I call bullshit on Intego

Intego thinks that 2011 was a very bad year for Mac security:

2011“was the most active year for Mac malware since the release of Mac OS X.” Much of the stepped-up activity can be blamed on the emergence of MAC Defender malware and the Flashback program that masqueraded as an Adobe Flash installer. Intego estimated that “ several hundred thousand Mac users” were affected by the year’s “bumper crop” of malware.

I called bullshit on this a year in advance, and I call bullshit on this now. Sure, there are always possible attacks: I can write an AppleScript application that will fool you into giving up a password, then erase your hard drive. That would take me 10 minutes. But “several hundred thousand people” is a small percentage of all Mac users (even smaller now than in 2010), and frankly, you have to be fairly self-selecting to trip across many of the extant malware. It might be out there, but it’s no so much “in the wild” as it is festering in a swamp on the outskirts.

2 thoughts on “I call bullshit on Intego

  1. I think you’re reaching quite a bit here…

    If the percentage of users affected is how we measure viruses, then Windows is one of the safest systems ever developed (safer, for example, than automobiles….) The point is the presence of malware that affects a small percentage of users and has the potential to spread. Kind of like saying that cancer isn’t that big a deal because so few humans have it…

    I followed one of the links in the report to this article, which contains this quote from an AppleCare support rep:

    I can tell you for a fact, many, many people are falling for this attack. Our call volume here at AppleCare is 4-5x higher than normal and [the overwhelming majority] of our calls are about this Mac Defender and its aliases. Many frustrated Mac users think their Mac is impervious to viruses and think this is a real warning from Apple. I really wish I could say not many people will fall for this, but in this last week, we have had nothing but Mac Defender and similar calls.

    (There’s an entire interview as well)

    400-500% call volume is a big deal, although this appears to be short-lived. I think the point is that once hackers know it’s possible, the incentive to try bigger & better attacks is now greater…

  2. The issue here is that there’s an entire genre of media where the mention of Apple drives pageviews, which in turn makes money for the journalist. Latest example is the recent minifuror over Foxconn suicides — note the number of stories that lead as if Foxconn is a wholly owned Apple subsidiary. (Some stories have actually said this.)

    So when it comes to Mac malware, you see a new flurry from time to time: antimalware software company publishes a white paper to drum up business, tons of media outlets jump on the angle “Mac users used to safe, but no longer”. That’s why I linked to so many repeats of the story over the years in 2010. I agree with you that straight percentages aren’t a good statistic, but the fact is that there’s a tipping point of virality, and the Mac ecosystem is still below that point (wherever it is). Most Mac users don’t run antivirus, and most of us don’t need to.

    Malware authors will attack the Mac/iOS ecosystem as soon as they figure out a way of making money at it. But clearly they haven’t so far.

Leave a Reply

Your email address will not be published. Required fields are marked *