Search This Blog

Tuesday, February 19, 2008

The Post-Platform Security Era

Greetings everyone! This is Carl Howe’s Yankee Group colleague, Andrew Jaquith. I’m a security analyst at Yankee. Carl was kind enough to invite me to contribute to this blog. The attraction of posting to this blog was plain, because it is about what we at Yankee Group call Anywhere. At its core, our mission is to forecast how mobility, miniaturization, exploding numbers of form factors, plentiful bandwidth and networked applications will change our lives. We expect that carriers, corporations and consumers alike will benefit from a rising tide of innovation that will bring us new forms of entertainment, commerce and access to information. With that in mind, it is with a mix of resignation and bemusement that I was recently asked to respond to a study by security vendor Sophos about malware predictions for a particular platform, in this case the Mac. You can read the story (which includes my comments), but I’ll save you the time and cut to the chase. According to Sophos, “93 percent believed malware writers would increasingly target the Mac in the future.” I'm not really sure what to make of this study. While I recognize that not all of the security vendors speak with one voice, the narrative on the subject of Macs and viruses has gotten so twisted that it would make Ernö‘ Rubik gasp. First, the line was “Watch out! Mac users will, we are very very sure, be targets of malware in the very near future.” This was generally accompanied by, “Mac users need to stop living in a false paradise!” But now, according to Sophos, Mac users aren't living in a false paradise after all, because they “expect to see more malware.” So which is it? Are Mac users all beret-wearing, latté-sipping artistes that don’t have a clue about security, or are they world-weary realists warily awaiting their next attack? Of course, it doesn't really matter. Frankly, all of these things are just justifications to sell more OS X software. And Sophos’ study should be seen for what it is: a publicity event in service of that goal. More broadly speaking, though, all of this hot air about Mac versus PC security has nothing to do with the real problem: cyber criminals trying to trick end users so that they can take over their PCs, steal money or steal account credentials. That’s a platform-agnostic problem. For Anywhere Consumers — who use whatever operating system they want — the targeted device or platform is much less important than the goal of the attacker. The story really ought to be about whether end-users are safe, educated and aware, not what platform they use. It is high time for the dialogue to shift to the post-platform security era. Let’s stop the usual finger-pointing, schadenfreude and scare-mongering.

1 comment:

Anders said...

Will Macs be more of a target? As marketshare grows, I have no doubt they will be. But ignoring "social engineering" attacks, the question is are they less vulnerable? Carl has argued in the past (and I would agree) that they are much less vulnerable given the Unix base they come from. Thats not to say that a user-level program can't open a large security hole though so this ends up being what those "battle weary realists" tends to worry most about.