cause im not that smart lol. i dont even understand what Unix is. i know what i like about my mac and i can convince people that its 'better' than a pc (yes i know a mac is technically a pc, but for the sake of conversation) its what i know best
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Why cant macs get viruses?
- Thread starter angeliscool
- Start date
- Sort by reaction score
cause im not that smart lol. i dont even understand what Unix is. i know what i like about my mac and i can convince people that its 'better' than a pc (yes i know a mac is technically a pc, but for the sake of conversation) its what i know best
Hope this helps?
Permission hierarchy modelled after Unix; specifically, Mac OSX kernel is a hybrid of Mach (Unix compatible microkernel) and FreeBSD. Beneficial security features are taken from both but mostly modelled after FreeBSD.
Almost all services that could be used for a server side exploit are turned off by default. Older versions OSX had packet filter firewall blocking traffic to these services by default and when service turned on then modified firewall rules. Now the services are turned off but application firewall turned off and packet filter is running with no rules. But, if service not listening to a port for incoming then port won't open, hence services turned off.
If turn on these services in the sharing pane, it is a good idea to turn on the firewall. But, firewall can be passed if traffic appears ok as in recent browser exploits. Most of these services are security sensitive so made more inherently secure on all OSes. But, Windows has more of these services turned on by default so greater exposed surface area to find exploit.
Some services always on with port open, such as mDNSresponder. These services always allowed through firewall. Potential root escalation in Tiger in relation to this as mDNSresponder running as root (unconfirmed reports of worm but not in the wild). Now (leopard & snow leopard), mDNSresponder is run unprivileged and heavily sandboxed. As are the other two running exposed services.
Client side exploits (web browser & it's plugins) are limited in being able to install a virus because require user to elevate permissions via the admin password. They require a privilege (root) escalation exploit as part or in conjunction for virus install without user intervention. Beyond the potentiality of the mDNSresponder exploit (already patched), no remote privilege escalations are known for OSX with a "typical" user setup (or system not modified with custom apache setups, etc).
Difficult to effectively sandbox browsers due to broad range of functions and plugins. Sandboxing limits the range of functions that can be performed so hinders the browser. New Split-process model (as in chrome) makes more effectively sandboxing browser easier (as shown by pwn2own). Apple is developing this in Webkit2 and hopefully a new version of Safari is released with this functionality soon.
The Jailbreakme website shows privilege escalation for iOS 4 (iPhone) as the permissions are set up weakly on the iPhone. All iPhones have the same root password (AFAIK) so once known then basically the same as not having one. Correction, Jailbreakme apparently not related to weak password but to kernel bug (with privileges) that can be exploited once out of mobilesafari's sandbox. It should be noted, different hardware architectures (Apple A4 vs PPC vs x86) often mean different bugs or different level of exploitability for bugs.
Permission hierarchy modelled after Unix; specifically, Mac OSX kernel is a hybrid of Mach (Unix compatible microkernel) and FreeBSD. Beneficial security features are taken from both but mostly modelled after FreeBSD.
Almost all services that could be used for a server side exploit are turned off by default. Older versions OSX had packet filter firewall blocking traffic to these services by default and when service turned on then modified firewall rules. Now the services are turned off but application firewall turned off and packet filter is running with no rules. But, if service not listening to a port for incoming then port won't open, hence services turned off.
If turn on these services in the sharing pane, it is a good idea to turn on the firewall. But, firewall can be passed if traffic appears ok as in recent browser exploits. Most of these services are security sensitive so made more inherently secure on all OSes. But, Windows has more of these services turned on by default so greater exposed surface area to find exploit.
Some services always on with port open, such as mDNSresponder. These services always allowed through firewall. Potential root escalation in Tiger in relation to this as mDNSresponder running as root (unconfirmed reports of worm but not in the wild). Now (leopard & snow leopard), mDNSresponder is run unprivileged and heavily sandboxed. As are the other two running exposed services.
Client side exploits (web browser & it's plugins) are limited in being able to install a virus because require user to elevate permissions via the admin password. They require a privilege (root) escalation exploit as part or in conjunction for virus install without user intervention. Beyond the potentiality of the mDNSresponder exploit (already patched), no remote privilege escalations are known for OSX with a "typical" user setup (or system not modified with custom apache setups, etc).
Difficult to effectively sandbox browsers due to broad range of functions and plugins. Sandboxing limits the range of functions that can be performed so hinders the browser. New Split-process model (as in chrome) makes more effectively sandboxing browser easier (as shown by pwn2own). Apple is developing this in Webkit2 and hopefully a new version of Safari is released with this functionality soon.
The Jailbreakme website shows privilege escalation for iOS 4 (iPhone) as the permissions are set up weakly on the iPhone. All iPhones have the same root password (AFAIK) so once known then basically the same as not having one. Correction, Jailbreakme apparently not related to weak password but to kernel bug (with privileges) that can be exploited once out of mobilesafari's sandbox. It should be noted, different hardware architectures (Apple A4 vs PPC vs x86) often mean different bugs or different level of exploitability for bugs.
Dude, you and I have had this discussion before. Even *IF* you were an expert security researcher with global resources, which I doubt, you would be in no position to make that statement.
Being someone that has been in Security for many years, most people in the field know that just because THEY have never heard of something doesn't mean that don't exist.
Few people are arrogant enough to think that they know everything.... You are making statements that even Apple will not make publicly.
And..
Worms are *typically* considered worse than viruses for the simple fact that a user typically has to do something to get a virus, plug in a USB drive, open a document, run an infected executable, etc. Worms can infect systems without any action from a user, often network open ports.
"A Mac isnt susceptible to the thousands of viruses plaguing Windows-based computers. Thats thanks to built-in defenses in Mac OS X that keep you safe, without any work on your part."
Well of course it doesn't. Microsoft Windows executable code does not run on Macs... or Linux, or Solaris, etc.
PC viruses will not run on a Mac is NOT the same as saying that there are no Mac Viruses.
Don't get me wrong, I'm not saying that are any either. I would, however, bet a small sum of money that there is at least 1 in the wild someplace. I do agree with you though on the point that it's not something to spend any time losing sleep over.
I can make that statement because no one can refute it with facts.
For someone to say there are no viruses in the wild that run on current Mac OS X, just because they haven't heard of any would be foolish. My statement that there are no viruses in the wild that run on current Mac OS X, is because NO ONE on the planet has heard of any. Big difference! With so much attention being focused on this issue, especially concerning Macs, the appearance of even one true virus would be made known across the world in a matter of hours.
Of course Apple won't make such statements publicly, even though they're true. That's because the statement is true for now, but could change tomorrow. If or when that happens, Apple's public statements would be turned against them in the media.
If anyone challenges the statement that no viruses exist in the wild that affect Leopard or Snow Leopard, there's only one simple thing they can do to prove otherwise: name one such virus. If you can't, my statement stands.
If I were you, I'd spend time talking about the consequences of not having to worry about viruses. I'd guess that your audience (or instructor) doesn't care too much about how and why malware isn't a big Mac problem.
When I switched from PC to Mac, one of the reasons was that I was weary of maintaining all the protection software that I felt my PC required -- anti-virus, anti-spyware, an excellent (but fairly high-maintenance) firewall, and so on.
It all came home to me when I had to start up a laptop that had been sitting unused for a year, so I could lend it to somebody. It took two hours to get itself all updated and safe and ready to go. That really made me think. Even on an ordinary boot (and this with a dual-processor Xeon system) there was a lot of lag while everything got going. And on my laptop, the one I used regularly, boot times were 3-5 minutes, again, while all the anti-everything got going and checked for updates, etc. etc.
With my macs (Mac Pro 1,1, a couple of Macbook Pros) boot times are very short. This is normal.
So that's what I'd focus on -- the overhead, and the user experience, that is, the consequences of not having to worry very much about mal-anything, in everyday life.
I never had a problem with Windows, from the early nineties until 2006, when I switched. I was careful. My blue-screen count was very low. And there are many users like me.
Don't waste time bashing Windows in your presentation. It's not worth it. Simply point out that Windows can be very safe to use, at the hands of a careful user, but that there's really a lot of overhead involved in making it safe. And you don't have this overhead on a Mac.
Nobody in his right mind will ever claim that Macs CAN'T get viruses - at this point in time, they just don't get viruses because apparently nobody has ever written one or exploited a security hole that could be used for successful infection and replication of the virus.
In any case, that doesn't mean that it's generally impossible and can't be done.
There is no such thing as a 100% secure system.
Post of the day!
I agree with a lot of other things said in this thread but Winni has summed it up perfectly.
I hope the OP's presentation goes well.
You might find it interesting to read (from Wikipedia or wherever) about Unix and its history, to get a better understanding of why OS X is what it is. Unix was designed from the start to be an OS that could be portable (running on different computer platforms), multi-tasking and multi-user (since it tended to run on mainframe computers in those days).
The implications? Since the OS was designed to be portable, the code was written in a higher-level language which made it easier to understand (e.g. C, not difficult-to-learn assembly language). And, today most distributions are open-source, meaning that all the code is out in the open. Meaning that programmers have had decades to see, understand, and improve the code. You might think "well, gee, if the code is openly accessible, then any hacker could study the code and discover a vulnerability". Yes, but so can everyone else, and once someone finds one, hundreds or thousands of people are willing and able to fix it immediately -- before anyone has time to release a virus that exploits it.
Being a multi-user operating system from the start means that the OS was designed with security and access rights in mind -- so that different users don't trample on each other's toes. Thus there is the concept that files can be owned by certain users, and untouchable by anyone else, and the concepts of admin rights, user space versus OS kernel space, etc. This makes it very difficult for code to intentionally do something bad.
You might find it interesting to read (from Wikipedia or wherever) about Unix and its history, to get a better understanding of why OS X is what it is. Unix was designed from the start to be an OS that could be portable (running on different computer platforms), multi-tasking and multi-user (since it tended to run on mainframe computers in those days).
The implications? Since the OS was designed to be portable, the code was written in a higher-level language which made it easier to understand (e.g. C, not difficult-to-learn assembly language). And, today most distributions are open-source, meaning that all the code is out in the open. Meaning that programmers have had decades to see, understand, and improve the code. You might think "well, gee, if the code is openly accessible, then any hacker could study the code and discover a vulnerability". Yes, but so can everyone else, and once someone finds one, hundreds or thousands of people are willing and able to fix it immediately -- before anyone has time to release a virus that exploits it.
Being a multi-user operating system from the start means that the OS was designed with security and access rights in mind -- so that different users don't trample on each other's toes. Thus there is the concept that files can be owned by certain users, and untouchable by anyone else, and the concepts of admin rights, user space versus OS kernel space, etc. This makes it very difficult for code to intentionally do something bad.
It's a combination of how easy is to write malware and the market share. Mac OS had viruses, even with it minuscule market share, because it was very easy to write them. Nowdays writing malware for Mac OS X is a bit easier than writing it for Windows, but given that windows has 95% market share, all of if is written for windows.
Macs have a larger market share now than ever before. Yet, when the market share was much smaller (OS 9 and earlier), there were a few viruses. Now that the market share has grown, instead of the number of viruses growing proportionately, the number is now zero. The market share argument simply isn't logical.
On which facts are you basing that statement? Please explain.
Who else do you think writes viruses? There are plenty of "bored or vicious kids" out there with the skills necessary to write viruses. So why have none been released that run on Mac OS X?
You are being disingenuous. No honest person who understands security issues would rely on his/her own personal knowledge to make the argument about the superiority of MacOS X with respect to these issues. AFAIK, the best source of information about malware is Symantec's SARC website. It maintains a current list of every known malware title and threat on MS-DOS, Windows, and the Mac. The MacOS X malware listed are two or three proofs-of-concepts [not in the wild] and attempts at denial of service (DoS) attacks. SARC lists no breaches of MacOS X in the wild--none.
Disingenuous how? I'm taking issue with people that state for a fact that "No Mac Viruses exist in the wild" as an absolute statement.
There is no Master Catalogue of viruses. The number of known viruses will always be less than the actual number in the wild. It is not uncommon for viruses to existing in small, somewhat isolated pockets. Also remember, when referring to viruses on a platform you also have to take into account 3rd party software like PDF, Flash, email clients, image viewers, etc. A virus is executable code that replicates itself to infect other systems. It can use executable files, image files, spreadsheets or other data files. Making the statement that not one single virus exists in the world seems unlikely and is certainly unprovable. The best anyone can say is that there are no *KNOWN* viruses in the wild. That is a perfectly reasonable statement.
As far Mac being more secure than Windows based PCs. Macs are generally consider more secure than Windows. Thats not just my opinion, that is the opinion most security research that I am aware of.
Unless you can prove such a statement is false by naming just one in the wild Mac OS X virus, your argument is void.
The WildList Organization International
http://www.virusbtn.com/resources/wildlists/index.xml
Correction. The number of known viruses will always be more than the actual number in the wild, since known viruses would include both in-the-wild and proof-of-concept viruses.
An isolated virus in an "isolated pocket" is, by definition, NOT "in the wild".
Name one such virus that runs in the Mac OS X environment.
No one is saying that no virus exists in the world that runs on Mac OS X. The statement is "no virus exists in the wild that runs on Mac OS X." Being in the wild means the average user can encounter it under normal circumstances. With millions of Mac users around the world, if even one such virus existed, it would have been made known by now.
You can continue to offer baseless arguments with no foundation in facts, or, if you really want to end this, you can simply name, out of the millions of Macs in the world, just ONE virus that exists in the wild that runs on Leopard or Snow Leopard. Name ONE Mac user who unintentionally had their Mac infected by a virus that runs on Mac OS X. Just one. Only one. No more than one. One.
I'm going to make one last post of this and then let it go.
You care clearly an intelligent person. I'm not trying to insult you. However, YOU made the comment that there are "Exactly zero viruses on Mac OS X". YOU are the person that requires proof, not me. And my point is that YOU can not proof YOUR statement.
I concede that there very well may not be any Mac OS X virus in the wild. However, it is nearly impossible for anyone to prove that. All anyone can say is that there are no publicly known viruses on Mac OS X. It is a subtle but very important difference.
EDIT: Please note: My initial statement was "Macs can get viruses". I never stated or implied that they were a major problem. I stated that it was possible. A virus requires something like an arbitrary code execution vulnerability. Those DO exist in Mac OS X.
I can prove my statement by the fact that no one can provide evidence to the contrary.
Read the part of my message that says that it's combination of factors. Saying that market share doesn't play a role is ilogical. Since the difficulty of writting malware is almost the same, market share is the main discrimination factor.
Just to name one, IE8 in vista and 7 runs in a sandbox
If that were the case, explain why are there no Mac OS X viruses in the wild today, with Mac's larger market share, while there were Mac viruses in the wild years ago, when Mac's market share was much smaller.
Mac OS X has been using sandboxing for years. You still haven't explained your statement:
That's actually a logical fallacy. I'm not saying I disagree with your statements regarding Mac viruses, but you're using faulty logic to argue it.
Idea A is not proven by a lack of evidence against it. Idea A is only proven with evidence for it. A lack of evidence against it does not count as evidence for it (when it comes to proof). If there is no evidence at all against Idea A, then it makes Idea A likely to be true but it's far from proof.
If, hypothetically, I've lived in a locked-down facility where absolutely no one has seen me in 10 years, and I claim my hair color is dyed green, and use the evidence of the fact that no one can say otherwise, I have not proved my hair color is green. If I then show you a current photograph of myself with green hair (and it's possible to verify it's from me and not altered in any way) then I have proven that I have dyed my hair green.
Lack of evidence to the contrary is not proof, though it does increase likelihood. This is why you can't prove, on an absolute level, that there are no viruses for Macs in the wild simply because no one has found one yet. For the average user, saying that there are no viruses for Macs is a true enough statement. But when you get down to it, the fact that no one has found it doesn't mean that it doesn't exist.
Security-wise MacOS was like Win98, it was very easy to write malware targeting those systems. Since it was very easy to write malware, it has got some viruses regardless of its tiny market share.
Safari doesn't run in a sandbox
Then explain why the number of viruses in the wild didn't increase, as Mac OS's market share increased. Explain why the number went down, instead of up.
We're not talking about Safari. We're talking about Mac OS X. You still haven't explained why "Nowdays writing malware for Mac OS X is a bit easier than writing it for Windows,"
Very easy to explain, market share of OS X increased a bit, but the difficulty of writting malware increased relatively a lot. Are you saying that if you were in the business of writting malware you wouldn't factor market share in? Come on!
People generally use the default browser on the system they are using. Safari is the default browser for Mac OS X and IE is the default browser on Windows