Hacker News new | ask | show | jobs
by code_duck 5497 days ago
I agree, a few months ago I tried to argue that more people would be making malware for Macs since it's a wide open market, so to speak... tptacek laughed at the idea.

Still, I feel almost as safe on my Mac as with Linux, but not quite. Malware producers are starting to notice the Mac.
1 comments
tptacek 5497 days ago
I'm still laughing at the idea. People write malware to make money. Your premise is that the return on investment for Mac malware is comparable to that of Windows, which still absolutely dominates the market for personal computers. It's not.

The most successful malware packages do not, as a general rule, lock all other malware out of their victims, so it's not as if there's a meaningful competitive hurdle for malware authors. Why would they choose the tiny market?

The way the market is going, in a couple years, I can see an outside chance that OS X will be so popular that it'll be a useful target.

link
code_duck 5497 days ago
My premise was that someone might decide to make malware for Macs because:

- users are not expecting it, and have had little coaching regarding malware on Macs

- there is very little usage of antivirus programs

- Safari is not particularly hardened

- OSX lacks various protections present in Windows

- making a mac 'port' of a malware program is probably not difficult

It seems really easy and wide open, in other words.

We have seen a fairly widespread attempt recently to infect Macs with a trojan, 'anti-malware.zip'. I presume most people have seen this, if not: http://www.tuaw.com/2011/05/19/macdefender-malware-protectio... I've actually encountered this several times recently - chromium downloads the .zip file automatically when you are redirected to the attack site. What if they find a browser exploit for Firefox or Safari as the next step?

> People write malware to make money. Your premise is that the return on investment for Mac malware is comparable to that of Windows, which still absolutely dominates the market for personal computers. It's not.

Almost all software is written to make money, and still plenty decide to write software for the Mac even though the market is smaller. What's the difference? The revenue potential per 'customer' is a lot smaller for this vs. the programs sold by Panic, perhaps?

I'm not challenging your perspective or expertise of course, these are merely the reasons I wonder about it.

link
tptacek 5497 days ago
Sorry, I don't think you're dumb for thinking this could happen, but I simply disagree that the Mac malware "market" is going to resemble the WinAPI market any time in the near future.
link
code_duck 5497 days ago
Thank goodness for that, I shudder each time I hear of someone using a Mac or Linux antivirus program! Not because viruses are so terrible, more that the antiviruses are.

My main concern is how long Linux and Mac users (e.g. myself) can continue to be considered comfortably immune to such threats. I'm glad to hear you think things will be safe for the Mac for years to come, esp. since that would mean desktop Linux should be safe for a long time.

link