What Apple Malware Grace Period?

April 23, 2012
By

Post to Twitter Post to Facebook Post to Reddit

On Friday Forbe’s columnist Andy Greenberg wrote a very interesting piece entitled “Cybercrime Game Theory: Why Apple’s Malware Grace Period Ended Early.” In it he discusses how SourceFire researcher Adam J. O’Donnel used Game Theory to predict the market share at which Macs would have to achieve in order for it to be worthwhile for cyber criminals to start attacking the Mac platform. This research occurred almost four years ago and that percentage was 16%. Macs currently take up about 11% market share as of the fourth quarter from 2011 but due to recent rise in Mac malware, Greenberg suggests the “grace period” has already ended.

In order to explain this difference the article continues on to discuss one possibility being that antivirus is more effective than O’Donnel originally thought. He assumed 80% effectiveness but recent tests showed that even the worse antivirus programs detected up to 93%. Substituting in this higher detection rate lowered the predicted market share from 16% to 6.5%. Given that Macs probably passed that threshold years ago I guess we are already in over our heads.

Or maybe not…

First of all the 93% antivirus effectiveness seems off to me. Maybe the 300,000 test samples they tested weren’t representative of real-world modern day attacks. Rob Lee and others cautioned us on antivirus’s weaknesses a few weeks ago. And based on our informal anti-antivirus poll … many would never solely rely on antivirus alone, preferring instead a more adaptive defense-in-depth approach. Maybe in this case the 93% effectiveness included other network- and host-based protections such as HIDS, HIPS, firewalls, etc. but that article doesn’t dive into those details. Additionally, malware written for Macs would just seem like a drop-in-the-bucket in comparison to malware written for Windows. I don’t have the numbers but I’d love to see a unique malware numbers comparison between Macs and Windows.

Greenburg and O’Donnel present some very interesting analysis however as the second page of this article admits, they used several oversimplified assumptions. The calculation didn’t include any factors regarding the cost of switching targets from Windows to Macs and ignored the prevalence of targeted attacks. They also assumed that every non-Mac user runs antivirus and every Mac user doesn’t.

Overall, I find it fascinating to use mathematical concepts such as Game Theory to model where we might be headed however I feel Apple’s grace period is far from over.

via Forbes.com

It was always just a matter of time until malware writers started targeting Macs. Until suddenly, time was up–much sooner than expected.

The Flashback Trojan that infected 700,000 Macs at its peak earlier this month represents a rude awakening for Apple users who long believed their computers to be immune from the kind of malicious software that infects PCs. Security researchers know that Macs are no better protected from cybercriminals’ attacks than Windows machines. But for years, it was believed that Apple’s low market share would protect it from online evildoers. Why waste time coding a virus for Apple’s tiny sliver of users when a much vaster sea of vulnerable Windows machines was waiting to be infected and hijacked for click fraud, denial of service attacks or credit card theft?

Continued here.

#####

Has Apple’s grace period run out? Read the full article over on Forbes and let them (and me) know what you think. Today’s post pic is from NigerianSpam.com. See ya!

Tags: , , , , , ,

6 Responses to What Apple Malware Grace Period?

  1. (@Nathiet) (@Nathiet) on April 23, 2012 at 9:16 am

    #NoVABlogger What Apple Malware Grace Period? http://t.co/NDSxTQA7

  2. (@grecs) (@grecs) on April 23, 2012 at 5:43 pm

    Some thoughts on Game Theory & market share at which Macs start getting attacked more. http://t.co/NFJhUeBc

  3. (@novainfosec) (@novainfosec) on April 23, 2012 at 5:43 pm

    Some thoughts on Game Theory & market share at which Macs start getting attacked more. http://t.co/iKUsfWCh

  4. (@novainfosec) (@novainfosec) on April 23, 2012 at 8:34 pm

    Blogged .. Some thoughts on Game Theory & marketshare at which Macs start getting attacked more. http://t.co/iKUsfWCh

  5. (@grecs) (@grecs) on April 23, 2012 at 10:34 pm

    Game Theory, Macs, & Marketshare .. What’s threshold where criminals start targeting Macs? Are we already there? http://t.co/NFJhUeBc

  6. (@novainfosec) (@novainfosec) on April 23, 2012 at 10:34 pm

    Game Theory, Macs, & Marketshare .. What’s threshold where criminals start targeting Macs? Are we already there? http://t.co/iKUsfWCh

Leave a Reply

Your email address will not be published. Required fields are marked *


About Us

Founded in 2008, NoVA Infosec is dedicated to the community of Metro DC-based security professionals and whitehat hackers involved in the government and other regulated verticals. Find out more on our About Us page.