Fewer Mac Targets
But as a practical matter, could the AFP overflow really become a successful worm? I could see it happening. The key is that, unlike a mail worm, the theoretical AFP worm could do some network reconnaissance. Even if it didnt, an attack wont be quite as noticed as with a mail-based attack. For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.But it could still spread, just not as quickly as a Windows worm because there are so many fewer targets to hit. And of course, a properly configured firewall also could block the AFP attack. The lack of targets is probably the reason why nobody writes mail worms for these platforms. Youd need to seed the worm carefully not only with Mac usersor Linux users, or whomever youre attackingbut with people who had an affected version and who hadnt patched. I can still see it working, but as long as 90-something percent of users are running Windows, it will be harder for a non-Windows attack to gain critical mass. Theres a sort of moral hazard in recommending that people use a particular platform because its not popular. If too many people take the advice, it becomes self-defeating. Theres a good theoretical argument that worms could be successful on Linux or the Mac, and perhaps they will be more common in the future. But for the present, its hard to argue with history. Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis. Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:
More from Larry Seltzer
Lets assume that 5 percent of systems out there are Macintoshes. That means that, scanning randomly, only one in 20 systems attacked could be susceptible. And some percentage of those will either be OS 9 or a patched OS X.