Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

What would be the result of a genuine OSX virus

dogbone

dogbone

macrumors 68020
Original poster
Sep 16, 2005
2,341
0
S33.687308617200465 E150.31341791152954
A real one, not a POC. In the wild, moderately malicious.

Would it be front page news around the world. Would it be analogous to the mac community as AIDS was to the world when it hit the streets circa 1980?

Would you buy anti virus stuff immediately. Would it alter your browsing habits.
 
I figure since most mac users don't have anti-virus software, and the fact that viruses can spread pretty fast, most of our computers would get infected :eek:
 
I think it's pretty difficult to say what would happen because the term virus is so general and the local machine-specific consequences of any one virus can be so varied. There'd probably be a lot of "told you so" posts from PC users on these boards, but I doubt much more damage would be done.
 
it's already happened. imagine if Oompa had a real payload. You're all sitting ducks.
 
steamboat26 said:
I figure since most mac users don't have anti-virus software, and the fact that viruses can spread pretty fast, most of our computers would get infected :eek:
Click to expand...

I think you're confusing viruses with worms, the latter being fundamentally different from the former by not requiring the user to do anything. "Virus" is often used as an umbrella term for "malware", when it shouldn't be because of such differences between all the different forms of malware.

With viruses, most people with any iota of common sense and good security habits won't be infected.

To the OP though...malware can have so many different payloads it's really hard to tell. If I wanted to, I could make it pop up a dialog box saying "april fools"...or I could delete the contents of your hard drive. Honestly...
 
janey said:
If I wanted to, I could make it pop up a dialog box saying "april fools"...or I could delete the contents of your hard drive. Honestly...
Click to expand...

Your comment reminded me of a Mac OS X developer's "anti-piracy" technique. I realize that this doesn't cover the point you were making, and it doesn't cover the traditional definition of malware, but I was reminded of it regardless.
 
Wirelessly posted (Opera/8.01 (J2ME/MIDP; Opera Mini/3.1.7196/1690; en; U; ssr))

Nothing really; the mac community would target the virus source before it could spread to others.
 
It would get a lot of hype in the media, but widespread damage would not happen. The Mac community is so closely knit that we would know about it very quickly. We would just alter our Internet habits & change a few settings to a more secure Mac.

New users would find out how to make their Macs more secure & others would make it secure only for a limited time until the threat has been neutralized then go back to their old ways.

Most anti virus companies give away a free removal tool for specific malware. I think it happened before with the previous piece of malware that hit the Mac community.

Also as someone stated above, Apple would issue a security update/fix.
 
Lixivial said:
Your comment reminded me of a Mac OS X developer's "anti-piracy" technique. I realize that this doesn't cover the point you were making, and it doesn't cover the traditional definition of malware, but I was reminded of it regardless.
Click to expand...
I remember that dev...I think more than one dev with more than one program did something like move the /Users folder into the trash to be deleted on a shutdown or something dumb. He didn't really think it through - something so preposterous...what happens if a legit user got his key stolen...etc.

However, again, I'm just saying given the number of apps that ask for admin passwords, what's so hard about using that password to do a "sudo rm -rf /" without having the user suspect anything wrong with the application (until, of course, the computer reboots and then fails to start up...)?
After G said:
Nothing really; the mac community would target the virus source before it could spread to others.
Click to expand...
That sort of reeks of naïvete. I know a fair number of Mac users who wouldn't know much, and a huge number that think obscurity is security (cause of Apple's small market share) or it's just inherently more secure than Windows, so bad things can't happen (um, but everything has holes...just because something's more secure doesn't mean it's bulletproof...).

Once some not-ridiculous non-proof-of-concept malware is out in the wild, the "mac community" wouldn't be able to deal with the issue before it spreads because there's nothing that says the mac community is any less/more knowledgeable than the windows community. arguably windows users tend to be a bit better about security, only because they have to deal with threats all the time. and that is infinitely better than the laid back approach many Mac users have towards malware because it just doesn't exist for OS X.
Done-on-a-Mac said:
It would get a lot of hype in the media, but widespread damage would not happen. The Mac community is so closely knit that we would know about it very quickly. We would just alter our Internet habits & change a few settings to a more secure Mac.
Click to expand...
I respectfully disagree. It may seem that we are more closely knit, but that is most likely not the case, and it is not going to matter whatsoever if the next completely dangerous malware to show up is a worm that requires no user input. Changing habits and settings will not do anything because people just won't do it. Old habits die hard, if at all. And not all grandmas and parents and other adults and teenagers and kids using Macs will even know about this threat.
Done-on-a-Mac said:
New users would find out how to make their Macs more secure & others would make it secure only for a limited time until the threat has been neutralized then go back to their old ways.
Click to expand...
Only with time, patches, and antimalware software will the threat become neutralized to the point that it won't be widespread, but that does not mean the threat will disappear.
Done-on-a-Mac said:
Most anti virus companies give away a free removal tool for specific malware. I think it happened before with the previous piece of malware that hit the Mac community.
Click to expand...
Most to date have been proofs of concept or jokes. As for the 0day exploits floating around for various Apple software already (anyone remember MOAB?)...some of them have yet to be fixed, even though it's been almost half a year since those..that's only MOAB, nevermind all the others around.
Done-on-a-Mac said:
Also as someone stated above, Apple would issue a security update/fix.
Click to expand...
And like I said, this is not only applicable to Apple software, but is applicable to any and all software you decide to use. Even with security updates, there is no guarantee people will update, and update in a timely manner. That's if Apple even releases a security update for the issue. They actually haven't done so for a lot of sploits I know of...
 
janey said:
That sort of reeks of naïvete. I know a fair number of Mac users who wouldn't know much, and a huge number that think obscurity is security (cause of Apple's small market share) or it's just inherently more secure than Windows, so bad things can't happen (um, but everything has holes...just because something's more secure doesn't mean it's bulletproof...).

Once some not-ridiculous non-proof-of-concept malware is out in the wild, the "mac community" wouldn't be able to deal with the issue before it spreads because there's nothing that says the mac community is any less/more knowledgeable than the windows community. arguably windows users tend to be a bit better about security, only because they have to deal with threats all the time. and that is infinitely better than the laid back approach many Mac users have towards malware because it just doesn't exist for OS X.

I respectfully disagree. It may seem that we are more closely knit, but that is most likely not the case, and it is not going to matter whatsoever if the next completely dangerous malware to show up is a worm that requires no user input. Changing habits and settings will not do anything because people just won't do it. Old habits die hard, if at all. And not all grandmas and parents and other adults and teenagers and kids using Macs will even know about this threat.

Only with time, patches, and antimalware software will the threat become neutralized to the point that it won't be widespread, but that does not mean the threat will disappear.

Most to date have been proofs of concept or jokes. As for the 0day exploits floating around for various Apple software already (anyone remember MOAB?)...some of them have yet to be fixed, even though it's been almost half a year since those..that's only MOAB, nevermind all the others around.

And like I said, this is not only applicable to Apple software, but is applicable to any and all software you decide to use. Even with security updates, there is no guarantee people will update, and update in a timely manner. That's if Apple even releases a security update for the issue. They actually haven't done so for a lot of sploits I know of...
Click to expand...

I see your point of view, though a little pessimistic for me, but you could be right. We can't predict the future & I do know an attack will happen. How bad will it be? Who knows.

If you are right, what would you recommend to help slow the spread of malware?

I know Macs are not 100% safe & some people are naive or too stubborn to do anything, but you make it sound as though we are all screwed. I think people can change though. Even their habits. Also, the media will be all over an attack on OSX, so anyone who watches the news or goes to an online news site, reads a newspaper/magazine, or listens to the radio, will be informed. When a new piece of malware(the really bad ones) comes out for Windows the media jumps on it.
 
Done-on-a-Mac said:
I see your point of view, though a little pessimistic for me, but you could be right. We can't predict the future & I do know an attack will happen. How bad will it be? Who knows.
Click to expand...
There is absolutely no point in being optimistic, at all. Optimism underestimates the issue, causing increased issues as a result of that underestimated issue.
Done-on-a-Mac said:
If you are right, what would you recommend to help slow the spread of malware?
Click to expand...
Other than practicing a few possibly new, possibly old habits every day which include not trusting every file, not having your system wide open, using firewalls, installing antivirus software (if you are on a network with predominently windows machines, to prevent the passing-on of infected files) and updating regularly, there really isn't much. A lot of the work is left up to the likes of Apple, and they don't address all security issues once they pop up, although high profile ones do get fixed relatively quickly.
Done-on-a-Mac said:
I know Macs are not 100% safe & some people are naive or too stubborn to do anything, but you make it sound as though we are all screwed. I think people can change though. Even their habits. Also, the media will be all over an attack on OSX, so anyone who watches the news or goes to an online news site, reads a newspaper/magazine, or listens to the radio, will be informed. When a new piece of malware(the really bad ones) comes out for Windows the media jumps on it.
Click to expand...
You know what, maybe I do sound pessimistic. It's because I fix a significant number of infected computers for friends, family and neighbors using Windows all the damn time (and I am not joking when I say I still see people with Windows 95/98/Me, what makes you think they're gonna install updated anti-malware software, let alone upgrade to XP SP2 or Vista?). Knowing what kind of threats are out there for Windows and how lax we all are and how willingly so many people will think the likes of Geek Squad isn't ripping them off, I don't have much faith in Mac users to do the same. We are all human, there is no special computer security gene that lies within us Mac users.

And anyone who does actually read some of the high profile Windows malware media coverage knows a lot of them resulted in a lot of people/sysadmins/companies not installing patches from Microsoft that had fixed that issue that was now being taken advantage of because it was known that the number of computers unpatched were far greater (like http://www.infoworld.com/article/06/08/10/HNwormfears_1.html). Media coverage != installing patches (if at all even available).
 
Scarlet Fever said:
you'd hope Apple would patch any problem up quickly!
Click to expand...

Yeah. If they were so quick, why did a talentless hack like Landon Fuller get any media attention for using the APE to "fanboy fix" whatever the MOAB crew came out with. Get real. Apple's bug squashing leaves much to be desired.


After G said:
Wirelessly posted (Opera/8.01 (J2ME/MIDP; Opera Mini/3.1.7196/1690; en; U; ssr))

Nothing really; the mac community would target the virus source before it could spread to others.
Click to expand...

That's rich. Really. Keep telling yourself that. Meanwhile, I distinctly remember users of this forum running around like chickens with their heads cut off after Oompa blew right through them, because everyone wanted to get screenshots of Leopard. Talk about set up and knock down.

The thing that is even funnier, for a virus writer is the reaction of the 0wned. That right there is a reward in itself.
CoMpX
'I'm like shaking. Someone please comfort me.'
Click to expand...

http://www.rixstep.com/1/20060312,00.shtml
 
Funny, there were quite a few viruses in the System 7 to Mac OS 9 days... but the problem was never severe enough to force most users to consider antivirus protection. To think that one virus would be enough to infect any sizable percentage of the Mac community today is pretty bizarre.

First, why are viruses on Windows so fast spreading?

Because just about every computer has Windows on it. A mail based virus spreads quickly because between 90 to 100 percent of the recipients are using Windows. The only way those types of numbers could be matched in the Mac community is if Mac users cut themselves off from the rest of society.

So Mac viruses would move very slowly, which in turn makes writing such a virus dangerous (because the likelihood of finding the release point would be far easier).

Second, viruses are most common on Windows because of feature gluttony and poor security by Microsoft.

Windows entered the age of being the virus platform when people realized that Microsoft often threw in features without considering the consequences of them. A perfect example is when Microsoft preinstalled and enabled Visual Basic Scripting by default in Windows 98. The percentage of Windows users who would have needed or wanted that feature was small, and more importantly, they would have also been computer savvy enough to install it themselves when they did need it. This left a major security opening for tons of users who never needed or wanted this feature.

Or how about the back door Microsoft left open on all Windows NT based systems? When that was found, Windows users had one of the worse infections ever... and it could have been even worse than it was (had the original writer made sure it didn't crash Windows NT 4 systems).


So what if we have a virus. Or a few viruses. Or a dozen viruses. Or fifty viruses (which is approaching the number of Mac OS 9 viruses as I recall). Mac users will still not be under the constant siege that Windows users are faced with.

Infact, no platform will ever reach the level of issues that Windows has right now. Between bad planning on Microsoft's part (usually stemming from anti competitive activities) and disproportionate market share, Windows is the perfect storm for viruses. :eek:
 
RacerX said:
Because just about every computer has Windows on it. A mail based virus spreads quickly because between 90 to 100 percent of the recipients are using Windows. The only way those types of numbers could be matched in the Mac community is if Mac users cut themselves off from the rest of society.
Click to expand...
Sorry no, if there was a virus that affected Mac OS X that was transmitted through email (how oldschool) it would obviously affect a lot of Mac users. And like I tried to say above (but judging from your post, obviously failed to make the point), security through obscurity is not security at all. Please stop with the "Mac community" BS (not to you in particular). Community or not it doesn't matter because not everyone is the same well-informed intelligent security-aware advanced user.
RacerX said:
So Mac viruses would move very slowly, which in turn makes writing such a virus dangerous (because the likelihood of finding the release point would be far easier).
Click to expand...
Who says it needs to be a virus to do any damage?
RacerX said:
Second, viruses are most common on Windows because of feature gluttony and poor security by Microsoft.
Click to expand...
By default, OS X is more secure - that does not rule out much. More secure or not, it doesn't mean the product is bulletproof. OS X has its fair share of feature creep and stupid features that should never have been implemented.
RacerX said:
...This left a major security opening for tons of users who never needed or wanted this feature.
Click to expand...
Oh wait, Apple doesn't already leave possibly gaping holes in OS X? Some of which have been publically disclosed already but have yet to be fixed...
RacerX said:
So what if we have a virus. Or a few viruses. Or a dozen viruses. Or fifty viruses (which is approaching the number of Mac OS 9 viruses as I recall). Mac users will still not be under the constant siege that Windows users are faced with.
Click to expand...
Because we are not faced with decades of malware and script kiddies (well, arguably not, but..), but the more appealing the target becomes...
RacerX said:
Infact, no platform will ever reach the level of issues that Windows has right now. Between bad planning on Microsoft's part (usually stemming from anti competitive activities) and disproportionate market share, Windows is the perfect storm for viruses. :eek:
Click to expand...
People make mistakes. It is infeasible to go through tens of millions of lines of code, a lot of which isn't even originally by Apple, to look for security issues. It's a neverending battle to use tools to discover possible bugs. Just because Microsoft came out with a ****** product doesn't justify the security shortcomings of OS X.
 
RacerX said:
Funny, there were quite a few viruses in the System 7 to Mac OS 9 days... but the problem was never severe enough to force most users to consider antivirus protection. To think that one virus would be enough to infect any sizable percentage of the Mac community today is pretty bizarre.
Click to expand...

I can recall getting a virus on my Mac Plus back in the early 90s. Forgot what it was called, but it would corrupt the directory structure on any unprotected floppy disk you inserted into the drive. I still wonder how on earth I managed to get it.

After that, I installed a virus protection program and used it for a few years. Eventually I stopped using it when I upgraded to a Quadra because I never came across another virus after that one instance. Still haven't and hopefully it'll stay like that forever.
 
What the main problem is, is that since everyone grew up on OSs like OS 7-OS9 and Windows, there was no concept of running with the least priviledges. You could hose your own box in an instant because you ran as the equivalent of root.

Why is this a problem? Because today we have multi-user operating systems with users still doing day to day tasks with Admin accounts, rather than running as standard users, and authenticating to Admin status briefly to do certain tasks, then deauthenticating.

That's why Oompa worked, in part. Those who ran the program as standard users were not usually affected because they did not have write privelidges to the system directories IRC.

If a virus comes along on the OS X platform, and we're all running our computers in a sane manner, you just hose one user account. Not the entire system. Big deal.

Why do you think Windows has such a problem? Because people run as admin accounts and hose their entire box.
 
dogbone said:
A real one, not a POC. In the wild, moderately malicious.

Would it be front page news around the world. Would it be analogous to the mac community as AIDS was to the world when it hit the streets circa 1980?

Would you buy anti virus stuff immediately. Would it alter your browsing habits.
Click to expand...

i think it would be front page of the technology and would be big new in the mac community.

i would buy an anti-virus right away and would stay waya from things like LimeWire till my anti virus starts working a bit.

i dont think a virus will happen anytime soon...maybe 10 or 20 years
 
janey said:
Please stop with the "Mac community" BS (not to you in particular). Community or not it doesn't matter because not everyone is the same well-informed intelligent security-aware advanced user.
Click to expand...
Nor do they need to be.

Unless you are naturally paranoid (and you may be), the amount of time and attention one pays to security should be proportional to the threat level. As a Mac user, you have spent more energy on this thread and thinking about Mac security than is warranted by any threat facing the Mac community currently. As I have pointed out many times in the past, a Mac users odds of getting struck by lightning were significantly higher than they were of their Mac being attacked since the release of Mac OS X some six years ago.

Now, could that change?

Sure. But it hasn't. And until that change faces us, there are far greater worries in life that you should devote attention to than this issue (global warming poses a greater threat to Mac users than current Mac security issues).

But like I said, if you are the paranoid type, then knock yourself out making your Mac air tight. I would be willing to bet that you also have bars on all your windows too... most people in relatively secure neighborhoods protect all of our belongings by thin sheets of glass (hardly a real crime deterrent) because that is really all that the threat level of our environment calls for.

Beyond all that, all I see is you preaching FUD. And until an actual threat exists, this is a massive waste of time and energy. Worse, because you are basically crying wolf at this point which means that when a real issue pops up some people will dismiss it as more of your paranoia.

By contrast, I work on Macs for a living... I do service and consulting in this area. So yes, I watch these issues pretty carefully and have worked on confirming or debunking security threats. But I doubt you'll take my advice as you are attempting to argue this issue with me, so lets look at the security precautions that the developer of the last major Mac security flaw takes with his system...
Currently, the only people who want to see Macs have security problems are Windows users (and not the writers of malicious software). But this should not be surprising... after all misery loves company. :D
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back