Mac users need to think about security, too

by Volker Weber

The phrase "security through obscurity" gets tossed around from time to time when discussing Mac OS X. The theory is that since Macs still represent a fraction of the available computers on the internet, there's less of an incentive for virus writers, malware authors, spambot harvesters, Comcast sales reps, and other purveyors of electronic evil to harass and attack the platform. Why target 5 percent of the population when you can get much better results by going after Windows?

But the truth is that security through obscurity is a flawed idea. Yes, there are fewer recorded attacks on the Mac platform, but by no means does that make it secure. So what's a Mac user to do?

More >


Well, I don't really see how the distribution of a system mixes with the security through obscurity argument, but besides that it's an excellent article for beginners in the field.

Educating people on the topic is just as important as any technical protection measures. As a friend of mine puts it, Brain 2.0 is still the best protection. I run all my computers without any virus scanner at no problem. Using Firefox and downloading software from trusted sources only does the trick for me.

Other than that I am amazed how people can believe that they are either completely save (Mac users) or panic and purchase wonderful products like those from Symantec for their PC (irony included). And the argument that systems (say: Windows) have a bad reputation in terms of security solely because of their market share is nonsense as it would make any protection measures unnecessary if a system's distribution stays below a certain treshold.

Obviously, every computer can be broken into, but it's also possible to keep every system save if one knows what one is doing.

Philipp Sury, 2008-04-18

True, security by obscurity has absolutely nothing to do with the argument brought up here. Actually, with moving to a *nix-like base, Apple adopted much of open system architecture (and thus open security), afaik.

And yes, the weakest link is always the user and thus the "Brain 2.0" is definitely the concept that all users should adopt. Just, getting and installing it is infinitely harder than that (random) piece of technology you put in.

Take a look at this article (you may need to click to get past the ad screen): Want to own a part of the power grid by attacking a power utility? Don't bother about finding a weak spot in their control system, simply go social engineering. Of course, there are weak spots in control systems as well and vendors should be fixing those (we're working on it, we're working on it ;-)). But if the user/operator solely relies on the technology and switches off his brain, then things certainly will go wrong.

And that's the case for other applications of technology as well.

Ragnar Schierholz, 2008-04-18

@Philipp, how are you going to know you have a problem (or are causing problems for others) if you don't scan your computers ?

>>I run all my computers without any virus scanner at no problem. Using Firefox and downloading software from trusted sources only does the trick for me.

Alex Boschmans, 2008-04-18

Old archive pages

I explain difficult concepts in simple ways. For free, and for money. Clue procurement and bullshit detection.


Paypal vowe