Steve, I agree 100% with your conclusions. Mac users are generally higher net worth individuals who are a better target than the game playing teenager with their stripped down boxes.
And consider this story:
My Vista laptop. Firefox 3. Kids need a Shockwave plug in for Miniclip.
Navigate to plug in, download, allow admin privileges.
Start to install, exe asks me if I want to try Norton Scan? No.
I install and over the next few days of checking it has installed a service, a start up item to automatically check for updates and program called 'helper' which may be the update thing, all in hidden files not picked up in searching the HD but finally found by my firewall.
This is very malware like behaviour and is would be identical if it were malicious.
Now, my iMac. Firefox3, Shockwave plugin for miniclip.
Navigate to plug in, download, allow admin privileges, install.
Over the next few days I check everything and realize it has installed precisely nothing else. No auto update, no start up item, nothing.
So I ask myself why.
Is it that the mac is too small a market to be interested? No. they made the plug in after all. If they can be bothered to do that then clearly it's worth doing.
Is it that they aren't capable of doing it? What Adobe? If anyone outside Apple knows MacOs, surely it's Adobe? They've been writing for Macs since he start and they are a big enough company to employ really good developers.
Is it that their marketing policy is different? Why would it be? Like I said, they made the plug in so why not try to make some money out of it?
Is it that they all use Macs and hate that sort of thing? Possibly, but the Windows developers use Windows boxes and hate it too.
Or could it be, just possible, that it is in fact really hard to do on a Mac?
I think that's the most likely explanation.
In any case, I can find nothing reasonable else.
Good day to you all.
Ian
Surely a target group that is both technically less aware, and
potentially (though their choice of more expensive hardware) more
wealthy, than the average user, should be a truly sweet objective for
the criminal mind?
Consider that the average Mac user just uses their Mac. They are much
less technically aware of the inner workings and potential
shortcomings than their Windows using peers. Witness the many
concerned and worried questions seen in this forms about security on
a Mac.
Also, where I live Macs are considered either a luxury item or a
business tool. Both groups by definition have money to steal, a
luxury item user potentially having more disposable income to siphon
from their bank account? Perhaps.
Also both groups are more likely to have the higher cost, higher
bandwidth broadband connections, not to mention quite capable
hardware, that would surely make them prime real-estate for Bot
herders?
So given the above assumptions, and the fact that Mac Users seem to
be approaching 8-10% of online users, should they not at least be
victims of at least 8% of technically initiated online fraud ? Or
perhaps unwitting hosts to at least 8% of Botnets ?
The fact that they empirically are neither of these things is
significant. And those of you who do work in the security business
understand that risk assessment and risk mitigation are statistical
sciences much more than they are technical.
I am not saying that there are no risks, but given the above
criteria Mac users today are significantly less at risk through their
technology than their Windows using peers.
As to their wariness of threats, that's down more to psychology than
technology - but perhaps their choice of platform may also be
indicative of a slight edge here?
Just some thoughts to ponder,
Steve
BTW: I personally spend 15 to 20 times more effort securing my
Windows systems than I do on my Mac and Linux systems combined.
