Windows & Macs Need Side Impact Crash Testing

So what is it, do you need anti-virus sofware on a Mac or not? First Apple said yes, now they saying not necessarily... that it may add “additional protection.” (See these Network World articles about the orginal note and it being taken down this week.) The original note does contradict Apple’s marketing prowess as a platform that doesn’t need anti-virus software. You wonder if Apple was beginning to have second thoughts, or was it was merely a statement that slipped through the cracks and wasn’t vetted properly (as suggest by Rich Mogul in a recent CNET article.) I’d love a world where you didn’t have to worry about viruses and malware, but most view Apple’s smaller marketshare as why Macs aren’t targeted as frequently by attacking worms and malware. On the contrary, that complacency creates the perfect environment for attackers, and Mac’s rise to 7% marketshare is nothing to sneeze at, especially if a larger proportion of those are home users who are less security savvy and are more prone to attack. Mac OS X obviously needs a AV software added. Hmmm, maybe not so fast.

Is putting AV software on Macs really the right answer? We’ve done that on Windows PCs for years, but even that approach may be changing. The media heralded Microsoft’s move to take OneCare out of the retail market as a failure by Redmond. I say that’s jumping to conclusions too fast. OneCare’s free anti-malware replacement, Morro, could be a move by Microsoft to bring anti-malware capabilties closer to becoming part of the OS and cloud services. At least that’s the subtext I see in Microsoft’s pullout of the retail AV market.

Windows 7 is becoming much more aware of all the devices you use and helps you manage those devices. Our online digital lives don’t just happen on a single device anymore. Our digital life is spead out across computers at work, home PCs, SmartPhones, PDAs, cell phones, game consoles, and SaaS/S+S services, and online applications, games and social networking sites. All of those devices, services and sites are the real threat surface for attackers. Compromising any one of them could lead to compromising other or all the environments we operate in.

How does all this relate to Morro? Just as Windows, Mac OS X, Red Hat Linux OS have automatic patching facilities for security vulnerabilities and software updates, Morro may be the next step of OSs including malware monitoring, detection and prevention. The argument can still be made that a third party is required to so the fox isn’t watching the hen house. But I say the underlying software and service has to be much better at protecting itself from attacks.

Would you expect to buy a car, drive it off the lot, and then go driving around town shopping for seat belts, airbags, headrests, ABS brakes, upgraded head and tail lights, and aftermarket crumple zone enhancements? No, we expect our vehicles to include the best safety systems available, with new improvements and innoviations driving the market to bring us even safer vehicles next year. We’ve seen steady improvement from car safety testing year after year. Maybe what we need is the software equivalent of side impact crash testing.

Like this? Here are some of Mitchell's recent posts.

Mitchell's Book Recommendations: Also visit Mitchell's other blogs and podcasts:

Visit Microsoft Subnet for more news, blogs, opinion from around the Web. Sign up for the bi-weekly Microsoft newsletter. (Click on News/Microsoft News Alert.)

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2008 IDG Communications, Inc.