What Will Apple Do When the Malware Comes?

The release in the last few days of malware for the Mac and Linux underscore some old issues about how it is possible to have malware on those platforms. I have some new thoughts though. I've begun to wonder what Apple would do if a real problem developed.

To be very clear, a real problem has not yet developed, and Inqtana.A and Leap.A are not a real problem, except to the extent that they may be bellwethers. They are more interesting for what they suggest than what they actually do.

It's true that the Mac OS has had, for many years, an important level of protection that will only emerge in Windows with Vista: By default, Mac users run at a restricted privilege level, and any malware they run will be similarly restricted.

The user may be presented, as with any legitimate software install, with a request for the Admin password, and at that point they may exercise discretion.

Apple updates Mac OS X. Click here to read more.

This is almost entirely a consumer issue I believe; in managed business networks it has been well understood for a very long time how to create Windows clients with restricted privileges, and any administrator who doesn't do it is to blame for problems that result.

This process protects against silent installations of malware, but it doesn't protect against all fraudulent installations.

Much of the garden-variety malware on Windows pretends to be a data file of some sort (as if data files were inherently safe, but that's another story). Double-click the icon and it turns out that you've actually run a program.

But much malware, especially of the adware variety, doesn't hide the fact that it's a program. The user is told that they are installing some slick browser toolbar or perhaps a special viewing program for some porn, but in fact they could be installing anything at all.

Read the rest of this eWEEK analysis: "What Will Apple Do When the Malware Comes?"