mac vs. viruses?

offroadcmpr · Sep 20, 2005

As I was reading these virus and mac vs. PC threads I got to wondering.

Is the reason that mac users are so much safer because the mac software is better built, or just that the people who write viruses don't bother because of the smaller market share? Or a combination of both.

I'm not sure what would prompt someone to write a virus, but it would seem that they would want it to affect as many people as possible, which would rule out macs.

This is on the assumption that each virus has to be specifically written for each opperating system, for specific loop holes and such. (are there any viruses that can be built to affect both macs and PC's?)

just wondering:shrug:

yuandrew · Sep 20, 2005

I've been told by my high school computer teacher; most people are PC users and so they normally write programs (viruses included) on PC platform. Since Mac compatible programs are different than PC programs, that is what makes Macs almost "immune" to viruses.
(well with the exception of macro viruses that you can create for word processing programs that are avaliable for both PC and Mac [Say Microsoft Word as an example])

Also, there are no Mac viruses that can damage your hardware. I've heard of some PC viruses so bad that they will even "flash" the bios on your motherboard and make the computer unusable (until you reprogram or replace the bios chip)

James S · Sep 20, 2005

certainly the relative size of the Mac community helps to protect them somewhat. Back in the 90's when the number of Macs out there was smaller than it is today there were Mac viruses. I even caught one once by bringing home a questionable copy of some software from work...

at this moment in time (and since the release of OSX however many years ago that was) there are no circulating Mac viruses. There are several Mac virus scanner programs and all they do is look for the old 90's viruses in your classic emulation environment (for running software from the 90's

) and scan your email for all the worm and trojan programs so that you dont inadvertently forward them to your windows user friends.

There have been potential security issues. There was a buffer overflow found in one of the rendering library, same as in windows and unix all using the same code I think, but it was patched quickly enough and no examples of anyone actually using it were ever documented. I'm sure there will be more such things in the future.

Once virus remover company did write a proof of concept virus for OSX just to prove that their software wasn't completely useless. But to install it you had to run their program and enter your root password.

Just cause you run OSX doesn't mean you're exempt from practicing good internet hygiene. If you click on and try to run everything that you get in your email basket eventually one of them will be a mac trojan program. But if you can keep from doing anything like that, the opportunity for software to get into your Mac without you doing anything is so close to nil as to make no difference.

I own no virus checkers, I run no popup or adware blockers, I do not scan regularly for keystroke recorders. These things simply don't waste my time during the day. I spend all day every day online with this machine, I run Mac servers. I know the importance of keeping them up to date with security patches and such, but if you do that you simply will not have any problems.

The counter argument that folks so like to bring up is that well, if the Mac gets more popular then there will be viruses for it too. Thats an arguable point since as I mentioned above, the permissions and such are different on the Mac and getting anything really interesting running requires your root password which you would have to enter for it. And it's besides the point anyway. Even if it were true that there will be a Mac virus in 5 or 10 years, why is that an argument not to use a Mac now? How many hours a day or week do I not waste on fixing that garbage anymore? How many years can I reap the benefit of that extra time before it becomes worth while? And if I have to run a virus scanner in 5 years, well, I'll deal with that then

StevieRay · Sep 20, 2005

James S said:
certainly the relative size of the Mac community helps to protect them somewhat. Back in the 90's when the number of Macs out there was smaller than it is today there were Mac viruses. I even caught one once by bringing home a questionable copy of some software from work...

at this moment in time (and since the release of OSX however many years ago that was) there are no circulating Mac viruses. There are several Mac virus scanner programs and all they do is look for the old 90's viruses in your classic emulation environment (for running software from the 90's ) and scan your email for all the worm and trojan programs so that you dont inadvertently forward them to your windows user friends.

There have been potential security issues. There was a buffer overflow found in one of the rendering library, same as in windows and unix all using the same code I think, but it was patched quickly enough and no examples of anyone actually using it were ever documented. I'm sure there will be more such things in the future.

Once virus remover company did write a proof of concept virus for OSX just to prove that their software wasn't completely useless. But to install it you had to run their program and enter your root password.

Just cause you run OSX doesn't mean you're exempt from practicing good internet hygiene. If you click on and try to run everything that you get in your email basket eventually one of them will be a mac trojan program. But if you can keep from doing anything like that, the opportunity for software to get into your Mac without you doing anything is so close to nil as to make no difference.

I own no virus checkers, I run no popup or adware blockers, I do not scan regularly for keystroke recorders. These things simply don't waste my time during the day. I spend all day every day online with this machine, I run Mac servers. I know the importance of keeping them up to date with security patches and such, but if you do that you simply will not have any problems.

The counter argument that folks so like to bring up is that well, if the Mac gets more popular then there will be viruses for it too. Thats an arguable point since as I mentioned above, the permissions and such are different on the Mac and getting anything really interesting running requires your root password which you would have to enter for it. And it's besides the point anyway. Even if it were true that there will be a Mac virus in 5 or 10 years, why is that an argument not to use a Mac now? How many hours a day or week do I not waste on fixing that garbage anymore? How many years can I reap the benefit of that extra time before it becomes worth while? And if I have to run a virus scanner in 5 years, well, I'll deal with that then

You may want to read this: http://news.yahoo.com/s/mc/20050919/tc_mc/symantecmacusersdeludingthemselvesoversecurity

James S · Sep 20, 2005

You may want to read this

Symantec makes their money selling virus software and are having trouble making any money on the OSX version

They warn very vaguely about things that exist but are a "trojen" that require root access to my machine to install. Those things cannot be installed remotely without some action by me.

The only root exploits that have been discovered and fixed over the last few years required you to be sitting in front of the machine. Hardly a problem for the average internet users. If the script kiddies are breaking into your home you got bigger problems than your computer security.

They warn that no infections have ever been found, but they might someday. They count the number of reported vulnerabilities for the various browsers rather than any information on what those vulnerabilities might allow the guys on the other side to actually do to your machine.

as I said, I'm sure that the day is coming when there will be a real Mac trojan or virus. But if it's a trojan they will have to fool you into running it and entering your root password. Not likely to happen if you click on what you think is a picture of some girl and it asks you for your root password...

So again, just because there might be something to be concerned about in the future, doesn't mean that at this moment I'm not reaping the benefits of not having any to worry about right now

Saaby · Sep 20, 2005

What James said.

How often do you hear about a major virus wiping out Unix or Linux networks? Sure those OSes are also less used than Windows, but the machines they're used on tend to be the types of machines that should be attractive to virus writers.

Contrary to popular belief, Mac, Unix, and Linux users don't enjoy watching Windows users have to go through insane meticulous procedures to keep their computers usable. I'm a realistic person and I realize that, for the foreseeable future anyway, windows is here to stay. I sure hope Windows Vista is a lot tighter than XP, and I sure hope that after Vista they can come up with a less lame name.

js · Sep 20, 2005

OK. Would someone please point out where I am going wrong here:

BUT, it seems to me that the argument about there being no OSX virsus because so few (relatively) people use OSX that it is not a target, is bogus for the following reasons:

1. As mentioned above, there were a number of virus that attacked OS 9.
2. (and this is the main one) OS X is based on an open BSD UNIX kernel, right? Or something robust and proven and UNIX-y type like that.

Well, this is the same OS that big-time servers all over the internet are running, right? Such as ebay, and PayPal and so on. Right? So which target is more attractive? Some idiots personal computer and his C drive with music files, or tens of thousands of credit card numbers or hundreds of thousands of electronic dollars in people's PayPal accounts?

Am I missing something here, or isn't it just plain obvious that Unix type operating systems should have more viruses (given the standard relative population argument) than even Windows computers?

I'm probably missing something, but I can't see what.

And in any case, there is no doubt that OS X is far harder to compromise than Windows, for many reasons of which I understand only a few. Here's one I do understand: Mac OS X machines come with everything locked down. The root directory is NOT enabled, and sharing settings are OFF. Whereas with Windows (I'm told) you have to specifically go in and lock everything down when you first install it.

Plus, as mentioned, even if root is enabled, you'd still be prompted and required to type in your password, right?

LukeK · Sep 20, 2005

The root/user setup alone can prevent many serious attacks from taking place. So you get a Mac virus? Unless you give it your root password or it finds a security hole (which is rare) then all it can do is delete your user files. While this may sound like a big deal (and can still potentially delete files that are important to you), access to delete or modify any system files will be denied. Running with an Admin/User setup even in Windows is a good idea -- It just happens to be the understood default in today's Linux/Unix based systems.

drizzle · Sep 20, 2005

Saaby said:
What James said.
Contrary to popular belief, Mac, Unix, and Linux users don't enjoy watching Windows users have to go through insane meticulous procedures to keep their computers usable.

I can tell that you don't enjoy it but I'll stick to the popular belief that most do. Just read Slashdot for countless examples.

And BTW, I'm a veteran Unix/Linux user/developer/sometimes admin (on my own Linux box), and IMO Unix is the shining example of "insane meticulous procedures." I don't consider what I have to do for Windows security anywhere near the same level of hoop-jumping that I have to do just to do *anything* in Unix/Linux.

Of course, I do believe Unix/Linux are inherently more secure than Windows and I assume OS/X is too from all I've heard.

gadget_lover · Sep 20, 2005

Like many others, I have to point out that the Mac has fewer viruses for several rreasons.

Spreading;
A worm spreads by quickly finding other systems with the same weaknesses. Since windows machines tend to be largely unprotected within a private network (a business) they make for a very fast spread. A windows worm may have to try 100 addresses to find an unpatched system that it can effect. A Mac virus, on the other hand, may have to try 1,000 or more systems before it finds a Mac that has the exact flaw that it's designed to exploit.

Impact;
The windows systems are frequently set up in such a way that a simple buffer overflow in any program allows an exploit using that program to take over the system. The program executes as if it's part of the OS, so a buffer overflow is hard to constrain. Add to that the fact that MS has never taken the time to run a simple overflow checker and you have a system that will always have some bugs.

Mac (and Unix/Linux systems) have a paradigm where you, the computer user, are only allowed to access and/or change certain files. Your programs are not allowed to do things like change the boot record. You have to log in as a certain user to do that. It's enforced by the OS itself.

This is not the free ride it appears to be. A virus or trojan can be introduced that searches for weaknesses or tricks you into running the program as the super user. It does happen and evidence of such invasions are watched for carefully.

Scanners;
There are virus scanners available for Linux, as there are for Macs and other systems. You don't want to pass on a cute e-mail or program that was infected when you got it, even though it did not infect your system.

Network Security;
Unix (and Mac systems) are attacked by viruses, worms and trojans as often as all the rest. The default Linux installation is generally shut down fairly tight, so network based security holes are hard to exploit. Whenever possible, the network services are run under a user ID that has no access to the majority of the system. This restricts web server attacks, for instance, from being able to undermine the whole system.

The Myth; we are safe.
One of the earliest worms hit the Unix mail systems in 1988. It hit thousands of mail servers in minutes. Almost 1/2 of the Unix admins had installed their mail applications in a special debug mode that could be manipulated.

The Mac was actually one of the first systems to have problems with viruses. They were easily networked (it was built in before anyone else did it, remember?) and had auto executing programs called control panel applets that could run off of diskettes as well as shared over their network.

The Myth; We cant be safe.
The only reason we have viruses is that the major players don't want to incurr the overhead that is required to prevent viruses from working. A slight change to the MS kernel paradigm will slow it down 5 to 15 % (experts disagree) but would garantee that programs could not behave unpredictably. Overflows would disappear overnight.

Most viruses are spread via networks, either peer to peer or via e-mail. Either way, they could be easily tracked back to the source (and that source slowly roasted over a low fire) if only the network providers would institute simple configuration changes that prevent the practice of "spoofing". This is where one system impersonates another at the mail or network level. The ISP's don't check for spoofed traffic because it's an administrative burden to manage each piece of network equipment individually. It would also slightly increase the load on the network components (routers and switches).

My Bonifides....
Yeah, I've been doing e-mail since 1978. Or was that 1977? A lot's happened in the last 30 years.

Daniel

Saaby · Sep 20, 2005

And BTW, I'm a veteran Unix/Linux user/developer/sometimes admin (on my own Linux box), and IMO Unix is the shining example of "insane meticulous procedures." I don't consider what I have to do for Windows security anywhere near the same level of hoop-jumping that I have to do just to do *anything* in Unix/Linux.

That's why I use Mac, all the security advantages of Unix without all the hassles. I'm saying that smugly, I literally put Linux on the machine I was using. I liked it, but found it hard to use, partially because the computer itself was old and needed to be replaced. It was replaced with a G4 PowerMac.

gadget_lover · Sep 20, 2005

Saaby said:
That's why I use Mac, all the security advantages of Unix without all the hassles. I'm saying that smugly, I literally put Linux on the machine I was using. I liked it, but found it hard to use, partially because the computer itself was old and needed to be replaced. It was replaced with a G4 PowerMac.

Actually, the security you have is only as good as the distribution you installed. A knowledgable unix admin generally secures his/her system much tighter than the average Mac. They watch for early reports of exploits and check their systems before patches become available. They also watch for early warning signs of instrusion attempts.

The experienced administrator is THE biggest security advantage!

Daniel
(But I would say that, wouldn't I ????)

drizzle · Sep 20, 2005

Can you comment further gadget_lover? As Saaby points out Apple has done a fantastic job making a unix based system be easy to use and not require an experienced administrator to work. Does it suffer much in the way of security because of this?

And no, I'm not looking for ammo to use against Mac users.

I'm just curious.

Saaby · Sep 20, 2005

Well, my computer will pop up and ask me for my password if anything is trying to make a system wide change. That's good security so long as I look at what is trying to change what (It tells you).

If I just mindlessly put my password in every time though, then when that virus does come through I'm going to let it right on in.

IlluminatingBikr · Sep 20, 2005

yuandrew said:
ISince Mac compatible programs are different than PC programs, that is what makes Macs almost "immune" to viruses.

Certain programming languages are architectually neutral. For example, I know that java programs can be run through web browsers on Mac, PC, Linux, and Unix computers alike, and even some Blackberries and Palm Pilots.

drizzle · Sep 20, 2005

Mac as Virus Carrier

yuandrew said:
Since Mac compatible programs are different than PC programs, that is what makes Macs almost "immune" to viruses.
(well with the exception of macro viruses that you can create for word processing programs that are avaliable for both PC and Mac [Say Microsoft Word as an example])

This happened to me just the other day. I got an e-mail from a client that contained a virus. (Not sure if I'm using the right term here.) It was a macro virus in the Microsoft Word document he sent me from his Mac. The funny part was his comment. I won't quote it directly but the essence was that even though I was the second person to tell him that their anti-virus software found a virus in his e-mail message, he was sure that couldn't be the case because he was using a Mac. He suggested that my anti-virus software was mistaking the format of his new Mac e-mail program for a virus.

This just goes to show that Mac is not immune to the most insidious virus of all...the Microsoft virus. A terrible trojan horse virus that people willingly inflict on their Macs. :grin2:

gadget_lover · Sep 20, 2005

drizzle said:
Can you comment further gadget_lover? As Saaby points out Apple has done a fantastic job making a unix based system be easy to use and not require an experienced administrator to work. Does it suffer much in the way of security because of this?

And no, I'm not looking for ammo to use against Mac users. I'm just curious.

The basic problem is that any system can be corrupted if the user wants it to be. I've worked at a dozen companies (as a consultant) and about 1/2 of them knowingly decrease their security because people wanted to use the systems for unsafe things. That is the bane ofthe security professional, trying to convince people that the extra 30 seconds wasted on security 4 or 5 times a day will save them days of work later.

Kaza (and other peer to peer file sharing networks) are a prime example of ways the users deliberately weaken their security. Allowing pushed data (weather bug, auto-updates, etc) are another, since you have no control over who connects and with what data.

An experienced admin will make sure the passwords are changed to something non trivial before the system is connected to the network. They will also patch the system fully before the system is connected to a non secure network. Millions of systems with networking software are running today with the default accounts and passwords. A good install program can help with this, but users can always screw it up.

Then there are the targeted attacks. Hackers can decide they want YOU and target your system for some reason. I can't count all the times I've helped total strangers with a problem and have been invited to log into their systems remotely. They frequently give me a user account and password without my asking. That's really, really bad juju. The real trusting ones give me the super-user's password. That's the keys to the kingdom.

The applications also make a big difference. I can show you 3 different exploits that will let me become the super user on a system running Oracle's database if I can access teh system at all. I can show you a dozen viruses that leverage the fact that MS was crazy enough to put a programming language in their word processor. I can actually run a version of MS Internet Explorer on my unix systems. The fact that they built a programming language (besides java) into I.E. means I'd never use it.

In general, you want to run only sofware that has no exploits. As soon as a vulnerability is announced, you should disable that software and keep it disabled till it's patched. Most Mac users don't follow the security announcments, so they don't know when they should disable certain programs or services. Most systems admins do understand and can convince thier managment that it's worthwhile. It's a hard sell to tell your manager that you want to disable all e-mail for 3 hours while you patch the mail gateway system, but it can be done.

The Mac, as delivered has a minimal number of services running. This minimizes the avenues of attack. As the user turns on more services (web servers, mail, etc) they increase the level of vulnerability. The average Windows system is delivered with more services running and more avenues of attack.

That was probably too much info, huh.

Daniel

drizzle · Sep 20, 2005

gadget_lover said:
That was probably too much info, huh.

Not for me. That was just the kind of thing I was looking for. As I mentioned above, I've been in the business a long time including a lot of consulting but none of it was security work. Someone else always handled that. Thanks for the peek into your world.

I know it's a battle with clients to convince them of security concerns. I always assumed it was more of a situation of them not knowing what to do or individual employees trying to circumvent the security to do things like Kazaa. I didn't expect you would have to convince management to keep the security tight. In my experience management was always quick to support the security team.

gadget_lover · Sep 21, 2005

drizzle said:
Not for me. That was just the kind of thing I was looking for. As I mentioned above, I've been in the business a long time including a lot of consulting but none of it was security work. Someone else always handled that. Thanks for the peek into your world.

I know it's a battle with clients to convince them of security concerns. I always assumed it was more of a situation of them not knowing what to do or individual employees trying to circumvent the security to do things like Kazaa. I didn't expect you would have to convince management to keep the security tight. In my experience management was always quick to support the security team.

While they are quick to supprt the security team in many ways, it's surprising what happens when you tell a CIO that their web page will be off line voluntarily for a few hours in the middle of the afternoon., and that it can't wait till midnight when nobody will notice. Many will decide that it's worth risking that they will not be hit by whatever virus/hack attack is in question until after business hours. I've seen the same decision made about shutting down e-mail servers when a known vulnerbility is detected.

Many of the security people have learned exactly how much they are allowed to impact the bottom line and make their suggestions accordingly. There is a very good reason that you don't see ID badges required in every building, and you don't see the badges checked more than upon entry to the building. There are also good reasons to track employee movement and to validate ID at multiple points, but it's considered too invasive.

There is a cute little device you can get that locks your system as soon as your RFID tag gets 6 feet from the computer. That would block one of the most common on-site attacks, yet hardly anyone uses it. It costs money and has to be administered. It's easier to make believe that every visitor is honest, and that the employees of your janitorial sub-contractor have all been checked out thoroughly.

Even with all that, Computer securitry is a hoot. I'm looking forward to jumping back into it full time again.

Daniel

drizzle · Sep 21, 2005

gadget_lover said:
There is a cute little device you can get that locks your system as soon as your RFID tag gets 6 feet from the computer. That would block one of the most common on-site attacks, yet hardly anyone uses it.

Hey, that's a good idea. But I've never heard of any on-site break-ins anywhere I've worked. There was the time several years ago when RAM was a lot more expensive that someone opened up several computers and stole the RAM from them. I guess you could call that an attack on an insecure computer that crashed it.

mac vs. viruses?

Enlightened

Flashlight Enthusiast

Flashlight Enthusiast

Enlightened

Flashlight Enthusiast

Flashaholic

Flashlight Enthusiast

Enlightened

Enlightened

Flashaholic

Flashaholic

Flashaholic

Enlightened

Flashaholic

Flashlight Enthusiast

Enlightened

Flashaholic

Enlightened

Flashaholic

Enlightened

Similar threads