If malware was water falling from the sky, the experience of people running the big three desktop operating systems would go something like this:
Mac OS X: “Is it sprinkling? I thought I felt a drop there. Did anyone else feel a drop? No? Maybe I just imagined it.”
Linux: “Oh, yeah… I definitely felt a sprinkle or two there.”
Windows: [Can’t say anything because they’re pinned to the foot of Niagara Falls by tons of down rushing water.]
For the last ten years, there has been a raging debate among computer geeks as to why Mac OS X and Linux have virtually no problems with malware while Windows is often almost crippled by it. The most commonly accepted explanation is called “Security Through Rarity.” This concept holds that on a technological level Mac OS X and Linux are just as insecure as Windows but that the relatively small market share of the first two operating systems makes it unprofitable for malware programmers to spend the time trying to infect them.
I have longed believed that the basic premise of “Security Through Rarity” largely explained why I can run my Mac OS X machines without any additional anti-malware software but don’t dare do the same for my Windows machines. For the last decade, I and everyone else who believed in the concept have expected that “any day now” the Mac’s immunity from malware would end in a shocking gotterdammerung of a Mac malware pandemic but it hasn’t happened yet. Just as the failure of other types of apocalyptic prophesies undermine people’s faith in those prophesies, the fact that the long-prophesied Mac malware apocalypse has never manifested in more than a trivial manner has caused me to reexamine my belief in the “Security Through Rarity” concept.
There are several good reasons to doubt that “Security Through Rarity” explains the lack of malware that exploits Mac OS X in particular.
Read more
