The philosophical implications of Mac malware

If a tree falls in the forest and nobody is around to detect malware, does it even exist?

Navigating a field of uncertainty and doubt questions

This past week a security vulnerability came to light which raised a philosophical question that sent me into an existential tailspin.

It was, specifically, the headline for an article about that security vulnerability (named "Thunderstrike") that rocked my metaphysical world. That article, over at Extreme Tech, was titled...

"New Apple malware is undetectable, unstoppable, and can infect any Thunderbolt-equipped device"

Now, I don't normally write about Apple-related stuff, In large part because I don't use any Apple gear and I just…don’t…care. But this headline had me thinking.

First, let's get the basics of this vulnerability out of the way. If you have a Mac with a Thunderbolt port, someone can come along and stick something in that port and *shazam* they have infected your system with malware, allowing them to log keystrokes and whatnot.

Now, here's the really brutal bit – it can't (easily) be removed. The exploit uses the Thunderbolt port to gain access to the boot ROM, which means that the malware exists in the boot ROM and not on the hard drive, making existing antivirus software damn near useless in removing the malware and incapable of detecting it at all.

All of that sucks. Super sorry to hear about that, Mac users.

Now, let's get back to that headline. Specifically the "undetectable, unstoppable" bit.

"Undetectable." That means, according to the dictionary, that you can't even find out if it's there or not, because you cannot detect it. This calls to mind the whole "if a tree falls in the forest, and nobody is around to hear it, does it make a sound?" question.

Perhaps a bit more appropriately – "If a MacOS X malware infects a system, and nobody can detect it, does it really take advantage of an exploit?"

I know. Mind blowing, right?

And, let's be honest for a moment, even if you could detect it…it's unstoppable, right? Even if you did know of its existence – which you can't on account of the whole undetectable bit – there's absolutely nothing you can do about it.

It's like that tree… you know, the one that you didn't hear fall in the forest. Suppose you might want to save that tree from falling, only you find that there is no possible course of action that could be taken to keep the tree upright. But, as far as you know, the tree is still standing. Or not. So it doesn't matter.

Now, I don't know a lot about this Thunderstrike exploit, because I run Linux…and not on a Mac. So I'm safe.

But, I tell you what – the question that headline raises are deep. Damned deep.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2015 IDG Communications, Inc.