Apple revealed today that they were targeted by the same malware attack leveled against Facebook on February 1st. The earlier comments by Facebook hinted at a working group of high-value targets and Apple now appears to be among them. The attack took advantage of a previously unknown Java zero-day exploit to infect the engineers’ computers by means of their web browsers.
The method employed by the hackers apparently was what is commonly referred to as a “watering hole” attack. Rather than directly trying to penetrate the defenses of a large target, hackers instead infected a smaller target that is frequented by the staffs of the affected companies. The term “watering hole” refers to the opportunistic hunting tactics of animals in the wild. Rather than wandering aimlessly through the Sahara looking for prey, they merely wait near the watering hole for the inevitable victim to make a pit stop. It has not been revealed if the affected Facebook laptops were Macs. I’m guessing they were, based on the severity of Apple’s response. This seems to explain the sudden blocking of Java 7 in Apple’s anti-malware blacklists on February 1st.
The debate between Mac and PC has gone on for years – at least among the hard-core computer nerds. The debate, of course, is over which operating system is superior. That eternal debate isn’t the concern of this post. Most readers of this blog are not computer nerds and die-hard fan boys of either operating system. Rather, you’re just an average computer user that has often wondered which operating system is “safer”, as opposed to “better”. While I cannot provide a scientific controlled double-blind trial of the evidence for either side, I can help you cut through the clutter and form a more balanced opinion on the matter.
Both operating systems were born at roughly the same time. Both have evolved considerably, and most folks can get along just fine with either system with a minimal amount of education. Both operating systems have a lot to offer and you can do most anything you need to do regardless of your choice. The question here is regarding the inherent security of the respective operating systems.
Have you heard of Willie Sutton’s law? Willie Sutton was a famous bank robber who, when asked why he robbed banks, is said to have quipped “that’s where they keep the money”. It has been implied, if not said outright, that the Apple Mac operating system is inherently more secure than Windows. Is this really the case? Can such a declaration really be made with a straight face? I don’t think so.
Not counting tablets, Apple computers account for roughly 7% market share. Most of the remaining 93% is owned by Microsoft Windows operating systems. If you were planning to write a malware infection or some kind of mass exploit, would you choose the 7% or the 93%? Put differently, if you went target shooting with your bow and arrow, would you prefer to shoot at a 93′ target or a 7′ target? Think of Windows as a “target rich environment”. This is where Willie Sutton’s law applies. Why focus the attacks on Windows? Because that’s where the users are. However, today’s news should serve to warn us that the game could change at any point, especially in the case of specific, targeted attacks.
Bottom line – are you safer with a Mac? Yes, I’d say so – but not because of an inherently safer OS. Rather, you’re hiding in plain sight while the hunters pick off your Windows friends. You’re not immune!