Mac OS X - it was written for users of Microsoft Windows. It was written with the intention of once again glossing over the fact Windows is such a mess. It was written so as to make diehard Windows lusers comfortable in the illusion that all platforms are so poor at security as Windows is. It was written to keep current customers on their current platform - Windows - where they'll have to keep begging for more antivirus and paying more and more money.
Tell the purveyors of FUD where they can stuff it. Up their antivirus security holes.
Without Windows 'viruses' running rampant on the Internet, 'hacking' would be reduced to a few occasional pranksters and highly sophisticated contracted attacks. The ordinary user wouldn't have to think about (worry about, pay money for) computer security all the time.
That's where we all need to be. Do your thing and see we get there.