if mac doesnt have viruses then why doesn't windows copy the way mac handles things?

There is no secret to not getting viruses. The reality is, if someone really wanted to create a virus for OS X, I'm pretty sure they can but they don't because the truth is, Apple is very small in terms of OS market share. As OS X becomes more popular, I'm pretty sure they will get a virus or two but it's not true that Apple has built OS X in a way that are giving people a hard time in creating viruses.

All mainstream OSs have malware that relies on social engineering to be successful.

Malware that relies solely on social engineering can be avoided with a little bit of knowledge about safe computing practices.

Malware that relies on little or no social engineering is prevented by the security mitigations within the OS.

Read the content of the following link to learn more about the security mitigations within OS X.

https://forums.macrumors.com/posts/12830926/

Regeta7 said:

It is often said and bragged about that Mac's cannot get a virus.

Click to expand...

This is not neccessarily true. There is simply no/little commercial value in writing malware for OSX. There is far greater a universe out there of Windows users than there are OSX users. Over time, this might change (I hope not), at which point, viruses may be an issue for OSX.

navt said:

This is not neccessarily true. There is simply no/little commercial value in writing malware for OSX.

Click to expand...

What commercial value is there in writing malware for windows

I think its done for the sheer [deranged] enjoyment and the fact that windows has 90% of the marketshare is the reason why we see viruses and malware on windows as much. Plus it MS made it easy in the beginning for those folks to start writing the stuff

Regeta7 said:

If Mac has some sort of secret way for the OS to prevent viruses, what is stopping Windows from copying Mac? Certainly the reason is not a secret, especially with Microsoft being such a powerful company (and certainly having its own corporate spies planted at Apple).

Click to expand...

A lot of it is about user access, Windows 7 does go a long way in getting on par in access restictions acting similar to OSX.

maflynn said:

What commercial value is there in writing malware for windows

Click to expand...

There's no legal commercial value, but there is certainly huge money in it. Many DOS and spam operators use large botnets made up of unknowing Windows users whose PC's have been compromised. These can be rented out for use by other criminals.

I am not a programmer nor a hardware expert.. The best explanation I have ever heard (forget where!) was that Apple builds the hardware as well as the software. Windows makes software.. When you "control" both aspects, you can tighten up the exploitable areas.

Now, there are hundreds of OEM and third parties that build "add-on" hardware to the Windows OS. Because of this, there are "holes" for lack of a better term, to allow addressing of the hardware add-ons.. (video cards, pci cards that do many things..) that are exploited... Historically, as soon as one tries to become a "be-all", failure follows.. Remember Corel Draw? Wasn't a bad vector editor.. As soon as it became a suite that tried to do everything and cover the marketshare, it went to hell. (Listening Adobe?)..

Not a verifiable reason.. just the best one I've heard in the last 15 years...

stridemat said:

If that is the case, then would it not be 'prestigious' to be the first?

Click to expand...

I think there is non-commercial appeal for folks doing his sort of stuff

fat jez said:

There's no legal commercial value, but there is certainly huge money in it. Many DOS and spam operators use large botnets made up of unknowing Windows users whose PC's have been compromised. These can be rented out for use by other criminals.

Click to expand...

While there is some money involved, unless I see some hard statistics, I don't think its material.

Most Windows virus/malware at the moment is "scareware". The virus installs itself, ruins Windows, then pops up a fake antivirus program that says it can remove itself for $49.

stridemat said:

If that is the case, then would it not be 'prestigious' to be the first?

Click to expand...

That's what I always thought, I don't really buy the market share argument. Besides, the market share is not that tiny anymore.

jackc said:

That's what I always thought, I don't really buy the market share argument. Besides, the market share is not that tiny anymore.

Click to expand...

I do think that is a factor, maybe not the biggest reason but a reason.

You also have to remember that Windows XP still has the largest market share.

Many users, typically home/personal users, run admin accounts in Windows XP. Admin accounts in Windows XP do not have DAC enabled in a way that helps prevent malware.

In these accounts, only a remote exploit is required to achieve system level access to be able to install more covert and malicious malware. Remote exploits do not have to be linked to local privilege escalation exploits to gain system level access.

Unless UAC is disabled in Windows Vista or 7, remote exploits have to be linked to local exploits to achieve system level access in these versions of Windows. UAC is implemented in a similar manner to the default level of privilege separation used in OS X.

Linking remote exploits with local exploits has always been a requirement to achieve system level access in Mac OS X since it was released. Also, Mac OS X has a much lower incidence rate of privilege escalation vulnerabilities than Windows as shown in my previous post in this thread.

Regeta7 said:

"If Mac's rarely get any viruses because 'There are no viruses for Macs", then WHY does Microsoft not copy the way Mac handles its OS so that Windows are just as safe?"

Click to expand...

The first thing to understand is "what" OS X has done differently to harden itself against virus. The answer is mostly related to user access rights. A application does not have rights to modify the system. This means if an application is compromised, it is unable to effect the core system.*

This is essentially what MS tried to implement in Vista with UAC. The problem was that Windows was traditionally not used this way, so many ordinary applications would trigger warnings. As a result users would disable UAC, putting them back to square one.

Windows 7 has largely dealt with the UAC problems through more intelligence for when a UAC message appears and better socializing security best practices to application developers.

Windows 7 more or less uses all of the tricks OS X implements, and then some. In general Windows is probably more secure than OS X today.

The good news in that modern OS's have gotten so good at preventing viruses, that traditional viruses are on the decline. Apple basically weathered the storm and came through the rise and fall of traditional viruses more or less unscathed.

But now we are entering a new era of malware. Today's malicious applications are different. Through social engineering, they actually ask the user for permission to be installed. No level of system security can stop these threats so long as the user is the arbiter of permissions.

Enter the App Store. Apples latest push is to discourage (or prevent) users from giving out access by pushing application distribution through a curated store. It should be interesting to see how users react to this loss of authority on their systems, but it's hard to deny that this will lead to increased security...

*This is the theory, but in practice there are many bugs that can be exploited to obtain elevated privileges.

err404 said:

Windows 7 more or less uses all of the tricks OS X implements, and then some. In general Windows is probably more secure than OS X today.

Click to expand...

Both OSs have their benefits and deficits in relation to each other.

But, I do think OS X is ahead in relation to malware.

Secure coding is a security mitigation. Mac OS X has far fewer local privilege escalation vulnerabilites that allow system level access.

The following links show the incidence rates for local priv esc vulnerabilities per OS for this year up to today.

Mac OS X = 1 (http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Mac+OS+X+gain+privileges+2011)

Windows = 45 (http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=microsoft+gain+privileges+2011)

Also, Windows leaves open some exploitation vectors that OS X has secured.

Protected storage in Windows does not implement access controls on stored items. So, any application that has access to protected storage can collect the data and transmit it outward.

The access controls used with keychain in OS X only allow the app associated with the keychain item to access the data within the keychain item.

Other examples are included in the following link.

https://forums.macrumors.com/posts/12830926/

The other day I went over to help my cousin with a Windows XP problem. She couldn't print to an HP 8500 printer. I went through the support pages on hp.com and the suggestions basically amounted to "wipe out all hp drivers and reinstall." It reminded of what I was told back when I called HP for help with one of their printers on Windows. They told me to keep trying to re-install the driver until I "got lucky". No thanks. Anyway, I found the "basic" driver on hp.com and it was 240 meg. 240 meg for a basic driver. Again no thanks. I found workarounds so she could print and scan without resorting to the hp solution center which simply put up a black screen and moved on.

Next came Windows Genuine. It took several trips to the command prompt and several reboots to get rid of that turkey.

Next came Antivirus. I wanted to delete the subscription based antivirus she was using and install AVG. Luckily I noticed her subscription ran through 11-2012 so I left well enough alone.

I then walked over to her win 7 box. It had norton crapware installed by the manufacturer and required her to find an obscure greyed out link to avoid purchasing norton security essentials every time she booted.

For many of today's Windows antivirus solutions, the cure seems like it is worse than the disease.

Both her computers were slow. The old beater XP box was astoundingly slow but the brand new 17 inch Toshiba laptop win 7 box was an hourglass factory in its own right.

Of the 2+ hours I spent tinkering with her machines, I wasted almost half the time on Windows Genuine and Antivirus issues. This points to something I wish MS would do to copy Apple. I wish MS would put Unix underneath Windows. I know they will say windows has finally grown up to be an OS in its own right and not just a graphical wrapper on top of DOS, but what sort of an OS is windows?

Unix is written from the ground up as a multiuser OS. This means important system files are not writable by non-root users. On windows, there are rudimentary safeguards intended to steer prying eyes away from the windows\system32 folder but by default any user can run cmd and type cd %system root%\system32 and then type del *.* and get away with crippling their machine. In fact, I'm sitting here on win 7 enterprise as I type this and I just went to the folder and did a "dir /ar" to see how many files are not user writable. Guess how many? One. someobscureapi.dll has its write-protect flag set. The other 3,000 files can be deleted by me. Plain old me. Plain old not logged in as root me. This means that any batch file or exe file that runs as me can overwrite, delete or modify the fundamental underpinnings of the OS. No hacking required.

Compare this with OS X (or Linux or any other *nix) where files I can write are confined to /Users/myuserfolder. Sure it is possible to write an exploit in Unix that runs as a user but obtains root priveledges but on windows it's not even necessary to think that hard. All you need to do is want to do something and it's done. If only MS would adopt a Unix layer beneath windows we might begin to see the end of the era where easily doing harm to a system is the rule rather than the exception.

There is some validity to the market share theory that fewer virus authors attack OS X because there are fewer targets but I assert that it is also a harder target because OS X is built on Unix which was initially conceived as a multi user OS where with few exceptions nobody is root unless they try to be. On windows, everybody is root all day every day and a highly destructive attack is much easier to mount.

I'm surprised no one has brought this up.

OSX is basically running Unix. It's built on top of a unix-like file system (I mean, it is technically BSD).

On the other hand, Windows is built on top of MS-DOS, and the NT architecture.

Unix was built from the ground up with many users in mind. It was built for large businesses to have many users all running instances on one mainframe.

This means Unix has built in permissions and had to take into careful consideration user interactions so that one user couldn't get into another users files, or the OS itself.

Windows on the other hand has always been a consumer system. From the get-go it was intended for a single 'family' user. There wasn't an operating system to run into because it could only run a single application at a time, and when the application was in control, the OS literally wasn't. Seriously, applications in the DOS days had to signal to DOS to start back up when they were finished.

So what happened? Well sure, Windows has grown to accomodate multiple users, but the subsystem it relys on (DOS), and even into NT, really doesn't have much security across users. They've tried to steal some Unix-like permissions, but it really hasn't worked out that well.

On the other hand, Unix is sturdy as ever, having the systems in place from the get-go it's in much better shape.

So the point is, even if Mac and Windows market share were equal, Mac would be less susceptible to viruses and hacking due to the robust nature of its Unix underbelly compared to the single-user oriented DOS/NT that Windows relies on.


This also explains why Windows can't copy Mac, and why it isn't really Mac that is responsible for the lack of virus, it's Unix. If Windows wanted to become more like Unix, they would have to rewrite everything, and that just isn't going to happen.

blackbinary said:

I'm surprised no one has brought this up.

...
So the point is, even if Mac and Windows market share were equal, Mac would be less susceptible to viruses and hacking due to the robust nature of its Unix underbelly compared to the single-user oriented DOS/NT that Windows relies on.


This also explains why Windows can't copy Mac, and why it isn't really Mac that is responsible for the lack of virus, it's Unix. If Windows wanted to become more like Unix, they would have to rewrite everything, and that just isn't going to happen.

Click to expand...

You mean nobody brought the up the Unix issue except me, 2 posts above yours?

Of you mean nobody brought up that even if the two had equal market share, Windows would still have more viruses? I tend to agree but I didn't want to go that far knowing that the number of hackers trying to ruin OS X is tiny compared to the legion spending every day and night attacking Windows. If the market share was equal, the virus playing field wouldn't be quite as lopsided as it is today.

As for MS cannot copy Mac? Why not? Apple dove in and created a situation where any pre OS X app had to run in a special emulation mode. MS could get off their butts and do this. Any pre windows 9 app must run in a "dos bottle" and starting with windows 9 forward all apps must be written to these new unix apis. Yes they could. Will they? Well I have to agree with you that they can't because turning Microsoft is like trying to steer an aircraft carrier sailing at full speed. It will probably not happen.

blackbinary said:

On the other hand, Windows is built on top of MS-DOS, and the NT architecture.

Click to expand...

That's not true. No version of Windows since 2000 have had anything from the legacy DOS world outside of a virtualized environment for backwards compatibility. They are based upon the NT kernel, which was largely modeled off of VMS. The NT kernel has supported process ownership from multiple users since the beginning and long ago was tweaked for multiple login support from a partnership with Citrix.
I feel bad for the NT kernel team. The core of Windows is actually very good, despite some poor dicisions early on to improve performance (For example video drivers used to run at a kernel level enabling bad drivers to cause BSOD).
The big issue for Windows has always been that the application layer doesn't fully embrace the kernel's potential for process isolation. For the last decade Windows has supported running as a limited access user account, but the dev community was slow to adopt. This lead to many applications requiring the user to have Admin permissions to run properly. For years even MS's own applications required Admin rights.

Basically MS has been unable to enforce proper security because backwards compatibility would suffer. Apple made a bold move and started from scratch with OS X.

http://www.roughlydrafted.com/2009/01/29/the-mac-malware-myth/

Considering there are millions and millions of OS X machines in use and almost none of us have any anti-virus or other malware protection, you'd think we'd be sitting ducks to the bad guys. They should come after us with a vengeance, but they don't, because it is a very difficult nut to crack.

Think of it like this: If you are a criminal or even just a mischievous soul, would you hang out in the neighborhood with 20,000 houses that all have big security systems and are constantly talking about the evils out there, or would you visit the neighborhood that only has 4,000 homes, but the people that live there don't even both locking their doors? Keeping in mind that all of your evil havoc-wrecking buddies are in the bigger neighborhood?

I've always seen security through obscurity as a bogus argument. If OS X was easy at all to penetrate, the bad guys would be all over us.

jive turkey said:

I've always seen security through obscurity as a bogus argument. If OS X was easy at all to penetrate, the bad guys would be all over us.

Click to expand...

Call me pedantic, but it's security through minority. Obscurity is the Windows approach, i.e. the code is closed source, so bugs have to be discovered through trial and error, not through examining the source code.

http://en.wikipedia.org/wiki/Security_through_obscurity
http://en.wikipedia.org/wiki/Security_through_obscurity#Security_through_minority

In 2011, the viruses on Windows aren't the same epidemic that they were 5 years ago. A fully patched Windows 7 install using Chrome as the browser is quite secure (People, DO YOUR UPDATES!). The biggest worry for today's Windows users should be trojans, but the same should be said for OS X.

FTR - I love OS X and use it exclusively on my personal machines. OS X has a great track record in the security area, but security shouldn't be a primary concern for new users choosing a platform.

err404 said:

The biggest worry for today's Windows users should be trojans, but the same should be said for OS X.

Click to expand...

The difference between the sophistication of malware that targets each OS is significant.

Mac Defender is a glorified phishing scam that requires users to explicitly give up their credit card number to be successful.

Some variants of TDL-4 have been able to bypass UAC in Windows 7 to covertly have complete access to the system.

http://www.securelist.com/en/blog/337/TDL4_Starts_Using_0_Day_Vulnerability

The reasons for this discrepancy are shown in my previous posts.

https://forums.macrumors.com/posts/12932499/

https://forums.macrumors.com/posts/12830926/