Monday, December 26, 2016

Are Macs safer than Windows? Ans: A resounding NO, TL;DR read the highlighted text

You would be amazed at how many people believe and how Apple Store representatives perpetuate the following myth;  

"Mac's don't need an anti-virus solution" 💣EPIC FAIL 💀


Anecdote


This very discussion occurred before Christmas, consequently triggering the writing of this post, when my niece purchased a Macbook Air at a local Apple Store. For the record, I was no present. In a dinner discussion with my niece, she insisted that "Mac's don't need anti-virus and it slows down the computer." I drilled her, and asked her what did the Apple Store attendant say? She did ask, and paraphrased the attendant,  "Ah, it doesn't need it." So, I spent next few hours lecturing her on how bad of an idea is surfing the internet without antivirus. That's like a women going shopping without a purse. No money, no funny. Very difficult to covey risk to a 17 year old, given her credit card info is stored on the laptop for the Apple Store, and can be ransomed.

"Mac's don't need an anti-virus solution" is not only is this misleading, in my opinion it verges on libel. The potential for credit card charges, fraud and identity theft are very high.

Myth


Let's kill "Mac's don't need an anti-virus solution" misinformation, for good. 

The great thing about the internet is factual data.


Threats Designed for Mac


Experts detected several malicious programs for Mac OS X here are some notable mentions;


  • Backdoor.OSX.Laoshu –  a malicious program which makes screenshots every minute. This backdoor is signed by the trusted certificate of the developer which means the creators of the program were about to place it in the AppStore.
  • Backdoor.OSX.Ventir – a multi-module Trojan spy with a hidden remote control function. It includes the keystrokes interception driver logkext, the source code for which is publicly available.
  • Trojan-Downloader.OSX.WireLurker – an unusual piece of malware designed to steal victims’ data. It attacks not only Mac-based computers but iOS-based devices connected to them. There is also a Windows-based version of this malicious program. It is distributed via a well-known Chinese store that sells apps for OS X and iOS.

Number of Vulnerabilities

According to our friends at Security Vulnerability Database1 for 2015 (Mac's worst year),

  1. Mac OS X had 444 vulnerabilities versus Windows 8.1 which had 151

    (see chart below and drill into the details!).
  2. Mac OS X has nearly 3x times the number of vulnerabilities of any version of Windows!
  3. Mac OS X has nearly 2x times the number of vulnerabilities of Ubuntu Linux!

1.  CVE Details (www.cvedetails.com) is a security vulnerability database that organizes data provided by the National Vulnerability Database (NVD) in a easy to use online web interface. As its name implies, the Common Vulnerabilities and Exposures (CVE) system keeps track of publicly known information-security vulnerabilities and exposures.
CVE is a list of information security vulnerabilities and exposures that aims to provide common names for publicly known problems. The goal of CVE is to make it easier to share data across separate vulnerability capabilities (tools, repositories, and services) with this "common enumeration."

CVE Identifiers (also called "CVE names," "CVE numbers," "CVE-IDs," and "CVEs") are unique, common identifiers for publicly known information security vulnerabilities.


Infection Rate

In 2014, Kaspersky introduced its first line products designed to protect Mac OS X systems blocked almost 3.7 million infection attempts that year. 19 million Mac computers were sold in 2014. 

Kaspersky also detected  1,499 malicious programs designed to target Mac OS X, 200 more than the previous year.  

The number of Mac exploits is rising year over year.










































Additionally, infections go way back and to give the above chart some additional perspective. In 2012 the number of Mac's that suffered from Flashback Trojan virus was estimated to reach 700,000 Macs.






Conclusion 

Macs have less attacks, but you are more vulnerable than Windows.

An average, a Mac user encountered 9 threats during the year, in 2014.

No one is safe however, remember this factoid; 



Commentary

So suck it Mac heads, you are not safe. You simply benefit from hacker laziness, not being attacked as much because Mac has about 7% of desktop market vs Windows 91% in 2016 (see graph below).

Same debate is happening now with smartphones and tablets, the debate is iOS against Android. Numbers show that more than 90% of mobile malware exists on Androids. Why? Well, because Android owns over 80% of the mobile market.


Call to Action

Mac users need to get an anti-virus solution. I recommend Kapersky, rated number #1 anti-virus for many years in a row, available for Windows, Macs, Linux, Iphone and Android phone. 

Chart from Security Vulnerability Database at https://www.cvedetails.com/top-50-products.php?year=2015

RankProduct NameVendor NameProduct TypeNumber of Vulnerabilities
1Mac Os XAppleOS444
2Iphone OsAppleOS387
3Flash PlayerAdobeApplication329
4Ubuntu LinuxCanonicalOS259
5Air SdkAdobeApplication259
6AIRAdobeApplication259
7Air Sdk & CompilerAdobeApplication259
8OpensuseNovellOS237
9Internet ExplorerMicrosoftApplication231
10Debian LinuxDebianOS230
11ChromeGoogleApplication187
12FirefoxMozillaApplication179
13SolarisOracleOS162
14Windows Server 2012MicrosoftOS155
15Windows 8.1MicrosoftOS151
16Windows Server 2008MicrosoftOS150
17Windows 7MicrosoftOS147
18Windows 8MicrosoftOS146
19Windows Rt 8.1MicrosoftOS139
20Windows RtMicrosoftOS138
21Windows VistaMicrosoftOS136
22SafariAppleApplication135
23AcrobatAdobeApplication130
24Acrobat ReaderAdobeApplication130
25AndroidGoogleOS125
26FedoraFedoraprojectOS125
27ItunesAppleApplication101
28Acrobat Reader DcAdobeApplication97
29Acrobat DcAdobeApplication97
30Firefox EsrMozillaApplication95
31WatchosAppleOS88
32Linux KernelLinuxOS86
33JREOracleApplication80
34JDKOracleApplication80
35MysqlOracleApplication77
36Enterprise Linux ServerRedhatOS71
37Fusion MiddlewareOracleApplication68
38Enterprise Linux WorkstationRedhatOS68
39Enterprise Linux DesktopRedhatOS68
40Enterprise Linux Hpc NodeRedhatOS67
41Apple TvAppleApplication57
42Windows 10MicrosoftOS53
43Apple TvAppleOS52
44Enterprise Linux Workstation SupplementaryRedhatOS52
45Enterprise Linux Desktop SupplementaryRedhatOS52
46Enterprise LinuxRedhatOS52
47Suse Linux Enterprise DesktopNovellOS51
48Enterprise Linux Server Supplementary EusRedhatOS50
49Enterprise Linux Server SupplementaryRedhatOS49
50Enterprise Linux Server EusRedhatOS47




Graph from https://netmarketshare.com/

No comments:

Post a Comment