A call to Mac users: stop with the malware huberis already!

Ok, first of all I am currently a Mac user and have been off and on for years. I say this as a friend, not some sort of anti-mac PC geek: Stop being so damned smug. I am talking about the stance on the lack of malware. This stance is pretty much echoed by everyone on the pro-Mac side of the fence from users all the way to Apple itself (just watch a random I'm a Mac, I'm a PC ad).

I was listening to the latest installment of Macbreak Weekly, and a couple of panelists were extolling the virtue of the malware free paradise that is OS X. Well here's the deal folks. This sort of thing is absolutely a dangerous attitude. How many Mac users use any sort of anti-virus at all? Pretty few. To that point, there actually ARE very few AV programs to begin with. Edit, there is the open source (and keeping to my roots, free)ClamXav.

Sure, the Mac OS is actually reasonably secure out of the box (we'll ignore the fact that the firewall is OFF by default) but some of the other protections work very well and are what Windows Vista wanted to be *cough* UAC *cough*

What we have here is the calm before the storm or so to speak. These days, malware, botnets viruses (virii?) are all about dollars and sense. Gone are the days of the pimply faced kid writing a little code to erase hard drives. The bad guys are writing stuff to make money by stealing personal data, sending spam, DDOS blackmail, you name it. Since this is a business, it's simply much more profitable to target the PC world.

Therefore, many Mac users sit around sneering at the PC world because the Mac folk live some sort of mythical land of rainbows and unicorn tears that no virus dare enter. I'm pretty sure the people in Pompeii kinda thought the same thing about volcanoes too.

That will always be the case, a target rich environment will always get the attention, but think about the Mac side of things for a while. There's a 10% or so slice of the market that's almost completely unprotected. Once somebody really takes advantage of this situation (and I do mean when, not if) it will be an unmitigated crisis.

Think I'm being a little bit alarmist? You might have missed this, but there's a currently exploitable (as in drive by scripting) vulnerability in the Java implementation of OS X. Despite 10.5.7 being put out mere days ago, this vulnerability has not been patched even though it's been known for at least six months. For more, visit this site which even features a proof of concept that will execute arbitrary (but harmless) code on your very own magic, walled unicorn powered Garden of Eden.

So my Mac friends, enjoy your beautifuly designed hardware, (mostly) reliable OS and fantastic UI. But please, please, stop thinking it's a freakin' suit of armor and go install some sort of anti-malware. Tin foil hat optional.