破窗户

Here’s a billion-dollar question: Why are Windows users besieged by security exploits, but Mac users are not?

For the sake of this discussion, let’s consider the realm of “security” to encompass any sort of software running on your computer, which software you wish weren’t thereSo we’re not just talking about viruses/worms/Trojan horses — we’re talking about crapware of any sort, including广告软件间谍软件

Adware is software that displays advertisements, typically in pop-up windowsWeb surfers have been cursed by pop-up ads for years, but it’s common knowledge that they’re pretty much just a problem for Windows users these days, because every modern browser other than Internet Explorer has a pop-up blocking featureIf you have adware installed on your computer, however, even switching to a pop-up-blocking browser won’t make them stop — the ads are coming from hidden applications running on your computer.

Spyware is any sort of software that secretly records information about you — anything from the web sites you visit, to logging all the keystrokes you typeObviously, there’s a fine line between spyware and Trojan horses.

What’s remarkable is this: Crapware is a problem of epidemic proportions on Windows, but it is almost completely non-existent on the Mac.

How big a problem is it on Windows? EarthLink offers a free program called间谍审计which scans your PC for various forms of crapware; in March, they发表了一份报告showing that after scanning over one million PCs, Spy Audit had identified nearly 30 million instances of “spyware”, nearly 28 instances per PC scanned.

Now, obviously, these results are bit self-selecting, in that the people who suspect their PC has been infested by spyware are a lot more likely run Spy Audit than those running clean systemsAnd EarthLink is counting cookies from known adware-tracking web sites as instances of “spyware”, which I find tenuous — but still, they also found 5 million adware applications, and over 350,000 Trojan horses and “system monitors”.

A similar audit of Macs might well find nefarious cookies, but would it find adware or spyware? Any at all? If there exists any such software for the Mac, I haven’t heard of it.

没有隐藏的地方

It’s not like Mac OS X is impervious to crapwareAdware, for example, is just software that displays adsAnyone with an Intro to Cocoa book could put together an application that displays ads in a pop-up window.

One difference between Mac OS X and Windows, however, is that Mac OS X doesn’t offer nearly as many places for nefarious software to hideA major aspect to the scourge of crapware is that it’s extraordinarily difficult to find and remove itThis isn’t just about “typical” users; even expert Windows users get hit by crapware and can’t figure out how to get rid of it.

例如Dave Winer, who last week installed the “free” version of Kazaa and ended up with “各地都有弹出窗口Tons of virusware installed.“Winer花了一整天的时间挖掘出来。

或者,例如,Paul Thurrott,他的长期作者WinInfoweb site and众多 图书 关于视窗上个星期,Thurrott被特洛伊木马击中

On Sunday night, while preparing for a trip Monday to New York, the notebook I had planned to bring was suddenly struck by the most malicious software (malware) I’ve ever encounteredThis Trojan horse got through my defenses despite the fact that I was running the Release Candidate 1 (RC1) version of Windows XP Service Pack 2 (SP2) with the firewall turned onIt was infuriating, and after hours of investigating, deep cleaning with various antivirus and spyware products, and consulting with my technical guru (Storage Update’s Keith Furman, a lifesaver), I finally gave upAs I write this commentary, I’m heading to New York by train, using a different machine, and my infected laptop is home, awaiting a complete wipeoutI never did completely clean up the machine, and I’m still frustrated by the defeat.

鉴于Thurrott的一贯记录真正的蠢货regarding all things Mac, could this rate any higher on the schadenfreude-o-meter? Hours of work to remove a Trojan, all in vain, and resigned to a “complete wipeout”?

There are all sorts of ways that Windows executes software that don’t have equivalents on Mac OS XServices get installed in the Windows Registry, and the Registry is an opaque labyrinth.

这在Mac上不是问题Even if you ended up with piece of crapware installed, there simply aren’t that many places where it could hideAssuming the crapware needs to launch itself automatically, it’s either going to be installed in one of the various /Library sub-folders, or it has to be listed in your user account’s Startup Items in the Accounts panel of System Preferences.

零容忍

You could argue that many Mac OS X users have no idea where their Startup Items are listed, or about the contents of the various /Library folders — but plenty of Mac users doCertainly a Mac user with the same expertise as Winer or Thurrott would know about these locations.

We all benefit from the fact that the Mac community has zero tolerance for vulnerabilities不仅仅是对安全性的零容忍战功,但零容忍漏洞In fact, there is zero tolerance in the Mac community for crapware of any kind.

If some “freeware” software for the Mac surreptitiously installed some sort of adware/spyware/crapware, there’d be reports all over the Mac web within daysUninstallation instructions would be posted (and thus made available to all通过谷歌), and the developer who shipped the app would be excoriated.

Zero tolerance, on the part of the user community, is the only policy that can work.

It’s similar to the “broken windows” theory of urban decay, which holds that if a single window is left unrepaired in a building, in fairly short order, the remaining windows in the building will be brokenFixing windows as soon as they are broken sends a message: that vandalism will not be tolerated但fixing windows also sends a message: that vandalism is acceptableWorse, once a problem such as vandalism starts, if left unchecked, it flourishes.

这个理论在1982年的一篇文章中成名詹姆斯Q.Wilson and George LKelling in大西洋月刊他们写:

That link [between maintaining civil order and preventing crime] is similar to the process whereby one broken window becomes manyThe citizen who fears the ill-smelling drunk, the rowdy teenager, or the importuning beggar is not merely expressing his distaste for unseemly behavior; he is also giving voice to a bit of folk wisdom that happens to be a correct generalization — namely, that serious street crime flourishes in areas in which disorderly behavior goes uncheckedThe unchecked panhandler is, in effect, the first broken windowMuggers and robbers, whether opportunistic or professional, believe they reduce their chances of being caught or even identified if they operate on streets where potential victims are already intimidated by prevailing conditionsIf the neighborhood cannot keep a bothersome panhandler from annoying passersby, the thief may reason, it is even less likely to call the police to identify a potential mugger or to interfere if the mugging actually takes place.

应该明白我们要走向何方。

My answer to question posed earlier — why are Windows users besieged with security exploits, while Mac users suffer none? — is that Windows is like a bad neighborhood, strewn with litter, mysterious odors, panhandlers, and untold dozens of petty annoyancesMany Windows users are simply resigned to the fact that their computers contain software that is not under their control. And if they’ll tolerate an annoying application that badgers them with pop-up ads, well, whya spyware virus that logs every key you type, then sends them back to the creator? (That’s a real virus, by the way,Korgo, which hit Windows at the end of May and is spreading quickly.)

The Mac is like a good neighborhood, where the streets are clean and the crime rate lowYou don’t need bars on your windows in a good neighborhood; you don’t need anti-virus software on the Mac.

Windows apologists have long argued that the only reason the Mac has been so strikingly free of security exploits is that it has such a smaller market share than WindowsThis argument ignores numerous facts, such as that the Mac’s share of viruses is effectively; no matter how you peg the Mac’s overall market share, its share of viruses/worms/Trojans is significantly disproportionateOr that the logical conclusion of this argument — that because of Windows’s monopoly market share, malfeasant hackers would logically只要write software to attack Windows — would be to extend the argument to所有software, malicious or not, and it’s quite easily disproven that “all software” is targeted only for WindowsOr that, despite the Mac’s relatively small market share, a successful virus/worm/Trojan attack against Mac OS X would likely garner significantly more notoriety and fame; considering the recent publicity given to非剥削Mac OS X vulnerabilities, it’s reasonable to expect that an outright exploit would result in an avalanche of tech media hysteria.

The reason this argument is so popular with Windows apologists is that it’s a convenient bit of rhetoricThey say it’s so, we say it’s not你无法超越这个论点,因为it can’t be disprovenwithout the Mac OS actually attaining a Windows-like market share.

所以,让我们承认这一点,仅仅是为了争论:OK, fine, if the Mac had the same market share as Windows, the tables would be turned and there’d be just as many Mac security exploits as there are Windows exploits today.

Now what? Given that the Mac is决不going to attain a monopoly share of the operating systems market — that merely expanding its share to, say, 10 percent would be universally hailed as an almost-too-good-to-be-true success — isn’t it thus only logical to conclude that the Mac is forever “doomed” to be significantly more secure than Windows?

While we’re conceding for the sake of argument, let’s address that other popular canard of Windows apologia — that on the whole, Windows XP is just as good, if not better, than Mac OS X.OK, fine. XP is as good as OS X; Windows Movie Maker is as good as iMovie; Photoshop Album is better than iPhoto; etc.

But is it fair to judge Mac-v.-Windows under factory-fresh conditions? Wouldn’t an accurate comparison be better made a few months down the road — after a nice sampling of the hundreds of new Windows viruses discovered每周get a chance to find a home on the Windows box? In the hands of a typical user, a six-month-old Mac is almost certainly in similar working condition as when it left the store; a six-month-old Windows PC, on the other hand, is likely to be infested with multiple instances of crapwareAnd if it’s not, it’s likely because the poor sap who bought it just got done reinstalling from scratch.

你可以争论为什么就是这样,但你不需要You can’t argue with the facts防病毒软件供应商Sophos reported yesterday that it found 959 new viruseslast month aloneHow many of those do you think were for Mac OS X? Any at all?

Arguing that it’s technically possible that the Mac could suffer just as many security exploits as Windows is like arguing that a good neighborhood could suddenly find itself strewn with garbage and plagued by vandalism and serious crimePossible, yes, but not likelyThe security disparity between the Mac and Windows isn’t so much about technical possibilities as it is about what people will tolerate.

Mac用户不会容忍狗屎。

以前: 安全无法旋转
下一个: 安全更新