Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
if mac doesnt have viruses then why doesn't windows copy the way mac handles things?
- Thread starter Regeta7
- Start date
- Sort by reaction score
One good example of the "commercial", or rather criminal benefit of Malware is key-loggers and trojans designed to steal passwords and account information. The best specific example I have is WoW-related key-loggers, where a gold-seller company will use the account details they have gleaned from key-loggers and trojans on people's computers, then "hack" their account (i.e. log in with the details they've just gained), strip the account of all gold (selling gear etc.) and trade the gold to one of their gold distribution accounts. This gold is then sold for real money. Meaning that malware in this case has a monetary benefit to the creator. The usual distribution of these has been trough the gold-seller websites themselves, embedded in Flash advertising on WoW-related websites, and through 3rd party add-ons for WoW.
Bank account details was another, but online banking usually uses external authentication devices for added security (so does WoW, but it's only optional). The usual scam there tends to be phishing, but that's up to the user not to fall for it (phishing also being one of the main concerns for WoW account details being stolen).
I sadly don't have any statistics to satisfy you, but this does highlight that malware does sometimes have a commercial/criminal monetary purpose behind it.
Those are examples of financial gain from malware but not of financial gain via commerce of malware.
There are commercial motivations to develop malware; more specifically, there is commercial value in developing malware toolkits.
Various shady forums have malware toolkits being advertised for sale by their developers.
Whether or not a malware toolkit will be successful in the wild is part of the marketing put out by the developer.
Malware toolkits for many successful examples of malware, such as the SpyEye/Zeus toolkit, are commercially successful to their developers.
True, but the vulnerability that was exploited by TDL-4 remained unpatched for many months from the time it was discovered via Stuxnet in July 2010 until it was patched on Dec. 14, 2010 (http://www.microsoft.com/technet/security/bulletin/MS10-092.mspx).
This task scheduler bug was being used in the wild in TDL-4 during some of that time frame. This is shown via press releases about TDL-4 using the task scheduler bug prior to the vulnerability being patched.
Dec. 7, 2010 -> http://threatpost.com/en_us/blogs/tdl4-rootkit-now-using-stuxnet-bug-120710
Last edited:
First of all it's not Windows vs Mac, Windows is an Operating System (software). A Mac is a complete computer system to include hardware and Operating System. What you're likely referring to is Windows vs OSX.
It's all about the exposure and attention to the general public. OSX doesn't make much of a dent in the global computer world in terms of marketshare compared to Windows. XP was introduced back in Oct 2001 and is still being used today and is supported by Microsoft. Think about that then think about how much time coders had to come up with threats to the OS.
Believe me, if the tables were turned and 80-90% of the marketshare of computer OS's were on OSX, you'll definitely see viruses and every other threat known to plague Windows also on the OSX platform. Think about it this way, if you're going to pick on someone in school, would you garner most respect and attention by picking on the weakest and most insignificant student or would you rather go up against the popular, high-profile kids? Whether Mac lovers choose to accept it or not, Windows machines are the popular, high-profile kids.
Can OSX get viruses? I'm sure it can if enough time were put into coding and exploiting OSX. In fact in many public hacking contests, OSX machines were the first to get hacked remotely, however hacking and viruses are a tad different.
Even though by true definition, 10.6.x hasn't gotten an actual virus, Windows 7 (to be fair, comparing each company's latest product) hasn't got much "viruses" either. Yes there's a ton of "threats" and "trojans" and such for Windows 7 but OSX also has trojans, rootkits and other threats also.
People blindly state that "Windows has tons of viruses" but there's many versions of Windows being used and still supported by Microsoft. Keep in mind that many of what could affect Windows 98 can't affect XP... many threats that were made for XP no longer works for Windows 7.
The single largest threat to Windows (and OSX) are malware. I haven't seen an actual virus show up during any virus scan and we use Kaspersky Enterprise 2011 and it rarely turns up anything. Trojans are a threat to both OSX and Windows because like the name implies, it's all about tricking the user into thinking it's 1 thing when it's something else underneath. For that I feel the real threat is the user who has to be duped into clicking on something in order for the trojan to take effect.
Now what is Microsoft doing to combat all the attention, well anyone who uses Windows often knows how often Windows Updates come flowing through, they are very fast to update things. A lot of people complain about those updates but from a professional perspective, a software company who steadily does everything they can to keep their product updated is a very responsible company.
Last edited:
It's not about respect and attention; it's about making money. It's easy to make money off the softer target.
Various examples can be used to debunk market share as the only factor that determines the prevalence of malware per OS.
More information is found in these links.
https://forums.macrumors.com/posts/12932499/
https://forums.macrumors.com/posts/12830926/
Follows these links and look at the incidence of 0-days per vendor and the number of days exposed.
http://www.eeye.com/Resources/Security-Center/Research/Zero-Day-Tracker
http://www.vupen.com/english/zerodays/
First is irrelevant for two reasons.
1) The browsers are not pitted head to head to see which one falls first. The browser are attacked one at a time with Safari always being first on the schedule.
2) PWN2OWN does not demonstrate exploitation to the system level.
BTW, TDL-4 does demonstrate exploitation to the system level in the wild.
Last edited:
Are you basically saying that unless I physically put my password in to the pop up box that comes up when downloading software it's impossible to receive a Virus, Malware, Spyware anything suspect on the Mac?
Nothing is impossible, of course. However, the only Mac OS X malware that exists in the wild requires that a user actively, intentionally installs it. No viruses exist in the wild that can run on Mac OS X, and there never have been any, since it was released 10 years ago. The handful of trojans that exist can be easily avoided with some basic education, common sense and care in what software you install:
So the web can't get me unless I install... known software that I've actually wanted to install!
Good enough for me!
Thanks
Good enough for me!
Thanks
First lets clear up that viruses are not a huge problem these days, so much as malware/trojans which rely on social networking (And these have hit OS X already)
As far as real viruses go, it starts off with little marketshare. But thats not the main reason, its kind of the reason for the real reason, which is that the tools required to exploit the OS are there for Windows and not there for OS X so that cuts out most of the creators of viruses that rely on these tools.
Anyways, Windows does have, has had, and has had for longer, the security features in OS X such as DEP and ASLR. With Vista they added UAC also. Security experts have claimed many times that OS X is not as secure as Windows, and creating a successful Windows exploit is harder than OS X.
Also, take a look at the jailbreakme.com iOS exploits and how Cydia magically appears and restrictions are lifted off the phone. Remember how OS X was susceptible to that same attack that only required navigating to a maliciously website? Replace Cydia with a malicious application and there you go.
As far as real viruses go, it starts off with little marketshare. But thats not the main reason, its kind of the reason for the real reason, which is that the tools required to exploit the OS are there for Windows and not there for OS X so that cuts out most of the creators of viruses that rely on these tools.
Anyways, Windows does have, has had, and has had for longer, the security features in OS X such as DEP and ASLR. With Vista they added UAC also. Security experts have claimed many times that OS X is not as secure as Windows, and creating a successful Windows exploit is harder than OS X.
Also, take a look at the jailbreakme.com iOS exploits and how Cydia magically appears and restrictions are lifted off the phone. Remember how OS X was susceptible to that same attack that only required navigating to a maliciously website? Replace Cydia with a malicious application and there you go.
Read the following links.
https://forums.macrumors.com/posts/12932499/
https://forums.macrumors.com/posts/12830926/
MS hosts and sponsors many security conferences; Apple does not.
Security researches are paid to talk at these events. So, the researchers are indirectly paid by MS.
I guess you haven't become aware of the dynamics of how funding sources create bias in research.
GDB is included in the developer tools -> http://developer.apple.com/tools/gcc_overview.html
CrashWrangler is free if you have an ADC account -> http://www.hard-mac.com/blog/?p=326
Valgrind runs in OS X -> http://valgrind.org/
Here is a fuzzer that can be installed via MacPorts -> http://caca.zoy.org/wiki/zzuf
IDA runs in OS X -> http://www.hex-rays.com/idapro/
More options are available to compensate for compatibility issues when they occur. A lot of tools exist.
OS X has not had the same privilege escalation bugs as iOS. So the iOS exploits that achieved system level access do not work in OS X.
Look at how fast Apple responded to Jailbreakme which was not being exploited maliciously in the wild (about a week) -> https://forums.macrumors.com/posts/12946208/
Look at how fast MS responded to a vulnerability that was used in two different incidences of malware in the wild:
So you're basically saying a virus would entail me physically downloading it, but if I had malware/trojans on my Mac from picking something up from a website, how would I ever know about it? On Windows, you scan for that stuff. What do you do on a Mac if you want to check for that?
No, a virus can spread and infect without the user's knowledge or permission. A trojan requires the user install it. You're not going to be infected by anything on Mac OS X, simply by visiting any website. Read this to understand the differences between viruses and trojans:
I really encourage you to take the time to read that. It should answer most, if not all, of your questions.
Thanks again, I understand what you are saying, that 99% require the user to enter their Apple password on downloads that are to trick you into thinking it is legit, but where you finish off by talking about clicking on fake links inadvertently, those trojans can install without asking for admin password?
Is there such a thing as a scanner that Mac users use if they have infected files they don't know about? Or do you not bother
No, even though they may not ask for the admin password, you still would have to manually go through the installation process. They will not install themselves.
There are proof of concept viruses that are pretty serious for Mac OS X.
There are no Mac viruses "in the wild" because there is at the moment no benefit to the quite large amounts of work required to create a virus capable of defeating Mac's Unix codebase. If Mac gains anything like the market share that Windows has enjoyed for the past two decades then I'd expect the amount of Mac viruses around to be far higher.
There are no Mac viruses "in the wild" because there is at the moment no benefit to the quite large amounts of work required to create a virus capable of defeating Mac's Unix codebase. If Mac gains anything like the market share that Windows has enjoyed for the past two decades then I'd expect the amount of Mac viruses around to be far higher.
Malware that uses a zero day exploit in the browser and doesn't require system level access won't ask for authentication and doesn't require user interaction to install. But, user space security mechanisms inhibit malware with only user level access from being nearly as financially productive without some degree of user interaction.
Malware that runs at the user level typically relies on phishing techniques to collect sensitive user data, such as credit card information. So, using zero day exploits to covertly install the malware is pointless given that this type of malware does not function covertly. Hence, this type of threat is unlikely enough to not be worried about.
To covertly install malware that also functions covertly requires bypassing DAC. The following link relates to bypassing DAC in OS X.
https://forums.macrumors.com/posts/12830926/
Snow Leopard has a built in file quarantine feature that scans items downloaded from the internet using some apps, such as Safari. Some third party apps, such as Chrome, do not use the feature. The definitions are updated daily by Apple. As with any AV software, it does not have 100% detection rates. This feature also does not have post hoc scanning capabilities.
If you wish to do on-demand scans for peace of mind, I recommend ClamXav. See the "Mac Security Suggestions" link in my sig for more information.
The answer to the question in the title is:
Because Microsoft doesn't want to implement a UNIX-based operating system.
Btw, there existed viruses harmful to Mac OS prior to OS X, so the market share argument is invalid.
Because Microsoft doesn't want to implement a UNIX-based operating system.
Btw, there existed viruses harmful to Mac OS prior to OS X, so the market share argument is invalid.
So should dealing with finances, payments make me any more likely to use something like ClamXav for the odd scan, or does it have to run in the background and slow things up. I'm just curious how many people bother with AV or anything like that, Newly turned Windows users will feel naked on the web initially, but the old hardened Mac users are well aware what they need and don't need when on the www.
I do online banking and I don't use AV software with real time scanning. I do periodically run an on-demand scan using ClamXav just for peace of mind. I will also sometimes on-demand scan a single item if doing so seems warranted.
See the "Mac Security Suggestions" link in my sig for more info.
Virus and Malware creators want their creations to cause as much chaos and havoc as possible. They therefore release and target their creations on the format / platform with the most amount of users.
Windows get's hit because it accounts for the vast majority of computers operating system.
If Microsoft want's to 'copy' Apple's strategy it would need to drop it's market share to 6-7% and let another company become the overwhelming supplier of operating systems for mainstream computers - and hence the new target for the virus and malware creators.
Apple's secret to success is not about strength and OS security - it's that despite the mammoth gains in the last few years - it remains a comparatively 'niche' in user numbers.
Windows get's hit because it accounts for the vast majority of computers operating system.
If Microsoft want's to 'copy' Apple's strategy it would need to drop it's market share to 6-7% and let another company become the overwhelming supplier of operating systems for mainstream computers - and hence the new target for the virus and malware creators.
Apple's secret to success is not about strength and OS security - it's that despite the mammoth gains in the last few years - it remains a comparatively 'niche' in user numbers.
Times are changing. Virus and Malware are becoming a profitable business. The vast majority today are essentially silent agents just waiting for commands. In most cases they are either the tunnel which secondary products are pushed or they are collecting members for a bot net to sell to the highest bidder. If somebody doesn't know they are infected, they wont try to remove it.
Last edited:
No. They want it be profitable.
Various examples debunk the market share argument.
IIS has a smaller market share than Apache but IIS has more malware. This is despite the fact that Apache has greater market share and Apache was released several years prior to IIS.
Linux has more examples of malware than OS X despite Linux having less market share.
Agree with everything except your last statement... Security should
absolutely be a concern.