If you were correct, there are several problems:
1. Artificially infecting systems to determine what some other trojan might do is illegal. So why should we pay attention to a criminal enterprise? 2. The effectiveness of a trojan is dependent on how appealing the enticement is. If they put their trojan on web sites that are more (or less) appealing than the actual ones used, the results would be meaningless.
3. In the original article, they cited infection rates in some countries as low as 0.1% in some cases. Doing so and reporting data from many countries suggests that they would have had to infect many hundreds of thousands of systems to get the data they need.
The whole thing sounds bogus.
jragosta wrote: »
<p> ... The whole thing sounds bogus.</p>
brlawyer wrote: »
<p> It's funny how most of these "security" companies come from a country widely known for its (i) transparency and (ii) low corruption levels and (iii) extremely low incidence of hacking activities... </p>
aaarrrgggh wrote: »
I just wish I had a better idea of how to protect things in a general case-- getting a Cisco ASA for home just seems stupid and ineffective overkill.
That's not how they're not doing it. If you're such an expert, try your own sniffing - as in reading! You should be able to figure out their method.
I'm not saying that one should take reports seriously.
However, THIS report has a lot of red flags that make the conclusions very questionable. I listed some of them above.
It's funny how most of these "security" companies come from a country widely known for its (i) transparency and (ii) low corruption levels and (iii) extremely low incidence of hacking activities...
Intego, who first identified the Flashback variant are French.
Symantec are American and now agree with DrWeb that the number sits at 600 000.
Are you really suggesting that this is a global conspiracy?
Yup, they all want to sell Mac anti virus software, which would NOT have stopped this from happening. Best possible thing they can do is have software that will remove these kinds of things after they become known.
I have always used Firefox with the no script addon with an free antivirus program (Sophos and ClamXav current). Oh regarding the app store it's version of ClamXav doesn't have ClamXav Sentry while the one from the site does.
As for that "server run by an unidentified third party" claim taking a sampling of the list of contacts at http://contagiodump.blogspot.com/2012/04/i-have-been-tracking-infections-too-and.html produces a very interesting pattern if you throw them at http://www.ip-adress.com/whois/.
Both Dr Web and Kaspersky are well-known in Russia, but Parallels is not even though all three are Russian companies. So what if one company targets international market and another one targets national one.
It remains to be seen who's right and who's wrong, antiviral companies will always tend to somewhat overestimate threats, I just hope OS X will not force everyone to "MacStore-only" security model when "security through minority" does not prove to be effective any more.
The "security through obscurity" motto has been definitely debunked in the other discussion by the researches themselves who follow the malware evolution on the Mac platform:
"As we correctly predicted back in May, Mac malware has not scaled continuously due to market share, but rather, is more the result of opportunist "bubble economies" that have produced new threats in fits and starts," researchers said
What increased market share naturally does, is to increase the interest of the malware programmers but this is not translated necessarily to more malware available in the wild. Besides, Mac OS X has much more market share than the classic Mac OS ever had, and this the moment when malware can propagate like a wild fire through the internet. Nevertheless, the classic Mac OS had about 50 known actual and functioning malware including viruses, in an era when internet was barely present, while we have yet to see a single virus under Mac OS X. The system architecture is obviously what makes all the difference here. Therefore, the "security through obscurity" motto, although it contains a truth in the sense I explained previously, it is really overblown out of proportion.
Ah, so I'm of no worth. Got it.