Why No Mac Malware?

by Charles Miller on June 5, 2004

John Gruber of Daring Fireball dares ask the question:

Why are Windows users besieged by security exploits, but Mac users are not?

Boiled down his answers are:

  1. Market-share is a factor, but there has to be some other explanation for the fact that Windows' market-share in malware vastly outstrips its market-share on the desktop
  2. There are fewer places to hide bad programs on the Mac
  3. Mac users are far less tolerant of programs that spread malware

I disagree with the first point. You can explain almost all of the relative safety in running Mac OS X with its low market-share.


This argument ignores numerous facts, such as that the Mac’s share of viruses is effectively zero; no matter how you peg the Mac’s overall market share, its share of viruses/worms/Trojans is significantly disproportionate.

In order to spread, viruses, worms and trojans rely on network effects. The value of a network grows as the square of the number of users. Therefore viruses, trojans and other malware are simply orders of magnitude more effective when targeted against a widely deployed platform.

Imagine you send the latest Mac-targetting email trojan to 100 random addresses. If you're lucky, three of them might be Mac users. If you're lucky, one of them might open the attachment, causing the trojan to be sent to all of the people in that person's address-book, most of whom will also be Windows users. Meanwhile all the Windows users will receive this attachment that they can't run, and get back to the person who sent it to them.

The trojan's just not going to get off the ground. The effectiveness of sending a Windows-targetting trojan is just several orders of magnitude higher. Even if your initial mail-out went only to Mac users, it would probably fizzle out after the first generation.

Even with spyware and adware that do not propagate over the network, the Mac is a small enough target that it is not worth tackling.

For packaged software, there are market segments. There's value in targetting a product at a small market, so long as the market wants the software, and the competition is perhaps less cut-throat than in the dominant market. That's why software exists for the Mac. Malware has no market segments, because people aren't looking to install malware. If someone has one piece of spyware installed, that doesn't mean they're not going to get another: on the contrary, it means they're more likely to install another. There's no value in targetting malware at a niche market.

I would dispute that there are fewer places for malware to hide on the Mac: I could think of some pretty interesting places you could hide programs in the Unix subsystem, or by playing tricks inside existing Application bundles. I would also dispute that any UI measures make the Mac inherently safer from malware: if you convince someone they really want to open that attachment, or download that "login application" they need to access the porn site, no amount of warning dialogs will make any difference.

I also dispute the "broken windows" theory, just on the basis that it's easy to assume ever-vigilance against something that has not yet shown any sign of existing. Communities exist in the Windows world to warn of adware-infested applications, but there's still just too many people who just want to get on the file-sharing network, and don't do their homework.

As Gruber says, even if market-share is the dominant reason for the Mac's relative security, this isn't a bad thing: since that share is unlikely to rise significantly, the Mac will stay safe from general threats.

What I'd like to add, though, is that there is still no room for complacency, because none of this keeps you safe from specific threats. Specific threats get no value from the network effect. If I want to get into your computer, I no longer care about the market-share of your operating system: the only target I care about is you.

Previously: Rat, Food-Pellet.

Next: Playing the Man, Not the Ball