“It was the best of times, it was the worst of times,” wrote Charles Dickens. So it is true of the former for Mac users, the latter for Windows PC users. It’s a far, far better thing to own a Mac than a Windows PC, taking into consideration the latest news about malware exploits. Two in particular: the first ever Mac OS X worm to reach some kind of popular attention, and two exploits that affect Windows Media Player on Windows machines.
As I wrote before, malware targeting the Mac, if and when it happens, would be big news. Sure enough, the press gave the “first Trojan in the wild to target Apple Computer’s Mac OS X” wide coverage, even though it turns out the Mac exploit is a low-level threat. You would have to be brain-dead enough to type in your adminstrator’s password after receiving something claiming to be pictures of “Mac OS X Leopard” (the upcoming Mac OS X 10.5, also known as Leopard). The malware, dubbed OSX/Oompa-A and the Ooompa Loompa Trojan Horse by other security experts, appears to have spread minimally so far and has achieved low-level threat classifications from McAfee and Symantec. In fact, the news reports have also made it clear that this exploit is not even news:
“It’s not really news as far as threats go,” said Ray Wagner, a senior vice president in Gartner’s information security group. “It is news because it targets OS X, and as far as I know, it’s certainly the first OS X malicious content in the wild that’s been noted at this point.”
While this non-news was still fresh, another report appeared about a Mac OS X threat called the Inqtana worm, which spreads through a security flaw in Apple’s Bluetooth software. Apple provided a fix for the flaw last June with security update 2005-006. Again, this is not only not news, there has been no damage reported — it turns out that Inqtana is a “proof of concept” worm, according to Symantec and F-Secure, meaning it’s an example of attack code, but itself likely won’t affect many users, if any at all.
Meanwhile, 95% of computers — all Windows PCs — are subjected to so much malware that it’s commonplace and hardly newsworthy at all. These days the top three threats are exploits that turn Windows PCs into networks of spam-mailing zombie PCs, phishing scams that dupe you into giving up passwords, and Trojan horses that actually steal from your accounts when you log into your bank’s online service. Worms, viruses, and other forms of malware continually pop up to attack Windows PCs even immediately after a Microsoft security update. Two examples of “proof of concept” code that exploit a flaw in Windows Media Player popped up only days after Microsoft released a patch. The vulnerability in Windows Media Player can compromise a system through malicious images embedded in the player.
The vulnerabilities in Windows, highlighted by the Sony rootkit fiasco, are even prompting the bureaucrats in Homeland Security to suggest legislation to specifically outlaw certain types of installation methods (such as rootkits).
Typically a year or two behind in cleaning up the mess it creates, Microsoft is touting a new technology called InfoCards that are supposed to replace passwords and help keep activities such as online banking secure. Replacing passwords is part of Microsoft’s endeavor to simplify security, which Gates said is dearly needed (in a speech at a security conference recently). “We have an overly complex system today,” he said, in what must be the understatement of the year. The problem with the InfoCard approach is that it is way too little, way too late. Today’s bank criminals deploy malware that waits until your PC is already logged into the bank — past the point where passwords keep you secure — and withdraw funds automatically, without your knowledge.
So, now what? We are in the age of wisdom and the age of foolishness, the spring of hope and the winter of despair. Move on, I say. Sacrifice your Windows PC for the greater good.