The fact that your 7,000-strong Macintosh-using congregation...
Actually, if you go back and read what I said, you will find that I am in constant contact with somewhere in the tens of thousands of Mac users. I'm not trying to be vainglorious in pointing that out, I just don't want it said that my experience with Mac users isn't significant. I believe that I am in a really good position to know what is happening among Mac users, and to be able to authoritatively made generalizations about it.
hasn't gotten the DNSChanger Trojan doesn't change the fact that more than one user here has gotten it. Like I said, people do win the lottery, and when messing around with viruses, statistics downright stink.
The fact that one person has experienced something doesn't mean that anyone else is likely to.
I once heard on the news in Florida that a man was eaten by an alligator on the way to work. Yet I don't propose that anyone needs to carry alligator repellant with them on the way to work. Even though it once *did* happen.
Tell that to the guy who won a million dollars, and tell that guy who got the DNSChanger Trojan that you don't believe him because 7,000 other people didn't.
Who said that I don't believe him? I didn't. I believe him, even without having read his post(s).
But then again, I've only ever heard first-hand of two people having encountered this Trojan. Two out of let's say tens of thousands is pretty long odds.
Since Trojans don't self-propagate, and since disseminating one can land you in prison, the sociopaths who spread them around have to do so in an anonymous environment where folks are willing to download things knowing that they aren't safe. Usually this is on a peer to peer file-sharing network, downloading pirated software, but it has also been known to occur sometimes on an anonymous Web site.
The thing is, once one person encounters a Trojan, the avenue through which they encountered it is usually quickly closed. Usually the offending Web site is shut down, or the file/user is removed from the peer to peer network it came from. Also, users are alerted as to how this Trojan is disseminated, and they learn to avoid it. That means that the Trojan in question no longer has any means of spreading. The Trojan's creator, if they are at all smart, then lay low to avoid capture. As a result, instead of becoming more and more prevalent, like a virus, the Trojan usually quickly disappears.
So, given an initial tiny distribution, and the lack of ability to self-propagate, how likely is it that another Mac user will encounter a given Trojan? Infinitesimal. Some Trojans infect less than a dozen users before they disappear and are never seen again.
The bottom line is that we have differing opinions on the matter of virus protection on OS X. You seem to think that whomever contracts a virus deserves it (at least on the Windows side)
No...I didn't say that. That's an egregious distortion.
What I said was that any Windows PC user who does not protect themselves by using AV software deserves what they get. There are over 180,000 Windows viruses. Anyone who isn't living in a cave knows that viruses are a huge threat to Windows PC's. Most new PC's even come with AV software installed. Vista includes it. Salesmen are dying to sell it to you. You fail to run AV software on a Windows PC at your own peril. There is no reason for Mac users to have to be concerned about Windows malware, it is every Windows user's responsibility to protect themselves. When someone shirks their responsibility, what do they expect will happen?
I, on the other hand, seem to think that people should be educated on the matter ("feed a man a fish vs. teach a man to fish"). If they attain the education level where they're comfortable running OS X without virus protection, all the better.
I agree wholeheartedly. People should be educated about Mac malware. They should be told that they don't need AV software and that they can easily avoid malware targeted at the Mac and they should be told how to do so. "Educating them" that they need AV software is simply spreading FUD.
(Fear, Uncertainty, and Doubt.) That is contrary to the way Mac users do things.
If they know not what's out there and are paranoid, virus protection is good.
No, *paranoia* is bad. I prefer to help Mac users get past being paranoid by educating them to the fact that there is no reason to be paranoid. You seem to prefer to tell them to purchase expensive software that they don't need to assuage their paranoia. I don't consider that to be doing them a favor.
I, for one, am not under the assumption that I shouldn't be worried about passing viruses on to my Windows friends... I have many Windows-using friends that are not "technologically advanced" and don't know what to look out for.
Unlike Mac users, Windows users don't need to look out for anything. They simply need to run AV software. As I explained above, they can't miss the need for this. Newbies and even backward users can't miss this.
If every Mac user in the world started using AV software, it wouldn't make even a tiny dent in the malware threat to Windows computers.
If a Windows user goes without AV software, they are going to be infected with viruses, no matter what Mac users are doing.
Infected In Twenty Minutes
http://www.securityfocus.com/columnists/262
Over 91% of computers running Windows are infected with Spyware!
(According to a study by the National Cyber-Security Alliance.)
http://phx.corporate-ir.net/phoenix.zhtml?c=104920&p=irol-newsArticle_pf&ID=613958&highlight=
The reality is that Windows users *have* to use AV software. Given that they should be protecting themselves, why do Mac users have to be protecting them too, and from a virtually non-existent vector of infection? And especially when there is no other significant threat for which Mac users need to purchase AV software? Purchasing AV software to protect Windows users simply doesn't make sense.
To point fingers and laugh in his face when he tries to look up some porn in a lonely moment and contracts a virus would be downright mean, not to mention judgemental.
Another ridiculous distortion of what I said. (And a rather disturbing one.)
Want to know what's mean? It is mean of you to tell your friend that he needs to purchase AV software for about $100, when you should instead be telling him that he simply needs to avoid downloading video codecs offered by such Web sites, to remain safe.
And you're right -- paranoia is no indication of a conspiracy... but hard evidence is, and by the scientific method, one instance of evidence to the contrary disproves the idea.
One instance of a person coming into contact with a specific Trojan Horse, by the scientific method, does not indicate that any other person, *ever* will come into contact with that Trojan.
You can disseminate all the FUD that you like, but that doesn't mean that there is any significant threat. When you can provide evidence that out of 30 or 40 million Mac users out there, that more than a tiny handful of them have come in contact with this Trojan, or that after a certain point in time *anyone* has come in contact with this Trojan, then I might concede that users need AV software to protect themselves from it.
Otherwise you are just talking about the need to carry alligator repellant with you on your way to work.
The fact that one person on this forum has been the victim of the DNSChanger trojan is evidence that it's "out there" and that there is a possibility of infection...
As I said previously, there are a small number of Trojans for the Mac. But I also said that they are incredibly rare, and I'm sticking by that.
Feel free to check with any of the malware tracking services and tell me which Trojans have more than a tiny distribution...
http://secunia.com/product/96/#advisories
McAfee:
http://vil.mcafee.com/
Symantec:
http://www.symantec.com/avcenter/
F-Secure:
http://www.f-secure.com/virus-info/
http://www.f-secure.com/v-descs/
Sophos Virus Analyses:
http://www.sophos.com/virusinfo/analyses/
http://www.sophos.com/virusinfo/
Symantec Enterprise Security Response:
http://securityresponse.symantec.com/avcenter/venc/data/
SecurityFocus:
http://www.securityfocus.com/archive/
am I saying that everyone should run out and get virus protection on their Mac? No, most definitely not.
Exactly.
Am I inciting paranoia to further my own well-being and career? Nope. Am I backing up Apple in saying that virus protection may not be a bad idea?
You betcha.
An intelligent person would ask some questions before taking this "advice."
- Why is Apple suggesting this?
- Has Apple referenced a specific threat that I need to be concerned about?
- What specific threats are there?
- How common are these threats?
- Is there a downside to running AV software?
- What advantage in the here and now will I gain from running AV software?
- How often have other Mac users encountered malicious malware?
I believe that the answers to these questions would lead most ordinary Mac users to the conclusion that they don't need AV software at this time.
But that's up to the user to decide -- not you or I. I never said people should run virus protection -- I recommended it for those who are paranoid and/or worried.
How stupid do you think that Macintosh users are? I think that they tend to be pretty bright. The Macintosh Way is for Macintosh users to educate and help each other. I don't think that there are any Mac users who are too stupid to understand the simple ways to avoid the tiny and very rare amount of malware that is out there. Why not just do so instead of telling them to get expensive AV software that they don't need? (In fact, even if they are rank newbies, I think that it is still incredibly unlikely that Mac users will encounter any malware, ever.) If they are so stupid that they can't be educated, maybe they shouldn't be using a computer at all? Because its just not that hard.
You, on the other hand, have decidedly suggested to ignore this information and evidence and suggest that no one should run virus protection on their Macs... which I wholeheartedly disagree with.
Where did I say that "no one" should be using AV software? I said that ordinary Mac users didn't need AV software. I believe that several users should have it.
People who run a business where their client files, or their data, is extraordinarily important and who might incur liability if it was lost or damaged, should run AV software, if for no other reason than that it would look bad not to. (e.g. doctors, lawyers, financial consultants, etc.) I run AV software for just this reason. (Imagine being sued and telling a jury that you lost your irreplaceable files because your computer is a Mac and it doesn't need AV software. Even grandmas on a jury have heard that all computers get viruses.)
Network servers should have AV software as a best practice.
People who regularly engage in risky computing practices with impunity should probably consider AV software. (Pirating software can expose you to pirates. Engage in immoral acts and you will often be exposed to other immoral people who don't have your best interests at heart. That's how life works.)
But this is a very short list...because the threat just isn't there to justify the need.
Wrong, wrong, wrong. Parallels, Fusion and VirtualBox all allow you to run Windows on your Mac, and if you have shared folders enabled in any of these programs, your chance of infecting your virtual machine (and then having the virus spread to other Windows colleagues) is very real and very possible.
I was concerned about this when virtualization first became available on Intel-based Macs. So I asked some experts, like the Parallels folks, and others. They said that it isn't a problem. They must have been right. I've never heard of a Mac user's Mac side infecting their Windows side. (Show of hands...who here has had this happen?
That's just more FUD.
Really? Does grandma know that? Does the guy who just bought his Mac know that? Do those people even know what a "macro" is? It's a big mis-step to assume that everyone is on a level playing field in terms of computer knowledge.
Does grandma use Office? Why did she purchase Office when she could have purchased iWork for half the price? iWork may have even come on her new Mac for free.
Does grandma expect to learn to use Word and Excel without training? If so, that won't work very well. I expect grandma to have to have some training to learn to use Office before she can use it at all. When she learns how to use Office, I expect her to learn about macros and macro viruses as it becomes relevant to her.
Sending grandma out with a new copy of Office, with no training, and telling her that purchasing AV software will make it all safe, instead of just telling her to turn on Macro Virus Protection in Word and Excel's preferences, is...um...unconscionable. Is this really what you are arguing for?
While I know you hate my analogies by now, saying that is like saying that the person getting mugged in the back alley should protect themself and you shouldn't be bothered to make a phone call or do anything about it. Pure laziness.
Actually, to use your analogy...I would not only call the police, I would go and physically assist the person being mugged.
But later, after it was all over, if I find out that this person was walking all by themselves, at night, down a dark alley, in a bad section of town, I would, of course, say "What the heck did you expect?"
A better analogy would be that this person went for a walk, at night, in a bad section of town, down a back alley expecting that they would be safe because everyone else in the world should be watching after them to protect them. The world doesn't work that way. You have to be intelligent and protect yourself. Just as Windows users should be protecting themselves.
Let me give you an analogy of my own.
In a perfect world we would all wear facemasks to protect everyone else from the possibility of our spreading airborne germs. We would also carry around our own porta-potties, to make sure that no fecal-oral transmission of disease (a very common vector) could occur by using shared bathroom facilities. Transmission of communicable disease would drop significantly if we did this.
But we don't do that. We are willing to accept some level of risk to trade off against making others (and ourselves) endure some inconvenience and expense.
You're on the internet, and as much as you'd like to believe that there is nothing but Macs on the internet and we're just in this little, tiny corner of the internet where no other operating system can permeate, that simply isn't the case. Insinuating that you could possibly, willingly pass on a Windows virus and the next guy in line should be the one to catch it and deal with it is just pure laziness and goes against the whole "global community" mindset that the internet embodies.
I'm very impressed by your desire to protect our Windows brothers. Really. It's nice.
Now let me ask you...do you wear a facemask to protect your spouse and children from the possibility that they might get a cold, or nasty flu, from you? Wouldn't you feel just horribly guilty if they got sick because of you?
You don't wear a facemask at home, do you? Why not? I'll tell you why. Because we put just about everything that we do through a risk/benefit analysis. You have decided that wearing a facemask all the time around your loved ones is too much of an inconvenience. You are willing to expose them to your germs, and maybe a nasty cold or flu, or worse, that you are a carrier of, just for a minor advantage in comfort.
And you know what? The chances of your transmitting a disease to your family is quite a bit higher than you using your Mac and giving a virus to a Windows user. In fact, I'd be willing to bet anything that you have done the former many times, and that you have never done the latter.
Purchasing AV software to protect Windows users doesn't even come close to meeting a risk/benefit test. AV software is expensive, it can slow your Mac down, it can cause conflicts or instability, it is currently unnecessary to protect Mac users against any significant threat, and Windows users should be protecting themselves. Recommending that Mac users need AV software to protect Windows PC users is indefensible. There is no logical argument that makes it so.
