By John Gruber
Kolide by 1Password ensures that if a device isn’t secure, it can’t access your apps.
Flashback and the E-Word
Monday, 9 April 2012
Last week, after asking DF readers to report if they identified Macs infected with the Flashback drive-by attack and getting about a dozen or so positive responses, I wrote:
Via email and public Twitter replies, I’ve seen reports from about a dozen or so DF readers who’ve been hit by this. And they all seem like typical DF readers — sophisticated, experienced, if not downright expert Mac users. It’s not an epidemic, but it’s definitely real, and insidious.
On Twitter, Ed Bott gave me grief:
So @gruber says FlashBack is “not an epidemic, but it’s definitely real, and insidious.” Erm, 600K infections. Not an epidemic. All righty.
Which raises the question: What qualifies as an “epidemic”? Here’s a 2009 Slate story by Michelle Tsai and Brendan Koerner, regarding swine flu:
The CDC’s official definition of an epidemic is: “The occurrence of more cases of disease than expected in a given area or among a specific group of people over a particular period of time.” Since some diseases become more prevalent or lethal over time, while others become less severe, the CDC must adjust its statistical models to alter the definition of what’s truly more than expected.
Computer malware and human disease are an apples-to-oranges comparison if I’ve ever seen one, but that definition from the CDC strikes me as apt for malware. Evidence collected by several researchers consistently pegs the number of Flashback-infected Macs at about 600,000, which is about 1 percent of the total active installed base:
With 600,000 infections in a user base of 60-70 million, that means roughly 1% of all Macs worldwide have been hit by this thing, which is capable of downloading additional malware at will. […]
By comparison, the single largest Windows-based infection ever was Conficker. At its peak in 2009, it infected 7 million PCs, or about 0.7% of the total Windows installed base.
I’d say a Mac malware outbreak that is more common, on a percentage basis, than the largest-ever Windows infection1 is without question more cases than expected, and thus, I was wrong: epidemic is indeed the right word. Cause for hysteria? No. But an epidemic? Yes.
-
My initial resistance to describing Flashback as an “epidemic” was largely because I had assumed, incorrectly, that the worst Windows malware outbreaks infected far more than 0.7 percent of the PC installed base. Sort of a “Well, one percent is bad, but it’s not that bad” take — but it turns out one percent is record-breaking bad. ↩︎