| Tuesday, January 31, 2006 |
18:16 - Now that's just silly
|
(top)  |
What could conceivably be easier than the much-vaunted Mac installation method of a disk image window with instructions that say "Drag this icon to your Applications folder"?
This:
Naturally, the security-minded will quite rightly raise a finger and make lots of harrumphing noises. The folder alias, after all, might point somewhere completely other than the Applications folder; maybe it's your kernel plugins folder or something, and maybe the app is actually a Trojan that you'd be happily installing into your kernel.
But the usual force that appears to form an impenetrable bubble over the Mac platform and wards off all traditional virus pandemics remains in place: this isn't a rootkit loaded by some company's DRM installer; this isn't a surreptitious ActiveX control in a devious website; this isn't a keylogger piggybacking on some illicit spam mail. It's an app that's being advertised through word of mouth, by people who are in a position to give an authoritative yea or nay on whether any given app is legit or not. There's an implicit level of trust in these communities; if someone like John Gruber or Cabel Sasser endorses something, people slurp it down. If they don't, it never gains any traction.
And perhaps more important is my shaky theory of why nobody bothers creating malicious software to attack Macs in the first place: in order to do so, you have to own a Mac. You have to have spent the thousands of dollars on a boutique computer that smiles at you from the bottom of its shiny desktop every day. If you're a potential Mac-based hacker, you have to overcome all the forces of brand loyalty and cult membership that are absent in the Windows world, and direct your efforts toward destroying something you've put something of yourself into already, whether measured in plastic or people. A PC can be had with no emotional investment and hardly any of the monetary kind, and the hacker feels no compunction about attacking other Windows users or Windows itself. But what circumstances would lead someone to travel down the path of Mac ownership just for the dubious rewards of writing a Mac virus? Buying a Mac is a conscious decision, fraught with drawbacks (such as cost) and undertaken with open eyes for a concrete purpose. Who would go through all that just so he could turn around and stab the platform in which he's just become invested?
Hackers/crackers do what they do for the same reason we all do what we do: for the cred and the clan membership. Write a sploit, get your props. But if you've got a Mac, you've already got your community ready-made. There's no need to rebel against it. So people don't.
Which is why, when we download an app disk image and see an installation procedure that involves dragging a big icon about an inch across the window to another big icon, we know that not only will it not harm the computer, it'll be reversible with a motion hardly any more intricate, just like all the best Mac software—drag it to the Trash. Because fulfilling that kind of trust is the ideal toward which all Mac users with any programming expertise strive.
|
|
Brian Tiemann
