|
Graham K. Rogers |
|
Previous note (1) can be found here.
Previous note (2) can be found here. Previous note (3) can be found here. Previous note (4) can be found here. Previous note (5) can be found here. |
Previous note (6) can be found here.
Previous note (7) can be found here. Previous note (8) can be found here. Previous note (9) can be found here. Previous note (10) can be found here. |
Previous note (11) can be found here.
Previous note (12) can be found here. Previous note (13) can be found here. Previous note (14) can be found here. Previous note (15) can be found here. |
Previous note (16) can be found here.
Previous note (17) can be found here. Previous note (18) can be found here. |
There has been a lot of wasted ink (and html bytes) of late over the alleged threat to users of OSX by viruses, trojans, worms, and other exploits. Some theorise that, if Macs increase in popularity -- partly because of the new sales generated by the Mac mini (so the theory goes) -- then it will only be a matter of time before the unsavoury elements in computer-land turn their attentions to OSX. A lot of hot air has been produced over Symantec's dire warnings that OSX might become a target for attacks. That sounds like officials here in Thailand who use the word, "might" and news media immediately think that that is reality. The "might" is usually used when they want new toys or new powers; or just to look important. One of the interesting comments comes from David Coursey in eWeek, where he suggested that Symantec is selling the "sizzle not the steak" especially as there is no steak. I would also refer you to my own modest offering of 9 March 2005.
If you click on that Symantec link, you will see the latest threats. I am writing this on 3 April 2005 (one of those Sunday morning things) and already this month there are two new toys for Windows users to play with: W32.Chod.B@mm (04-02-05) and W32.Mytob.U@mm (04-01-05). I am not gloating here and feel really sorry for the huge majority of computer users who have to put up with this sort of rubbish from faceless cowards who get a kick out of causing others grief. I remember a couple of years ago, I was having trouble getting some of my students to produce work to a deadline that had been set. The entire dormitory network had been smitten by some virus attack (that was their description). Not only could they not finish the work for me, but the entire dorm-living population of kids -- many of whom come from less than wealthy backgrounds in the provinces -- were cut off from Internet access; and these days the Internet is a major course of information for students.
Symantec and the others are providing protection and making a good income from this too, although from what I hear, not too many people actually buy the programs, particularly here. If the number of corporate users of the less secure Wondows systems move away from that platform, there is the question of where they will go: Unix systems would be the favourite, including Linux variations and OSX. Linux is a real alternative in my opinion and I have often toyed with the idea of picking up a cheaper machine that I could install this on. A friend at the office works only in Linux and has experimented with a number of the packages: he now uses Gentoo (it is a breed of penguin).
A few days later a competition that offered US$25,000 for someone to come up with an OSX virus was announced by DVForge and almost as quickly, it was pulled. Explaining the decision in an online statement, DVForge chairman, Jack Campbell wrote that the risk of a virus on OSX is not zero and adds (after referring to Symantec), "despite my personal distaste for what some companies have done to take advantage of virus fears among the Mac community, and my own inclination to make a bold statement in response to those fears, I have no responsible choice but to retract the contest, effective immediately."
I guess that he meant well and, like me, has a degree of confidence in the strength of OSX, especially when one considers the alternatives. With two worms already this month (they affect mailing), this is not a shrinking industry. Or is it? (I always tell my students not to put questions into text, but this is not academia.) It was noted only a few weeks ago that Microsoft herself was getting into the other end of the virus business by eating up small companies (Giant, XDegrees, and Romanian antivirus software developer GeCAD Software SRL in 2003), so maybe Symantec and Norton are worrying and feeling the pinch, so have to expand elsewhere.
Let me go back to the start of this subject and the other reason that Symantec and other commentators (it really brought them out of the woodwork with scare stories all based on the Symantec FUD) are looking at this now. I know several people who have taken the plunge and swum over to OSX in the last couple of months, and the reason has nothing to do with the Mac mini and a lot to do with reliability. Part of that reliability does concern viruses and the sighs that I hear are heart-rending. Only some of them are sighs of "I give up with Windows" and then they look around. What they see is a small group of users round them with machines that stay working for month after month with low maintenance and, as icing on the cake, insecurities are minimal. I know a couple of guys who bought Macs at the same time I picked up a new 12" PowerBook. Only, these guys did not go for the "consumer" Mac mini, they decided on 15" PowerBooks. Others I know are looking at the eMac which is still available in Thailand for the price of around 30,000 baht: a student I know bought one for his fledgling movie-making business. When several of his student friends tried it out they followed suit.
It is not solely, therefore, the question of a low risk of virus attacks: word of mouth is getting across the idea that these machines work and do not need constant reinstalls of the OS to keep running (nor, in many cases do they need drivers and their updates).
As to the overall security picture: there are no viruses at this moment. Insecurities have been discovered in areas such as buffer overflows and the like. As these come to light, so they are fixed: and usually quickly. Some security updates have been available within 24 hours from Apple. Without doubt -- and here Symantec may be right -- as the OSX user-base increases, there may be a chance that some misguided souls will turn their efforts to attempting break-ins of our computers. Here, the usual warnings apply: use a good password (the Enter key, with or without a space, is not enough); turn on the Firewall and keep closed as many of the ports as possible, particularly Port 22, when it is not being used; do not open attachments unless you know where they come from; and do not click on the URLs in mail messages telling you that you must update your details immediately. Most of these should apply to all operating systems anyway.
I thought that this first one was an April Fool's joke to begin with, but it may not be. Not once in the last few days has their been a retraction or a denial, and I could find nothing on Fox News (see below). It indicates the way that Apple's increasing popularity will bring the critics out of the woodwork (see above).
Declan McCulloch's mailing list had on it as an item on his mailing list (and Declan also prefaced it by hoping it was a joke). The message highlights comments by a Dr Dobson of "family.org" -- he really does exist and so do they -- who focussed on Apple in an interview on Fox News because they use FreeBSD and its mascot: "Apple needs to realize this is offensive to God-fearing Christians or face a boycott." Well, here is the mascot that I lifted from the FreeBSD website. . . .
All materials ©copyright G.K. Rogers. Free for individual use.
Other links:
For further information, e-mail to Graham K. Rogers.
To eXtensions, Current items
To eXtensions, Year Two
To eXtensions, Book Reviews
To Education Page