McAfee Seeds Mac Virus Threat FUD

Outsmart Malicious Hackers

What a surprise, McAfee spreading FUD to sell more copies of their bloated AV software?

Apart from the fact I think the whole AV model is flawed i.e. it can only protect against things the AV companies 1) know about 2) have written a definition for and 3) have delivered the definition to you – That’s a LOT of ifs.

Now McAfee is spreading some FUD about Apple viruses so they can sell their new Mac antivirus software.

Among its key findings, which McAfee clearly hopes will scare you enough to consider buying its anti-virus software for the Mac:

  • From 2003 to 2005, the annual rate of vulnerability discovery on on Apple;s Mac OS platform has increased by 228% compared to Microsoft’s products which only saw a 73% increase.
  • As demonstrated by its March 2006 patch, which corrected 20 vulnerabilities, Apple’s Mac OS platform is just as vulnerable to targeted malware attacks as other operating systems
  • Security researchers and hackers will increasingly target the Mac OS and other Apple products, such as iTunes and iPods.

The direct link to the McAfee whitepaper is here (PDF WARNING).

Here’s the part that is supposed to the Mac users worried.

Apple appears to be in the earlier stages of malware evolution where exploits are written and spreads as proof-of-concept to demonstrate technical prowess and garner notoriety. While these elements remain in the Windows malware community, they are being overshadowed today by the more professional, profit-seeking malefactors. Apples customer base does not yet provide an attractive enough target to warrant interest from this for-profit contingent. However, as Apple’s continued market success places its products in the hands of more and more consumers that status will inevitably change

Nice eh? Are you scared yet? I’m not..

I have to say from experience though, Mac users tend to be more tech savvy, they know a bit about their machines and the Operating System running on it.

Plus OSX does actually have some concepts of real priveledge seperation built in, unlike Windows. It’s basically *nix with a great Window Manager.

I mean niche doesn’t mean safe, but still, any virus that infects a properly designed operating system can’t do anything, other than delete that users files, assuming the virus can work out where they are..files which should be backed up anyway.

Proper OS security architecture renders antivirus software pointless.

Source: Business Week

Posted in: Apple, Malware

, , , , , , , , , ,

Latest Posts:

GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.
QualysGuard - Vulnerability Management Tool QualysGuard – Vulnerability Management Tool
QualysGuard is a web-based vulnerability management tool provided by Qualys, Inc, which was the first company to deliver vulnerability management services as a SaaS-based web-service.
Memcached DDoS Attacks Will Be BIG In 2018 Memcached DDoS Attacks Will Be BIG In 2018
So after the massive DDoS attack trend in 2016 it seems like 2018 is going to the year of the Memcached DDoS amplification attack with so many insecure Memcached servers available on the public Internet.
libsodium - Easy-to-use Software Library For Encryption libsodium – Easy-to-use Software Library For Encryption
Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, installable, packageable fork of NaCl, with a compatible API.
XSStrike - Advanced XSS Fuzzer & Exploitation Suite XSStrike – Advanced XSS Fuzzer & Exploitation Suite
XSStrike is an advanced XSS detection suite, which contains a powerful XSS fuzzer and provides zero false positive results using fuzzy matching. XSStrike is the first XSS scanner to generate its own payloads.

One Response to McAfee Seeds Mac Virus Threat FUD

  1. kurt wismer May 8, 2006 at 2:21 pm #

    a) the points that the original article’s author thinks are there to scare people are factually true – vulnerabilities are being discovered at an increased rate over 2003, there is now targetted malware for osx, and popularity will lead to greater scrutiny both by the good guys and the bad guys (and itunes and ipods are potential vectors that people will try to exploit because of their ubiquity on the mac platform)…

    b) the point that you think is meant to scare people is just them saying ‘its not a big deal now, but it could become one if the mac becomes more popular’, which is also factually true…

    c) stop believing in the resistence of *nix platforms to viruses… the first academic study of viruses (back in the early 80’s) had them operating and successfully spreading under a professionally administered unix environment outside of the researcher’s direct control (ie. he wasn’t root)…