iBotnet is a Warning – Mac Users Won’t Listen

Just read this article about the new Mac worm. I can’t agree with the writer’s conclusion that nothing needs to be done yet.

While this iBotnet worm will only affect those using pirated software (thus far: worms can be re-engineered to do whatever their designers want — see Conficker), other worms and virii will eventually and more easily affect other users.  Others are already being affected by this worm; it now appears the iBots are being used in DDOS attacks.

It’s a bit naive to say that paradise has been lost now with this worm when bots have been used for years for destructive and criminal purposes. PC bots don’t discriminate against Mac users, nor  do they ignore Mac users. Bots are used to spread more malware, to spam people, and to do all kinds of bad things and steal all kinds of data. The risks aren’t limited to one computer or one kind of computer when compromised machines — Mac, Windows, Linux, anything — spread risks to other computers and when they’re used in malicious manners.

The best security practice is pro-active rather than reactive. The writer of the “Paradise Lost” article is right that pirated software should never be downloaded, let alone installed. In addition to being illegal, you don’t know who’s done what with software. The number of unpatched and pirated copies of Windows in Asia accounts for the rise of botnets in that region of the world.

The writer is also very wrong to wait to install security software. You don’t wait for the hurricane to hit before you make your preparations. You make your preparations and hope for the best; you don’t hope for the best and then, when it’s too late, prepare yourself.

Those who wait to install security software have to hope they’ll have enough time to install it before any threat escalates into a Mac pandemic. Unfortunately, history isn’t on the side of those who wait too late in the game regardless of operating system. It’s almost always dead set against them. Zero-day exploits mean someone somewhere dropped the ball sufficiently for criminals to get an upperhand. It can take very little time for an exploit to spread, and many computers can be affected before the problem is even detected and, eventually, fixed.

In another way security software is like one of the common pro-gun rights mottos: It’s better to have it and not need it than need it and not have it.

Mac users have been beguiled for years into believing they’re elite, that Apple’s operating systems are invulnerable to cracking, that OSX’s Unix heritage makes it inherently secure (no operating system is inherently secure, not even OpenBSD), and so on. Their gullibility will likely prove their own downfall.

The time to get patched is before you’re cracked. The time to install security software is before you’re pwned. Then it’s too late. Duh.

Mac users will probably make for the easiest user community to target because they feel so invincible. It’s not if, it’s when. Mac users tend to have favorable demographics for criminals to target. Apple’s lax security policies make OSX a very easy target to crack. It’s a dangerous combination. The only question is, How many Mac users will be wide-open and vulnerable to attack because of their gullibility and naivete?

Even one would be too many. I expect mass pwnage, and probably sooner than later. And the compromised Macs will be used much as compromised Windows computers are. That means more malware, more spam, more distributed DOS attacks. Those who keep their computers patched and secure will be less vulnerable to the malware but will still be affected by those who are too stupid, ignorant, arrogant, or gullible to be safe.

Now is the time to prepare and reduce the risks of attack — before your Mac is attacked. It’s not too late yet.

One Response to “iBotnet is a Warning – Mac Users Won’t Listen”

  1. I AM OSX » iBotnet is a Warning - Mac Users Won't Listen « lucky13 Says:

    […] Follow this link: iBotnet is a Warning – Mac Users Won't Listen « lucky13 […]

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: