jhu said:powerpc and x86 implement stacks slightly differently (i think in the direction they grow). however, i don't know if 32-bit implementations of powerpc have the no-execute bit. the ppc970 does. additionally, i don't know if darwin supports no-execute either in hardware or software emulation.
This is what I've read from an article and some from a book that I'll admit was over my head, but the summary of the book's chapter made it clearer.
I do know that the No-Execute Bit deals with RAM and not the stack, but does help control buffer overflows. In any case, everyone should stop worrying. It is so extremely technical that if someone manages to exploit it, Apple probably already thought of it because there are so few avenues to approach from.
Correct. Look at Linux/*BSD. No viruses there either and they share the same structure as OS X.shrimpdesign said:The market share theory doesn't work. Mac OS X has no viruses, only Mac OS 9 and earlier.
I remember those proof-of-concept things... but they never were exploited. And that was back in the days of 10.1...Counterfit said:You should all be reminded that there have been at least two proof-of-concept viruses for OS X. I recall one of them was if an MP3 was double-clicked, any code contained in a resource fork in the file would be run. The trouble with that was if the file had passed through a Windows machine (or anything else that doesn't support resource forks) unmodified (archived or such), the resource fork would be stripped, and thus, no more virus. I don't think it was ever developed into anything malicious.
Of course, there are also Office macro viruses, but I've never even seen one (although I know they exist).
Office Macros were implemented by the Windows Office Unit and the Macintosh Business Unit was forced to copy them over to be compatible. I see those as another reason to use TextEdit.