The Danger Of Denial

No operating system is hack-proof. Period.


For years now, my diehard Mac-lover friends and this diehard PC fan have bantered back and forth about the superiority of one processor over the other. When Apple switched to the Intel platform in the late 2000s the argument went moot. I was right, they were wrong. PC’s were the best computers.

Since then, the arguments about which platform is better have died off. They both do the job, and they both do it well. But the passion users carry to justify why Macs are a better platform still remain, even though they are largely baseless. To wit, my latest exchange has been with a good friend and Mac aficionado who says Macs don’t get viruses. Wrong, but there are some explanations why that myth perpetuates, other than Apple saying so.

From a technical perspective, the Mac OSX code is written differently than the Windows code. That means that code that runs natively on Windows can’t run on the Mac OS. Why? There are many reasons, but the two fundamental differences are that the Mac OS doesn’t share a common registry, and it has a different file structure. So any malware written in Windows code isn’t compatible with Mac OS code. There are exceptions, but to attack a Mac requires a concerted code that can run under its OS, just like its Windows counterpart.

The second point is simple hacker economics. If you are a hacker, one of your primary goals is to do as much damage as possible. Consider the fact that the ratio of PCs to Macs is about 10 to 1, who are you going to target? It is all about body count. And in case you doubt me, here is a partial list of Mac-specific viruses: INIT-29-B virus, HyperCard HC-9507, Hong Kong virus, OSX/Leap-A, OSX.Macarena, the trojan horse AppleScript.THT, OSX.Lamzev.A and OSX.TrojanKit.Malez trojans, OSX.RSPlug.D trojan, OSX.Iservice and OSX.Iservice.B trojans, OSX/HellRTS Trojan and FLASHBACK.

So now that this argument has been laid to rest, let’s move on to 2015 and the mobile platform. I had the same argument with my friend over iOS and Android. His claim was, again, iOS was hacker-proof. Well, tell that to the WireLurker and XcodeGhost victims. As far back as 2012, iOS has been vulnerable to viruses (and let’s not forget Apple’s own iOS bug that lets fake apps get onto iPhones/Pads via masque attacks).

The truth is that iOS is less hackable than Android, just like the Mac is less hackable than the PC. But the cold, hard facts are that everything is hackable, no matter what Apple, Google, Microsoft, or anybody else says.

The danger is two-fold. If the consumer keeps getting told their device is hack-proof, score a big fat point for the hacker. The user will blissfully social media along without protection. The second part of that goes for the mentality of Mac and iOS loyalists of all ages in critical environments (finance, health, retail, government, etc.). If they let the device and OS vendors convince them that the devices are hack-proof, it leads to lackluster attitudes in cybersecurity and network protection. Score another big fat point for the hacker.

It is unlikely that the purveyors of devices and OSes will throw open their doors and proclaim that their product is, in fact, vulnerable to malware, hacking, viruses, bugs and dumb operators. So as usual, the job falls to the security sector at the bottom of the pyramid. This is kind of like sneaking a speed limiter into mobile phones so they can’t be used past 10 MPH.