Corvus Consulting is now part of Denim & Steel Interactive. We help startups, product managers, marketing agencies & dev teams develop web and iOS products that are humane and business-smart.

Visit Denim & Steel to Learn More
Welcome! Hide

Mac Attacks and a Reality Check

Apr 27th, 2007 No comments yet. Tags: ,

Geeky Mac folks like yours truly have been following the story of how a Mac OS hack was successfully demonstrated at the CanSecWest security conference. The event, while it won’t impact most Mac users, it does bring back into circulation the usual suspect memes about Macs and security.

My favourite is the statement oft-repeated by security experts and Microsoft apologists, and most recently repeated in this MacWorld story:

Most Mac users see their operating system as being much more secure than Windows. That’s true to a certain extent. But much of the Mac’s immunity from malicious attacks can be attributed to hackers going for the more widely used operating system to grab the most attention.

“If a hacker turned their attention to the Mac, it would suffer just as much as Windows,” Wagner said. “Attacking the 95 percent of the market gets them more attention.”

Aside from the fact that comparing Mac and Windows vulnerabilities is like comparing a donut with a block of swiss cheese (where you fine one hole in the Mac you’ll find 50 or so in Windows), the idea that market penetration is needed for hackers to pay attention is bunk.

Dino Dai Zovi, who took the $10,000 prize for his exploit at CanSecWest, has received a lot of attention from pundits, his peers, potential employers and legions of surprised Mac users. The reason is easy to understand: the more scarce an achievement, the greater its value becomes. Are we really to believe that hackers starved for attention don’t want to be the one known to get the first nasty OS-X virus into the wild?

Somehow, it’s assumed that hackers gain prestige by doing what everyone else is doing. If it were true that the greater market penetration leads to greater attention for successful exploits, why would anyone put a $10K bounty on subverting the platform that apparently nobody is too under-used for anyone to care?

Windows hacks are a dime a dozen and their value will continue to drop. Mac hacks are going for $10,000 just to see it happen. You don’t need to be a ‘security expert’ to know where the attention is.

Leave a Comment