OS X Viruses: What's the truth?

Discussion in 'General Mac Discussion' started by Blue Velvet, Feb 8, 2005.

  1. Blue Velvet Moderator emeritus

    Joined:
    Jul 4, 2004
    #1
    Recently, I've been reading a well-circulated argument that OS X doesn't have any viruses because Macs have too small a market-share and nobody would bother etc. Sounds like MS FUD to me...

    In fact, I read one idle boast on these forums a couple of days ago (I'm not going to embarrass the poster) that they could easily produce one tomorrow if they wanted.

    Earlier today, on another site, I read a counter argument that went something that went like this... OS X is a highly desirable target for virus writers because:

    • There are tons of viruses out there for Windows. Write one and your name is just one more of many...
    • Write a successful OSX virus and you'd be the first. Your name would be top of that list and you'd make computing history.

    I also read that OS X's structure/design is such that viruses wouldn't gain a foothold because of the accounts/root etc. setup...

    So, honestly, what's the truth here?
     
  2. SilentPanda Moderator emeritus

    SilentPanda

    Joined:
    Oct 8, 2002
    Location:
    The Bamboo Forest
    #2
    The truth is a dead horse on a never ending rotisserie of pain.

    It's also been spotted with bigfoot.
     
  3. Blue Velvet thread starter Moderator emeritus

    Joined:
    Jul 4, 2004
    #3

    Gee. Thanks... :D

    OK then. How about some informed opinions?
     
  4. Jaffa Cake macrumors Core

    Jaffa Cake

    Joined:
    Aug 1, 2004
    Location:
    The City of Culture, Englandshire
    #4
    I don't know about the technicalities of how to go about developing an OS X virus, but there is a degree of complacency (some would say arrogance) in the Mac community about our lack of viruses.

    There are also a lot of people out there who have a very strong dislike of Apple, and I can imagine some of them who really love to rub our collective noses in it by releasing an OS X virus into an unsuspecting world...

    The kudos of being the first and tarnishing Apple's reputation is a very strong incentive – and I've no doubt that people have tried and are trying to develop a virus. :(
     
  5. jackieonasses macrumors 6502a

    jackieonasses

    Joined:
    Mar 3, 2004
    Location:
    the great OKLAHOMA....
    #5
    A strong incentive indeed. Too bad for the most part the market share is false. Heck, any OS is vulnerable. But, OS X is much more stable, with less gaping holes. IE on wintel's has so many open paths, it isn't even funny. Now i am not saying that a virus can not be written, but Apple's software team will patch that one up more than quick. we will be fine for a while.


    and according to you I am arrogant when it comes to virus susceptibility....

    I agree :D I am arrogant.
     
  6. Jaffa Cake macrumors Core

    Jaffa Cake

    Joined:
    Aug 1, 2004
    Location:
    The City of Culture, Englandshire
    #6
    Agreed. As I say, I've no doubt people have tried to concoct a virus – we've not seen any surface yet for the reasons you describe.

    And just say it's confidence, not arrogance. :D ;)
     
  7. KershMan macrumors 6502

    Joined:
    Feb 10, 2003
    Location:
    VA, USA
    #7
    By default OS X has been more secure than all flavors of Windows until XP SP2 out of the box. The reason is that in OS X all ports and services are turned OFF by default. So, unless a user opens up something a hacker will have a hard time getting in. There are always ways, unless you never connect to a network. Browsers will always have issues.

    Turn on the OS X firewall and you have even more protection. MS finally learned this and in XP SP2 the firewall is to set to on as a default and services/ports are closed.

    There is still a mess of other problems with Windows. Virus, malicious code, spyware, etc. These things don't effect OS X right now because nobody has really taken the time to do it. It could be done. Any operating system is vulnerable.

    However, OS X, as other UNIX flavors, has some built in protections. OS X enforces Discretionary Access Controls in the way of users, groups, and others. So, unless you login as the root user or a full admin account, a virus will be limited in what system areas it can touch and infect unless there is a fairly big vulnerability it is exploiting. Without higher privileges/access, your home folder is the most suseptable to a virus. It is much harder to wipe out your System folder.

    With Windows, most users just have one account that has full administrative rights to the box, so if you get hacked that account has access to everything. I think this would be really hard in OS X because many items need root privileges or you have to supply an admin login/password to access them.

    But, you are never completely safe. I believe that Mac users who do not use virus software are asking for trouble. Especially if you operate in a mixed network. Even if a virus doesn't infect your system and cause problems, if you pass it on you can be found liable in many circles.

    Bottom line is it is probably easier to protect OS X, but you should not take that advantage for granted.
     
  8. Makosuke macrumors 603

    Joined:
    Aug 15, 2001
    Location:
    The Cool Part of CA, USA
    #8
    The pendulum swings both ways. The small market share is, as was pointed out, makes us as much a target as it protects us.

    That said, more than just the small target is the fact that to write a decent OSX virus you'd actually have to know your way around OSX, and the vast majority of hackers probably don't own a Mac or care enough to go and buy one, then learn it, just to attack the platform. Those who are experienced enough to pull it off are probably already Mac fans, and so might not want to anyway.

    The fact that we have a very small market share also decreases the chance of successful spread in the wild if something does get loose. Even if a virus sent itself to everybody in my address book, the chances are that only one or two might use a Mac, and they might not even open it. If they did, the only other Mac user they might know is me. Hence, no spread.

    Of course, there've already been effective Trojans released on filesharing networks posing as Mac files, but again, no vector to spread, hence they were limited to people downloading bootleg Office copies and the like.

    That said, OSX is, proveably, more hardened against viruses and external attacks than Windows. The fact that Mail is much more solid than IE and Outlook (with their ActiveX and VB scripting holes) aside, for a virus to effectively embed itself in the system and do any damage outside your home directory, it needs an administrative password. The system is also less prone to holes than Windows--if for no other reason than it's built on 20 years of multi-user environment hardened against attacks--and the newest version of OSX won't even let you double-click a document to open an application unless you've already done it with that app once before, preventing auto-run exploits.

    We're not immune, and being cocky is a recipe for disaster, but it's not as easy to write a virus for OSX, nor would one spread as effectively if it were produced.
     
  9. AtHomeBoy_2000 macrumors 6502a

    AtHomeBoy_2000

    Joined:
    Feb 3, 2005
    #9
    I have no doubt that in time there will be a major one for Mac (even if Microsoft has to pay someone to develope it). However with that bing said, I do believe that OS X is MUCH better writen that Windows, therefor making a virus less able to weasle in. While Macs small marketshare very well may be a reason that it hasnt gotten any viruses yet, You would think that at least a few noticable SMALL ones would have crept in. Even if OS X gos widespread and attracts a few small ones, it probably took more effort to make it than a small virus on a PC. I knew high school kids who could write a virus for PC.
     
  10. JDar macrumors 6502a

    JDar

    Joined:
    Dec 7, 2003
    #10
    The most definitive information I've seen is David Harley's "Viruses and the Mac" FAQ on one of the several USENET virus groups. Sorry I cannot point you exactly to it--I got bored reading it after a while and deleted it from the newsreader. Should you not run across it please let me know and I'll look it up and pm it.
     
  11. daveL macrumors 68020

    daveL

    Joined:
    Jun 18, 2003
    Location:
    Montana
    #11
    A couple of years back there was a security company (I think) that ran a contest offering US$13,000 to hack a Mac they had up on the 'net without any special security protection. The prize was never claimed.

    Having said that, I personally ran a large development environment more than a dozen years ago that was all Unix. The Internet was in it's youth. We allowed news feeds and external email. I was upgrading a bunch of servers one weekend, and I actually caught a hacker in the act of trying to gain root access to the machine I was on. Suffice it to say we realized our vulnerability and immediately started to lock everything down. An open Unix-based system is just as vulnerable as a Windows box, but it's far easier to secure the Unix box. With Windows, it's damn near impossible.
     
  12. stubeeef macrumors 68030

    stubeeef

    Joined:
    Aug 10, 2004
    #12
    ROFLOL!!!!!!!!!!
     
  13. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #13
    Semi-OT...but do people typically run anti-virus on Linux boxes? My impression is no, but I'm not sure at all. What about in the corporate setting where Linux machines act as servers, etc? Do they have any form of virus protection, or are the hatches just considered battened down enough (sorry) by other security measures that it is not considered necessary?
     
  14. Apple Hobo macrumors 6502a

    Apple Hobo

    Joined:
    Mar 19, 2004
    Location:
    A series of tubes
    #14
    Link

    It's somewhat dated. It also didn't have any mention of OS X.


    The TV show The Screen Savers had a similar contest years ago. They set up a PC and a Mac and gave out the IP address of both machines. Within minutes the stupid script kiddies blasted the PC with DoS attacks (which also blocked the real skilled crackers from trying to bust it). The Mac went untouched for several days. Leo Laporte was pissed at the DoS kiddie crap. ;)

    There are open source AV apps, but I don't know much about them. Clam AV Clam AV 2
     
  15. dsharits macrumors 68000

    dsharits

    Joined:
    Jun 19, 2004
    Location:
    The People's Republic of America
    #15
    Great. So we can be more secure by using XP SP2, where we don't need a virus to corrupt the computer, because it will just rot from the inside. Thanks, I'll stick with OS X.

    Daniel
     
  16. Sun Baked macrumors G5

    Sun Baked

    Joined:
    May 19, 2002
    #16
    Infinit's "Crack a Mac" challenge...

    Those were the OS 9 Servers, which were basically impossible unless somebody left an admin application open and running, or used an extension that left holes open.

    OS 9 was much more secure, but OS X can do so much more for a server.
     
  17. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #17
    Doesn't really sound like anything that would get used a lot for desktop installations, but it might be really useful on a mail server. But I'm guessing it isn't in service a lot in commercial linux installations? And none of the distros really come with any kind of AV functionality out of the box, right? Hmmm....

    I guess my point is just that, with respect to the idea that MacOS users who don't AV are asking for it, it might be true, but we're not the only ones who follow that practice....
     
  18. SilentPanda Moderator emeritus

    SilentPanda

    Joined:
    Oct 8, 2002
    Location:
    The Bamboo Forest
    #18
    There are already a great deal of "informed" opinions in the archives. The conclusion is that there is no conclusion.
     
  19. pigbat macrumors regular

    Joined:
    Jan 18, 2005
    #19
    Listen to what everyone here is telling you. Every OS is vulnerable.

    Also, take a look at the history of Unix. Developed in 1969 and there have been no major virus outbreaks. This should give you a relative level of comfort but believe me, there are people trying out there. It never hurts to be a little paranoid.

    Fortunately, the most dangerous exploit I've seen in the last 15 years is the ping of death.
     
  20. JDar macrumors 6502a

    JDar

    Joined:
    Dec 7, 2003
    #20
  21. dxm113 macrumors member

    Joined:
    Jan 22, 2005
    #21
    i actually had a virus once upon a time. . .

    Take it for what it's worth. . .

    beware of files coming from apps common to multi-platform OS's (i.e. MS Office docs).

    When I was connected to my old college network, I was sent a corrupted MS Word doc from a friend. While the trojan did no damage to my computer (Mac OS 9.1), it managed to infect all of the Word files in the same folder. Using Virex the trojan was easily eliminated.

    He had sent me this doc so he could use my computer to finish his term paper on time. Turns out the this virus ate his computer (Windows 98) from the inside out, and when he emailed the file to his prof. the same thing happened to her computer.
     
  22. bousozoku Moderator emeritus

    Joined:
    Jun 25, 2002
    Location:
    Gone but not forgotten.
    #22
    Embarrass me all you want, or I will. :D I don't believe that I said tomorrow but just that I could. It's not a satisfactory endeavour, though.

    It's not that difficult to write one but research and distribution are the most difficult things.
     
  23. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #23
    So you're saying the trojan was able to replicate in MacOS but not take action? I'm guessing through some mechanism involving Word macros?
     
  24. Veldek macrumors 68000

    Veldek

    Joined:
    Mar 29, 2003
    Location:
    Germany
    #24
    If this is true, then the introduction of the Mini makes it more probable that we will get a virus soon. :(

    That’s exactly what I thought when I read BVs post.
     
  25. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #25
    If it's not difficult, then why has it not been done?
     

Share This Page