Apple accused of hushing up security update
Fails to 'fess up to Trojan vuln
Apple has been accused of secretly adding a security update to its operating system without telling users, or anyone else.
The update released last week included protection against a Trojan that could allow a hacker to take control of your machine. The HellRTS Trojan has been added to the Mac's list of signatures used to detect dodgy software, according to Sophos' ubiquitous Graham Cluley.
Malware purveyors do not target Macs as much as PCs, which are more tempting because there are more of them.
Cluley claims that Mac users too often ignore security, "And that isn't helped when Apple issues an anti-malware security update like this by stealth, rather than informing the public what it has done. You have to wonder whether their keeping quiet about an anti-malware security update like this was for marketing reasons. 'Shh! Don't tell folks that we have to protect against malware on Mac OS X!'"
Cluley admits there is far less malware around for Macs but warns that continuing to ignore the potential problem could itself encourage hackers to start targeting the operating system.
He said that overall he welcomes any move to improve security but still thinks people should buy anti-virus software too. His company, Sophos, does of course sell Mac and Windows products...
Apple declined to comment, beyond providing this link to the upgrade. ®
Anti-virus/malware on Mac OS
As an Apple Reseller since the early days. I've always made it my business to make sure I kept ahead of the crowd as far as new software trends and security matters affected the Macs of my customers.
Pre OS X (OSes 6, 7, 8 and 9), there were some Mac-only viruses, about forty IIRC. Only once did we get a virus that could claim to do damage in the way that many, many Windows viruses have done, and it was a relatively straight-forward matter to issue clients with free anti-virus software and keep them up-to-date.
Move forward to Mac OS X (pronounced TEN not EX for those who don't understand Roman) and we've had getting on for a decade of the highly inaccurate and misleading statements from Windows apologists and/or Apple haters like "Malware purveyors do not target Macs as much as PCs, which are more tempting because there are more of them".
Okay, viruses are different from malware, so shall we say that after ten years anybody who could write a virus for Mac OS X would probably have done it by now? I'm not complacent, it could still happen.
Which leaves malware. How many successful attacks have there been on Mac OS X over the last decade? After all, "do not target Macs as much as Windows PCs (there, fixed it for you), which are more tempting because there are more of them" implies that there are, or have been, a number of attacks that would be a recognizable proportion of the many, many thousands that Windows users have to guard against on a daily basis.
So, how many attacks would constitute a recognizable proportion?
And how many computers would they have to compromise outside of Anti-Virus and Anti-Malware software marketing departments AKA 'labs' to be labeled 'successful'?
See what I'm getting at John? It hasn't really happened yet, has it?
And if you do load some of the speed-sucking, in-yer-face, badly designed Mac 'Security' software from some of the same people who've grown very,very fat on Microsoft's decades-long and criminal abdication of responsibility, you find that the effects completely outweigh any advantage.
Don't get me wrong, it will happen, and lots and lots of people like John will be able to dampen their gussets properly and yell "See, we told you Macs are as insecure as 'other' computers, ha-ha Steve has duped you all these years" etc. I think low personal esteem explains it.
So let me get this straight:
Mac OS X has some built-in trojan detection. The signatures were updated. This is a problem?
Do we gripe every time MS updates the Malicious Software Removal Tool, or the signatures for Security Essentials update?
You know why Windows Defender isn't realtime protection, and Security Essential is a free but separate install? Because McAfee and Symantec would file antitrust lawsuits if MS dared to roll any kind of antivirus into Windows. It would kill the market for (overpriced, overrated) third-party protection.
Ironically, the reason OS X can get away with built-in protection against malware and Windows can't is the very same reason there is so much more malware for Windows: A bigger market share. Slipping under the radar is a good thing...
"You have to wonder whether their keeping quiet about an anti-malware security update like this was for marketing reasons"
Would this surprise anyone if it were found to be true?
It'll be interesting to see what spin the fanbois find to put on this one.