Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Yes, and that prevents AntiVirus 2010 from successfully collecting credit card info too.

Check out this quote about the latest variant of that Windows malware called Antivirus 2011.

You're blocked from executing anything else, including trying to run your real anti-virus program.

This virus program renders your entire computer useless until you can get it removed. And some of its many variants are becoming immune to existing removal tools.

From here, http://detnews.com/article/20110502/BIZ04/105020317/1013/rss12

BTW, it renders Windows useless by corrupting the registry. No registry in OS X.

Luckily, this type of malware on a Mac is not nearly as bad if your clumsy enough to get infected. You can even remove it from the account that is infected without having to boot into a safe mode.

This post made me have to edit a previous post. Thought I should quote it,

Problems with Windows security in comparison to Mac OS X presented just in this thread:

1) Greater number of privilege escalation vulnerabilities:

Here is a list of privilege escalation (UAC bypass) vulnerabilities just related to Stuxnet (win32k.sys) in Windows in 2011:

http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=win32k.sys+2011

Here is a list of all of the privilege escalation vulnerabilities in Mac OS X in 2011:

http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Mac+OS+X+privileges+2011

2) Earlier versions of NT based Windows (Windows XP and earlier) do not use discretionary access controls by default.

3) Permissions system does not include a user defined unique identifier (password) by default. More susceptible to user space exploitation leading to authentication stolen via spoofed prompt that appears unrelated to UAC because password not associated with authentication.

4) Windows sandbox mechanism relies on inherited permissions so that turning off UAC turns off the sandbox. This sandbox has been defeated in the wild (in the last two pwn2owns).

I do not know of any TrustedBSD MAC framework (BSD and Mac sandbox), AppArmor (openSUSE and Ubuntu), or SE Linux (Fedora) mandatory access control escapes? These sandbox mechanisms do not rely on inherited permissions.

5) The Windows registry is a single point of failure that can be leveraged by malware.
 
Last edited:
I think a few points of mine should be made.

A.) I am sure at least 50-75% of Mac users today, used to be PC users, and of that 50-75% I believe is a more 'aware' group of users, not exactly what the media and PC fanboys try to paint Mac users as. ( dumb, needing simplicity, old etc)

B.) I firmly believe that as a technologically aware group of people, we understand viruses, malware, how they are put on computers and we can see the difference between spam, popups, malware and the lot.

c.) keeping both point A. and B. in mind, the reason Mac's are less likely to be infected comes down to the users. We know what to look for after years of using PC's by force or by choice, and Mac users know what not to download, what sites not to visit etc. This has mostly to do with the quality of users, not the software. All software, all os's can be compromised, but its the user that allows such things to happen, and it doesn't happen all too often to Mac users. Something can be said about that.

What the PC crowd would like the world to think is the only people who use Macs are uneducated, or old people who don't understand computers. I call BS, I know almost nobody who uses a Mac, a few but all of the older computer users I know, use PC's why? Because they Don't understand technology and they see a 200-400 dollar computer solution just what they need. I am sure to a older less technologically adept person, either pc or mac would seem overwhelming.

That ALL being said. My main point is, infections of computers are %100 user responsible. Why do Mac users get less infections? My belief is that the users may be of higher quality, ONLY because of the computers niche-like nature and most Mac users are dedicated, technologically knowledgable.
 
Wirelessly posted (Mozilla/5.0 (iPod; U; CPU iPhone OS 4_3_2 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Version/5.0.2 Mobile/8H7 Safari/6533.18.5)

miles01110 said:
Why, do you have proof of a virus for OS X ? Because if you do, let's see it.

This is exactly the kind of ignorance I'm referring to. The vast majority of users don't differentiate between "virus", "trojan", "phishing e-mail", or any other terminology when they are actually referring to malware as "anything I don't want on my machine." By continuously bringing up inane points like the above, not only are you not helping the situation, you're perpetuating a useless mentality in order to prove your mastery of vocabulary.

Congratulations.

Better question is,
Miles, why are you so irritated over this? No one really cares anyway.
 
Of course, I don't know of any Linux distribution that doesn't require root to install system wide software either. Kind of negates your point there...

I wasn't specific enough there. I was talking about how "Unix security" has been applied to the overall OS X permissions system, not just "Unix security" in the abstract. I'll cede the point that this does mean that "Unix security" in the abstract is no better than NT security, as I can not refute the claim that Linux distributions share the same problem (the need to run as "root" to do day-to-day computer administration). I would point out, though, that unless things have changed significantly, most window managers for Linux et al refuse to run as root, so you can't end up with a full-fledged graphical environment running as root.

You could do the same as far back as Windows NT 3.1 in 1993. The fact that most software vendors wrote their applications for the non-secure DOS based versions of Windows is moot, that is not a problem of the OS's security model, it is a problem of the Application. This is not "Unix security" being better, it's "Software vendors for Windows" being dumber.

Yes and no. You are looking at "Unix security" as a set of controls. I'm looking at it as a pragmatic system. As a system, Apple's OS X model allowed users to run as standard users and non-root Administrators while XP's model made non-Administrator access incredibly cumbersome.

You can blame that on Windows developers just being dumber, or you can blame it on Microsoft not sufficiently cracking the whip, or you can blame it on Microsoft not making the "right way" easy enough. Wherever the blame goes, the practical effect is that Windows users tended to run as Administrator and locking them down to Standard user accounts was a slap in the face and serious drain on productivity.

Actually, the Administrator account (much less a standard user in the Administrators group) is not a root level account at all.

Notice how a root account on Unix can do everything, just by virtue of its 0 uid. It can write/delete/read files from filesystems it does not even have permissions on. It can kill any system process, no matter the owner.

Administrator on Windows NT is far more limited. Don't ever break your ACLs or don't try to kill processes owned by "System". SysInternals provided tools that let you do it, but Microsoft did not.

Interesting. I do remember being able to do some pretty damaging things with Administrator access in Windows XP such as replacing shared DLLs, formatting the hard drive, replacing any executable in c:\windows, etc, which OS X would not let me do without typing in a password (GUI) or sudo'ing to root (command line).

But, I stand corrected. NT "Administrator" is not equivalent to "root" on Unix. But it's a whole lot more "trusted" (and hence all apps it runs are a lot more trusted) than the equivalent OS X "Administrator" account.

UAC is simply a gui front-end to the runas command. Heck, shift-right-click already had the "Run As" option. It's a glorified sudo. It uses RDP (since Vista, user sessions are really local RDP sessions) to prevent being able to "fake it", by showing up on the "console" session while the user's display resides on a RDP session.

Again, the components are all there, but while the pragmatic effect was that a user needed to right-click, select "Run as Administrator", then type in their password to run something ... well, that wasn't going to happen. Hence, users tended to have Administrator access accounts.

There, you did it, you made me go on a defensive rant for Microsoft. I hate you now.

Sorry! I know; it burns!

...

Why bother, you're not "getting it". The only reason the user is aware of MACDefender is because it runs a GUI based installer. If the executable had had 0 GUI code and just run stuff in the background, you would have never known until you couldn't find your files or some chinese guy was buying goods with your CC info, fished right out of your "Bank stuff.xls" file.

Well, unless you have more information on this than I do, I'm assuming that the .zip file was unarchived (into a sub-folder of ~/Downloads), a .dmg file with an "Internet Enabled" flag was found inside, then the user was prompted by the OS if they wanted to run this installer they downloaded, then the installer came up (keeping in mind that "installer" is a package structure potentially with some scripts, not a free-form executable, and that the only reason it came up was that the 'installer' app the OS has opened it up and recognized it). I believe the Installer also asks the user permission before running any of the preflight scripts.

Unless there is a bug here exposing a security hole, this could not be done without multiple user interactions. The "installer" only ran because it was a set of instructions for the built-in installer. The disk image was only opened because it was in the form Safari recognizes as an auto-open disk image. The first time "arbitrary code" could be run would be in the preflight script of the installer.
 
Hmmm.
My sister was fooled by this up to the point of it running its "scan". Just had to talk to her about it, seems it targets bootcamp people by seeming to be a message reporting their Windows side is infected (The normal my computer scam screen). Anyway guided her through removing it.
 
so much for the no malware on macs myth :D
funny how the apple fanboys are getting all defensive :rolleyes:

Just look at the monster negative vote rating against anyone who ever criticizes Apple or anything remotely related (i.e. typical fanboy mass attack; they can't let blasphemy just go bye :D ). Frankly, I'm starting to think the lower the number on your post in most threads on such topics, the SMARTER you are. I know I usually give props to all the messages with the lowest scores since they are usually the only ones to tell the truth (kind of like listening to the Tea Party for advice; most are clueless fanatics and not much else).

I mean just look at the number for your post. You told the 100% gospel truth. There IS malware for the Mac (even if it's not very dangerous) and pointed out the truth that most fanboys on here are getting completely bent out of shape and acting immature with their sarcasm. You were at -20 right before I hit reply in a thread where the average number is +/-2.

If someone can find me a set of Macintosh 'fanboy free' forums (as in fanboy accounts are deleted once recognized as such, themselves being a form of spam IMO), I'd love to know about it. It'd eliminate 95% of the total worthless fluff. Just think how much extra time one would have to do other things instead of wading through a cesspool of useless junk every day. ;)

Why do Mac users get less infections? My belief is that the users may be of higher quality, ONLY because of the computers niche-like nature and most Mac users are dedicated, technologically knowledgable.

You must not get around much. Most Mac users I see everyday are technological neophytes. The Mac is designed to attract non-tech users so this shouldn't be a shock or anything. The difference I see is that most Mac users THINK they know 10-50x more than they actually do. Yes there are some very knowledgeable Mac users out there, but they are not in the majority by a long shot, IMO. The sheer volumes of drone-like fanboys on these forums ought to give you a clue just how bad it really is.
 
You told the 100% gospel truth. There IS malware for the Mac
Yes, there is malware for the Mac. I don't see anyone in this thread or others claiming that there isn't. ElCidRo's statement implied that there was a prevalent myth that Macs had no malware which is not true, and triggered the negative responses by throwing out the "fanboy" attack. It was very clear that the post was inflammatory in nature.

What IS true is that there are no viruses in the wild that run on Mac OS X, and there hasn't been for the past 10 years, since it was introduced. The handful of trojans that exist are easily avoided/thwarted by a user exercising a reasonable degree of common sense. It has nothing to do with being a "fanboy". It has to do with facts.
 
It has nothing to do with being a "fanboy". It has to do with facts.

100% bullcrap. I just waded through this god-awful thread and almost every single post that said anything positive about Windows in any way, shape or form (truth or nonsense alike) got zapped with negative votes. Anything that contradicted the idea that OSX is 100% safe and that there's no possibility of any kind of malware got zapped with negative votes. Any time anyone says anything against Apple or Steve Jobs or any feature that someone doesn't like about either OSX or hardware offerings from Apple (no matter how true), it gets zapped by the usual suspects. You don't need a flipping degree in rocket science to make that observation dude. But then you ARE one of the usual suspects, so I shouldn't be shocked.

Here's a great example of 100% BS from YOU. A claim was made about 100 million Mac users and growing. A guy replied with proof that the number of OSX users is currently 50 million. Here's your reply:

That's Mac OS X installed base, not the installed base of Macs, as I said. Mac OS X is not the only Mac OS out there. Reading comprehension is fun!

You are clearly implying that the 'other' 50 MILLION "Macs" out there are pre-OSX (i.e. OS9 or earlier). And don't tell me you meant "iOS" devices as they are not "Macs" and your reply specifically says Macs.

That is just a laughing crock of BS it's just unbelievable. For god's sake man, you are telling me that there are JUST AS MANY OS9 and earlier Mac users out there as current OSX users?????? REALLY?????????? WTF!? Man, why isn't Chrome offered for OS9 if there's so many OS9 users out there? Firefox and Google alike declined to even offer it for PPC users because their statistics showed only a tiny percentage of active users even show up at their sites using PPC (let alone OS9!) and yet you want me to believe HALF of all current Mac users are using something other than OSX. I can smell that BS from a thousand miles away dude. WTF should anyone believe anything you say ever when you post such obvious BS on here?

If that's not a prime example of fanboy DRIVEL and the total biased slant against everything that isn't Apple/Mac around here, I don't know WTF is. :rolleyes: :rolleyes: :rolleyes:

The report I read in 2009 stated "OSX" users went from 25 million in 2007 (including a lot of PPC users who have since dumped their machines because they are not terribly useful or have upgraded, which is 1:1, not an increase) to 75 million but the article specifically said it included iPhone and iPod Touch devices, which aren't Macs (iOS is derived from OSX, but it's not quite the same thing and they aren't called Macs). 50 million is a fair estimate, IMO for actual active Macs. It's certainly nowhere near 100 million without iOS devices.

In any case, SOME of us don't give a crap about Apple Vs. Microsoft. I don't like EITHER company. I use whatever computer and OS suits me. Right now I have more OSX computers than Windows/Linux, but I use all three. That could change in the future, particularly IF Apple at some point decides to make OSX closed like iOS. But the point is I hate fanatical BS around here. This is not the Mac Advocate Forums, but some days I'd never guess it. I come here for news and rumors and I wish useful discussion, but I see more arguments over STUPID BS than I'd care to see and it gets OLD.
 
I just waded through this god-awful thread and almost every single post that said anything positive about Windows in any way, shape or form (truth or nonsense alike) got zapped with negative votes.
You're making a huge assumption that the people who vote on posts are the same people who are posting in a thread. The post voting feature is new and there is no way to know who is using it. People who read the thread can vote, even if they don't post. Personally, I think voting on posts is a waste of time, since you have no idea who votes or why. There have been 240+ posts in this thread, and over 21,900 views, any number of which could be voting on posts. You do the math.
But then you ARE one of the usual suspects, so I shouldn't be shocked.
Please quote any post I've made that is "fanboyish".
You are clearly implying that the 'other' 50 MILLION "Macs" out there are pre-OSX (i.e. OS9 or earlier).
I'll locate the source I read that stated a Mac user base of close to 100 million, or I'll cheerfully retract the number I posted. Or you can do searching yourself. I've read that there were somewhere around 25 million Mac users reported before OS X was released. I'll find that source, as well.
For god's sake man, you are telling me that there are JUST AS MANY OS9 and earlier Mac users out there as current OSX users?????? REALLY?????????? WTF!?
Do you have any facts about the installed base of OS 9 and earlier, or are you just being a "fanboy?"
If that's not a prime example of fanboy DRIVEL and the total biased slant against everything that isn't Apple/Mac around here, I don't know WTF is. :rolleyes: :rolleyes: :rolleyes:
You have obviously missed the whole point of the installed base discussion. The original statement:
To get a really good and useful bot net you'd need roughly 25% of the entire user base!!!!

these guys deal in tens of millions!
Even if you limit the discussion to 50 million Mac OS X users, the installed user base is till in the tens of millions, so the argument that there isn't enough Mac users to support a botnet is bogus. Whether you're talking 25, 50, 75 or 100 million, it's still in the tens of millions. Call the 100 million wrong, if you wish. Until I can locate my source, I'll willingly accept that. The point I was making still stands, using 25 or 50 million.
In any case, SOME of us don't give a crap about Apple Vs. Microsoft.
Neither do I. If you take the time to read my posts, I rarely participate in Apple vs Microsoft discussions, because despite my personal preference for a computer at any given time, I realize that a person's choice is determined by their own wants/needs and can't be blindly applied to everyone else. I'm not a fanboy, or boy of any kind. I have no allegiance to any computer brand, as none of them pay me to endorse their products. I buy what I want and need, I don't have to justify my purchases to anyone, and I don't expect anyone to justify their purchases to me. If you prefer Windows, great! If you prefer Macs, great! If you prefer an abacus or counting on your fingers, great!

I do, however participate in discussions where people are being mislead by false information, such as claiming that viruses exist when they don't, or when simple installer apps are inappropriately labeled as viruses or malware. These things are not a matter of opinion, but fact. Just because someone corrects false statements or disagrees with someone doesn't make them a fanboy.
But the point is I hate fanatical BS around here. This is not the Mac Advocate Forums, but some days I'd never guess it. I come here for news and rumors and I wish useful discussion, but I see more arguments over STUPID BS than I'd care to see and it gets OLD.
No one is forcing you to read or post in any of these threads. You appear to be much more emotionally invested in this than many, including myself. Or maybe your caps lock and question mark keys are stuck.
Looks like I'll stop using safari.
There's no need to stop using Safari, unless you just want to. Just keep the "Open "safe" files after downloading" box unchecked and you'll be fine.
 
All this over someone not even intelligent enough to title their "manual installation required" malware 'security update for Snow Leopard'


I like how the solution is basically "delete it"
 
So few virus for MAC than when one appears it is news... :)

Any software for a Mac that says "MAC" in the title or in any documentation would already be suspect to me. Pretty much every person I have run across that thinks it is spelled in all caps as "MAC" has been a moron.

Moron seems rude, but yes, really no Mac user should ever get this wrong.
Really, it's whether you know the difference between an abbreviation and an acronym.

Mac is an abbreviation for Macintosh.

It's not an acronym for Mechanical Apple Computer. :eek:
 
No one is forcing you to read or post in any of these threads. You appear to be much more emotionally invested in this than many, including myself. Or maybe your caps lock and question mark keys are stuck.

People sure get emotionally invested about the dumbest things....

Anyone who deliberately uses more than one question mark in English is not properly literate, so let's hope our friend the von Magnum's keyboard is to blame.
 
All this over someone not even intelligent enough to title their "manual installation required" malware 'security update for Snow Leopard'


I like how the solution is basically "delete it"

Did you read about this solution on Apple web site? Not everybody reads MacRumors.
 
People sure get emotionally invested about the dumbest things....

Anyone who deliberately uses more than one question mark in English is not properly literate, so let's hope our friend the von Magnum's keyboard is to blame.

Indeed ????
 
Did you read about this solution on Apple web site? Not everybody reads MacRumors.
If you Google "Mac Defender" you'll run across any number of sites that will tell you the same thing: Don't install it and remove it from your system. You don't need to be a MR forums reader to find that out. After all, the information about the threat didn't originate from this site, and neither did the solution.
 
If you Google "Mac Defender" you'll run across any number of sites that will tell you the same thing: Don't install it and remove it from your system. You don't need to be a MR forums reader to find that out. After all, the information about the threat didn't originate from this site, and neither did the solution.

WTF? MacRumors is not the source of all knowledge?? You're talking crazy, right?
 
Safari is not set as a default for me & I only use it if Mozilla is stalling but this is only the beginning for apple with it's continued success comes a lot of security issues for the future.
 
You're making a huge assumption that the people who vote on posts are the same people who are posting in a thread.

No, I'm making an assumption that fanboys are voting down all the anti-Apple posts in droves. Whether they have posted in the thread is completely irrelevant. The point is you don't see people voting in droves for logical posts, but you do see negative votes in any post that speaks either for Microsoft or against Apple, regardless of the content of that message. That implies emotional reaction which implies fanaticism. You can argue semantics, but 1+1 still equals 2. Sherlock Holmes didn't have to do a poll to figure things out.

The post voting feature is new and there is no way to know who is using it. People who read the thread can vote, even if they don't post. Personally, I think voting on posts is a waste of time, since you have no idea who votes or why. There have been 240+ posts in this thread, and over 21,900 views, any number of which could be voting on posts. You do the math.

That sounds like a huge number, but it counts repeat viewings of the thread. There are both fewer posters (than 240) and fewer viewers (than 21,900) in totality. There is no way to discern how many stopped reading at the first page either. There is also a tendency for more voting towards the beginning of the thread than the end here, clearly indicating a strong possibility of posters unsubscribing and/or losing interest in the thread as time goes on. Evidence points towards logical trends and tendencies, not exact numbers.

Please quote any post I've made that is "fanboyish".

You're right. You could just be stubborn.

I'll locate the source I read that stated a Mac user base of close to 100 million, or I'll cheerfully retract the number I posted. Or you can do searching yourself. I've read that there were somewhere around 25 million Mac users reported before OS X was released. I'll find that source, as well.

I did do a search and hence the 2009 numbers of 25 million going to 75 million by 2009 (so 100 million is a fair estimate for 2011), but the article specifically stated the increase was largely due to the iPhone/iPod Touch. It gave no breakdown of Macs. The last iPhone numbers I saw were around 30 million some time ago and that didn't include iPads, so it may be well over 100 million now including them.

Do you have any facts about the installed base of OS 9 and earlier, or are you just being a "fanboy?"

I've seen statistics on percentages of Firefox users relative to PPC and it was like 1 out of 28, if I recall correctly or about 3.5 per 100 users. If we assume 40 million Intel users for the moment, that would mean there are only a little over 1.4 million active PPC computers (not the same as users since many people own more than one Mac or Mac-capable system; I own 3 for example). So that would mean over 94% of PPC users have upgraded to PPC. I don't think it's quite that high; statistics are measured over time and non-use of a machine you do own (let alone one using multiple operating systems in the case of Intel) can skew the results. But even if I were to assume 25% of the PPC machines from 2007 and earlier are still in use (unlikely given attrition over the years; total sales of PPC isn't the same as active PPC machines; so when one says "installed" that doesn't mean they're still in use) that would still mean over 18 million PPC machines are no longer being actively used out of the 25 million total sold from 2007. Thus, your total Mac user base with 40 million Intels assumed would be 47 million totall (add more for more Intels sold; surely that figure is known to at least Apple minus any losses from computers blowing up). But then again, that's not 47 million USERS, necessarily. If the average Mac owner has 2 Macs, for example, that's then only 23.5 million users out there. So the true number of people (that Internet thieves have to potentially plunder) on the Mac is somewhere between 20-35 million at best, IMO not counting iOS devices.

Now you may think 27 million users to plunder is a big number, but compare that to Windows users (probably around a billion at this point which also includes many of the Macs since they also now can run Windows, creating even less incentive to bother with a Mac), it's a pretty small piece of the pie.

Now I am not saying that those statistics are "the" reason why the Mac has so little Malware and no viruses, but I am saying that you cannot totally dismiss it as a factor for at least a fair part of it. It could be 95% Unix security + foreign OS (as in foreign to the average hacker who runs Windows) and only 5% "why bother", but as the installed base of Mac users increases that "why bother" factor becomes "let's bother" instead. After all, it will only take one bad situation to cause a problem. There's usually a first for everything. Let's see what happens if/when the Mac user base reaches 100 million. iOS is tougher because it's closed, but it's more likely to be targeted in areas like browsing. You also cannot dismiss individual pieces of software with poor security (e.g. Safari regularly gets hacked during contests). Just because those were controlled conditions, it doesn't mean it couldn't be used in a more volatile situation. But is there an incentive? Clearly, there was an incentive to find one when money was offered.


You have obviously missed the whole point of the installed base discussion.

No, I don't think I have. You're operating based on assumptions that because it hasn't happened in a meaningful way that it cannot happen and I think that is a false sense of security paramount to emotional fanaticism. Unlikely? Probably. Never? I wouldn't bet on it.
 
You're operating based on assumptions that because it hasn't happened in a meaningful way that it cannot happen and I think that is a false sense of security paramount to emotional fanaticism.
Please quote when I have ever indicated that Macs cannot or will not get malware or viruses. Before you falsely accuse me of having such assumptions, take the time to read the Mac Virus/Malware Info I've posted in so many of these threads.
Since no OS, including Mac OS X, is immune to malware threats, this situation could change at any time, but if a new virus is discovered, the news media, forums, blogs, etc. will be instantly buzzing with the news.
Get your facts right before you make assumptions about me.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.