What makes for successful Malware?
cmw.osdude 120000QT77 Visits (2959)
[Remember that even though I work for IBM I am an individual with my own thoughts and ideas. Anything I write here may not necessarily represent the views of the IBM Corporation or its partners... though I'm hoping that's only a matter of time before they catch up.]
Lately I've seen a number of articles like "Why malware for Macs is on its way" talking about the discovery of a malware kit designed for Macintosh systems. For those who don't know, there are actually toolkits that are sold to help people design attacks on systems. If you've heard of "script kiddie" attacks, then this is the sort of thing that they mean. Basically someone who doesn't know a lot about hacking into a system uses one of these kits, much as you or I would use a library to do draw graphics, and focuses on their core business of ripping off credit card numbers or what have you.
Most of these kits have been centered around Windows, and they have borne much fruit. As a Linux user I haven't really had much trouble with that sort of thing. Neither have Macintosh users. An argument has floated around for a while. Is it that the architectures of these environments are somehow superior to Windows, or is it that the market share was small enough that no one cared to exploit it? Well... we are about to see. With the emergence of these kits there should be more attempts on the Macintosh systems. Will theyhold up to the strain or will they fall and require the same sort of scrutiny that a Windows box requires?
Linux is obviously further down the line so I probably don't have to sweat things too much yet. However, the BSD base of Mac OS X makes the environments hauntingly similar. If the attacks are highly successful on Macs, then they might transfer easily to a Linux environment.
Here are a few things that I plan to do to make sure that I have at least a little peace of mind:
It's a shame that we have to think about any of this. Computing should be open and easy. But as long as the bad guys are out there and our laws and conventions make it so easy for people to impersonate me with a few numbers then I need to deal with it.
I really hope that the Mac and Linux environments prove a little tougher than Windows. I guess we'll see.