Viruses on Mac OS X.
This morning, I got involved in a Macs vs. PCs argument on a listserve I belong to on the topic of viruses and security. There had been an email on the listserve that was spam, and some of the email variations were infected with a virus. Someone asked about the email, got told about the virus and was also told by one of the participants in the thread that he hoped that the asker was running a current anti-virus program that has the virus files updated. The asker responded with “No, I’m not running any of that stuff actually. I’m on a Mac ;)” The respondent who had asked about the antivirus program said “I wonder why you’re not. Macs can/have been infected by viruses. They aren’t the same one for the PCs, but there are viruses for the Mac.”
Thus did the argument begin. I pointed out that while there were viruses running around on Mac OS, there aren’t any for Mac OS X (aside from the obligatory mention of MS Office macro viruses). The Mac OS viruses that I’d run across in general were pre-8.5, and couldn’t even run in Classic today. Mac antivirus developers do a great job, and I’m the first one to say “Antivirus? Sure, install that. Cheap insurance against the inevitable.” But actual viruses running around on OS X that can actually do anything, destructive or otherwise? I just haven’t run across any. Spyware’s been a big zero on OS X as well, with the exception of commercial programs like Spector.
So where did this pervasive meme of viruses on the Mac come from? Does it come from “Well, it’s on Windows, so it must be on the Macs too,”? Is it FUD at work? Is it just generalization? Leave your thoughts in the comments.
Trackbacks/Pingbacks (Trackback URL)
Comments RSSComments
#1 Chris Holland says:I think that there are two questions worth distinguishing:
1) are there viruses on Mac OS X
2) will there be viruses on Mac OS X
3) if a Mac OS X user gets infected how easy can it spread to other Mac OS X users.
These questions often get confused and blurred, and throw the debates in all kinds of silly directions.
The answer to 1) is, for now, as you pointed out, NO.
More interesting questions are 2) and 3). My take on 2) and 3) is vaguely covered in 2 articles:
- security
- More on ActiveX
Regardless of what operating system you’re running, there will always be an infinite amount of ways an end-user can compromise the security of their computer, most especially a networked computer.
A more relevant question I would ask is whether a piece of Anti-Virus software would be the most effective way to protect an end-user computer that runs an operating system with decent-to-good security design. If i’m dumb enough to install and run a piece of software i obtained over Kazaa, no anti-virus software is going to anything more useful than Mac OS X’s already built-in first-download-run warning. How else am i to acquire a virus? email preview? no. clicking attachment? sure, if i get past the warning. Loading a web page? no. Downloading a file from a web page? sure, if i get past the warning.
AV software is extremely effective at scrubbing malicious ware that has spread itself out in one form or another and that is widely recognizable. Once I get infected on my Mac OS X machine, how many of my friends are likely to also get infected? How many of their friends can they infect without their knowledge? How long will it take until it even gets on an AV firm’s radar so they can publish a patch for it?
The other thing is, there just aren’t that many Mac users out there, which would make it even less likely for any given virus to spread itself enough to make it onto an AV firm’s radar.
Anti-Virus makers have had a lucrative business model on the Windows platform because of the numerous design flaws that have for years plagued it, and holes Microsoft has failed to plug, AV firms have been fixing.
But right now, as far as i’m concerned, I need more flaws in Mac OS X, a million time more Mac users out there, a million time more of them infected with the SAME viruses, to consider a piece of Anti-Virus software, an effective way to protect my Mac from viruses.
Until all this happens, I’ll be sticking to preventive measures to make sure I don’t get my sorry @ass infected.
#2 Kevin Ballard says:I’m going to guess that the reason so many people think there are viruses on the Mac are one of two things: 1) There’s viruses on windows, so of course there’s viruses on the Mac, and 2) wishful thinking (i.e. rationalization for why they shouldn’t switch to the Mac).
Oh, and I think antivirus software for the Mac is a complete waste of time. It takes up resources (memory and CPU) and does nothing for the present-day Mac user. The only thing that I’ve heard that makes any sense is to scrub Windows viruses so you play nice in a Windows world, but I don’t really understand that one - why would I be spreading any Windows viruses?
#3 Rich Heend says:I think the main reason people believe there are viruses out there for the Mac is, well, because there are. Every so often security firms and antivirus companies release a press release that says they’ve discovered a Mac virus. The real point is that none has been spread nor has it been detected in the wild. The follow-up to these headlines — that the viruses are merely proof-of-concept or exploits of soon-to-be-closed security holes — is rarely covered by the computing press, much less read by the general public.
#4 Jim Bailey says:Sorry Rich Heend but you are wrong. It is possible that security companies announce various security problems with OS X but they have never once announced a virus. Not once. If you think I’m wrong, please post a link.
There have been numerous OS X security issues. They generally get patched by Apple in a short period of time. Users mostly leave the automatic software update of OS X turned on so those patches propagate throughout the Mac community in short order.
And there have been a few reports of malicious trojan horses reported as well. Those trojans are simply applications that naive or ignorant users run without vetting the source of the application. They get them through file sharing networks or off of usenet etc and run them. A famous one was supposed to be a cracked version of Office for OS X that was really a trojan that deleted user files. Another is a trojan is called Opener that installs various Unix rootkit code in your Mac but none of those has any way to propagate without a user running an application.
You have fallen prey to the exactly what the blog author was asking about. Would you care to elaborate on why you fell for it? It might give us some insight into where this misinformation comes from.
#5 Matt says:I think it’s just that PC users have a hard time imagining life without viruses.
#6 Peter says:“If i’m dumb enough to install and run a piece of software i obtained over Kazaa, no anti-virus software is going to anything more useful than Mac OS X’s already built-in first-download-run warning.”
Wrong.
First off, anti-virus software can detect these things, essentially giving the user a real warning rather than the generic “This might be bad” warning.
Which means you’re getting a warning of a real event which the user will respond to. “Huh? I’ve downloaded 100 apps and never seen this warning before. Better not run it…” versus having seen the same message 100 times before.
Heck, most of us just click through that warning anyway with a “Yeah, yeah, yeah…” It’s like the FBI warning at the start of a movie.
#7 Peter says:“If i’m dumb enough to install and run a piece of software i obtained over Kazaa, no anti-virus software is going to anything more useful than Mac OS X’s already built-in first-download-run warning.”
Wrong.
First off, anti-virus software can detect these things, essentially giving the user a real warning rather than the generic “This might be bad” warning.
Which means you’re getting a warning of a real event which the user will respond to. “Huh? I’ve downloaded 100 apps and never seen this warning before. Better not run it…” versus having seen the same message 100 times before.
Heck, most of us just click through that warning anyway with a “Yeah, yeah, yeah…” It’s like the FBI warning at the start of a movie.
#8 rlmorel says:Scott Granneman said it best:
Linux vs. Windows Viruses
By Scott Granneman, SecurityFocus
Posted: 06/10/2003 at 09:55 GMT
Opinion To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it, writes SecurityFocus columnist Scott Granneman.
We’ve all heard it many times when a new Microsoft virus comes out. In fact, I’ve heard it a couple of times this week already. Someone on a mailing list or discussion forum complains about the latest in a long line of Microsoft email viruses or worms and recommends others consider Mac OS X or Linux as a somewhat safer computing platform. In response, another person named, oh, let’s call him “Bill,” says, basically, “How ridiculous! The only reason Microsoft software is the target of so many viruses is because it is so widely used! Why, if Linux or Mac OS X was as popular as Windows, there would be just as many viruses written for those platforms!”
Of course, it’s not just “regular folks” on mailing lists who share this opinion. Businesspeople have expressed similar attitudes … including ones who work for anti-virus companies. Jack Clarke, European product manager at McAfee, said, “So we will be seeing more Linux viruses as the OS becomes more common and popular.”
Mr. Clarke is wrong.
Sure, there are Linux viruses. But let’s compare the numbers. According to Dr. Nic Peeling and Dr Julian Satchell’s Analysis of the Impact of Open Source Software (note: the link is to a 135 kb PDF file):
“There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions, and perhaps 40 for Linux. Most of the Windows viruses are not important, but many hundreds have caused widespread damage. Two or three of the Macintosh viruses were widespread enough to be of importance. None of the Unix or Linux viruses became widespread - most were confined to the laboratory.”
So there are far fewer viruses for Mac OS X and Linux. It’s true that those two operating systems do not have monopoly numbers, though in some industries they have substantial numbers of users. But even if Linux becomes the dominant desktop computing platform, and Mac OS X continues its growth in businesses and homes, these Unix-based OS’s will never experience all of the problems we’re seeing now with email-borne viruses and worms in the Microsoft world. Why?
Why are Linux and Mac OS X safer?
First, look at the two factors that cause email viruses and worms to propagate: social engineering, and poorly designed software. Social engineering is the art of conning someone into doing something they shouldn’t do, or revealing something that should be kept secret. Virus writers use social engineering to convince people to do stupid things, like open attachments that carry viruses and worms. Poorly designed software makes it easier for social engineering to take place, but such software can also subvert the efforts of a knowledgable, security-minded individual or organization. Together, the two factors can turn a single virus incident into a widespread disaster.
Let’s look further at social engineering. Windows software is either executable or not, depending on the file extension. So if a file ends with “.exe” or “.scr”, it can be run as a program (yes, of course, if you change a text file’s extension from “.txt” to “.exe”, nothing will happen, because it’s not magically an executable; I’m talking about real executable programs). It’s easy to run executables in the Windows world, and users who get an email with a subject line like “Check out this wicked screensaver!” and an attachment, too often click on it without thinking first, and bang! we’re off to the races and a new worm has taken over their systems.
Even worse, Microsoft’s email software is able to infect a user’s computer when they do something as innocuous as read an email! Don’t believe me? Take a look at Microsoft Security Bulletins MS99-032 ,MS00-043 ,MS01-015 ,MS01-020 ,MS02-068 , or MS03-023 , for instance. Notice that’s at least one for the last five years. And though Microsoft’s latest versions of Outlook block most executable attachments by default, it’s still possible to override those protections .
This sort of social engineering, so easy to accomplish in Windows, requires far more steps and far greater effort on the part of the Linux user. Instead of just reading an email (… just reading an email?!?), a Linux user would have to read the email, save the attachment, give the attachment executable permissions, and then run the executable. Even as less sophisticated users begin to migrate to Linux, they may not understand exactly why they can’t just execute attachments, but they will still have to go through the steps. As Martha Stewart would say, this is a good thing. Further, due to the strong community around Linux, new users will receive education and encouragement in areas such as email security that are currently lacking in the Windows world, which should help to alleviate any concerns on the part of newbies.
Further, due to the strong separation between normal users and the privileged root user, our Linux user would have to be running as root to really do any damage to the system. He could damage his /home directory, but that’s about it. So the above steps now become the following: read, save, become root, give executable permissions, run. The more steps, the less likely a virus infection becomes, and certainly the less likely a catastrophically spreading virus becomes. And since Linux users are taught from the get-go to never run as root, and since Mac OS X doesn’t even allow users to use the root account unless they first enable the option, it’s obvious the likelihood of email-driven viruses and worms lessens on those platforms.
Unfortunately, running as root (or Administrator) is common in the Windows world. In fact, Microsoft is still engaging in this risky behavior. Windows XP, supposed Microsoft’s most secure desktop operating system, automatically makes the first named user of the system an Administrator, with the power to do anything he wants to the computer. The reasons for this decision boggle the mind. With all the lost money and productivity over the last decade caused by countless Microsoft-borne viruses and worms, you’d think the company could have changed its procedures in this area, but no.
Even if the OS has been set up correctly, with an Administrator account and a non-privileged user account, things are still not copasetic. On a Windows system, programs installed by a non-Administrative user can still add DLLs and other system files that can be run at a level of permission that damages the system itself. Even worse, the collection of files on a Windows system - the operating system, the applications, and the user data - can’t be kept apart from each other. Things are intermingled to a degree that makes it unlikely that they will ever be satisfactorily sorted out in any sensibly secure fashion.
The final reason why social engineering is easier in the Windows world is also an illustration of the dangers inherent in any monoculture, whether biological or technological. In the same way that genetic diversity in a population of living creatures is desirable because it reduces the likelihood that an illness - like a virus - will utterly wipe out every animal or plant, diversity in computing environments helps to protect the users of those devices.
Linux runs on many architectures, not just Intel, and there are many versions of Linux, many packaging systems, and many shells. But most obvious to the end user, Linux mail clients and address books are far from standardized. KMail, Mozilla Mail, Evolution, pine, mutt, emacs … the list goes on. It’s simply not like the Windows world, in which Microsoft’s email programs - Outlook and Outlook Express - dominate. In the Windows world, a virus writer knows how the monoculture operates, so he can target his virus, secure in the knowledge that millions of systems have the same vulnerability. A virus targeted to a specific vulnerability in Evolution, on the other hand, might affect some people, but not everyone using Linux. The growth of the Microsoft monoculture in computing is a dangerous thing for users of Microsoft products, but also for all computing users, who suffer the consequences of disasters in that environment, such as wasted network resources, dangers to national security, and lost productivity (note: the link is to a 880 kb PDF file).
Now that we’ve looked at the social engineering side of things, let’s examine software design for reasons why Linux (and Mac OS X) is better designed than Microsoft when it comes to email security. Microsoft continually links together its software, often not for technical reasons, but instead for marketing or business development reasons (see the previous link for corroboration). For instance, Outlook Express and Outlook both use the consistently-buggy Internet Explorer to view HTML-based emails. As a result, a hole in IE affects OE. Linux email readers don’t indulge in such behavior, with two exceptions: Mozilla Mail uses the Gecko engine that powers Mozilla to view HTML-based email, while KMail relies on the KHTML engine that the Konqueror browser uses. Fortunately, both Mozilla and the KDE Project have excellent records when it comes to security.
Further, the email programs themselves are designed to act in a more secure manner. The default behavior of the email program I prefer - KMail - is to not load external references in messages, such as pictures and Web bugs, and to not display HTML. When an HTML-based email shows up in my Inbox, I see only the HTML code, and a message appears at the top of the email: “This is an HTML message. For security reasons, only the raw HTML code is shown. If you trust the sender of this message then you can activate formatted HTML display for this message by clicking here.” But even after I activate the HTML, certain dynamic elements that can be introduced in an HTML-based email - like Java, Javascript, plugins and even the “refresh” META tag - do not display, and cannot even be enabled in KMail.
Finally, if there is an attachment, it does not automatically run … ever. Instead, I have to click it, and when I do, I get a dialog box offering me three options: “Save As …” (the default), “Open With …”, and “Cancel”. If I have mapped a file type to a specific program - for instance, I have associated PDFs with the PS/PDF Viewer, then “Open With …” instead says “Open”, and if I choose “Open”, then the file opens in the PS/PDF Viewer. However, in either case, the dialog box always contains a warning advising the user that attachments can compromise security. This is all good, very good.
For all these reasons, even if a few individuals got infected with a virus due to extremely foolish behavior, it’s unlikely the virus would spread to other machines. Unlike Sobig.F, which is the fastest spreading virus ever , a Linux-based Virus would fizzle out quickly. Windows is an inviting petri dish for viruses and worms, while Linux is a hostile environment for such nasties.
Some caveats
There is one Linux distribution that is ignoring many years of common sense, good design, and an awareness of secure operating environments in favor of a Microsoft-like deprecation of security before the nebulous term “ease of use”: Lindows. By default, Lindows runs the user of the system as root (and it even encourages the user to forgo setting up a root password during installation by labeling it as “optional”!), an unbelievably shortsighted decision that results in a Linux box with the same security as a Windows 9.x machine.
If you go to the Lindows Web site, they state that it is possible to add other, non-privileged users, but nowhere in the operating system do they advocate adding these other users. Yet they claim their distribution of Linux is secure! In an effort to emulate Microsoft and make things “easy”, they have compromised the security of their users, an unforgivable action. No one in the field of security, or even IT, can recommend Lindows while such a blatant disregard for security is the norm for the OS.
Yet some Linux machines definitely need anti-virus software. Samba or NFS servers, for instance, may store documents in undocumented, vulnerable Microsoft formats, such as Word and Excel, that contain and propagate viruses. Linux mail servers should run AV software in order to neutralize viruses before they show up in the mailboxes of Outlook and Outlook Express users.
Security is, as we all know, a process, not a product. So when you use Linux, you’re not using a perfectly safe OS. There is no such thing. But Linux and Mac OS X establish a more secure footing than Microsoft Windows, one that makes it far harder for viruses to take hold in the first place, but if one does take hold, harder to damage the system, but if one succeeds in damaging the system, harder to spread to other machines and repeat the process. When it comes to email-borne viruses and worms, Linux may not be completely immune - after all, nothing is immune to human gullibility and stupidity - but it is much more resistant. To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it. I know which one I’ll trust. How about you?
#9 doug says:To answer the author, the reason people believe mac users should be running virus protection programs is because everyone knows it is possible that someday an OS X virus may be written. And because to most people the internet represents the incarnation of the “infinite number of monkeys” anything that can happen, will happen.
And because you can never prove a negative, they will always believe they are just days away from proving all us smug Mac users wrong, they will always stick to their guns.
I also want to respond to Peter because although he may be technically correct, it is not really worth mentioning. Sure, once a trojan has spread, virus programs can step in an protect you from them but the type of trojan that showed up on OS X would probably never be added as it had no way to propagate its’ self. I could write a thousand variants of a script or application that deleted files if you were stupid enough to run it. Hell, I could write code that wrote code that did this and generate these types of trojans faster than virus checkers could be updated. The reason nobody does is because these are useless trojans. Push them onto the P2P sites and they die because anyone who downloads them and runs them immediately delete them. Thus killing them (no more need for virus definition). For this reason, virus definitions will probably never be written for these because statistically they will help nobody.
Trojans become interesting when they can take advantage of other bugs and can spread. Nothing like that exists for OS X. So, although it is true that someday, someone may write an OS X virus, it is not accurate to imply that any have ever existed or that anyone would be safer if they ran a virus program on OS X today, which is the heart of the question Peter was trying to answer.
#10 Chris Holland says:Peter, Doug nails the point i was trying to make right on the head: It comes down to how effective an Anti-Virus company can be at updating its definitions, based on a Virus that has successfully spread itself, or has very significant chances to spread itself for it to be worth their time and money spent developing and distributing an update to their definition.
For the full definition of a Virus to be complete, a malicious program needs to spread itself. Otherwise, it’s just that, a malicious program. Or a trojan. Or a proof-of-concept.
Again, until things change in the Mac OS X world, I’m really not sure a piece of Anti-Virus software is the most effective way to protect my mac from viruses. Anti-Virus software is typically more “reactive” in nature, and only has a track record of truly being effective when nailing viruses that have already spread.
I’d rather stick to preventive measures, such as my ISP (earthlink) allowing me to scrub viruses from my email (hey, saves some bandwidth), not running any TCP servers unless i absolutely have to, and staying away from paths of infection.
#11 Chris Holland says:Peter, also by “detect these things”, I assume you’re talking about “suspect behavior” a piece of software may have. Could you provide specific examples of where a piece of Anti-Virus software has successfully detected “suspect behavior” without obnoxiously intruding in a user’s day-to-day activities.
Since I’m paranoid about security, and because i’m always curious to know what my applications are doing, I’ve for a while run an application called “Little Snitch” which prompts a dialog box before a piece of software initiates any network connection, allowing me to add said piece of software to an “allow list”. It leverages OS X’s built-in firewall. That’s not a piece of Anti-Virus software, this falls under “preventive measures”. While it works well for me as I’m a geek, it does get a bit obnoxious at times, and I often find myself turning it off.
It is very difficult to accurately algorithmically define “suspect behavior” without at some point risking obstructing an end-user’s productivity. The only time I’ve seen a piece of Anti Virus software actually be effective, is when the software had acted on a known virus that had already had a chance to spread itself.
#12 ex2bot says:Wow! People are really confused about viruses on the Mac. _There_are_NO_Mac_viruses_that_affect_OS_X. None. Not 40 or so. None. Sorry. None. (None discovered, that is). There haven’t been for the past several years that OS X has existed.
I read somewhere, and I’m sorry I can’t remember where, an excellent article that blew holes in the “security through obscurity” argument that many use to try to convince others that A) Macs aren’t more secure and B) Mac users should use virus checkers.
The article author wrote that OS X will likely never be as popular as Windows. Thus it stands to reason that it will never have anywhere near as many viruses to worry about.
Here’s what I’ll add: Some say, “Run a virus checker to protect Windows users, you Mac people.” I say, “Why?” Don’t Windows users run virus checkers themselves?
I don’t run a virus checker. When a Mac OS X virus surfaces, and depending on its impact, I will likely buy and run antivirus software. Until then, nope. Antivirus software won’t likely protect my machine initially anyway. The company will have to issue an update first. So, I have time to buy and install when it becomes necessary.
Here’s another silly one: Some say, “Well the Mac market is too tiny to support viruses. Shoot, we had viruses on the Amiga with only 3 million users back in the 80s and 90s. Only a few dozen. But there were viruses in the wild.
Now, get this: There are over 10 million Mac OS X users. Chris Holland said that we’d need a million times more Mac users. Well, Chris, that would be (if my math is right) 10 TRILLION Mac users. I don’t think a lot of people have an idea of how many Mac users there are out there.
Doug
#13 Limeybloke says:Actually according to Jobs’s Keynote at WWDC they’ve sold about 2 million copies of tiger which, with sales of preloaded tiger accounts for 16% of mac users. In total all types of OSX account for 90% of the market so thats about 12 million with about another 1.5 million still on OS9 and below .
#14 Dan says:Sure, with (possibly) no known viruses in the wild you wonder why bother with the AV program? Well, protecting against theoretical threats is not without value, But arguing about viruses in isolation is foolish. What you should be concerned about is security in general. You need to think about vulnerabilities, exploits, intrusions, spyware, etc. - the whole witch’s brew of networked computing. A good antivirus program will lend some additional protection against these as well (and will protect windows users downstream of you). And firewalls that vet outgoing packets (like “Little Snitch”) are a key element too, since a lot of malware is aimed at “calling home” and establishing a back door into your system.
Thinking that Macs are somehow risk-free is pure hubris. Haven’t you noticed the periodic security updates to the system? They don’t just do those for the fun of it.
Just because Macs are bank vaults compared to Windows doesn’t mean no one’s trying to get in.
#15 ex2bot says:I think most or all of us agree that thinking Macs are risk-free is folly.
I personally apply all security patches and use stronger passwords. And I don’t believe Macs are invulnerable. But it’s irritating seeing all these stories with factual errors and poor logic. There are NO Mac viruses. And Windows IS swiss cheese (esp. prior to SP2).
If someone was going to run Mac antivirus software, wouldn’t s/he also want to run Mac anti-spyware software? I’m surprised none exists. Except for the tiny little fact that—> There is NO Mac spyware either.
Doug
#16 Laird Popkin says:Buying anti-virus software for MacOS X is senseless. Since there are _no_ MacOS X viruses, there’s no benefit, and very real costs. Aside from wasting money (in aggregate, a lot of money — $69.95 for 10m Mac users is apparently worth fear-mongering for), anti-virus software slows down and destabilizes your system. And since there aren’t any MacOS X viruses, these applications have nothing useful to check for - they can only check for Windows viruses that won’t affect you, or test for generic threats on the off chance that some hypothetical future virus author doesn’t bother to test their software. And since MacOS X is much more secure than Windows, both by design and implementation, I wouldn’t worry too much about this happening any time soon.
Similar, there is no spyware for the Mac. So anti-spyware software is currently also a waste of time and money. But since there’s no way that the OS can block spyware (it’s an application that you choose to install) these could start popping up.
Of course, should spyware and viruses start targeting MacOS X in sufficient quantities to be meaningful, that could change the equation. But it doesn’t make sense to spend a lot of money, and make your computer slower and less reliable, in order to have a small chance of blocking a hypotentical future threat. Instead, it’s smarter to wait until there’s an actual virus to block, then see what program actually blocks it and install that.
#17 Rich Trouton says:I would argue that buying AV software for your Mac is not senseless. It’s insurance. Having it in place already before you have a problem puts you that much ahead of the game. Of course, where I work, we’re mandated to have it so I have to be running it anyway.
#18 Jake Sisko says:Maybe this is the article you’re thinking of…
#19 Jake Sisko says:oops… my bad… the article has been removed.
It was in the Baltimore Sun, written by David Zeiler. Here are some quotes:
#20 Patrick says:Think from a virus author’s perspective..
Virus authors are mainly college students, highschool students, junior high students.. crackers (not hackers — hackers are good, crackers are bad) who want widespread damage.
Why would any virus author target “small fries” like OSX at 1.5 Million users or whatever Jobs’ announced at his Keynote.
THE incentive to write viruses is recognition and fame. That unfortunately cannot be achieved targetting *nix and OS X.
So this argument is an expansion of social engineering I guess where society is driven by fame and glory.
For the record, I did not purchase AV software for my powerbook because of this argument.
#21 Dan says:Patrick wrote: “Virus authors are mainly college students, highschool students, junior high students…”
Not necessarily - the stereotypical techie teenager with poor social skills is being rapidly replaced by a sophisticated criminal trading in stolen credit card numbers and social security numbers or running zombie networks for carrying out massive spamming or DOS attacks. These people have money and can hire real programmers for the job. Just ask Card Systems Solutions…
As Deep Throat said, “Follow the Money.”
#22 Horton says:Nature abhors a vacuum, you know…
I’m a relatively new Mac user (finally, a computer that works..!), and as such I’m still learning about how OSX works as compared to Windows, but like the rest of us I do know quite a bit about human nature. Wreckin’ stuff is cool, and it’s even cooler if the stuff you’re wrecking belongs to some smug bugger who figures he’s outta reach.
I think that the whole Virus-writer vs. OSX issue is a pretty tempting gauntlet to pick up, especially if you could take out those iPods as well…
I mean really, why not?
#23 Rich Trouton says:Horton,
I ran across this after I wrote this post, and it may help in answering a lot of questions about why viruses are having such a hard time getting a foothold on OS X, even after five years or so: http://www.macnewsworld.com/story/42120.html
#24 jyoseph says:Being a new Mac user (and loving it) I don’t have much to add from a technical standpoint. Both the article and comments have been a great learning experience for me.
I’ll quote a previous commenter and reply:
#25 jyoseph says:(I butchered the last comment so I’ll try again, sorry!)
Being a new Mac user (and loving it) I don’t have much to add from a technical standpoint. Both the article and comments have been a great learning experience for me.
I’ll quote a previous commenter and reply:
“Why would any virus author target small fries like OSX at 1.5 Million users”
Given the amount of publicity around the fact that Mac OS X has no known viruses; wouldn’t the first person to successfully write a virus that could ‘tear stuff up’ get some type of recognition?
I think this would provide enough motivation as I’ve found many of these crackers want acclaim and nothing more.
#26 Dave says:From the website of a marketing and communications company in the Toronto area:
“Our database is housed on a Macintosh computer system, which are impervious to virusus and hackers, so your data is safe with us.”
Reminds me of the Simpsons episode where Principal Skinner announces that he and Krabappel will be honeymooning “in room 147 of the Maple Lodge Motel at 573 Wiltshire Blvd, and I expect no practical jokes or interruptions” (or whatever — apologies to hardcore Simpsons fans)
#27 Chris Holland says:Dave: HAHAHAHAHAA
good one 
#28 Rich Trouton says:*shaking head* Currently impervious to virii, with the emphasis on “currently”. Hackers, though…..hope they’ve got a good firewall and SSH access blocked to the outside. Before I turned on my VPN and turned off outside SSH access to my home server, I was seeing 3-4 SSH attacks a week.
#29 Chris says:After being a mac tech for 3 years, I figured id throw a little input here.
Viruses
Why are there no mac viruses? Well, there are a few reasons. First, its not as widely used as Windows. Secondly, the user level design of the OS. Even as admin, you cannot access other user accounts on your machine (without going into each folder with your admin password, and changing the owner of the folders). Root, be default, is disabled and therefore, there is no super user present on the machine unless it is logged in and enabled. Most of your users have no clue how to enable root in netinfo manager, so thats a good thing.
Normal user accounts cannot install software without the admin password. The admin password can be stored in the keychain of your system, but have you ever seen anyone successfully crack the OSX 10.2+ keychain?
30+ years of BSD experts ripping the OS code to shreads, making it secure. This is nothing Miscrosoft can touch, since their OS is not based on anything open source.
#30 Ben says:I have spyware on my mac. I am SURE of this. I locked down my home folder, used a resource editor to check for invisible files, and am even considering going into open firmware to remedy this. It is entirely possible for OSX to get spyware. For me it seems to be a .exe file that won’t leave the desktop. It is apparently a keystroke logger. Does anyone know how I can remove this and secure my computer?
#31 Rich Trouton says:Ben,
I’m surprised by this. I’m not aware of any spyware (at all) on OS X, and .exe files don’t run on OS X. However, I’m not omnipotent and you’re looking at the situation, so I’d recommend you download the demo of Allume’s Internet Cleanup (http://www.allume.com/mac/security.html) and see if it detects your problem program as spyware and cleans it.
#32 dave says:I read down as far as the speculation on the “Windows has more viruses because it is more popular” attitude.
IMHO, the correct response to anyone with that attitude is:
So?
All the more reason to go Mac. Mac still has fewer viruses.
#33 Pete Muth says:Rich Trouton Says:
July 3rd, 2005 at 9:09 am
Horton,
I ran across this after I wrote this post, and it may help in answering a lot of questions about why viruses are having such a hard time getting a foothold on OS X, even after five years or so: http://www.macnewsworld.com/story/42120.html
At website I get: We’re sorry…
The requested document: /story/42120.html is no longer archived or does not exist. You may wish to use the search box below to locate articles on a particular topic.
Can’t contact you directly - sorry so have to post. Found blog extremely interesting and wonder why .mac “pushes” VIREX software? http://www.theappleblog.com/wp-images/smilies/icon_smile.gif
Any help with referenced article??
Thanks
Pete
#34 Rich Trouton says:Pete,
I was unable to find a cached copy of that article, so you may want to read this one instead: http://www.businessweek.com/technology/content/oct2005/tc20051024_411392.htm
.Mac has stopped supplying Virex antiviral software as part of their service. I still use Virex (now 7.7) though, and find it a great resource for removing Windows virii out of my Mail mailboxes.
#35 Nathan says:The reason why Macs don’t get viruses is that the majority of computers are based on Windows or non mac OS. The Mac community is growing, but my guess is that macs are fewer in number (and yes better defenses) and are not worth really getting into. The cold hard facts is that OSX is not invincible, so while it does not have any viruses now someone will start to take interest in tunneling around the OSX
#36 watt says:looking for information and found it at this great site.
#37 Nick says:Nathan, you are correct. Its not that MACS are invincible. It is the sheer fact that 90% of the world is windows based and so why make a virus for 5% when you can write one for 90%? I am tired of seeing the stupid mac commercials saying that macs “Dont get viruses or spyware”. Its not that they dont, its just that well…..we dont care about macs!! But if apple keeps saying that it wont ever happen, then they might piss off the wrong person and it will happen.
#38 Graham Hadley says:bad news, sophos has found the first virus for mac os x. Read about it here. http://www.sophos.com/pressoffice/news/articles/2006/02/macosxleap.html
but i dont care because im running windows…the better option. i definitely agree with this guy ^. no one gives a shit about macs and doesn’t want to make a virus for an operating system that is being used by 0.1% of the united states population.
#39 wow.. logic much? says:Think of it this way.. not that many people are rocking an apple, so people who create viruses don’t care about ya’ll.
It’s all about terror, and hurting the largest amount of people they can. And realistically.. if 90% of the people with computers own a PC, then why would they even care about apples.
If you can write a harmful virus for microsoft program, you can write one for an apple program. makes since to me.
Apple isn’t special, it’s accualy so basic, it’s scarry.
I accualy hope more people buy apples, so some of the people making viruses for the pc, will accualy change their focus to anyone with an apple! that would reduce the amount of attacks on pc owners, and make everyone just a little bit happier.
#40 Sverre Helgesen says:I’ve suddenly been having gobs of trouble with my eMac. I’ve run Norton AV and defrag; it crashes; I’ve run Intego VBx4 and it says all is great; I’ve done several clean reinstalls and dics repairs, apparently with success. I still get occasional freezes and have to pull the power plug and restart, sometimes it won’t start so I have to forcably put in the install CD and restart on ‘C’ to do yet another reinstall. I’ve occasionally had text come up on the screen that indicates that Apple is checking something (the Apple site is my start page and kicks in automatically, so they would notice a freeze at this time) and waiting for an automatic debugger to kick in, but even after 12 hours it hadn’t, so I pull the plug again and… I’ve sent a bug-report to Apple. But out checking on the www it seems there are no bugs and worms that effect OSX Macs. I can but deduce that my 60Mb HD is having trouble. I once recall having JavaScript writing all over my screen for a few minutes, then dissappear, after clicking on many www site. I’m researching old friends, some were photo glam-models in the 50-60’s, so I’ve been to a few of ‘those’ sites and have found pics of them (that’s my excuse!) and also The Holy Grail and the Masonic black occult (same thing). If it is a bug - as somebody has already said in this forum - there’s no point in buying a new virus-checker, it won’t be on it. I’m going to buy a new HD next week and hope that’s the end of it.
#41 RaHAHahaaaaaaaaa says:Is it possible that the makers of Windows are making viruses of MAC’s and the makers are makine viruses for Windows?? Think this has ever happened??
#42 Andy Bramwell says:The virus Vs OS platform argument does not seem to be about the number of users, fame motives of crackers or even OS stability. More so about the intention of the individual user Vs the (perceived) intentions of publisher of the software.
I have not been able to break my power book yet, despite running 10.3.9 on a 867 MHz machine (runs fine with only one crash in 5 months). I perceived Apple’s intentions to be supportive, helpful - even when using an old 2nd-hand machine running an OS not recommended for the hardware. I would never do anything to hurt Apple.
I have not been able to break my 500Mhz P3 running Mepis yet. As a newbe to the linux world, I was delighted to find that my ‘dump’ questions were answered respectfully and quickly by the Mepis community. I would never consider doing anything to hurt Mepis.
Breaking the XP machine is a weekly occurance, complete with data loss. work-flow interuption and loss of earnings. This is despite having all updates continuously, AV, hardware and software firewalls, using webmail and upkeeping software health and data cohesiveness. I am forced to migrate my business activities to other (completely alien) OS, just so I can sleep a night knowing my business will function the next work day. Microsoft has cost me a lot of money and time. I don’t feel that I would cross the road to kick it’s corpse. It is differcult to avoid emotional profanity when ones income and sanity is threatened. I have no intention of ever hurting Microsoft and admire the initial vision of a PC in every home (and what that has done for intellectual freedom via domestic accessiblity to WWW),
I do however see how a cracker could theoritically wish to hurt Microsoft’s reputation via attacking the user with a virus or malware.
1. The high functionallity of XP can encourage the user to be lazy = opportunity
2. Holes in security and OS due to high functionality and accessibilty = opportunity
3. Other OS could be seen as the domain of geeks = exclusion (a bird does not crap in it’s own nest)
4. Antitrust case against Microsoft made people go “oh yeh” about control and exclusive design practices (yes I understand viruses existed before this!) = malice
5. The differculty in obtaining support without spending on expensive consultants or trolling through countless threads of ill-informed advice or disinformation = frustration/malice forming
6. This is the really stupid one and what we call in NZ as “Tall Poppy Syndrome”: knock over the big guy - just because he is bigger than me = insane malice
All business practices and competitive activities persist because somebody is prepared to do something others are not. Writing viruses and malware is a competitive activity, preventing these and protecting against them is also a competitive activity that makes a lot of money for those prepared to do it. look for motives.
#43 Bio says:All of you make a good point but macs dont realy have much in the way of security. Me and a mate of mine crashed all the macs on our school server just by running a mac virus that we found on the net. It took the school 3 weeks to fix them. Altho windows is still the most insecure OS ever built, (yet im running Vista now), but unless your an idiot and you just download everything of p2p then theres littlt chance you’ll get a virus, asuming that you also have antivirus software. Linux is the best though. Im not going to put forth an argument because theres no point in arguing. Evrey OS is good if you use it responsibly.
Use Linux!
#44 entropykills says:i am still baffled that there are in fact more viruses / malware / spyware / trogans for windows and microsoft software in general than for Macs. microsoft deserves the abuse for making software with so many security holes in it but i think that if the same manpower was put towards Macs, simmular statistics would result. i know people like to pick on microsoft because to some, they are the corporate symbol of evil, but at least windows will install on almost any machine hardware configuration, including Macs. now i don’t really “like” windows but something must be said about an OS that can be installed with default drivers to suet the needs of over millions of different hardware configurations of the diverse PC. it may not be perfect and sometimes it fails completely but that is quite the task to undertake. this applies to linux as well but we’re not really talking about linux here. Macs on the other hand won’t install on any other machine other than Mac “blessed” machines. so much for being universal. Mac users often tell me how great their Mac is because they can even install windows on it, well that’s because windows was coded well enough to support almost any hardware configuration. back in the old days when Mac actually used PPC’s there was a reason for the OS to be tailored to those specific needs, but now?? come on Mac, you’re using Intel CPU’s with Intel chipsets on your motherboards! you’re not really a Mac anymore, you’re a PC that’s been “blessed” to allow the installation of OS-X. you should be called PCOS-X’s not Mac OS-X’s! and at least windows went through the trouble of writing the OS from scratch, whether that was a good choice is up for debate, but Mac just used the already created UNIX.
the point i’m getting at here is that Mac is much more of a fascist corporation than microsoft has ever been. actually i should probably say iFascist to comply with the trademark. okay, so windows OS likes to bundle along “windows media player” and “internet explorer” but at least they haven’t started bundling software with other software, i.e. itunes with quicktime, or safari with itunes, etc…
so i’m surprised that there are more viruses etc. for windows because Mac is obviously much more of a fascist corporation that microsoft. and as seen in this forum, the majority of mac users don’t even have any antivirus software installed, making them so easy to hack.
and they say windows users are closed minded. i bet 90% of Mac users have never opened their terminal or even know what it is.
for shame…. for shame………….
Leave a reply