Controversy. News that Mac OS X has been hit by its first virus (Leap-A) has kicked up a storm of the stuff. Name calling. Hair pulling. Spitting. Spite. Denial. We haven't seen the like of it since Apple renamed the Wastebasket ‘Trash' - and then the icon designers immediately redrew the trash can as a wastebasket. Or when Apple decided that English people actually spoke “International English” as opposed to “English”, which was spoken by Americans.
Except this time Apple isn't to blame - well, not directly anyway. Apple didn't invent a virus because it felt left out and wanted to act like the Mac boasted all the maladies, faults and foibles expected of a proper operating system. It didn't leak out of the Apple labs as some freakish foaming by-product of iWeb (“My God, what have we done?!”) or corrupted Keynote 2.0 theme.
Leap-A is “a piece of malware that's delivered via a Trojan horse and then acts in both viral and wormy ways,” Macworld contributing editor Rob Griffiths kind of explains.
Actually, it appears to be a rather less scary “Proof of Concept” attack that sneaks in via an InputManager it installs in a user's directory. It seems to have been created to show that Mac OS X can indeed suffer a malware attack just like Windows, without actually doing much harm.
But despite working only under very specific circumstances and relying on idiots who'll click on anything their cursor can hover over, it has caused irrevocable harm - by forever blemishing one of Apple's sacred arguments in its battle of wits with Windows: that Microsoft's software is inherently less secure than the Mac.
PCs get viruses. Macs don't. So buy a Mac. Sorry, that won't wash any more - and there's very little that Apple can do about it, apart from track down the nasty nerd who wrote it and stick an iPod shuffle in his eye. This wormy proof of concept Trojan might not actually be a virus, but it may as well be one now that everybody's talking about it. The BBC posted multiple stories on the subject despite noting at the end that “the risk to users from the virus is almost non-existent”.
The fact that in the same week Microsoft was forced to issue seven security patches for its vulnerable software is now lost amid all the glee of a successful attack on Apple. Even one of these patches itself turned out to be riddled with problems. In the blinding light of Leap-A, who now remembers February's exposed flaws in Microsoft's Internet Explorer? Sun Microsystems was forced to admit to its own seven serious security bugs in Java Runtime Environment for Windows and Linux. Did that make the front pages like Leap-A? Did you read about the bug in Windows XP Service Pack 2 that causes laptop batteries to rapidly go flat when a USB 2.0 device is plugged in? There's a fix, but it's so complicated that it's too risky for general users to implement.
Or how about Microsoft's AntiSpyware Beta that mistakes Symantec AntiVirus Corporate Edition for a password-stealing Trojan and deletes its registry keys, rendering it dead as a doornail. Then there's the Windows security breach involving corrupted fonts on a website. When you view the affected font in Explorer, or in any application that uses Windows to show fonts, the doctored text triggers a buffer overflow, disabling a PC's security and allowing hackers to take control of the computer. Just previewing an affected HTML email message in Outlook can launch the attack too.
All these security lapses occurred in just one week before five-year-old OS X's so-called “first-ever virus” appeared.
If Leap-A is some shady proof of concept, who's the tech terrorist? No one's yet claimed responsibility, been exposed as the felon or tracked down by the Feds. The BBC World Service's Bill Thompson could be front-runner in the conspiracy stakes. Just a few weeks before Leap-A emerged he wrote an article deriding Mac users as “almost unbearably smug” in their belief that OS X is immune to malware.
“If millions of internet-connected Macs are left open to attack it increases the incentive for a bright programmer to write Mac-specific malware that could affect me,” wrote the concerned Thompson.
Coincidence? Could his well-meaning rant have sparked some madman to actually go out and create such an attack?
Another conspiracy points the finger at the lunatic fringe of Mac users - actually a rather large mass considering the size of market share enjoyed by Apple; I'd say as many as 30 per cent of all Mac users would readily take up cudgels on behalf of Apple on the slightest of pretences.
Stung by Apple's treacherous switch to the evil Intel, one Mac nut may have decided to take down the Judas Steve Jobs. “Rather the Mac is destroyed by my cleansing code than be tainted by Pentium plague,” he wept as he unleashed his virus and then turned the gun on himself.
Could it have been the only man feted by Apple devotees more than Lord Jobs himself? Scarcely less than two months before Leap-A surfaced, Apple co-founder Steve Wozniak - an otherwise beacon of beardy beneficence - slammed Apple's software and its developers. “I get the worst, worst software almost always from Apple,” spake ‘Other Steve'. Chillingly he whispered: “Remember, the people who wrote OS X weren't the people who developed the Macintosh.”
Of course, the long finger of blame must also be turned on Apple's arch nemesis: Microsoft (coincidentally running TV ads about how secure its software is). Angered by years of Mac users' taunts and barbs about how wretched Windows is cursed with viruses and spyware in stark contrast to the purity of the holy X, some lowly Microserf worked himself into a vengeful frenzy. “I'll show them!” he roared, spittle flying from his thin, mustacheod lips. “Take this, iPod scum!”
It certainly can have nothing to do with all the anti-virus software companies that released this news in the first place. Surely they're busy enough in the $15billion-per-year consumer security market to waste time creating scare stories for innocent Mac users...
Before February's sudden rush of Mac vulnerability stories there were a few such security scares - and I mean a few. I can recall about three in the five years that Mac OS X has been around - none of which amounted to anything. Maybe OS X is a lot more secure than Windows. Maybe virus writers don't bother with it because there's only 20 million Mac users to mess with. Maybe Mac users are a lot less stupid than Windows users, and so aren't attracted like moths to lightbulbs by the bait of a picture of a tennis player's arse. Maybe a virus really is a badge of honour that proves the Mac is hitting the big time. No system can be more foolproof than its users - and the more users the Mac attracts, the more fools there are to abuse it.