• United States



Have Mac users become the Typhoid Marys of the Internet?

Apr 12, 20123 mins
CybercrimeData and Information Security

Yesterday, I suggested Mac users should “suck it up” now that it’s clear Apple devices aren’t impervious to attack. One reader points out that the issue is about more than that. It’s really about Mac users wising up to the possibility that they’ve been malware carriers infecting the rest of us, all because they smugly thought they were immune.

Mark Frautschi compares these users to Typhoid Mary.

Typhoid Mary, real name Mary Mallon, was the first person in the United States identified as an asymptomatic carrier of the pathogen associated with typhoid fever. She was presumed to have infected some 53 people, three of whom died, over the course of her career as a cook. (Description taken from Wikipedia.)

Frautschi wrote to me:

“I like to ask Mac and Windows users ‘Do you know who Mary Mallon was?’ To Mary, that was just her name. She was an Irish-American cook at the turn of the last century. She is better known however as Typhoid Mary because of the virus she carried but was immune to. Macs operated by ignorant users are perfect Typhoid Marys for organizations from families to multinationals that operate heterogeneously.”

How’s that, you ask? Frautschi explained:

“They can carry a unlimited number of PC viruses past firewalls and then spread them to servers and clients without ever exhibiting a symptom. They are worse than flash drives because they are draped with a social respectability of being ‘more secure’ and because they get used more on LANS and can send emails. As you point out, being thought more secure is an illusion. A costly one.”

Truth be told, I never thought of Mac users that way. But considering how Macs and PCs are often so intertwined in office environments (including my own), I think he may be on to something.

“I have seen Macs carried freely in and out of government and private industry facilities while PCs get the third degree and it frankly scares me,” Frautschi continued. “Raising the issue with people who are paid to worry about security would often produce blank stares. Hopefully it no longer does.”

He said Mac users (and those who manage Macs) need to do what Windows users (and those who manage Windows servers and clients) do, which is to plan for defense in depth.

“Perhaps the simplest way Mac users could get into this game is to install endpoint protection, for example the free home edition of Sophos Antivirus for Mac,” he said. “I run it on servers and clients standalone.” He added that the regular version can be managed locally by the IT staff, but other than that the products seem to be identical. “I have used it since before it became a free standalone product,” he said. “I even use it to disinfect PC drives hooked up to a Mac, leveraging the Mac’s relative immunity to PC viruses. I do not know if it addresses Flashback. I have no affiliation with Sophos other than being their former customer.”

With that, he thanked me for my time and asked that I go wake up some Mac users.

Mac users: Consider yourselves woken up.