On Friday Forbe’s columnist Andy Greenberg wrote a very interesting piece entitled “Cybercrime Game Theory: Why Apple’s Malware Grace Period Ended Early.” In it he discusses how SourceFire researcher Adam J. O’Donnel used Game Theory to predict the market share at which Macs would have to achieve in order for it to be worthwhile for cyber criminals to start attacking the Mac platform. This research occurred almost four years ago and that percentage was 16%. Macs currently take up about 11% market share as of the fourth quarter from 2011 but due to recent rise in Mac malware, Greenberg suggests the “grace period” has already ended.
In order to explain this difference the article continues on to discuss one possibility being that antivirus is more effective than O’Donnel originally thought. He assumed 80% effectiveness but recent tests showed that even the worse antivirus programs detected up to 93%. Substituting in this higher detection rate lowered the predicted market share from 16% to 6.5%. Given that Macs probably passed that threshold years ago I guess we are already in over our heads.
Or maybe not…
First of all the 93% antivirus effectiveness seems off to me. Maybe the 300,000 test samples they tested weren’t representative of real-world modern day attacks. Rob Lee and others cautioned us on antivirus’s weaknesses a few weeks ago. And based on our informal anti-antivirus poll … many would never solely rely on antivirus alone, preferring instead a more adaptive defense-in-depth approach. Maybe in this case the 93% effectiveness included other network- and host-based protections such as HIDS, HIPS, firewalls, etc. but that article doesn’t dive into those details. Additionally, malware written for Macs would just seem like a drop-in-the-bucket in comparison to malware written for Windows. I don’t have the numbers but I’d love to see a unique malware numbers comparison between Macs and Windows.
Greenburg and O’Donnel present some very interesting analysis however as the second page of this article admits, they used several oversimplified assumptions. The calculation didn’t include any factors regarding the cost of switching targets from Windows to Macs and ignored the prevalence of targeted attacks. They also assumed that every non-Mac user runs antivirus and every Mac user doesn’t.
Overall, I find it fascinating to use mathematical concepts such as Game Theory to model where we might be headed however I feel Apple’s grace period is far from over.
It was always just a matter of time until malware writers started targeting Macs. Until suddenly, time was up–much sooner than expected.
The Flashback Trojan that infected 700,000 Macs at its peak earlier this month represents a rude awakening for Apple users who long believed their computers to be immune from the kind of malicious software that infects PCs. Security researchers know that Macs are no better protected from cybercriminals’ attacks than Windows machines. But for years, it was believed that Apple’s low market share would protect it from online evildoers. Why waste time coding a virus for Apple’s tiny sliver of users when a much vaster sea of vulnerable Windows machines was waiting to be infected and hijacked for click fraud, denial of service attacks or credit card theft?
Has Apple’s grace period run out? Read the full article over on Forbes and let them (and me) know what you think. Today’s post pic is from NigerianSpam.com. See ya!