Viruses on Mac OS X.

64 Comments

This morning, I got involved in a Macs vs. PCs argument on a listserve I belong to on the topic of viruses and security. There had been an email on the listserve that was spam, and some of the email variations were infected with a virus. Someone asked about the email, got told about the virus and was also told by one of the participants in the thread that he hoped that the asker was running a current anti-virus program that has the virus files updated. The asker responded with “No, I’m not running any of that stuff actually. I’m on a Mac ;)” The respondent who had asked about the antivirus program said “I wonder why you’re not. Macs can/have been infected by viruses. They aren’t the same one for the PCs, but there are viruses for the Mac.”

Thus did the argument begin. I pointed out that while there were viruses running around on Mac OS, there aren’t any for Mac OS X (aside from the obligatory mention of MS Office macro viruses). The Mac OS viruses that I’d run across in general were pre-8.5, and couldn’t even run in Classic today. Mac antivirus developers do a great job, and I’m the first one to say “Antivirus? Sure, install that. Cheap insurance against the inevitable.” But actual viruses running around on OS X that can actually do anything, destructive or otherwise? I just haven’t run across any. Spyware’s been a big zero on OS X as well, with the exception of commercial programs like Spector.

So where did this pervasive meme of viruses on the Mac come from? Does it come from “Well, it’s on Windows, so it must be on the Macs too,”? Is it FUD at work? Is it just generalization? Leave your thoughts in the comments.

64 Comments

Rich Trouton

Ben,

I’m surprised by this. I’m not aware of any spyware (at all) on OS X, and .exe files don’t run on OS X. However, I’m not omnipotent and you’re looking at the situation, so I’d recommend you download the demo of Allume’s Internet Cleanup (http://www.allume.com/mac/security.html) and see if it detects your problem program as spyware and cleans it.

Ben

I have spyware on my mac. I am SURE of this. I locked down my home folder, used a resource editor to check for invisible files, and am even considering going into open firmware to remedy this. It is entirely possible for OSX to get spyware. For me it seems to be a .exe file that won’t leave the desktop. It is apparently a keystroke logger. Does anyone know how I can remove this and secure my computer?

Chris

After being a mac tech for 3 years, I figured id throw a little input here.

Viruses

Why are there no mac viruses? Well, there are a few reasons. First, its not as widely used as Windows. Secondly, the user level design of the OS. Even as admin, you cannot access other user accounts on your machine (without going into each folder with your admin password, and changing the owner of the folders). Root, be default, is disabled and therefore, there is no super user present on the machine unless it is logged in and enabled. Most of your users have no clue how to enable root in netinfo manager, so thats a good thing.

Normal user accounts cannot install software without the admin password. The admin password can be stored in the keychain of your system, but have you ever seen anyone successfully crack the OSX 10.2+ keychain?

30+ years of BSD experts ripping the OS code to shreads, making it secure. This is nothing Miscrosoft can touch, since their OS is not based on anything open source.

Rich Trouton

*shaking head* Currently impervious to virii, with the emphasis on “currently”. Hackers, though…..hope they’ve got a good firewall and SSH access blocked to the outside. Before I turned on my VPN and turned off outside SSH access to my home server, I was seeing 3-4 SSH attacks a week.

Dave

From the website of a marketing and communications company in the Toronto area:

“Our database is housed on a Macintosh computer system, which are impervious to virusus and hackers, so your data is safe with us.”

Reminds me of the Simpsons episode where Principal Skinner announces that he and Krabappel will be honeymooning “in room 147 of the Maple Lodge Motel at 573 Wiltshire Blvd, and I expect no practical jokes or interruptions” (or whatever — apologies to hardcore Simpsons fans)

jyoseph

(I butchered the last comment so I’ll try again, sorry!)

Being a new Mac user (and loving it) I don’t have much to add from a technical standpoint. Both the article and comments have been a great learning experience for me.

I’ll quote a previous commenter and reply:

“Why would any virus author target small fries like OSX at 1.5 Million users”

Given the amount of publicity around the fact that Mac OS X has no known viruses; wouldn’t the first person to successfully write a virus that could ‘tear stuff up’ get some type of recognition?

I think this would provide enough motivation as I’ve found many of these crackers want acclaim and nothing more.

jyoseph

Being a new Mac user (and loving it) I don’t have much to add from a technical standpoint. Both the article and comments have been a great learning experience for me.

I’ll quote a previous commenter and reply:

Given the amount of publicity around the fact that Mac OS X has no known viruses; wouldn’t the first person to successfully write a virus that could ‘tear stuff up’ get some type of recognition?

I think this would provide enough motivation as I’ve found many of these crackers want acclaim and nothing more.

Horton

Nature abhors a vacuum, you know…

I’m a relatively new Mac user (finally, a computer that works..!), and as such I’m still learning about how OSX works as compared to Windows, but like the rest of us I do know quite a bit about human nature. Wreckin’ stuff is cool, and it’s even cooler if the stuff you’re wrecking belongs to some smug bugger who figures he’s outta reach.

I think that the whole Virus-writer vs. OSX issue is a pretty tempting gauntlet to pick up, especially if you could take out those iPods as well…

I mean really, why not?

Dan

Patrick wrote: “Virus authors are mainly college students, highschool students, junior high students…”

Not necessarily – the stereotypical techie teenager with poor social skills is being rapidly replaced by a sophisticated criminal trading in stolen credit card numbers and social security numbers or running zombie networks for carrying out massive spamming or DOS attacks. These people have money and can hire real programmers for the job. Just ask Card Systems Solutions…

As Deep Throat said, “Follow the Money.”

Patrick

Think from a virus author’s perspective..

Virus authors are mainly college students, highschool students, junior high students.. crackers (not hackers — hackers are good, crackers are bad) who want widespread damage.

Why would any virus author target “small fries” like OSX at 1.5 Million users or whatever Jobs’ announced at his Keynote.

THE incentive to write viruses is recognition and fame. That unfortunately cannot be achieved targetting *nix and OS X.

So this argument is an expansion of social engineering I guess where society is driven by fame and glory.

For the record, I did not purchase AV software for my powerbook because of this argument.

Jake Sisko

oops… my bad… the article has been removed.

It was in the Baltimore Sun, written by David Zeiler. Here are some quotes:

“Your article, and Mr. Cluley’s statements in particular, perpetrate a myth regarding the fallibility of *NIX [Unix-based operating systems] when compared to Microsoft Windows,” said Burt Janz, a senior software engineer who is president and owner of CCS New England, a computer-services provider in Nashua, N.H.

Janz has developed in all the major operating systems — Windows, Unix, IBM Corp.’s OS/2, as well as OS X.

While creating a Mac OS X virus is not impossible, Janz said, “the degree of difficulty here is at least 9.5 on a scale of 1 to 10.”

Even harder is creating a virus or worm that could access the OS X system. The reason, Janz and several others pointed out, is in part explained by how Unix-based systems handle multiple users on the same machine.

For instance, Mom, Dad and Sis all can have separate user accounts. This also is true of Windows. But in OS X, only an account with administrator privileges can install software — and even those accounts cannot access or change applications or data in other accounts, especially not the core of the system software.

Furthermore, only a user with “root”-level permissions has full access to the system, but Apple has this access disabled by default. Most users never will go to the trouble of figuring out how to enable the root user, and don’t need to — as nothing a regular user would want to do requires root-level authority.

Still, even Cluley had to admit that Microsoft bore some of the guilt because of its “sloppy coding” — a sentiment expressed by several readers of last week’s column — and that the open-source Unix core of OS X was, indeed, more secure.

Despite the “trustworthy computing” initiative ordered by Microsoft Chairman Bill Gates in January 2002, most of the millions of lines of code in Windows was written before that. Even if Microsoft is succeeding in writing a more secure code, old vulnerabilities will continue to lurk in Windows for years, gradually being found and patched.

A Microsoft spokesperson said the company, based in Redmond, Wash., is “committed to making Windows the most reliable operating system available” and noted that Windows XP’s Online Crash Analysis feature allows users experiencing a Blaster-related crash, for example, to upload a report that will redirect them to a page to download the patch.

Another issue raised by readers concerned Cluley’s statement regarding the Mac’s “security through obscurity” — arguing the reverse. The real reason no viruses exist for Mac OS X has little to do with its low market share, they say, but rather its near-impenetrability.

Though many amateurs may be looking for, and finding, holes in Windows, the FreeBSD Unix code that forms the foundation of OS X has been prodded by legions of expert programmers for 30 years.

Though a few hardy souls use the Unix offshoot Linux on PCs built for Windows — they usually wipe Windows off the hard drive — Unix typically is used in mission-critical roles, powering high-end work stations and file servers.

And, as mentioned earlier, crackers prefer hitting targets that will cause maximum disruption.

“Many orders of magnitude more people look over the source code for OS X and the related BSDs than have access to Windows source code,” said John Klos, a developer of NetBSD, a flavor of Unix closely related to OS X.

Thus, many of the obvious holes in OS X were closed years ago. That, some suggested, actually makes OS X a more attractive target.

“If I were a fame-driven cracker with solid technical skills, cracking a BSD-based system would be the fastest way to show off my capabilities,” said Rich Morin, a programmer and consultant based in San Bruno, Calif.

“My suspicion, therefore, is that many crackers have tried this challenge and failed,” Morin added. Still, he cautioned “nobody has any way to know for sure.”

Jake Sisko

I read somewhere, and I’m sorry I can’t remember where, an excellent article that blew holes in the “security through obscurity” argument that many use to try to convince others that A) Macs aren’t more secure and B) Mac users should use virus checkers.

Maybe this is the article you’re thinking of…

Rich Trouton

I would argue that buying AV software for your Mac is not senseless. It’s insurance. Having it in place already before you have a problem puts you that much ahead of the game. Of course, where I work, we’re mandated to have it so I have to be running it anyway.

Laird Popkin

Buying anti-virus software for MacOS X is senseless. Since there are _no_ MacOS X viruses, there’s no benefit, and very real costs. Aside from wasting money (in aggregate, a lot of money — $69.95 for 10m Mac users is apparently worth fear-mongering for), anti-virus software slows down and destabilizes your system. And since there aren’t any MacOS X viruses, these applications have nothing useful to check for – they can only check for Windows viruses that won’t affect you, or test for generic threats on the off chance that some hypothetical future virus author doesn’t bother to test their software. And since MacOS X is much more secure than Windows, both by design and implementation, I wouldn’t worry too much about this happening any time soon.

Similar, there is no spyware for the Mac. So anti-spyware software is currently also a waste of time and money. But since there’s no way that the OS can block spyware (it’s an application that you choose to install) these could start popping up.

Of course, should spyware and viruses start targeting MacOS X in sufficient quantities to be meaningful, that could change the equation. But it doesn’t make sense to spend a lot of money, and make your computer slower and less reliable, in order to have a small chance of blocking a hypotentical future threat. Instead, it’s smarter to wait until there’s an actual virus to block, then see what program actually blocks it and install that.

ex2bot

I think most or all of us agree that thinking Macs are risk-free is folly.

I personally apply all security patches and use stronger passwords. And I don’t believe Macs are invulnerable. But it’s irritating seeing all these stories with factual errors and poor logic. There are NO Mac viruses. And Windows IS swiss cheese (esp. prior to SP2).

If someone was going to run Mac antivirus software, wouldn’t s/he also want to run Mac anti-spyware software? I’m surprised none exists. Except for the tiny little fact that—> There is NO Mac spyware either.

Doug

Dan

Sure, with (possibly) no known viruses in the wild you wonder why bother with the AV program? Well, protecting against theoretical threats is not without value, But arguing about viruses in isolation is foolish. What you should be concerned about is security in general. You need to think about vulnerabilities, exploits, intrusions, spyware, etc. – the whole witch’s brew of networked computing. A good antivirus program will lend some additional protection against these as well (and will protect windows users downstream of you). And firewalls that vet outgoing packets (like “Little Snitch”) are a key element too, since a lot of malware is aimed at “calling home” and establishing a back door into your system.

Thinking that Macs are somehow risk-free is pure hubris. Haven’t you noticed the periodic security updates to the system? They don’t just do those for the fun of it.

Just because Macs are bank vaults compared to Windows doesn’t mean no one’s trying to get in.

Limeybloke

Actually according to Jobs’s Keynote at WWDC they’ve sold about 2 million copies of tiger which, with sales of preloaded tiger accounts for 16% of mac users. In total all types of OSX account for 90% of the market so thats about 12 million with about another 1.5 million still on OS9 and below .

ex2bot

Wow! People are really confused about viruses on the Mac. _There_are_NO_Mac_viruses_that_affect_OS_X. None. Not 40 or so. None. Sorry. None. (None discovered, that is). There haven’t been for the past several years that OS X has existed.

I read somewhere, and I’m sorry I can’t remember where, an excellent article that blew holes in the “security through obscurity” argument that many use to try to convince others that A) Macs aren’t more secure and B) Mac users should use virus checkers.

The article author wrote that OS X will likely never be as popular as Windows. Thus it stands to reason that it will never have anywhere near as many viruses to worry about.

Here’s what I’ll add: Some say, “Run a virus checker to protect Windows users, you Mac people.” I say, “Why?” Don’t Windows users run virus checkers themselves?

I don’t run a virus checker. When a Mac OS X virus surfaces, and depending on its impact, I will likely buy and run antivirus software. Until then, nope. Antivirus software won’t likely protect my machine initially anyway. The company will have to issue an update first. So, I have time to buy and install when it becomes necessary.

Here’s another silly one: Some say, “Well the Mac market is too tiny to support viruses. Shoot, we had viruses on the Amiga with only 3 million users back in the 80s and 90s. Only a few dozen. But there were viruses in the wild.

Now, get this: There are over 10 million Mac OS X users. Chris Holland said that we’d need a million times more Mac users. Well, Chris, that would be (if my math is right) 10 TRILLION Mac users. I don’t think a lot of people have an idea of how many Mac users there are out there.

Doug

Chris Holland

Peter, also by “detect these things”, I assume you’re talking about “suspect behavior” a piece of software may have. Could you provide specific examples of where a piece of Anti-Virus software has successfully detected “suspect behavior” without obnoxiously intruding in a user’s day-to-day activities.

Since I’m paranoid about security, and because i’m always curious to know what my applications are doing, I’ve for a while run an application called “Little Snitch” which prompts a dialog box before a piece of software initiates any network connection, allowing me to add said piece of software to an “allow list”. It leverages OS X’s built-in firewall. That’s not a piece of Anti-Virus software, this falls under “preventive measures”. While it works well for me as I’m a geek, it does get a bit obnoxious at times, and I often find myself turning it off.

It is very difficult to accurately algorithmically define “suspect behavior” without at some point risking obstructing an end-user’s productivity. The only time I’ve seen a piece of Anti Virus software actually be effective, is when the software had acted on a known virus that had already had a chance to spread itself.

Chris Holland

Peter, Doug nails the point i was trying to make right on the head: It comes down to how effective an Anti-Virus company can be at updating its definitions, based on a Virus that has successfully spread itself, or has very significant chances to spread itself for it to be worth their time and money spent developing and distributing an update to their definition.

For the full definition of a Virus to be complete, a malicious program needs to spread itself. Otherwise, it’s just that, a malicious program. Or a trojan. Or a proof-of-concept.

Again, until things change in the Mac OS X world, I’m really not sure a piece of Anti-Virus software is the most effective way to protect my mac from viruses. Anti-Virus software is typically more “reactive” in nature, and only has a track record of truly being effective when nailing viruses that have already spread.

I’d rather stick to preventive measures, such as my ISP (earthlink) allowing me to scrub viruses from my email (hey, saves some bandwidth), not running any TCP servers unless i absolutely have to, and staying away from paths of infection.

doug

To answer the author, the reason people believe mac users should be running virus protection programs is because everyone knows it is possible that someday an OS X virus may be written. And because to most people the internet represents the incarnation of the “infinite number of monkeys” anything that can happen, will happen.

And because you can never prove a negative, they will always believe they are just days away from proving all us smug Mac users wrong, they will always stick to their guns.

I also want to respond to Peter because although he may be technically correct, it is not really worth mentioning. Sure, once a trojan has spread, virus programs can step in an protect you from them but the type of trojan that showed up on OS X would probably never be added as it had no way to propagate its’ self. I could write a thousand variants of a script or application that deleted files if you were stupid enough to run it. Hell, I could write code that wrote code that did this and generate these types of trojans faster than virus checkers could be updated. The reason nobody does is because these are useless trojans. Push them onto the P2P sites and they die because anyone who downloads them and runs them immediately delete them. Thus killing them (no more need for virus definition). For this reason, virus definitions will probably never be written for these because statistically they will help nobody.

Trojans become interesting when they can take advantage of other bugs and can spread. Nothing like that exists for OS X. So, although it is true that someday, someone may write an OS X virus, it is not accurate to imply that any have ever existed or that anyone would be safer if they ran a virus program on OS X today, which is the heart of the question Peter was trying to answer.

rlmorel

Scott Granneman said it best:

Linux vs. Windows Viruses
By Scott Granneman, SecurityFocus
Posted: 06/10/2003 at 09:55 GMT

Opinion To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it, writes SecurityFocus columnist Scott Granneman.

We’ve all heard it many times when a new Microsoft virus comes out. In fact, I’ve heard it a couple of times this week already. Someone on a mailing list or discussion forum complains about the latest in a long line of Microsoft email viruses or worms and recommends others consider Mac OS X or Linux as a somewhat safer computing platform. In response, another person named, oh, let’s call him “Bill,” says, basically, “How ridiculous! The only reason Microsoft software is the target of so many viruses is because it is so widely used! Why, if Linux or Mac OS X was as popular as Windows, there would be just as many viruses written for those platforms!”

Of course, it’s not just “regular folks” on mailing lists who share this opinion. Businesspeople have expressed similar attitudes … including ones who work for anti-virus companies. Jack Clarke, European product manager at McAfee, said, “So we will be seeing more Linux viruses as the OS becomes more common and popular.”

Mr. Clarke is wrong.

Sure, there are Linux viruses. But let’s compare the numbers. According to Dr. Nic Peeling and Dr Julian Satchell’s Analysis of the Impact of Open Source Software (note: the link is to a 135 kb PDF file):

“There are about 60,000 viruses known for Windows, 40 or so for the Macintosh, about 5 for commercial Unix versions, and perhaps 40 for Linux. Most of the Windows viruses are not important, but many hundreds have caused widespread damage. Two or three of the Macintosh viruses were widespread enough to be of importance. None of the Unix or Linux viruses became widespread – most were confined to the laboratory.”

So there are far fewer viruses for Mac OS X and Linux. It’s true that those two operating systems do not have monopoly numbers, though in some industries they have substantial numbers of users. But even if Linux becomes the dominant desktop computing platform, and Mac OS X continues its growth in businesses and homes, these Unix-based OS’s will never experience all of the problems we’re seeing now with email-borne viruses and worms in the Microsoft world. Why?

Why are Linux and Mac OS X safer?

First, look at the two factors that cause email viruses and worms to propagate: social engineering, and poorly designed software. Social engineering is the art of conning someone into doing something they shouldn’t do, or revealing something that should be kept secret. Virus writers use social engineering to convince people to do stupid things, like open attachments that carry viruses and worms. Poorly designed software makes it easier for social engineering to take place, but such software can also subvert the efforts of a knowledgable, security-minded individual or organization. Together, the two factors can turn a single virus incident into a widespread disaster.

Let’s look further at social engineering. Windows software is either executable or not, depending on the file extension. So if a file ends with “.exe” or “.scr”, it can be run as a program (yes, of course, if you change a text file’s extension from “.txt” to “.exe”, nothing will happen, because it’s not magically an executable; I’m talking about real executable programs). It’s easy to run executables in the Windows world, and users who get an email with a subject line like “Check out this wicked screensaver!” and an attachment, too often click on it without thinking first, and bang! we’re off to the races and a new worm has taken over their systems.

Even worse, Microsoft’s email software is able to infect a user’s computer when they do something as innocuous as read an email! Don’t believe me? Take a look at Microsoft Security Bulletins MS99-032 ,MS00-043 ,MS01-015 ,MS01-020 ,MS02-068 , or MS03-023 , for instance. Notice that’s at least one for the last five years. And though Microsoft’s latest versions of Outlook block most executable attachments by default, it’s still possible to override those protections .

This sort of social engineering, so easy to accomplish in Windows, requires far more steps and far greater effort on the part of the Linux user. Instead of just reading an email (… just reading an email?!?), a Linux user would have to read the email, save the attachment, give the attachment executable permissions, and then run the executable. Even as less sophisticated users begin to migrate to Linux, they may not understand exactly why they can’t just execute attachments, but they will still have to go through the steps. As Martha Stewart would say, this is a good thing. Further, due to the strong community around Linux, new users will receive education and encouragement in areas such as email security that are currently lacking in the Windows world, which should help to alleviate any concerns on the part of newbies.

Further, due to the strong separation between normal users and the privileged root user, our Linux user would have to be running as root to really do any damage to the system. He could damage his /home directory, but that’s about it. So the above steps now become the following: read, save, become root, give executable permissions, run. The more steps, the less likely a virus infection becomes, and certainly the less likely a catastrophically spreading virus becomes. And since Linux users are taught from the get-go to never run as root, and since Mac OS X doesn’t even allow users to use the root account unless they first enable the option, it’s obvious the likelihood of email-driven viruses and worms lessens on those platforms.

Unfortunately, running as root (or Administrator) is common in the Windows world. In fact, Microsoft is still engaging in this risky behavior. Windows XP, supposed Microsoft’s most secure desktop operating system, automatically makes the first named user of the system an Administrator, with the power to do anything he wants to the computer. The reasons for this decision boggle the mind. With all the lost money and productivity over the last decade caused by countless Microsoft-borne viruses and worms, you’d think the company could have changed its procedures in this area, but no.

Even if the OS has been set up correctly, with an Administrator account and a non-privileged user account, things are still not copasetic. On a Windows system, programs installed by a non-Administrative user can still add DLLs and other system files that can be run at a level of permission that damages the system itself. Even worse, the collection of files on a Windows system – the operating system, the applications, and the user data – can’t be kept apart from each other. Things are intermingled to a degree that makes it unlikely that they will ever be satisfactorily sorted out in any sensibly secure fashion.

The final reason why social engineering is easier in the Windows world is also an illustration of the dangers inherent in any monoculture, whether biological or technological. In the same way that genetic diversity in a population of living creatures is desirable because it reduces the likelihood that an illness – like a virus – will utterly wipe out every animal or plant, diversity in computing environments helps to protect the users of those devices.

Linux runs on many architectures, not just Intel, and there are many versions of Linux, many packaging systems, and many shells. But most obvious to the end user, Linux mail clients and address books are far from standardized. KMail, Mozilla Mail, Evolution, pine, mutt, emacs … the list goes on. It’s simply not like the Windows world, in which Microsoft’s email programs – Outlook and Outlook Express – dominate. In the Windows world, a virus writer knows how the monoculture operates, so he can target his virus, secure in the knowledge that millions of systems have the same vulnerability. A virus targeted to a specific vulnerability in Evolution, on the other hand, might affect some people, but not everyone using Linux. The growth of the Microsoft monoculture in computing is a dangerous thing for users of Microsoft products, but also for all computing users, who suffer the consequences of disasters in that environment, such as wasted network resources, dangers to national security, and lost productivity (note: the link is to a 880 kb PDF file).

Now that we’ve looked at the social engineering side of things, let’s examine software design for reasons why Linux (and Mac OS X) is better designed than Microsoft when it comes to email security. Microsoft continually links together its software, often not for technical reasons, but instead for marketing or business development reasons (see the previous link for corroboration). For instance, Outlook Express and Outlook both use the consistently-buggy Internet Explorer to view HTML-based emails. As a result, a hole in IE affects OE. Linux email readers don’t indulge in such behavior, with two exceptions: Mozilla Mail uses the Gecko engine that powers Mozilla to view HTML-based email, while KMail relies on the KHTML engine that the Konqueror browser uses. Fortunately, both Mozilla and the KDE Project have excellent records when it comes to security.

Further, the email programs themselves are designed to act in a more secure manner. The default behavior of the email program I prefer – KMail – is to not load external references in messages, such as pictures and Web bugs, and to not display HTML. When an HTML-based email shows up in my Inbox, I see only the HTML code, and a message appears at the top of the email: “This is an HTML message. For security reasons, only the raw HTML code is shown. If you trust the sender of this message then you can activate formatted HTML display for this message by clicking here.” But even after I activate the HTML, certain dynamic elements that can be introduced in an HTML-based email – like Java, Javascript, plugins and even the “refresh” META tag – do not display, and cannot even be enabled in KMail.

Finally, if there is an attachment, it does not automatically run … ever. Instead, I have to click it, and when I do, I get a dialog box offering me three options: “Save As …” (the default), “Open With …”, and “Cancel”. If I have mapped a file type to a specific program – for instance, I have associated PDFs with the PS/PDF Viewer, then “Open With …” instead says “Open”, and if I choose “Open”, then the file opens in the PS/PDF Viewer. However, in either case, the dialog box always contains a warning advising the user that attachments can compromise security. This is all good, very good.

For all these reasons, even if a few individuals got infected with a virus due to extremely foolish behavior, it’s unlikely the virus would spread to other machines. Unlike Sobig.F, which is the fastest spreading virus ever , a Linux-based Virus would fizzle out quickly. Windows is an inviting petri dish for viruses and worms, while Linux is a hostile environment for such nasties.

Some caveats

There is one Linux distribution that is ignoring many years of common sense, good design, and an awareness of secure operating environments in favor of a Microsoft-like deprecation of security before the nebulous term “ease of use”: Lindows. By default, Lindows runs the user of the system as root (and it even encourages the user to forgo setting up a root password during installation by labeling it as “optional”!), an unbelievably shortsighted decision that results in a Linux box with the same security as a Windows 9.x machine.

If you go to the Lindows Web site, they state that it is possible to add other, non-privileged users, but nowhere in the operating system do they advocate adding these other users. Yet they claim their distribution of Linux is secure! In an effort to emulate Microsoft and make things “easy”, they have compromised the security of their users, an unforgivable action. No one in the field of security, or even IT, can recommend Lindows while such a blatant disregard for security is the norm for the OS.

Yet some Linux machines definitely need anti-virus software. Samba or NFS servers, for instance, may store documents in undocumented, vulnerable Microsoft formats, such as Word and Excel, that contain and propagate viruses. Linux mail servers should run AV software in order to neutralize viruses before they show up in the mailboxes of Outlook and Outlook Express users.

Security is, as we all know, a process, not a product. So when you use Linux, you’re not using a perfectly safe OS. There is no such thing. But Linux and Mac OS X establish a more secure footing than Microsoft Windows, one that makes it far harder for viruses to take hold in the first place, but if one does take hold, harder to damage the system, but if one succeeds in damaging the system, harder to spread to other machines and repeat the process. When it comes to email-borne viruses and worms, Linux may not be completely immune – after all, nothing is immune to human gullibility and stupidity – but it is much more resistant. To mess up a Linux box, you need to work at it; to mess up your Windows box, you just need to work on it. I know which one I’ll trust. How about you?

Anne

you are cool…!!! i agree as what you said…

Further, due to the strong separation between normal users and the privileged root user, our Linux user would have to be running as root to really do any damage to the system. He could damage his /home directory, but that’s about it. So the above steps now become the following: read, save, become root, give executable permissions, run. The more steps, the less likely a virus infection becomes, and certainly the less likely a catastrophically spreading virus becomes. And since Linux users are taught from the get-go to never run as root, and since Mac OS X doesn’t even allow users to use the root account unless they first enable the option, it’s obvious the likelihood of email-driven viruses and worms lessens on those platforms.

……………………………………………………….

how many people who could create a virus file damage all those root files…execution ;)

SW..Master of science (network system) Mel,Aus

ComputerDave

I wish that extreemist MAC supporters would stop throwing ROCKS (viruses and retoricle comments) at Windows…Windows is a great system and should be revered as one. Only Morons who willingly subject themselves to such infections will Quickly learn how not to become infected… If you keep hiding under mommys skirt you wont know what hit you when you finaly venture out. Someone will figure out how to write a way around the root and smack that ass. If you hadn’t been hiding under mommys skirt you would have learned the warning signs. Most knowledgeable Windows users Know to set up restricted user accounts where as you have to use a password to enable the priviledges to the root to execute. Same steps are employed just in a more user freindly approach. Which I will grant that it is too easlily Ignored thus another infected LEARNS.

Peter

“If i’m dumb enough to install and run a piece of software i obtained over Kazaa, no anti-virus software is going to anything more useful than Mac OS X’s already built-in first-download-run warning.”

Wrong.

First off, anti-virus software can detect these things, essentially giving the user a real warning rather than the generic “This might be bad” warning.

Which means you’re getting a warning of a real event which the user will respond to. “Huh? I’ve downloaded 100 apps and never seen this warning before. Better not run it…” versus having seen the same message 100 times before.

Heck, most of us just click through that warning anyway with a “Yeah, yeah, yeah…” It’s like the FBI warning at the start of a movie.

Matt

I think it’s just that PC users have a hard time imagining life without viruses.

Jim Bailey

Sorry Rich Heend but you are wrong. It is possible that security companies announce various security problems with OS X but they have never once announced a virus. Not once. If you think I’m wrong, please post a link.

There have been numerous OS X security issues. They generally get patched by Apple in a short period of time. Users mostly leave the automatic software update of OS X turned on so those patches propagate throughout the Mac community in short order.

And there have been a few reports of malicious trojan horses reported as well. Those trojans are simply applications that naive or ignorant users run without vetting the source of the application. They get them through file sharing networks or off of usenet etc and run them. A famous one was supposed to be a cracked version of Office for OS X that was really a trojan that deleted user files. Another is a trojan is called Opener that installs various Unix rootkit code in your Mac but none of those has any way to propagate without a user running an application.

You have fallen prey to the exactly what the blog author was asking about. Would you care to elaborate on why you fell for it? It might give us some insight into where this misinformation comes from.

Rich Heend

I think the main reason people believe there are viruses out there for the Mac is, well, because there are. Every so often security firms and antivirus companies release a press release that says they’ve discovered a Mac virus. The real point is that none has been spread nor has it been detected in the wild. The follow-up to these headlines — that the viruses are merely proof-of-concept or exploits of soon-to-be-closed security holes — is rarely covered by the computing press, much less read by the general public.

Kevin Ballard

I’m going to guess that the reason so many people think there are viruses on the Mac are one of two things: 1) There’s viruses on windows, so of course there’s viruses on the Mac, and 2) wishful thinking (i.e. rationalization for why they shouldn’t switch to the Mac).

Oh, and I think antivirus software for the Mac is a complete waste of time. It takes up resources (memory and CPU) and does nothing for the present-day Mac user. The only thing that I’ve heard that makes any sense is to scrub Windows viruses so you play nice in a Windows world, but I don’t really understand that one – why would I be spreading any Windows viruses?

Chris Holland

I think that there are two questions worth distinguishing:

1) are there viruses on Mac OS X
2) will there be viruses on Mac OS X
3) if a Mac OS X user gets infected how easy can it spread to other Mac OS X users.

These questions often get confused and blurred, and throw the debates in all kinds of silly directions.

The answer to 1) is, for now, as you pointed out, NO.

More interesting questions are 2) and 3). My take on 2) and 3) is vaguely covered in 2 articles:

security

More on ActiveX

Regardless of what operating system you’re running, there will always be an infinite amount of ways an end-user can compromise the security of their computer, most especially a networked computer.

A more relevant question I would ask is whether a piece of Anti-Virus software would be the most effective way to protect an end-user computer that runs an operating system with decent-to-good security design. If i’m dumb enough to install and run a piece of software i obtained over Kazaa, no anti-virus software is going to anything more useful than Mac OS X’s already built-in first-download-run warning. How else am i to acquire a virus? email preview? no. clicking attachment? sure, if i get past the warning. Loading a web page? no. Downloading a file from a web page? sure, if i get past the warning.

AV software is extremely effective at scrubbing malicious ware that has spread itself out in one form or another and that is widely recognizable. Once I get infected on my Mac OS X machine, how many of my friends are likely to also get infected? How many of their friends can they infect without their knowledge? How long will it take until it even gets on an AV firm’s radar so they can publish a patch for it?

The other thing is, there just aren’t that many Mac users out there, which would make it even less likely for any given virus to spread itself enough to make it onto an AV firm’s radar.

Anti-Virus makers have had a lucrative business model on the Windows platform because of the numerous design flaws that have for years plagued it, and holes Microsoft has failed to plug, AV firms have been fixing.

But right now, as far as i’m concerned, I need more flaws in Mac OS X, a million time more Mac users out there, a million time more of them infected with the SAME viruses, to consider a piece of Anti-Virus software, an effective way to protect my Mac from viruses.

Until all this happens, I’ll be sticking to preventive measures to make sure I don’t get my sorry @ass infected.

Comments are closed.