Virus curiosity

Status
Not open for further replies.

BexXx

macrumors newbie
Original poster
Feb 28, 2010
21
0
Hi there, I've only had my macbook for couple months now and I've been hearing constantly that macs can't get viruses. Fair enough, but I live with non mac fans who keep telling me that this isn't possible and that somewhere someone will have created viruses for macs.

Seeing as I don't really understand the science behind it (to put me at ease) would someone please explain to me if it is possible to get a virus and if not then why? What's the technology behind it?


Kind Regards

BexXx
 

robbieduncan

Moderator emeritus
Jul 24, 2002
24,510
24
London
Nothing is impossible. But, to date, there have been no viruses for Mac OSX. By virus I'm using the "correct" definition: a self-replicating, spreading piece of unwanted code that can transfer from system to system without any user intervention.

There have been a small (<20) number of trojans that rely on the user downloading them and typing in an admin username and password by "tricking" the user (often by claiming to be an installer for a pirated piece of software).

So, to date, as long as you don't download stuff from dodgy sites and give it your admin username and password you will be fine.

Why is this the case? No specific technology. Unix, by it's nature, is more secure than Windows was in the past as users don't run as root. Much of the lower levels of OSX are very old, well tested and in places open source so there are far fewer exploitable bugs.
 

angelwatt

Moderator emeritus
Aug 16, 2005
7,842
7
USA
There are viruses for Mac, just not Mac OSX (nothing beyond proof-of-concept anyway). As mentioned above, there are a few trojans running around, but are pretty easy to avoid. The bigger things you need to worry about is falling for social engineering attacks that trick you into giving up your personal information to a malicious group. The OS can't protect you from these attacks (known as phishing) very well so require users to be cautious for their own sake.
 

GGJstudios

macrumors Westmere
May 16, 2008
44,360
701
Mac Virus/Malware Info

Link to this post: Mac Virus/Malware Info

You DON'T have a virus on your Mac!
If you want to know why this is true, read on.

The term "virus" is commonly but erroneously used to refer to all types of malware, adware, and spyware programs that do not have the reproductive ability of a true virus.

The bottom line is this: as a Mac user, your chances of being affected by a virus, trojan or other malware are extremely slim, unless you've been careless about where you get software and when you enter your administrator password.

If you're experiencing a problem or unexpected behavior with your Mac, there's better than a 99.9% chance that it's something other than a virus or other malware.

MALWARE TERMINOLOGY
From Symantec:
What is the difference between viruses, worms, and Trojans?

What is a virus?
A computer virus is a small program written to alter the way a computer operates, without the permission or knowledge of the user. A virus must meet two criteria:
  • It must execute itself. It often places its own code in the path of execution of another program.
  • It must replicate itself. For example, it may replace other executable files with a copy of the virus infected file. Viruses can infect desktop computers and network servers alike.
What is a Trojan horse?
Trojan horses are impostors—files that claim to be something desirable but, in fact, are malicious. A very important distinction between Trojan horse programs and true viruses is that they do not replicate themselves. Trojan horses contain malicious code that when triggered cause loss, or even theft, of data. For a Trojan horse to spread, you must invite these programs onto your computers; for example, by opening an email attachment or downloading and running a file from the Internet.​

What is a worm?
Worms are programs that replicate themselves from system to system without the use of a host file. This is in contrast to viruses, which requires the spreading of an infected host file. Although worms generally exist inside of other files, often Word or Excel documents, there is a difference between how worms and viruses use the host file. Usually the worm will release a document that already has the "worm" macro inside the document. The entire document will travel from computer to computer, so the entire document should be considered the worm.​

What is a virus hoax?
Virus hoaxes are messages, almost always sent by email, that amount to little more than chain letters. Following are some of the common phrases that are used in these hoaxes:
  • If you receive an email titled [email virus hoax name here], do not open it!
  • Delete it immediately!
  • It contains the [hoax name] virus.
  • It will delete everything on your hard drive and [extreme and improbable danger specified here].
  • This virus was announced today by [reputable organization name here].
  • Forward this warning to everyone you know!
Most virus hoax warnings do not deviate far from this pattern. If you are unsure if a virus warning is legitimate or a hoax, additional information is available at the Symantec Security Response online database.​

What is scareware?
Another type of hoax is referred to as scareware. It's a bogus virus warning that pops up when visiting some websites, and looks something like this or this (on iPads). If you take a close look, you'll see the popup refers to a Windows system, which obviously doesn't relate to Mac OS X. It can't harm your Mac at all. Just close the site, clear your browser's cache and cookies, and you'll be fine. Sometimes these scareware sites will generate a never-ending loop of popups, to the point that you must Force Quit your browser. Such scareware sites are usually intended to lure a Windows user into clicking the links to install bogus "antivirus" software, which is typically a trojan. Even if you click the links on a Mac system, it can't install anything, because Windows executable files can't run on Mac OS X.​

There are NO viruses in the wild that affect Mac OS X at this time.
If this changes, I will update this post. According to noted computer virus expert Paul Ducklin, in order for a virus to be considered in the wild, "it must be spreading as a result of normal day-to-day operations on and between the computers of unsuspecting users." This definition excludes "proof of concept" code that is used in a testing situation under strictly controlled conditions, and which poses zero threat to average computer users.

In the past, there have been a few viruses that ran on older versions of the Mac operating system (Mac OS 9 and earlier), but they do not run on any version of Mac OS X. Like every other OS, Mac OS X is not immune to malware threats, this situation could change at any time, but if a new virus is discovered, the news media, forums, blogs, etc. will be instantly buzzing with the news. See update below.*

There are trojans that can affect Mac OS X,
but these must be downloaded and installed by the user, which usually involves entering the user's administrator password. Also, Mac OS X will give you a warning when you first launch an app you downloaded from the web. Trojans can easily be avoided by the user exercising common sense and caution when installing applications. A common source of trojans is pirated software, typically downloaded from bit torrent sites.​

ANTIVIRUS APPS

Having virus protection software on your Mac is pointless, as far as protecting your Mac from true viruses, since current antivirus software cannot detect a Mac virus that doesn't yet exist, because they simply don't know what to look for. It is possible to have a virus-infected file reside on your hard drive, but since a Windows virus (like any Windows program) can't run in native Mac OS X, it would be harmless to your Mac and could not spread.

If your situation requires you to run a 3rd-party antivirus app:
  • ClamXav is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges. You can run scans when you choose, rather than leaving it running all the time, slowing your system. ClamXav has a Sentry feature which, if enabled, will use significant system resources to constantly scan. Disable the Sentry feature. You don't need it. Also, when you first install ClamXav, as with many antivirus apps, it may perform an initial full system scan, which will consume resources. Once the initial scan is complete, periodic on-demand scans will have much lower demands on resources.
  • Sophos should be avoided, as it could actually increase your Mac's vulnerability, as described here and here... and here.
  • iAntiVirus has a bogus malware definitions list, making their detection accuracy untrustworthy. They also make inaccurate claims about the existence of Mac malware, in order to hype the need for their product. This post will give details.

WHAT SECURITY STEPS SHOULD I TAKE?

  • DON'T install pirated software, or software from untrusted or unknown sites.
  • You can't infect your Mac simply by visiting a website, opening an email attachment, or connecting to a network. You should, however, exercise reasonable caution when doing these things.
  • Be careful about giving others access to your computer, as they could download and install malware.
  • For Safari users: go to Safari > Preferences > Security > Enable Java (leave this unchecked, unless you're visiting a trusted site that requires it)
  • Make sure you install software updates when they're released, including OS X and apps
  • Only install updates from an installed app, the Mac App Store or directly from a software developer's site. Never install an update to software when prompted to do so by an advertisement on a website or an email.
  • Use ad-blockers to minimize exposure to malicious sites
  • Use trusted DNS servers
  • Go to System Preferences > Security > Firewall and make sure your built-in firewall is enabled
  • Read Mac Security Suggestions compiled by munkery

WHAT ABOUT SENDING FILES TO WINDOWS USERS?
Some users choose to run antivirus such as ClamXav on their Mac to scan for Windows viruses (it also scans for Mac threats), so the Mac user can't pass a virus-infected file to a Windows user. However, a more prudent approach is for every Windows user to be protected by their own AV software, to guard against viruses from any source, not just those that might come from a Mac user.

Running anti-virus on your Mac to protect Windows users from malware is like covering your mouth when you cough in front of the kids, then sending them out without flu shots to a school where a flu epidemic is spreading like wildfire. Great! They might not catch anything from you, but you've left them vulnerable to the greater risk. It's wiser to make sure they have flu shots, so they're protected from infection, whether it be from you or from other people.

If you really want to help your Windows friends, encourage them to get their own anti-virus protection installed, or offer to install it for them.​
WHY AM I BEING REDIRECTED TO OTHER SITES?

Some users experience a problem with being directed automatically to sites that they didn't intend to visit. This may also occur when searching with Google. You don't have a virus! It's a problem with your DNS settings, either in your Mac or in your router. Try resetting your router. Here's how to fix the problem in Mac OS X:
  1. Go to System Preferences > Network
    There you will see a padlock icon in the lower left corner and the note "Click the lock to make changes".
  2. Click the lock and enter your administrator password, so you can change DNS servers
  3. with your network selected on the left column, click the "Advanced" button
  4. Click the DNS tab to see the listing of your DNS Servers
  5. If any of the DNS servers are greyed out after entering your admin password, refer to this: 10.5: Disable DHCP-specified DNS servers
  6. Click the "-" icon to remove all existing DNS servers
  7. Click the "+" icon to add the following servers.
    You may choose either OpenDNS or Google servers (not both sets):

    OpenDNS:
    Primary DNS Server: 208.67.222.222
    Secondary DNS Server: 208.67.220.220

    Google:
    Primary DNS Server: 8.8.8.8
    Secondary DNS Server: 8.8.4.4
  8. When you've completed your changes, click "OK" to close the Advanced settings window
  9. Click "Apply" on the Network window to save your changes


*UPDATE - RECENT THREATS IN THE NEWS

As has already been stated, any appearance of significant new security threats to Mac OS X will make news headlines:

MacDefender or MacSecurity or MacProtector or MacGuard installation package
Apple has issued a knowledge base article on this issue, found here:

How to avoid or remove Mac Defender malware
A recent phishing scam has targeted Mac users by redirecting them from legitimate websites to fake websites which tell them that their computer is infected with a virus. The user is then offered Mac Defender "anti-virus" software to solve the issue.

This “anti-virus” software is malware (i.e. malicious software). Its ultimate goal is to get the user's credit card information which may be used for fraudulent purposes.

The most common names for this malware are MacDefender, MacProtector and MacSecurity.

In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants. The update will also help protect users by providing an explicit warning if they download this malware.

In the meantime, the Resolution section below provides step-by-step instructions on how to avoid or manually remove this malware.

(to read the rest of the KB article, click the link above)
Further information on MacDefender:
This is not a virus or even a true trojan! MacDefender, MacSecurity, MacProtector, MacGuard and other variations refer to a software installation package that automatically downloads when viewing some images in Google search results. It may automatically launch, depending on your browser and settings, but it cannot be installed unless you actively continue the installation process, which may or may not include entering your admin password. The solution is simple: don't! If you quit the installation process without completing it, nothing on your Mac is affected. Simply delete the downloaded file, and your Mac is clean. To prevent these files from launching in the future, uncheck "Open "safe" files after downloading" in your Safari Preferences.

Be aware that there is animation on the website that appears that simulates scanning your computer for malware. THIS IS BOGUS. (read further in this post for information on "scareware") Nothing is being scanned and nothing is executing on your computer during this animation! It's no different than watching a video on YouTube or visiting any website with animation. The animation on the site would appear no matter what computer or OS you were using to view it. If you quit the installer that downloads and launches, nothing is installed on your computer. If you delete the installer after quitting, your Mac is completely clean of any trace of this installer.

For more info, read this article: New 'MACDefender' Malware Threat for Mac OS X and this thread.

trojan.osx.boonana.a Trojan
On Oct. 26, 2010, Mac security site SecureMac posted this security bulletin:
SecureMac has discovered a new trojan horse in the wild that affects Mac OS X, including Snow Leopard (OS X 10.6), the latest version of OS X. The trojan horse, trojan.osx.boonana.a, is spreading through social networking sites, including Facebook, disguised as a video.

When a user clicks the infected link, the trojan initially runs as a Java applet, which downloads other files to the computer, including an installer, which launches automatically. When run, the installer modifies system files to bypass the need for passwords, allowing outside access to all files on the system.
As with all trojans, this requires the user to unwittingly invite the infection by deliberate action (in this case, clicking on a fake video link). You cannot be infected by this trojan if you don't click on the appropriate link. You can eliminate this threat by disabling Java in your web browser.
 
Last edited:

Buzz Bumble

Guest
Oct 19, 2008
802
2
New Zealand
... but I live with non mac fans who keep telling me that this isn't possible and that somewhere someone will have created viruses for macs.
Everyone else has already covered the non-existance of viruses on the Mac, so it simply remains to say: tell the people you live with that they're idiots who know nothing about Macs. ;)
 

-aggie-

macrumors P6
Jun 19, 2009
16,793
50
Where bunnies are welcome.
Correct me if i'm wrong, but I thought the main reason there were no Mac virii, was due to the fact that there are much less Macs than Windows computers, so the hackers don't feel the need to waste their time. The OP was asking if there is something about the operating system that makes it impossible.
 

Mac'nCheese

Suspended
Feb 9, 2010
3,732
4,967
Correct me if i'm wrong, but I thought the main reason there were no Mac virii, was due to the fact that there are much less Macs than Windows computers, so the hackers don't feel the need to waste their time. The OP was asking if there is something about the operating system that makes it impossible.
There might be another reason (the os) for why there aren't any current, known, in the news, etc. viruses, but you hit the nail on the head. Us mac users are the smart minority in the computing world.... why would hackers waste the time to eff with just a few people when a pc virus can spread and wreck havoc on millions and millions of people.
 

Hmac

macrumors 68020
May 30, 2007
2,128
2
Midwest USA
Correct me if i'm wrong, but I thought the main reason there were no Mac virii, was due to the fact that there are much less Macs than Windows computers, so the hackers don't feel the need to waste their time. The OP was asking if there is something about the operating system that makes it impossible.
On the contrary IMHO. The "no virus on Macs" thing is repeated so often around the tech world, and Macs tend to be so hated by the general run of the PC community, that the first guy to create a successful virus for the Mac would be famous. I think there's PLENTY of stimulus to have done that by now if it were reasonably easy.

I think that after all these years of increasing Mac sales, increasing Apple prominence, and increasing "no-virus" bragging, we would have seen a Mac virus long before now.
 

Mac'nCheese

Suspended
Feb 9, 2010
3,732
4,967
On the contrary IMHO. The "no virus on Macs" thing is repeated so often around the tech world, and Macs tend to be so hated by the general run of the PC community, that the first guy to create a successful virus for the Mac would be famous. I think there's PLENTY of stimulus to have done that by now if it were reasonably easy.

I think that after all these years of increasing Mac sales, increasing Apple prominence, and increasing "no-virus" bragging, we would have seen a Mac virus long before now.
But to be famous, the guy who created it would have to go public and if he did.... wouldn't he get charged with some kind of crime or at least beat to death by macheads?
 

patrick0brien

macrumors 68040
Oct 24, 2002
3,238
0
The West Loop
Correct me if i'm wrong, but I thought the main reason there were no Mac virii, was due to the fact that there are much less Macs than Windows computers...
-aggie-

As phrased, you may very well be right, the main reason. However, with the Mac's popularity on the upswing, that assertion, while having a small grain of truth to it is losing its footing. It is also indeed true that some attempts at hacking Macs have been successful, but, with the exception of the afore-mentioned trojans, only in the lab under very specific conditions - like being on the same subnet.

Mac users will likely see a rise in attacks, but knowing UNIX underpinnings, i would be monumentally surprised at a proportionate rise in breaches. UNIX was specifically built to support a network, and to be shut down very very rarely. Windows was and still is neither.

The OP was asking if there is something about the operating system that makes it impossible.
Not "impossible", but very very difficult. So difficult that until there is a really compelling need, like a lot of money on the line, hackers will tend to concentrate on Windows. (note, the "compelling need" I refer to is not popularity, but the value of what the OS is protecting)
 

Consultant

macrumors G5
Jun 27, 2007
13,286
14
Correct me if i'm wrong, but I thought the main reason there were no Mac virii, was due to the fact that there are much less Macs than Windows computers, so the hackers don't feel the need to waste their time. The OP was asking if there is something about the operating system that makes it impossible.
The Unavoidable Malware Myth
http://www.roughlydrafted.com/2008/04/01/the-unavoidable-malware-myth-why-apple-wont-inherit-microsofts-malware-crown/

Market Share Myth
http://blogs.bellinghamherald.com/index.php?blog=14&title=setting_the_computer_virus_record_straig&more=1&c=1&tb=1&pb=1
 

-aggie-

macrumors P6
Jun 19, 2009
16,793
50
Where bunnies are welcome.
-aggie-

As phrased, you may very well be right, the main reason. However, with the Mac's popularity on the upswing, that assertion, while having a small grain of truth to it is losing its footing. It is also indeed true that some attempts at hacking Macs have been successful, but, with the exception of the afore-mentioned trojans, only in the lab under very specific conditions - like being on the same subnet.

Mac users will likely see a rise in attacks, but knowing UNIX underpinnings, i would be monumentally surprised at a proportionate rise in breaches. UNIX was specifically built to support a network, and to be shut down very very rarely. Windows was and still is neither.

Not "impossible", but very very difficult. So difficult that until there is a really compelling need, like a lot of money on the line, hackers will tend to concentrate on Windows. (note, the "compelling need" I refer to is not popularity, but the value of what the OS is protecting)
Thanks for both of your replies. I'll try to make sure to quash these myths in the future.

FYI, I first saw those myths on MacRumors. :)
 

notjustjay

macrumors 603
Sep 19, 2003
6,040
111
Canada, eh?
The Mac is no more "magical" an operating system than any other Unix variant, including Linux.

Note how very few viruses exist for any of those platforms, as well.

In fact, the only major modern computing platform for which there is a serious virus threat, is, well, created by one particular software company.

I do recall, back in the days of System 6 and System 7, labs full of Macs at my high school, every one of them infected with CDEF or nvir.B. But that was 1992. ;)

As OS X continues to gain prominence and market share, one day someone will discover a security vulnerability and actually do something damaging with it, as opposed to simply making a lot of noise and demonstrating a benign proof-of-concept until Apple releases a patch. But in 10 years of OS X, that day has not yet come...
 

BlueRevolution

macrumors 603
Jul 26, 2004
6,054
1
Montreal, QC
The "security by obscurity" argument is unfounded as far as I'm concerned. Yes there are fewer Mac users, but they're also smug about their systems' invulnerability. If I were writing viruses, I would specifically target Macs, just to show them that pride goeth before the fall. And yet there are still no Mac viruses out there.
 

Dr McKay

macrumors 68040
Aug 11, 2010
3,414
41
Kirkland
People will go for the weak link. Windows.

Although for the 2nd year in a row, OS X fell within 10 seconds in the Pwn2Own contest, the hacker gained full access to OS X merely by the target computer visiting a certain website.

So while there may not be viruses, it seems to be startlingly easier for a hacker to gain control of OS X.
 

kuebby

macrumors 68000
Jan 18, 2007
1,552
1
SFV
People will go for the weak link. Windows.

Although for the 2nd year in a row, OS X fell within 10 seconds in the Pwn2Own contest, the hacker gained full access to OS X merely by the target computer visiting a certain website.

So while there may not be viruses, it seems to be startlingly easier for a hacker to gain control of OS X.
I read about that too. But it had taken them months to come up with the exploit, whereas a few years ago it only took a few hours to find a hole in Safari to exploit.

It should also be noted that Internet Explorer fell just as fast. Chrome was supposed to be tested yesterday as well but the hacker didn't show up (possibly because their exploit was just patched in the recent update).
 

Tumbleweed666

macrumors 68000
Mar 20, 2009
1,651
47
Near London, UK.
... why would hackers waste the time to eff with just a few people when a pc virus can spread and wreck havoc on millions and millions of people.
How about, they'd bother because Mac owners are on average more affluent, plus none of them have any anti virus protection, so such a virus would spread unhindered in an environment where statistically there is ore money to be stolen. To propose its simply a numbers game, means that every single virus writer believes that and behaves identically, obviously a ludicrous proposition. It would mean there is not even one single virus writer targeting Macs. Do virus writers all belong to the same club and do the same thing?

In fact, thinking about it, that idea is provably false as there is malware that targets Mac, just not viruses. So why is it the people creating that malware arent also writing viruses, as they obviously think Macs are worth attacking? The obvious answer is, that to date, they haven't worked out how to do it.
 

teknoscott

macrumors newbie
Aug 27, 2012
2
0
Help!

I am having this same issue, being redirected to The Click Check.....GGJStudios I read your post but I still need help! When I go to reset my DNS settings, they are greyed out. You refer to this:

"If any of the DNS servers are greyed out after entering your admin password, refer to this: 10.5: Disable DHCP-specified DNS servers"

I don't get it though, even after I read it. Not too familiar with my Mac or computer terminology...can you help me please?
 

GGJstudios

macrumors Westmere
May 16, 2008
44,360
701
I am having this same issue, being redirected to The Click Check.....GGJStudios I read your post but I still need help! When I go to reset my DNS settings, they are greyed out. You refer to this:

"If any of the DNS servers are greyed out after entering your admin password, refer to this: 10.5: Disable DHCP-specified DNS servers"

I don't get it though, even after I read it. Not too familiar with my Mac or computer terminology...can you help me please?
What DNS settings does it show? You should be able to add the OpenDNS servers, in addition to the ones you have.
 

Status
Not open for further replies.