Maples don’t get Dutch Elm Disease

Posted by Keith McMillan

January 22, 2008 | 3 Comments

I noticed today that Infoworld has an article about Apple and their increasing market share.

“However, malware researchers and industry analysts warn that as the sheer number of Apple end-point devices in use worldwide rise, so will the security concerns tied to the company’s products.”

This brought to mind a comment when I was doing my graduate school work. One of the professors at a presentation I was making on the Morris Internet Worm remarked that “Maples don’t get Dutch Elm Disease.” The point being sometimes diversity is good.

Sexual reproduction in nature evolved for a reason. Populations evolve with different gene pools, and those gene pools are recombined and remixed with every individual that comes along (if you’re doing it right…). That helps them survive attacks from bacteria and viruses, and also to provide them with that occasional mutation that gives them the edge to survive. Just take a look at the evolution of drug-resistant germs in order to get a view of this process in fast-forward.

Windows-based computers used to be the primary targets of all kinds of malware, and still are due to their popularity. But as other platforms become more prevalent, then they suffer the fate of rising above the radar: they become targets in proportion to their popularity. While the Mac can claim some resistance to these sorts of attacks (justifiably, I think) based on it’s *NIX heritage and the better compartmentalization of permissions, that’s at least partly irrelevant. The theater of action has changed.

Today, malware hides in application space just as much as in the OS space. And that’s a much more difficult problem to solve, as the number of applications is obviously bigger than the number of OSes on which they live. All it takes is for one developer to make a mistake in his code to create an opening through which malware can pass.

The days of blithely dismissing malware for today’s darlings (the Mac, the iPhone, and all those other highly connected devices) are numbered.

Speak of the devil… Malicious MMS worm hits Nokia handsets


RSS feed | Trackback URI


Comment by Peter H. Coffin
2008-01-22 11:28:00

IMHO, a big step would be convincing people that that something that (for example) puts little sheep walking along the edges of their windows may in fact be doing something else as well. Another big one would be convincing organizations to be no less suspicious of their internal machines as they are of the ones outside their networks. If there’s a port listening, something will shovel bad data at it eventually.

Comment by Keith McMillan
2008-01-22 13:41:41

It’s been a time-honored tradition that “you can’t secure everything” and you should focus on the “hard, crusty exterior” of your networks rather than the “soft, chewy interior”.

Unfortunately, you’re correct, and many security practitioners (or at least the smart ones) now realize that they’re going to face at least as much of a threat from inside the organization as outside.

Some of the new intrusion prevention systems may do something to help with these sorts of issues, but the jury’s really out on those.

Comment by John Wirtz
2008-01-22 19:34:17

I read a security bulletin for then SBC a few years ago where they talked about the greatest threat to the company network. In essence they said that the greatest source of malware and virus threats didn’t come from outside the company, nor through the firewall via e-mail or web surfing, but from people bringing their own infected disks in and popping them into their computers. They put something “cool” on their workstation. Someone sees it and they want it so things start spreading around the office. Remarkably the internal e-mail isn’t filtered through the firewall, so the malware gets spread to other offices and departments by “friends” and within a month there is a major company wide problem.

The lesson; you can’t neglect the creamy nugat center and only concentrate on the crusty exterior. That creamy center is chock full of nuts.

Name (required)
E-mail (required - never shown publicly)
Your Comment (smaller size | larger size)
You may use <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong> in your comment.