New Virus!

Discussion in 'Current Events' started by funkywhat2, Jan 2, 2003.

  1. macrumors 6502a


    Jul 14, 2002
  2. Wes
    macrumors 68020


    Jun 22, 2001
    Yes they could, but the worst it could do is corrupt your windows disc image.
  3. Moderator emeritus


    Mar 25, 2002
    London, England
    Yet another good reason for using a Mac ;) one bothers to write viruses for them because of the 'small' amount of machines that would be hit :D
  4. macrumors 603


    Feb 2, 2002
    My understanding is that no one writes viruses because it's hard to write one for Macs that does any damage... everything is much more secure so there aren't security breaches everywhere to exploit...

  5. macrumors 604


    Jul 4, 2001
    1 Block away from NYC.
  6. macrumors 6502a

    Dec 15, 2001
    I'm waiting for somebody to write one for Mac OS X that attacks the new System-Wide Address Book.. it couldn't be *too hard*. Of course I don't *want* it to happen, but it eventually will.
  7. macrumors 603


    Dec 19, 2002
  8. macrumors regular

    May 2, 2002
    Eindhoven, the Netherlands
    Beware though, any mac folders/volumes you decide to share in vpc will possibly get infected by pc viruses...
  9. macrumors 65816


    Jan 19, 2002
    Virii are primarily written by script kiddies.

    Script kiddies exploit the GAPING holes in Windows, and thankfully OS X lacks these gaping holes.

    There are security problems with OS X (and with every OS), however they are usually beyond the scope of script kiddie talent.

    Also, script kiddies will continue to target Windows exclusively until OS X virii make onto CNN. Marketshare means this is unlikely at the moment.

    In the future, we may see more Trojans, and more elegant penetrations of OS X, likely perpetrated by disgruntled programmers, however, Virus propagation on UNIX is orders of magnitude more difficut than on Windows, so we'll be likely to see stealthy machine control hacks, or DOS attacks.

    I could be wrong...there might be some really smart script kiddies using/hacking *NIX, but I really think teenage gamers are the predominant demographic writing virii, and they primarily use Windows.
  10. macrumors 65816


    Jan 19, 2002
  11. macrumors 65816

    Aug 20, 2001

    Oh come on, this is bullcrap and you should know it. Windows does not spread the viruses, the programs do. All OSX needs to participate in all the virus goodness is a program or two with security holes and the ability to execute the same scripts as are run on Windows (such as Visual Basic).


  12. macrumors 65816


    Jan 19, 2002

    Here's the thing. Windows will accept system level commands from anywhere, and suffers many system level vulnerabilities. Additionally, I am including IE, Outlook Express, and the scripting engine as parts of "Windows", as they cannot be removed, only hidden. Unices use a different model, whereby a hole would have to be found in order to gain access, and then authenticate, and then launch malicious code (for instance via the Apache overflow from several weeks ago). This is not as easy as sending a malicious vbscript to an email client with lax execution policies.

    Even with OSA script, and your guard down, it is giong to be much harder to:
    Penetrate a UNIX machine
    Authenticate within the user space
    Exploit malicious code
    Propagate malicious code

    Here are some things about Windows that make it the culprit:
    Open ports a'plenty
    Lax execution rules
    Weak default settings
    Scriptable mail, VB Script, etc.
    IIS/ASP memory leak/overflow scenarios

    It is relatively easy to make Windows much more secure, but this is easy for me & you, not our dentists, plumbers, etc.

    UNIX is harder to penetrate from the ground up. The UNIX community is proactive about security, where the Windows community is reactive. Sure, there were about the same number of exploit warnings last year for linux, Solaris, and Windows. The problem is the Windows warnings came AFTER the damage was done.

    The availability of Windows exploit scripts on Google is staggering. Many are less than 100 lines of code. They arrive via e-mail, trojan, etc. and are often able to propagate with 0 user interaction.

    UNIX exploit tools enter through more secure doors, FTP, UUCP, telnet, ssh, etc. because the user space is farther from the executable space.
    These exploits require active execution by you or the hacker.

    The bar is simply higher when compromising a *nix box. It requires more knowledge, and knowledge == skill.
  13. macrumors 65816

    Aug 20, 2001

    While you make good points, I have yet to see a widespread Windows virus that does anything that can not be done on a Mac... i.e. resend itself all over, send your files all over, and delete/corrupt everything that you have permission to modify. Far from what is normal for a serious Unix, OSX even offers optional transparent admin accounts to users, which allows many users (and viruses that run under their login) to delete and/or modify most anything on the system.

    This is hardly secure, and not obviously better than what Windows 2k/XP can do.
  14. macrumors 65816


    Jan 19, 2002
    Well, until we see scripted automatic execution of deliverables, without user interaction, the front door is closed & locked.

    On windows the front door is closed, but not locked.

    The admin (default user) in OSX is indeed a very privleged user. However, core level modifications do require authentication. Additionally, system file deletions are made more difficult within the admin user space, as are deletions of other users files.

    I never meant to imply that it is impossible, just that the writers of Klez & CodeRed probably aren't skilled enough to do it. FreeBSD is a damn secure foundation!
  15. macrumors 604


    Feb 7, 2002
    It's not like anything will happen. I download viruses all the time from friends where the virus sends it self. I download it, look at it and laugh. It doesnt do anything. I just throw it away in the ol trash can. The only association a mac gets with viruses is forwarding an email to a windows machine that it will actually affect. I still think if macs were used as much as windows we would be hit with viruses every other day. Have you guys heard about that new sercurity hole when downloding music and something to do with windows media player. boy that is great, no more downloading on my pc.

  16. macrumors 68030

    Les Kern

    Apr 26, 2002
    Well, KIND of. Macro's like Mellissa or Marker "A" are still transferable, but only if you open the PC doc in the Mac environment. Macro's glom on to the Normal template and spread thusly. I really don't worry about it. A few months ago I had 16 THOUSAND infected Word docs on my servers (mostly OSX). The only reason I cleaned them up is because some docs are mailed to the poor PC folks. Other than macros, no PC virus gives a hoot about a Mac. But things change. (Helpful Hint: to lock viruses out of the Mac, LOCK the normal template and instruct users to copy/paste-to-new/rename... and NEVER agree to replace the template!)
  17. macrumors member


    Dec 16, 2001
    Dublin, OH
    Think, everytime a program installs or even wants to mess with something in the system of os x, it sends a pop-up windows asking for authentication. That is why it is harder to write a virus for OS X.
  18. macrumors 603


    Dec 19, 2002
    When they were popular I got the HaHaHa virus at least 10 times and the other one that said "Here are the files" or whatever at least 30 times. It was really funny, at the time I didn't know what it was and one of my friends was saying that he really didn't want to get the hahaha virus and I finally realized that it was I virus that I kept getting. If I had had a PC my computer surely would have died 40 times over :cool: :cool:
  19. macrumors 65816


    Jan 19, 2002
    Here's one to prove my point about Windows insecurity:

    There is a new Windows virus called KillBoot:

    It is a Word Macro!!!!!!!!
    It operates within the Office application space
    It overwrites (and renders useless) the master boot record. This means that the drive needs repair from a very knowledgeable user with a ERD.

    In UNIX, an application (especially an Office application) can not access NVRAM, cannot modify the kernel, etc.

    To attempt this, the Office app (a process of the user) would have to authenticate as root, and screw with NVRAM or kextload (to add a kernel extension, not modify the kernel). This is not an easy task.

    Of course, if malicious code secceeded, the fix would be:
    Reset NVRAM, via cmd-opt-p-r x 5, or open firmware


    Repair the OS install

    Both easy...

    This is soooo difficult in OS X/UNIX, when compared to Windows.
  20. macrumors newbie

    Jan 9, 2003
    Thompson notes mass-mailing Windows viruses were largely unsuccessful in hitting corporations in 2002, with the notable exception of organisations which did implement proper filters.

    Soo, that means that organisations with proper filters were hit!?
    :D :rolleyes:

Share This Page