Exactly why dosen't OSX have the same Virus/Spyware problems as Windows?

Discussion in 'General Mac Discussion' started by eyeon, Apr 8, 2005.

  1. eyeon macrumors regular

    Joined:
    Apr 7, 2004
    Location:
    Montana, USA
    #1
    So, today I went to lunch with a group of people after one of my classes, and over our food, we got on the topic of computer viruses and spyware and all the other numerous Windows user discrepancies. Every single person at the entire table (excluding myself) was saying the same thing about their computers at home. Explaining that the computer all of a sudden ran incredibly slow, and that icons would just appear on the desktop and in the tray, and bookmarks would just appear inside the favorites menu, and they would be fighting off hoards of pop-ups the entire time they were online, and so on and so on... I would squeeze in a word or two edgewise and give some suggestions when I could, until it quieted down. And then I interjected with, "or you could just get a Mac... I've got a Mac, and I never, EVER have ANY of those problems." which got everyone on the topic of WHY Mac's don't have those problems and how they really are nicer and such... Which was good to hear that they were all open minded about eventually owning a Mac, but...

    I guess overall, this discussion just got me thinking... One kid who seemed to know a lot about computers was claiming that Mac's don't have problems with spyware and viruses because it is actually much harder to develop spyware and viruses for the Mac platform. I had trouble believing this, but is it true? I had always thought that people who develop spyware and viruses naturally target Windows because it is by far the most widely used OS on the planet. Because OSX is in the minority, spyware/virus developers aren't interested in developing their horrible programs for OSX because they wouldn't be reaching as broad a range of people as they would with Windows. And if this is true, then shouldn't we, as Mac users, try to keep people AWAY from using Mac's? Because if the Macintosh becomes more popular, and a broader range of people begin using it, doesn't that mean that the spyware and virus developers would begin to aim their cannons at the Macintosh platform because of the growing market-share, which would lead to OSX having those same problems that EVERYONE HATES about Windows?

    Just curious I guess. Depending on what some of you say, I may stop telling people why and how much I love my Mac, for fear of this potential problem.
     
  2. slipper macrumors 68000

    slipper

    Joined:
    Nov 19, 2003
    #2
    the basic architecture of the unix platform of your operating system makes impossible for a virus to spread from mac to mac. but technically a mac is still prone to infection if a hacker manually breaks into your computer and inserts the virus.

    for someone to speculate that the reason for no viruses for macs is because of the microsoft stronghold is ridiculous. regardless of that, say macs have a 5% marketshare and have zero viruses compared to the 97,467 viruses for XP, thats still a pretty favorable average.
     
  3. Ringu macrumors member

    Joined:
    Mar 20, 2005
    #3
    I've often wondered, if Macs have zero viruses, then are companies that make anti-virus software for Macs just selling scotch mist?
     
  4. robbieduncan Moderator emeritus

    robbieduncan

    Joined:
    Jul 24, 2002
    Location:
    London
    #4
    This is a gross oversimplification and simply not true. Whilst the Unix architecture makes it less likely for viruses to install and spread all programmers make mistakes. A buffer overrun vulnrability in a core OS component would cause the same sort of problems on OSX as it does on Windows.

    OSX has, in it's favour, a better user-level security model and most services turned off by default. So even if a flaw is found in Samba (which powers OSXs Windows File Sharing) it would not be as much of a problem as a similar flaw in Windows as all Macs ship with this switched off and many users will not have turned it on. In addition services like this are provided by daemons running as unprivilged users so a virus attacking them would have to find another vulnrability as well to escalate its access level to install any code.

    Hope that all makes sense!
     
  5. dubbz macrumors 68020

    dubbz

    Joined:
    Sep 3, 2003
    Location:
    Alta, Norway
    #5
    They're nice to have so you can scan you e-mail for (win32) viruses, and prevent it from spreading in case you forward it to others. Your Mac might not get any viruses, but it doesn't mean you can't spread it.
     
  6. Les Kern macrumors 68040

    Les Kern

    Joined:
    Apr 26, 2002
    Location:
    Alabama
  7. Les Kern macrumors 68040

    Les Kern

    Joined:
    Apr 26, 2002
    Location:
    Alabama
    #7
    That's THEIR problem, not mine. Sorry to be so cold, but that's the fact. I run a Kerio webmail server, so viruses are stripped there. I have to take MY time to help the poor slobs who use XP? Are they going to pay me to run virus checks for them? Nope, so nope.
     
  8. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #8
    It may make sense, but that doesn't mean it's true. The reason that buffer overruns on an x86-based OS creates a vulnerability is that all x86 memory is executable. MacOS X runs on the PowerPC. Unlike the x86, all PPC memory is not executable. Presumably, certain buffer overruns can be exploited to run malicious code. However, an executable buffer overrun requires careful memory alignment. The takeaway message is that if MacOS X ran on x86, it would be just as vulnerable to buffer overruns as Linux on Intel. Because MacOS X runs on the PPC, buffer overruns are much less of a concern.
     
  9. robbieduncan Moderator emeritus

    robbieduncan

    Joined:
    Jul 24, 2002
    Location:
    London
    #9
    I was not aware that the PPC architecture supported this :) Very recent x86 processors support this too (via the NX bit). I beleive you need Windows XP Service Pack 2 and a supported CPU (some Athlon-64 and Pentium-IV cpus support this).
     
  10. Eric5h5 macrumors 68020

    Joined:
    Dec 9, 2004
    #10
    Smart kid. :) As others have said, yes, it's true. Never mind marketshare percentages...there are, actually, a lot of Macs out there, and virus writers/hackers wouldn't mind adding several million OS X machines to their botnets if they could. Plus there's the "bragging rights" factor that would motivate some of them.

    --Eric
     
  11. Fukui macrumors 68000

    Fukui

    Joined:
    Jul 19, 2002
    #11
    Except that it doesn't need to be explicitly supported in software, the PPC separates the executable memory automatically, no need to mark it with 'NX.' Pretty surprising isn't it.
     
  12. heluani macrumors newbie

    Joined:
    Mar 30, 2005
    Location:
    Cambridge, MA
    #12
    The story: Because of buffer overflows now a big part of RAM is not executable, granted. Then people started returning to libc, so now the libraries are at random places. Then people started returning to PLT so now the code of applications starts at random places, ....

    The moral: It doesn't really matter how "safe" is the operating system, virii can be coded anyways. I think the point is different and in this one I have to agree with robbieduncan: Windows (like Mac OSX) is meant for a completely clueless user that want to plug in a computer and print over a network without having to do anything else. Actually if I am careful using Windows I am not going to have any viruses in my PC.

    When you buy MAC OS, you're paying for a nicely configured Unix with a good graphic interphase. I agree that coding a virus for Windows is much easier than for Unix, but this is so mainly because there's much more people developing and coding exploits for linux, which make the process of patching the kernel much faster than for microsoft.

    In the end, I partly share your concerns, if we all used Linux there'll be much more people trying to find flaws in it. If on top of that, Linux was a commercial software then there'll be much less people trying to patch the kernel... we would definitely have more viruses for MAC.
     
  13. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #13
    What in God's name are you saying? On second thought, don't answer that.
     
  14. iBlue macrumors Core

    iBlue

    Joined:
    Mar 17, 2005
    Location:
    London, England
    #14
    I think another reason Macs are not as susceptible to these sort of infestations is because of the "demographics".... in a manner of speaking.
    Almost any old ding-a-ling can write a virus for windows; most people know how to run windows. Not as many know macintosh, so there is a learning curve there. This learning curve might prevent some of the propagation and inspiration to write mac viruses/trojans/etc. A mac user would have to do it... (stereotyping ahead...) and most mac users appreciate them and have some degree of respect for them. The likelyhood of a mac user being so hell bent on destruction just seems lower to me, at least in theory. ;)
     
  15. Fukui macrumors 68000

    Fukui

    Joined:
    Jul 19, 2002
    #15
    Yep. Its really comes down to two things, windows is easier.
    And more people hate MS than apple.

    If you read anything about windows and how hard it is to
    implement packet filtering for example, there are so many ways
    in which to get http data in or out of the system, its very difficult.
    So there are architectural issues as well.

    If one wanted to, and they tried hard of course someone could
    make a virus for anything. Thats of course.
     
  16. IJ Reilly macrumors P6

    IJ Reilly

    Joined:
    Jul 16, 2002
    Location:
    Palookaville
    #16
    Correct me if I'm wrong, but I believe one of the most common vectors for infecting Windows boxes is ActiveX, which in its infinite wisdom, Microsoft gives essentially root-level permissions.
     
  17. SFVCyclone macrumors 6502a

    Joined:
    Feb 24, 2005
    Location:
    Pasadena, Ca
    #17
    there is a learning curve to learn windows too, luckily i dont own a windows machine, i still have that learning curve to climb, i just dont get the home folder and my computer stuff, im sure its easy once i use it but it is just wack.
     
  18. X-Baz macrumors member

    Joined:
    Dec 11, 2002
    Location:
    Leeds, England
    #18
    Design

    Internet Explorer is built in to the operating system, so any flaw in it is a flaw in the core OS. Internet Explorer runs ActiveX, so that arbitrary code from any website you visit can run without your knowledge (yes I know they have changed the defaults).

    But most important is a simple principle that has been known in computer science for years, that Microsoft ignored - partly because of their background in creating non-networked desktop systems and partly because it raises the inconvenience for users - that is minimal permissions at any time ...

    Microsoft is now starting to realise this (see Windows 2003 Server and this: http://www.pcworld.com/resource/article/0,aid,120314,pg,1,RSS,RSS,00.asp). Basically, you can do most things in OS X, and most Unixes, without administrator priveleges. In OS X, even if you do have administrator priveleges you need to authenticate to do anything dangerous. And the "root" account, the all-powerful super-user, is disabled by default in OS X. Whereas in XP/2000, it is almost impossible to do anything without at least Power User capabilities and often Administrator privileges. Meaning that any malicious code that does run is allowed to do damage on Windows whereas is quite restricted on OS X (although it could still wipe your Home folder, at least it wouldn't break the system).
     
  19. IJ Reilly macrumors P6

    IJ Reilly

    Joined:
    Jul 16, 2002
    Location:
    Palookaville
    #19
    Most Windows worm/viruses/malware are not directed at wiping out a victim's computer, or even the OS. Typically, they are trying propagate, and/or to use the computer surreptitiously for some nefarious purpose. Installing code that zombifies a PC in order to deploy it as a spambot or for DOS attacks (for example) requires root access. That's free for the taking on Windows, but at least requires entering an administrator's password in OSX. Although we're now hearing about at least theoretical methods for bypassing this basic security measure, it seems to me that the model for security used in OSX is inherently more robust than Windows.
     
  20. mac-er macrumors 65816

    Joined:
    Apr 9, 2003
    #20
    It's a Mac, not a MAC.

    If you don't know the difference, I don't trust anything else you say.
     
  21. SFVCyclone macrumors 6502a

    Joined:
    Feb 24, 2005
    Location:
    Pasadena, Ca
    #21
    I agree, he sounds more like the guy from norton, who said the exact same thing ;) then i remember reading another article on mac bytes that tore that comment to pieces and made it false. :D
     
  22. 7on macrumors 601

    7on

    Joined:
    Nov 9, 2003
    Location:
    Dress Rosa
    #22
    all viruses on Windows requires editing of OS files, on Mac OS you can't do this without the user being aware of it. Most people don't target the MacOS because most people would avoid the typing in of their admin password to allow it.

    It has nothing to do with a hacker's motivation not to Hack OSX. I was on an IRC server that was attacked my hackers. They managed to get everyone's computer infected with a trojan that messed their computers bad - eventually taking control of one of the ops machine to make themselves ops. They were pissed at me because they couldn't "hack" me so it was just them and I in the chat room. They resorted to just banning my IP using op powers. I'm sure my case isn't the only one of this instance, it's just that creating a virus on OSX is damn near impossible (the address book is encoded by the way). Trojans are fairly easy, but nothing can protect a system from a trojan. All you need to do is create an app that deletes the entire harddrive, change the name of the file to Office 2004 and change the icon and you're done! Trojans fool the user, viruses occur without the user knowing and they affect other machines.
     
  23. GulGnu macrumors regular

    Joined:
    Apr 6, 2003
    #23
    This thread (like most threads like this) is becoming a bit silly, with the "it has nothing to do with this, and everything to do with this" arguments thrown around. This is one of those ultra-complex real-world problems that have lots of factors involved, that interact in often unpredictable ways.

    But let's list the candidate factors. My take on each one is provided - there are probably more, so feel free to chip in. But these "Factor X is responsible - 100 % - oh yea!" arguments are not really leading anywhere.

    So, here we go: (in no particular order)

    1.) Market share. This is a factor. A large factor even. There is more malware for Windows for much the same reasons as there is more software for windows.

    2.) Network effects. Having a trojan spread is much more efficient if 95% or so of the people it reaches can run it. (As opposed to ~5 %) This amplifies the above effect.

    3.) Internet Explorer (Especially pre-SP 2) and Outlook Express (pre-patch) . These were / are security monstrosities, allowing malicious software to install with ease.

    4.) Windows security design: Services turned on, a dysfunctional software firewall that allowed anything through during boot-up, buffer overflow exploits , user logged in as Admin, no password prompt for software install, etc - these factors were behind the whole worm nightmare.

    5.) Hackers hate Microsoft. Given the professionalization of the hacking industry, this factor has probably diminished in size.

    6.) Your factor here.
     
  24. abhi_beckert macrumors newbie

    Joined:
    Jun 29, 2004
    #24
    While the more common reasons given (macs are more secure, which they are; and there are more PC's out there, which is also true) are more than valid, they don't explain the one thing that amazes me about our virus haven: zero mac viruses, tens of thousands of PC viruses. Sure, hundreds of mac viruses would make sense, fifty would be pushing it, but zero? I've always thought it was really weird that we have *none* of them, I mean it's not as if it's impossible to create a mac virus, and it there aren't so few macs out there that they're "not worth the effort".

    Reading over GulGnu's post (you forgot the PPC vs x86 one btw), these two stuck out for me:

    Put those two together, and you see that apart from all the other reasons, there's very little actual motivation to write a mac virus. I can only think of three kinds of people who create viruses:

    - "Professionals" who do it for spam bots and so on. It wouldn't be worth their effort to write a mac virus, as it'd be dealt with way too fast to bring in any profit worth mentioning.

    - Crackers, and they all hate microsoft, and even if some of 'em don't particularly like Apple, there's still an enemy of my enemy element.

    - Kids who think that kinda stuff is really cool and haven't gotten far enough yet to realize that Windows sucks. These guys don't know enough to write a mac virus.

    What I'm saying is I can't see any of these three groups writing viruses for mac. Though I still find it pretty amazing that we've got zero viruses. Not that I'm complaining mind you! :)
     
  25. gekko513 macrumors 603

    gekko513

    Joined:
    Oct 16, 2003
    #25
    I have also heard about this, but this time I thought I would do some research and check up on how this works.

    I found this http://c2.com/cgi/wiki?BufferOverflow and http://www.xfocus.org/documents/200408/5.html.

    The second documents looks like an experimental buffer overflow "tutorial" for the PowerPC. One of the interesting parts is where it discusses how to circumvent the problem of the separate data and instruction caches on the PowerPC.

    The first document explains how buffer overflows on the Motorola PowerPC processors are easier than on other PowerPC processors because Motorola doesn't require unused bits in instructions to be zero.

    They both explain that buffer overflows on the PowerPC is more difficult than on x86, but it doesn't look like it's impossible.
     

Share This Page