Exactly why dosen't OSX have the same Virus/Spyware problems as Windows?

eyeon

macrumors regular
Original poster
Apr 7, 2004
161
0
Montana, USA
So, today I went to lunch with a group of people after one of my classes, and over our food, we got on the topic of computer viruses and spyware and all the other numerous Windows user discrepancies. Every single person at the entire table (excluding myself) was saying the same thing about their computers at home. Explaining that the computer all of a sudden ran incredibly slow, and that icons would just appear on the desktop and in the tray, and bookmarks would just appear inside the favorites menu, and they would be fighting off hoards of pop-ups the entire time they were online, and so on and so on... I would squeeze in a word or two edgewise and give some suggestions when I could, until it quieted down. And then I interjected with, "or you could just get a Mac... I've got a Mac, and I never, EVER have ANY of those problems." which got everyone on the topic of WHY Mac's don't have those problems and how they really are nicer and such... Which was good to hear that they were all open minded about eventually owning a Mac, but...

I guess overall, this discussion just got me thinking... One kid who seemed to know a lot about computers was claiming that Mac's don't have problems with spyware and viruses because it is actually much harder to develop spyware and viruses for the Mac platform. I had trouble believing this, but is it true? I had always thought that people who develop spyware and viruses naturally target Windows because it is by far the most widely used OS on the planet. Because OSX is in the minority, spyware/virus developers aren't interested in developing their horrible programs for OSX because they wouldn't be reaching as broad a range of people as they would with Windows. And if this is true, then shouldn't we, as Mac users, try to keep people AWAY from using Mac's? Because if the Macintosh becomes more popular, and a broader range of people begin using it, doesn't that mean that the spyware and virus developers would begin to aim their cannons at the Macintosh platform because of the growing market-share, which would lead to OSX having those same problems that EVERYONE HATES about Windows?

Just curious I guess. Depending on what some of you say, I may stop telling people why and how much I love my Mac, for fear of this potential problem.
 

slipper

macrumors 68000
Nov 19, 2003
1,539
29
the basic architecture of the unix platform of your operating system makes impossible for a virus to spread from mac to mac. but technically a mac is still prone to infection if a hacker manually breaks into your computer and inserts the virus.

for someone to speculate that the reason for no viruses for macs is because of the microsoft stronghold is ridiculous. regardless of that, say macs have a 5% marketshare and have zero viruses compared to the 97,467 viruses for XP, thats still a pretty favorable average.
 

Ringu

macrumors member
Mar 20, 2005
95
0
I've often wondered, if Macs have zero viruses, then are companies that make anti-virus software for Macs just selling scotch mist?
 

robbieduncan

Moderator emeritus
Jul 24, 2002
24,480
9
London
slipper said:
the basic architecture of the unix platform of your operating system makes impossible for a virus to spread from mac to mac. but technically a mac is still prone to infection if a hacker manually breaks into your computer and inserts the virus.

for someone to speculate that the reason for no viruses for macs is because of the microsoft stronghold is ridiculous. regardless of that, say macs have a 5% marketshare and have zero viruses compared to the 97,467 viruses for XP, thats still a pretty favorable average.
This is a gross oversimplification and simply not true. Whilst the Unix architecture makes it less likely for viruses to install and spread all programmers make mistakes. A buffer overrun vulnrability in a core OS component would cause the same sort of problems on OSX as it does on Windows.

OSX has, in it's favour, a better user-level security model and most services turned off by default. So even if a flaw is found in Samba (which powers OSXs Windows File Sharing) it would not be as much of a problem as a similar flaw in Windows as all Macs ship with this switched off and many users will not have turned it on. In addition services like this are provided by daemons running as unprivilged users so a virus attacking them would have to find another vulnrability as well to escalate its access level to install any code.

Hope that all makes sense!
 

dubbz

macrumors 68020
Sep 3, 2003
2,284
0
Alta, Norway
Ringu said:
I've often wondered, if Macs have zero viruses, then are companies that make anti-virus software for Macs just selling scotch mist?
They're nice to have so you can scan you e-mail for (win32) viruses, and prevent it from spreading in case you forward it to others. Your Mac might not get any viruses, but it doesn't mean you can't spread it.
 

Les Kern

macrumors 68040
Apr 26, 2002
3,063
76
Alabama
dubbz said:
They're nice to have so you can scan you e-mail for (win32) viruses, and prevent it from spreading in case you forward it to others. Your Mac might not get any viruses, but it doesn't mean you can't spread it.
That's THEIR problem, not mine. Sorry to be so cold, but that's the fact. I run a Kerio webmail server, so viruses are stripped there. I have to take MY time to help the poor slobs who use XP? Are they going to pay me to run virus checks for them? Nope, so nope.
 

MisterMe

macrumors G4
Jul 17, 2002
10,650
28
USA
robbieduncan said:
.... A buffer overrun vulnrability in a core OS component would cause the same sort of problems on OSX as it does on Windows.

....

Hope that all makes sense!
It may make sense, but that doesn't mean it's true. The reason that buffer overruns on an x86-based OS creates a vulnerability is that all x86 memory is executable. MacOS X runs on the PowerPC. Unlike the x86, all PPC memory is not executable. Presumably, certain buffer overruns can be exploited to run malicious code. However, an executable buffer overrun requires careful memory alignment. The takeaway message is that if MacOS X ran on x86, it would be just as vulnerable to buffer overruns as Linux on Intel. Because MacOS X runs on the PPC, buffer overruns are much less of a concern.
 

robbieduncan

Moderator emeritus
Jul 24, 2002
24,480
9
London
MisterMe said:
It may make sense, but that doesn't mean it's true. The reason that buffer overruns on an x86-based OS creates a vulnerability is that all x86 memory is executable. MacOS X runs on the PowerPC. Unlike the x86, all PPC memory is not executable. Presumably, certain buffer overruns can be exploited to run malicious code. However, an executable buffer overrun requires careful memory alignment. The takeaway message is that if MacOS X ran on x86, it would be just as vulnerable to buffer overruns as Linux on Intel. Because MacOS X runs on the PPC, buffer overruns are much less of a concern.
I was not aware that the PPC architecture supported this :) Very recent x86 processors support this too (via the NX bit). I beleive you need Windows XP Service Pack 2 and a supported CPU (some Athlon-64 and Pentium-IV cpus support this).
 

Eric5h5

macrumors 68020
Dec 9, 2004
2,406
357
eyeon said:
One kid who seemed to know a lot about computers was claiming that Mac's don't have problems with spyware and viruses because it is actually much harder to develop spyware and viruses for the Mac platform. I had trouble believing this, but is it true?
Smart kid. :) As others have said, yes, it's true. Never mind marketshare percentages...there are, actually, a lot of Macs out there, and virus writers/hackers wouldn't mind adding several million OS X machines to their botnets if they could. Plus there's the "bragging rights" factor that would motivate some of them.

--Eric
 

Fukui

macrumors 68000
Jul 19, 2002
1,615
6
robbieduncan said:
I was not aware that the PPC architecture supported this :) Very recent x86 processors support this too (via the NX bit). I beleive you need Windows XP Service Pack 2 and a supported CPU (some Athlon-64 and Pentium-IV cpus support this).
Except that it doesn't need to be explicitly supported in software, the PPC separates the executable memory automatically, no need to mark it with 'NX.' Pretty surprising isn't it.
 

heluani

macrumors newbie
Mar 30, 2005
1
0
Cambridge, MA
Because MacOS X runs on the PPC, buffer overruns are much less of a concern.
The story: Because of buffer overflows now a big part of RAM is not executable, granted. Then people started returning to libc, so now the libraries are at random places. Then people started returning to PLT so now the code of applications starts at random places, ....

The moral: It doesn't really matter how "safe" is the operating system, virii can be coded anyways. I think the point is different and in this one I have to agree with robbieduncan: Windows (like Mac OSX) is meant for a completely clueless user that want to plug in a computer and print over a network without having to do anything else. Actually if I am careful using Windows I am not going to have any viruses in my PC.

When you buy MAC OS, you're paying for a nicely configured Unix with a good graphic interphase. I agree that coding a virus for Windows is much easier than for Unix, but this is so mainly because there's much more people developing and coding exploits for linux, which make the process of patching the kernel much faster than for microsoft.

In the end, I partly share your concerns, if we all used Linux there'll be much more people trying to find flaws in it. If on top of that, Linux was a commercial software then there'll be much less people trying to patch the kernel... we would definitely have more viruses for MAC.
 

MisterMe

macrumors G4
Jul 17, 2002
10,650
28
USA
heluani said:
....

When you buy MAC OS, you're paying for a nicely configured Unix with a good graphic interphase. I agree that coding a virus for Windows is much easier than for Unix, but this is so mainly because there's much more people developing and coding exploits for linux, which make the process of patching the kernel much faster than for microsoft.

....
What in God's name are you saying? On second thought, don't answer that.
 

iBlue

macrumors Core
Mar 17, 2005
19,174
15
London, England
I think another reason Macs are not as susceptible to these sort of infestations is because of the "demographics".... in a manner of speaking.
Almost any old ding-a-ling can write a virus for windows; most people know how to run windows. Not as many know macintosh, so there is a learning curve there. This learning curve might prevent some of the propagation and inspiration to write mac viruses/trojans/etc. A mac user would have to do it... (stereotyping ahead...) and most mac users appreciate them and have some degree of respect for them. The likelyhood of a mac user being so hell bent on destruction just seems lower to me, at least in theory. ;)
 

Fukui

macrumors 68000
Jul 19, 2002
1,615
6
heluani said:
The moral: It doesn't really matter how "safe" is the operating system, virii can be coded anyways. I think the point is different and in this one I have to agree with robbieduncan: Windows (like Mac OSX) is meant for a completely clueless user that want to plug in a computer and print over a network without having to do anything else. Actually if I am careful using Windows I am not going to have any viruses in my PC.
Yep. Its really comes down to two things, windows is easier.
And more people hate MS than apple.

If you read anything about windows and how hard it is to
implement packet filtering for example, there are so many ways
in which to get http data in or out of the system, its very difficult.
So there are architectural issues as well.

If one wanted to, and they tried hard of course someone could
make a virus for anything. Thats of course.
 

IJ Reilly

macrumors P6
Jul 16, 2002
17,915
1,466
Palookaville
Correct me if I'm wrong, but I believe one of the most common vectors for infecting Windows boxes is ActiveX, which in its infinite wisdom, Microsoft gives essentially root-level permissions.
 

SFVCyclone

macrumors 6502a
Feb 24, 2005
518
0
Pasadena, Ca
iBlue said:
I think another reason Macs are not as susceptible to these sort of infestations is because of the "demographics".... in a manner of speaking.
Almost any old ding-a-ling can write a virus for windows; most people know how to run windows. Not as many know macintosh, so there is a learning curve there. This learning curve might prevent some of the propagation and inspiration to write mac viruses/trojans/etc.
there is a learning curve to learn windows too, luckily i dont own a windows machine, i still have that learning curve to climb, i just dont get the home folder and my computer stuff, im sure its easy once i use it but it is just wack.
 

X-Baz

macrumors member
Dec 11, 2002
74
8
Leeds, England
Design

Internet Explorer is built in to the operating system, so any flaw in it is a flaw in the core OS. Internet Explorer runs ActiveX, so that arbitrary code from any website you visit can run without your knowledge (yes I know they have changed the defaults).

But most important is a simple principle that has been known in computer science for years, that Microsoft ignored - partly because of their background in creating non-networked desktop systems and partly because it raises the inconvenience for users - that is minimal permissions at any time ...

Microsoft is now starting to realise this (see Windows 2003 Server and this: http://www.pcworld.com/resource/article/0,aid,120314,pg,1,RSS,RSS,00.asp). Basically, you can do most things in OS X, and most Unixes, without administrator priveleges. In OS X, even if you do have administrator priveleges you need to authenticate to do anything dangerous. And the "root" account, the all-powerful super-user, is disabled by default in OS X. Whereas in XP/2000, it is almost impossible to do anything without at least Power User capabilities and often Administrator privileges. Meaning that any malicious code that does run is allowed to do damage on Windows whereas is quite restricted on OS X (although it could still wipe your Home folder, at least it wouldn't break the system).
 

IJ Reilly

macrumors P6
Jul 16, 2002
17,915
1,466
Palookaville
Most Windows worm/viruses/malware are not directed at wiping out a victim's computer, or even the OS. Typically, they are trying propagate, and/or to use the computer surreptitiously for some nefarious purpose. Installing code that zombifies a PC in order to deploy it as a spambot or for DOS attacks (for example) requires root access. That's free for the taking on Windows, but at least requires entering an administrator's password in OSX. Although we're now hearing about at least theoretical methods for bypassing this basic security measure, it seems to me that the model for security used in OSX is inherently more robust than Windows.
 

mac-er

macrumors 65816
Apr 9, 2003
1,455
0
heluani said:
When you buy MAC OS, you're paying for a nicely configured Unix with a good graphic interphase. I agree that coding a virus for Windows is much easier than for Unix, but this is so mainly because there's much more people developing and coding exploits for linux, which make the process of patching the kernel much faster than for microsoft.

In the end, I partly share your concerns, if we all used Linux there'll be much more people trying to find flaws in it. If on top of that, Linux was a commercial software then there'll be much less people trying to patch the kernel... we would definitely have more viruses for MAC.
It's a Mac, not a MAC.

If you don't know the difference, I don't trust anything else you say.
 

SFVCyclone

macrumors 6502a
Feb 24, 2005
518
0
Pasadena, Ca
mac-er said:
It's a Mac, not a MAC.

If you don't know the difference, I don't trust anything else you say.
I agree, he sounds more like the guy from norton, who said the exact same thing ;) then i remember reading another article on mac bytes that tore that comment to pieces and made it false. :D
 

7on

macrumors 601
Nov 9, 2003
4,940
0
Dress Rosa
all viruses on Windows requires editing of OS files, on Mac OS you can't do this without the user being aware of it. Most people don't target the MacOS because most people would avoid the typing in of their admin password to allow it.

It has nothing to do with a hacker's motivation not to Hack OSX. I was on an IRC server that was attacked my hackers. They managed to get everyone's computer infected with a trojan that messed their computers bad - eventually taking control of one of the ops machine to make themselves ops. They were pissed at me because they couldn't "hack" me so it was just them and I in the chat room. They resorted to just banning my IP using op powers. I'm sure my case isn't the only one of this instance, it's just that creating a virus on OSX is damn near impossible (the address book is encoded by the way). Trojans are fairly easy, but nothing can protect a system from a trojan. All you need to do is create an app that deletes the entire harddrive, change the name of the file to Office 2004 and change the icon and you're done! Trojans fool the user, viruses occur without the user knowing and they affect other machines.
 

GulGnu

macrumors regular
Apr 6, 2003
156
0
This thread (like most threads like this) is becoming a bit silly, with the "it has nothing to do with this, and everything to do with this" arguments thrown around. This is one of those ultra-complex real-world problems that have lots of factors involved, that interact in often unpredictable ways.

But let's list the candidate factors. My take on each one is provided - there are probably more, so feel free to chip in. But these "Factor X is responsible - 100 % - oh yea!" arguments are not really leading anywhere.

So, here we go: (in no particular order)

1.) Market share. This is a factor. A large factor even. There is more malware for Windows for much the same reasons as there is more software for windows.

2.) Network effects. Having a trojan spread is much more efficient if 95% or so of the people it reaches can run it. (As opposed to ~5 %) This amplifies the above effect.

3.) Internet Explorer (Especially pre-SP 2) and Outlook Express (pre-patch) . These were / are security monstrosities, allowing malicious software to install with ease.

4.) Windows security design: Services turned on, a dysfunctional software firewall that allowed anything through during boot-up, buffer overflow exploits , user logged in as Admin, no password prompt for software install, etc - these factors were behind the whole worm nightmare.

5.) Hackers hate Microsoft. Given the professionalization of the hacking industry, this factor has probably diminished in size.

6.) Your factor here.
 

abhi_beckert

macrumors newbie
Jun 29, 2004
9
0
While the more common reasons given (macs are more secure, which they are; and there are more PC's out there, which is also true) are more than valid, they don't explain the one thing that amazes me about our virus haven: zero mac viruses, tens of thousands of PC viruses. Sure, hundreds of mac viruses would make sense, fifty would be pushing it, but zero? I've always thought it was really weird that we have *none* of them, I mean it's not as if it's impossible to create a mac virus, and it there aren't so few macs out there that they're "not worth the effort".

Reading over GulGnu's post (you forgot the PPC vs x86 one btw), these two stuck out for me:

GulGnu said:
2.) Network effects. Having a trojan spread is much more efficient if 95% or so of the people it reaches can run it. (As opposed to ~5 %) This amplifies the above effect.

5.) Hackers hate Microsoft. Given the professionalization of the hacking industry, this factor has probably diminished in size.
Put those two together, and you see that apart from all the other reasons, there's very little actual motivation to write a mac virus. I can only think of three kinds of people who create viruses:

- "Professionals" who do it for spam bots and so on. It wouldn't be worth their effort to write a mac virus, as it'd be dealt with way too fast to bring in any profit worth mentioning.

- Crackers, and they all hate microsoft, and even if some of 'em don't particularly like Apple, there's still an enemy of my enemy element.

- Kids who think that kinda stuff is really cool and haven't gotten far enough yet to realize that Windows sucks. These guys don't know enough to write a mac virus.

What I'm saying is I can't see any of these three groups writing viruses for mac. Though I still find it pretty amazing that we've got zero viruses. Not that I'm complaining mind you! :)
 

gekko513

macrumors 603
Oct 16, 2003
6,302
1
Fukui said:
Except that it doesn't need to be explicitly supported in software, the PPC separates the executable memory automatically, no need to mark it with 'NX.' Pretty surprising isn't it.
I have also heard about this, but this time I thought I would do some research and check up on how this works.

I found this http://c2.com/cgi/wiki?BufferOverflow and http://www.xfocus.org/documents/200408/5.html.

The second documents looks like an experimental buffer overflow "tutorial" for the PowerPC. One of the interesting parts is where it discusses how to circumvent the problem of the separate data and instruction caches on the PowerPC.

The first document explains how buffer overflows on the Motorola PowerPC processors are easier than on other PowerPC processors because Motorola doesn't require unused bits in instructions to be zero.

They both explain that buffer overflows on the PowerPC is more difficult than on x86, but it doesn't look like it's impossible.