Forgot your password?
typodupeerror
Security Businesses Worms Apple

Ready For the Big Mac Virus? 560

Posted by Zonk
from the sharks-in-the-salsa dept.
An anonymous reader writes "The IT security manager of the University of Otago, New Zealand, has been educating his OS X users in security best-practices. According to Mark Borrie, many Mac users believe they were immune to security problems -- a trap many Mac fans seem to have fallen into. He said around 40 percent of the computers at the uni are Macs. "On the security side of things I reckon the Mac community has yet to wake up to security. They think they are immune and typically have this idea that they can do whatever they want on their Macintosh and run what they like," said Borrie. "If I can get our Mac users up to speed and say 'you are not immune' -- so when [the malware] hits, hopefully we will be pretty safe," he said. "We want to be ready for the first big Macintosh virus -- because it will come. Some day, somebody will say 'I am going to create a headline and write a virus for Mac'," said Borrie."
This discussion has been archived. No new comments can be posted.

Ready For the Big Mac Virus?

Comments Filter:
  • by ackthpt (218170) * on Friday September 09, 2005 @01:26PM (#13520237) Homepage Journal
    Checking the headline, I thought, well that's either BSE or CJD and it's already here.

    Anyone who is trying to grab headlines with a Mac virus isn't of the same ilk of the two recently arrested Zotob/Mytob worms [slashdot.org], whom really desire to keep a low profile. We've pretty much moved on from the egomaniacal hacker who wants to see how n070r10u5 he can be, with his worm/virus mentioned in the NYT and CNN.

    The logical assumption is "what does a Mac virus/worm author expect?" Stealing personal info, spyware, etc, that's the game for the larger herd. It may pay some dividends and be relatively untapped and not as challenging, but there's so much groundwork laid for Windows and the frequency of exploits underscore this is the way to go.

    "what u get, d00d?"
    "some iTunes"
    "anything good?"
    "just more u2, i'm so sick of u2 :p"
    "blame j0bs"

    • Re:Not BSE at McD's (Score:5, Informative)

      by temojen (678985) on Friday September 09, 2005 @01:52PM (#13520498) Journal
      BSE is a prion disease, not a virus.
  • Are you ready? (Score:5, Insightful)

    by AKAImBatman (238306) * <akaimbatman@gmai[ ]om ['l.c' in gap]> on Friday September 09, 2005 @01:26PM (#13520241) Homepage Journal
    Ready For the Big Mac Virus?

    I'm sure the question on everyone's mind is, "Does it come with two all beef patties, special sauce, lettuce, cheese, pickles, onions, all on a sesame seed bun?" If so, BRING IT ON! I'm hungry! =)

    (And in case anyone is wondering why I'm making a joke out of this, it's because it *is* a joke. While Macs can and have had security issues, the system is nowhere near as vulnerable as your average Windows box. The design of the system guarantees that most of the problems we see on Windows can't happen on a Mac. No default open ports to send overflows through, no default root access to the system, no easy way to send executable email attachments, etc., etc., etc. We'll need a completely new class of highly sophisticated attacks to make a dent in the stronghold that is OS X. Nothing like this skript-kittee crap we've seen.)
    • Re:Are you ready? (Score:4, Interesting)

      by EggyToast (858951) on Friday September 09, 2005 @02:08PM (#13520642) Homepage
      I agree completely. Everyone talks about "virus this, virus that." Even on Windows, the virus problem didn't get out of hand until the writers discovered how easy it was to exploit system-level services that allowed for easy propagation across a network, and then extended that for internet use. Having a spammer send out a virus-laden email is one thing, but having a virus send out its own virus-laden email based on the people in the address book on the program it finds?

      So not only would Mail.app have to have an exploit, but it would have to be able to flush the entire contents of the address book (which is a separate program entirely, and the app queries as a user process based on what's typed in to the respective fields in a new email) into a "to" field, and then send itself out using SMTP which is disabled by default on a mac. And that's just for an email virus to propagate. It would have to also find a way to infect the system from Mail.app, which doesn't run as a low-level process in any way nor give a user any access to other applications directly through the application. Sure, it interacts smartly with other applications, but that's because of the OS handling user preferences.

      If my memory serves me correctly, a lot of the major Windows viruses were exploits of very basic services that had ridiculous security settings for their access. The Blaster worm propagating through a port that was open by default? WTF! Why would a default open port have such open access to the system? It's stuff like that that's caused Windows problems, not its marketshare.

      • Re:Are you ready? (Score:4, Insightful)

        by jellomizer (103300) * on Friday September 09, 2005 @02:29PM (#13520872)
        Well You were going good until the middle paragraph. If Mail.app did have an exploit that is all that is needed. Features like spotlight, will allow the virus to get all the information needed to send emails. Secondly with SMTP turned off. well you forgot what the S stands for Simple. SMTP is a very easy protocol to figure out. Just telnet your mail host port 25 and if you are stuck type help. You can make a virus that can smtp fairly small.
      • Re:Are you ready? (Score:3, Insightful)

        by frankie (91710)
        Actually, writing something that can send itself to your address book is pretty damn easy. Mail.app, AddressBook, and the rest of the builtin apps are all quite scriptable, especially with 10.4 and Automator.

        The crucial hard part is getting the receiver to extract & install your code. Automation isn't possible, only social engineering will work.
      • Re:Are you ready? (Score:5, Informative)

        by angel'o'sphere (80593) on Friday September 09, 2005 @03:59PM (#13521600) Homepage Journal
        No,

        both of you are completely wrong, and the "The IT security manager of the University of Otago, New Zealand" is very right.

        You both give false evidence why a Mac is more secure, and you think your evidence is right.

        E.G. ever heared about AppleScript? What you think how difficult it is to write an AppleScript that traverses the Adress Book and sends an email to every one in it with Mail.app?

        No SMTP needed ... so no point in disableing it :D I don't need super user/root access to send email in your name to all your friends from your adress book.

        Same for attachments. They are not "executeable" by double click, but when you get a mail from a "friend" telling you to save the script and launch it ... you likely do so! Because you think "you are save". But you aren't.

        A script/virus send to a Mac user has all rights the user has, besides exploites aiming to more rights. So the script/virus can do everything, the user can do: like searching the hard drive and mailing the last presentation, Excel file or Word file to a given adress.

        With the architecture of the OS writing basic virus programs is even far more easy than on windows, only the automated execution and exploit traversal via the Internet Explorer/Outlook/IIS and the gaining of root access is harder.

        angel'o'sphere
        • Re:Are you ready? (Score:4, Informative)

          by EggyToast (858951) on Friday September 09, 2005 @04:26PM (#13521799) Homepage
          The automated execution and propagation is what truly makes a virus a virus, is it not?

          An applescript that does something malicious is really no different than tricking a coworker or friend into typing "sudo rm -rf" at /, true?

          However, I can tell you that Applescript is fine for individual use, or when rolled out across a controlled network, but scales poorly across different versions of applications. We use applescripts for numerous tasks at my workplace, and we need to get in there and tweak the source every time we update the OS or the applications.

          Still, I don't see how "malicious script that triggers when clicked" is equivalent to a self-propagating virus.

          I DO know exactly how easy it is to willfully destroy an OS X system, even on Tiger. I've taken the OS X 'help desk' class where the last test is where you run an applescript that destroys the system. It freezes the boot process, causes the loginwindow system to kick the user out after 30 seconds, changes all the user passwords, and more, and the "test" is to fix it all. Like most viruses, it is fixable with the proper knowledge, but it's truly a pain in the butt.

          But, as I said above, convincing a user to run a malicious script just doesn't seem like a virus to me. In fact, it's not: [wikipedia.org] In computer security technology, a virus is a self-replicating program that spreads by inserting copies of itself into other executable code or documents (for a complete definition: see below). I don't see how that makes us "very wrong." Nothing that you say has anything to do with a virus. Just malicious scripting. Yes, a virus could trigger a malicious script, but those are two separate actions -- the virus that infects and propagates and delivers the payload. The payload is the script, which runs and corrupts the system.

  • by daveschroeder (516195) * on Friday September 09, 2005 @01:26PM (#13520245)
    This assertion - that someone is going to simply decide "I'm going to write a Mac virus" - is very wrongheaded. It's been tried. The most people can come up with are feeble ages-old UNIX/Linux-style rootkits and/or numerous trojans that depend on social engineering. Never a virus or worm with an automated vector of spread. Marketshare is only one very small, albeit very helpful, reason why this is the case.

    But this doesn't mean that Mac users shouldn't have current AV/malware protection and use standard computer security best practices.

    What follows below is an answer to a query raised during a Chronicle of Higher Education colloquy. Yes, I have posted this [slashdot.org] to slashdot before, but it is still very much relevant, and I believe it touches on the major issues here.

    Question from Lisa L. Spangenberg, UCLA:
    Given that there are no viruses or Trojan horses for the current Macintosh system, OS X 10.3, and given that it is essentially UNIX, and given that the most common applications (Microsoft Office Suite, Adobe applications) work very well on OS X, why don't more institutions adopt Macs and encourage faculty to use them?

    Gregory A. Jackson:
    Well, first of all, there are viruses and Trojans that afflict MacOS, witness Apple's periodic release of security fixes to counteract them.


    First, that isn't true, regarding viruses. To date, there are no known viruses that specifically target Mac OS X. Last week's "trojan" was nothing more than an application with a different icon and misleading name that displayed a dialog box (which was an example posted to a USENET Mac programming group to illustrate this fact that has been known and possible on Mac OS for over twenty years; an antivirus vendor apparently thought this an appropriate time to dress it up, incorrectly, as some new, terrible exploit easily adapted for malicious means, when in reality it's nothing more than an application).

    If you're referring more broadly to security issues in general, almost all of the security and security-related updates for Mac OS X to date have been updates for primarily server-type services that ship with the OS, all of which are disabled by default, and the lion's share of which are never even enabled, much less touched, on the vast majority of systems. I'm not saying that they should be ignored, but Apple's comprehensive and swift response to the most minor security issues does not rise to the level of the staggeringly numerous, sometimes completely automated, remote exploits, worms, and so on for Windows. It is no longer possible to even get through a full installation Windows XP on a machine connected to a public network without it being exploited before you even have a chance to patch it.

    It's definitely possible for Mac OS X to have viruses, worms, trojans, and other malware - Mac OS X is not invulnerable, and no sensible person would claim it to be. But the underlying philosophical design principles are fundamentally more secure than Windows, period. Since the major ingredient for the success of a worm or virus is some ability to spread, witness the fact that there is no way with anything built into Mac OS X to perform automated propagation of a virus, and no current known ways to exploit a machine remotely, not to mention that potentially exploitable network services are disabled to begin with anyway (and remain that way unless explicitly enabled), a stark contrast to Windows. Any hope for automatic propagation would require a comparatively high level of sophistication, and perhaps even its own mail server - not to mention some intrinsic vulnerability to exploit. On the other hand, there are still, to this moment
    [at the time of this writing], unfixed vulnerabilities in certain versions of Outlook that will spread certain virus variants simply by previewing a message, and nothing more. There is simply no equivalent to this on any other platform. Microsoft's track record and attitude

    • "But this doesn't mean that Mac users shouldn't have current AV/malware protection and use standard computer security best practices."

      I agree with the latter, but I disagree with the former. A lot. The tradeoff for antivirus on Macs is simply horrid, and I don't believe there is any point to it at the moment.

      1. There are no Mac viruses or worms. Sure, there probably will be. But there aren't any NOW, which means we have no idea if Symantec/MacAfee/whoever is going to be any good at getting out a signature f
  • And I say that as a Mac user. At some point, you must educate the user to the dangers - don't open suspicious messages or attachments; don't wander into sketchy websites.

    Not the easiest thing to instruct, though.
    • you must educate the user to the dangers - don't open suspicious messages or attachments; don't wander into sketchy websites.

      I disagree completely. If I open and email attachment the OS should be smart enough to warn me when that attachment is trying to do something unexpected. Instead of just blocking all attachments that end with EXE, why can the OS let me run the EXE and warn me if the EXE is trying to modify critical system info, or access the internet in an unpermitted way?

      Similarly, a web browse

    • by Sycraft-fu (314770) on Friday September 09, 2005 @01:36PM (#13520348)
      Since there are no Mac viruses, or at least none of consequence, and no malaware currently you CAN just ignore security practices and be fine. Thus people aren't as inclined to listen when you try and educate them.

      Same problem with Windows. It's not like Windows admins haven't been telling users for YEARS "Don't download and install random shit off the net". However in the past, a virus scanner kept you pretty safe and viruses infecting downloads were fairly rare. Then along came malaware and a whole host of trouble. Finally people are slowly starting to learn, but only because it's caused them problems.

      I imagine the Mac community will be similar. Some will listen, but the majority will continue to believe their Macs are invincible since at this point there aren't any consequeces to not listening. Only when it finally bites them in the ass will they wake up.
      • Actually, you know very-well how much easier it has been to corrupt a windows machine via normal web surfing: Because of ActiveX and the browser's tight integration with the operating system.

        microsoft shipped a long time ago the ability to run and install software from a web document without thoroughly thinking through the vast array of possible social engineering exploits this would open hapless end-users to. For one, an ActiveX warning box would show-up each and every single time you'd load a web docume

  • Mac vs Win (Score:2, Funny)

    by SamSeaborn (724276)
    I've been considering buying a Mac because the anti-virus software on my Windows laptop drives me nuts. Funny, I was under the impression that Mac's we're more virus-proof.

    But this article is telling me I'll have the same issues if I switch? *sigh* Computers are becoming a real pain the butt to use.

    Sam

    • I've been considering buying a Mac because the anti-virus software on my Windows laptop drives me nuts. Funny, I was under the impression that Mac's we're more virus-proof.

      Mac's aren't virus-proof per se (no OS is), but as of now there aren't any known virii on OS X. All the article is saying is don't get too comfy thinking there will never be any virii on OS X, because someday there *may* be. We just haven't seen any in the past 5 years.

      Compare this to Windows wich seems to have a new virus come out on i
  • by nebaz (453974) * on Friday September 09, 2005 @01:28PM (#13520273)
    I have a question. I was a mac user for several years, but not for the last 10 years or so, and I remember that there were several 'viruses' at the time. What ever became of them? This was all pre wideuse internet, so I think those old viruses spread via floppy, but I'm just wondering. Technically, doesn't Mac OSX have some backward compatibility all the way back to the 680X0 chipset?
    What happens to the new Macs if they encounter these old foes?
    • by mmkkbb (816035) on Friday September 09, 2005 @01:37PM (#13520357) Homepage Journal
      All the mac viruses I know about, save Office macro viruses, rely on users trading infected software back and forth. The last new one appeared in 1994, and was cleaned out by the free anti-virus program Disinfectant.

      Presumably, an old Mac virus could infect other files on a new Mac system, but they'd probably not be able to infect PowerPC code.
    • I'm not an expert, but I doubt viruses from 10-20 years ago aren't much of a threat, considering OSX is a whole new code base.
    • by EggyToast (858951) on Friday September 09, 2005 @01:49PM (#13520473) Homepage
      It runs old OS9 applications in an emulation layer. That layer starts up as an application by choice, meaning that you either turn it on once your computer is on, or when an old application triggers it. So you would have to manually install the virus yourself.

      At that point, it would do its virus things inside that emulation layer, probably corrupting some aspect of the environment. When you close the environment (just like any other application), the virus's activity would cease. The fix would be simply "reinstall the environment."

      So if you needed to use the "Classic" environment for an old application, and you for whatever reason decided to install the virus or place a disk with a virus on it in your computer and run it in the Classic environment, yes, you could give yourself that virus. But that's hardly that much different than the numerous "Proof that you can intentionally break your system" scripts and applications that are around for every operating system.

      In my experience, all of the old viruses that Macs got were Macro viruses from old versions of Word. They have no way of propagating without writing to new documents, but the newer versions of word are pretty innoculated against Macro viruses IIRC.

      The short answer to "What happens" is "not much if anything."

    • by SuperKendall (25149) * on Friday September 09, 2005 @02:09PM (#13520653)
      Many of the early Mac viruses were boot-secotr virues - they got into the computer because you booted from a floppy that hada virus on it. When I was in school the macs always had problems with this.

      One could speculate that elimination of boot sector viruses was a big reason for Apple to stop including floppy drives so early - people just do not boot off CD's to the same degree, not to mention it's not nearly so easy to get a virus onto a CD without the user knowing something is up. When people were using floppies for data transfer it was a bigger issue.
    • by Lars T. (470328) <Lars DOT Traeger AT googlemail DOT com> on Friday September 09, 2005 @02:22PM (#13520806) Journal
      Actually, most "old" Mac viruses stopped working with the introduction of System 7, early 1991.
  • Bring It On (Score:5, Insightful)

    by ToddWDraper (449104) on Friday September 09, 2005 @01:29PM (#13520275)
    > Some day, somebody will say 'I am going to create a headline
    > and write a virus for Mac'," said Borrie."

    I've been hearing this for years. I'm still waiting.
    • Re:Bring It On (Score:3, Insightful)

      by badmammajamma (171260)
      OS/2 didn't have any viruses either. It doesn't mean it's not possible, it's just that nobody gives a shit about a product that has almost no market share. Where's the glory?
      • Re:Bring It On (Score:3, Insightful)

        by Lars T. (470328)
        So why was there a virus for Win64 (that only works on Win64, not a port from Win32) soon after the first public beta was out? Was that because of the huge market-share?

        And before you say: GLORY - ask yourself: How much glory one would have if one would finally write the first virus for Mac OS X?

        Conspiracy theory: MS is stopping all Mac viruses so people will think it has a low market-share.

  • by Dysantic (901927) on Friday September 09, 2005 @01:30PM (#13520285)
    ...and I can say that with absolute certainty since I removed the pre-installed Internet Explorer that came with it.
  • safer by design (Score:2, Redundant)

    by MECC (8478) *

    Safer by design doesn't mean immune.
  • Not sure if this is just fud or what, but back in my HS days one of my Mac evangelist buddies pointed out that because of the itnegrated design of the Mac classic and similar "one box" macs that one could quite easily write a virus or trojan that would run the video subsystem really far out of spec and could actually physically damage the CRT. Is that still something possible with modern hardware?
    • by Animats (122034) on Friday September 09, 2005 @01:48PM (#13520465) Homepage
      It was possible to do that on the original IBM PC, but very few monitors since have had that problem.

      The monitor on the original IBM PC was borrowed from the IBM Displaywriter, which wasn't user-programmable. The PC's display card allowed setting the horizontal and vertical sync rates in software, not so you could change the resolution but just because the hardware was built that way. The monitor turned on when it got vertical sync. The horizontal sync, in typical TV style, was used to generate the input waveform for the high voltage supply for the CRT.

      So if you set the vertical sync to normal and the horizontal sync to zero, the flyback transformer saw DC. With no inductive reactance to block the current, the flyback transformer would burn out. This would produce smoke. And there were viiri that did this.

      But that's ancient history. Modern hardware-damaging viruses attack boot programs, firmware, and the keys in "trusted computing" systems. The effect can be a dead PC that cannot be restarted.

  • all that means is that Mac OS X still has about 98,000 viruses to go to catch up with Windows....

  • I am not extremely familiar with macosX but I know that the underlayment is FreeBSD and I do not see how an effective virus/worm strain can be created for this infrastructure. After all, macosX does not require you to run everything as root to be able to function properly. So unauthorized access to the OS will be quite next to impossible without explicit permission of the computer's user by typing the root password when asked.

    If it was that easy to make the headlines, or destroy the unix based systems, I be
  • And I don't eat there often because it gave me a diarrhea a couple of times, but a virus? No, I'm far from ready for it. I'd rather quit eating out at McDonalds altogether.
  • the cause.

    People will just click right through any dialog box that askes them for their password, not even reading it. Then this little beast will tear their system limb-from-limb and they'll blame Apple. And you know why? Most people today expect others to do all of their security for them. I can't even count the number of times I meet people who just expect the police to provide for their security, and that includes girls with stalkers and crazy exs. Do they take responsibility for their own security? No
  • ...and his headline will be:

    "World's dumbest virus author"
  • by WormholeFiend (674934) on Friday September 09, 2005 @01:37PM (#13520365)
    about the data Hamburglar...
  • Mac OS X not Unix? (Score:3, Interesting)

    by minimunchkin (838824) on Friday September 09, 2005 @01:39PM (#13520385)
    FTA: "I put apple a few years behind Microsoft in understanding how to manage security for the users. I put Microsoft a number of years behind the Unix community because the first systems that got hurt -- ten or fifteen years ago -- were Unix systems. Microsoft had to fix the security because it had such a bad reputation and to its credit, the company has really turned it around, " said Borrie.

    Is it just me or does this not really make sense given Mac OS X's unix underpinnings?

  • it can be tough to avoid complacence, particularly when the solution is an impediment in itself.

    I do realize that Macs are not immune; indeed, if they were truly immune, Apple wouldn't have to release periodic security updates. OTOH, Mac are not currently affected.

    Someday, they may be. Any potential virus would still have propagation issues--it's not as easy to find another Mac that the infected Mac knows about, as it is for a Wintel to find another Wintel. But on the other hand, getting users to install virus protection is problematic, let alone getting them daily updates. We just don't have the culture of paranoia that Windows IT folk do, and the immediate response infrastructure that could potentially be necessary and is pretty well developed on the Windows side. The tools for such aren't available, or if they are available, they aren't well known; they certainly aren't tested and deployed.

    Christ, I'm in the biz and I don't run anti-virus on my own machine; it's not worth the trouble. And I can say that since I've NEVER seen a single virus for OS X. But maybe one day one will come, and it'll find the other Macs on my network via BonJour nee Rendezvous using an exploit that Apple learned of a week ago but hasn't released a patch for yet.

    As Jayne says, "that'll be an interesting day."

  • by Nik Picker (40521) on Friday September 09, 2005 @01:46PM (#13520457) Homepage
    Again ?

    Okay so lets see first theres the arguement that actually that is only true if all software is built and developed and criticised in a equal fashion. Then it assumes that there are an equal number of equal security issues in all operating systems and then it assumes that what works in targeting one system will work ( with adjustment ) at targetting all platforms.

    Lets review the facts

    1. Mac OSX and Linux are built from different code bases and structures to each other and windows.

    2. OSX and Linux come from a parentage that have been available to target for at least 10 years. Of which an equal amount of time has Windows been available.

    3. Despite the internet being avialable 24hrs a day 7 days a week for well over a few million machines world wide its as a majority the MS machines and servers which keep bringing the disruption to the network.

    4. Its not just one version of windows that keeps being affected but many different versions and releases are able to be targetted with many the same vulnerabilities. Mac OSx, Linux other Unixes due to their hybridisation and differenation enable enough differences to form the defence against similar architecture attacks.

    So in Conlcusion :

    Yes there is a risk for 1 person but its unlikely to be able to become a risk to every one else in the network. Unlike a Windows Platform where by the risk to one immediately creates the risk to others. Which is where the misconception of the "risk" management issues arises.

  • Look at the facts (Score:3, Informative)

    by pammon (831694) on Friday September 09, 2005 @01:50PM (#13520484)
    Fearmongering aside, let's think about how viruses usually get into Windows. I see two many ways that worms spread:

    Exploiting flaws in networked services
    This is how Zotob got around. Microsoft shipped Windows with (I think) seven open ports by default. This colossal mistake ensured those too clueless or lazy to turn off unnecessary services would be the most vulnerable.

    Microsoft finally fixed this with SP2, I believe, but the repercussions of all those insecure installs (and continuing insecure installs for non-SP2 Windows CDs) will take years to play out. That's why a worm like Zotob is still possible.

    Needless to say, OS X has always shipped with zero ports open by default. (OS X does have mDNSResponder, which launches whenever you use Rendezvous, but that's all).

    E-mail worms
    ILOVEYOU spread by tricking users into launching a program. Outlook for a while didn't do a sufficient job of warning users that they were opening a potentially malicious applications. Mail, as of Tiger, warns about executable programs before it lets you open them, making it more difficult to trick users.

    It's not entirely rosy for Mac users. I don't think OS X has any particular protection against Word macro viruses (e.g. Melissa). But overall, it seems to me that OS X does a better job protecting against the two main vectors that viruses use to infect Windows.

  • by orson_of_fort_worth (871181) on Friday September 09, 2005 @02:01PM (#13520592)
    In keeping with the style of the platform itself, the first OS X virus will no doubt be stylish and easy to use but still accessible via a command line for those who like to get their hands dirty. In fact, most people won't want to get rid of it and some will pay a premium for it.
  • by SuperKendall (25149) * on Friday September 09, 2005 @02:14PM (#13520711)
    I had heard there was one group trying to develop an OS X virus, but the first attempt got them flamed so hard for deviating from the user interface guidelines that they retreated to caves in the Himilayas and vowed never to touch a computer again.

    So possibly if the virus writers avoid Brushed Metal [daringfireball.net], they might have a chance.
  • by jht (5006) on Friday September 09, 2005 @02:21PM (#13520787) Homepage Journal
    it's just really unlikely - and the consequences of Mac malware would probably be a lot less severe. The attack surface of a default Mac OS X installation is pretty darned small. There are no services open, no file sharing, no open ports, and no root user. The user's admin password is required to install anything that touches critical parts of the filesystem, and Apple is pretty good about patching potential vulnerabilities and making sure that the client Macs get them.

    I've seen and heard of instances where OS X Server installs have gotten owned - it's not common but it does sometimes happen. Unlike Client, Server does give you services to use and admins are traditionally less eager to patch a running server - so updates may not be applied as quickly.

    But as of right now, Mac OS X is fundamentally far more secure than Windows - period. And although someone _could_ write malware for OS X, as long as Windows dominates the universe they are exceedingly unlikely to try. And the dumb user is much better protected on the Mac than they are on Windows still - even with all the post-SP2 improvements to default policy and the much better 2003 Server.
  • by falcon5768 (629591) <Falcon5768@comcast. n e t> on Friday September 09, 2005 @02:23PM (#13520826) Journal
    The few random vulnerabilitys that have even made headlines have been snuffed out in a week or two by Apple themselves in Security Updates. And even they usually required the user to have done something in order for the vulnerability to even be a vulnerability.

    Im not saying it couldnt happen, but one of the biggest reason Microsoft is such a virus fest is because its just easier to exploit the system and Microsoft takes weeks if not months to patch it. Apple sends out patches almost every 2 weeks if not more, and Apple users unlike Microsoft users, the bulk of which just have no clue, tend to actually patch their software on a regular basis. Once a vulnerability is found, typically its patched before anyone even has time to exploit it, some of the current crop of Windows viruses have been because of vulnerabilitys known about for years in some cases.

    • Apple sends out patches almost every 2 weeks if not more, and Apple users unlike Microsoft users, the bulk of which just have no clue, tend to actually patch their software on a regular basis.

      I don't know if I agree so much with the clue'd in part as much as I would say the reason for greater patch diligence by Mac users is that the Apple software update works so much better than Windows Update (not just from an interface point of view, but also from a regular patching point of view.)
  • by Zemplar (764598) on Friday September 09, 2005 @02:35PM (#13520933) Journal
    Relax, you have a Mac.

    Be at peace with your inner BSD.
  • by Aram Fingal (576822) on Friday September 09, 2005 @02:44PM (#13521003)
    I work at a large University with about 40% Macintosh, just like the university in the article, and we have standard security requirements that have come from experience with Windows exploits and a few incidents with Linux (recently, MySQL exploits) as well as regulations like HIPAA. Macs are not exempt from these rules. All machines, including Macs, are required to have properly managed user accounts, auto updates, antivirus, anti spyware, a firewall of some kind, etc.

    It's interesting that, because of the equal application of rules like this, and the media's insistence that things like Renepo pose a security risk, when in fact it doesn't, people think there are real threats to security on a Mac when there isn't. I have had many calls where a user thinks there is a virus on their Mac when it is really just a basic troubleshooting issue or user error. What I am saying is that I have observed the opposite to what the author says. It amounts to a false sense of insecurity.

    In other words, security really could be improved if we moved more users to Macintosh but the prevailing opinion is that, once you do that, Macs will be just as vulnerable as Windows. It isn't true for two reasons. First, Mac OS does have features and development practices which make it inherently more secure than Windows. Second, the point is not to move 100% of users to Macintosh. The point is to move the industry to where there is some healthy competition between OS developers and where there is no longer a monoculture of computers which all have the same vulnerabilities.
  • by WhiteWolf666 (145211) <sherwin&amiran,us> on Friday September 09, 2005 @02:58PM (#13521121) Homepage Journal
    Microsoft is always *very* anxious for people not to look at the theoretical, but to evalute things like 'True Cost of Ownership', or 'Performance under real-world situations'.

    Microsofties (MS-fanbois) always like to ask "If OS X (or Linux) are superior, then why aren't they dominant?"

    Fact: There isn't a SINGLE OS X worm or virus out there that isn't an equivalent of rm -rf /.

    While theoretical vulnerabilities may exist, the fact of the matter is that you could buy a mac mini, turn off the firewall, plug it directly into a cable modem, and it WON'T get owned. Not within 5 minutes, not within 20 minutes, not within 6 months.

    Obviously, good security practices will protect you in the future. Obviously, its a good idea to monitor which services you are running, and to run a firewall.

    You always here Microsofties say things like "Windows is better because of install base. Greater software avaliability trumps superior architecture"

    Or the $ per 'unit of performance' metric--- At any given price, a Windows prebuilt box will end up being cheaper, even though a Linux or Mac prebuilt box could theoretically perform better.

    Well, you CAN'T have it both ways: At any given deployment level, an OS X box will not get owned. Period.

    Eat it.

    I'm tired of all this FUD. To idiots like the article author, and the guy quoted: Feel free to discuss how the *nix sky is falling (in terms of security) when we get daily exploits, and large corporation are shutdown because their *nix servers/workstations are passing e-mail viruses or tcp/ip worms back and forth.

    Until then, SHUT-UP. Much like Duke Nukem Forever, the Phantom console, and economically viable Fusion, I'll believe it when I see. Keep repeating to yourself: There are NO Mac OS X viruses. Not one. Not 1/2 of one. Not a shadow of one.

    End of story.
  • by Sloppy (14984) on Friday September 09, 2005 @03:37PM (#13521418) Homepage Journal
    The biggest security hole that a typical Windows user faces isn't MS Windows itself -- it's MS Outlook, MS Internet Explorer, MS Word, MS Excel, etc. These programs treat data as code.

    Imagine you're running OpenBSD, and MS has ported MS Word to that platform. Someone emails you a MS Word document. As a clueless user, you start MS Word and load the document. Then, a macro stored in the document executes. Maybe, thanks to OpenBSD, it's not able to get local root access. But it is able to delete every file in your home directory after "backing those files up" by emailing them to various people.

    Fear the apps. If you are a Mac user and you run apps that treat data as code (i.e. most Microsoft apps) or which have UIs that allow you to easily treat data as code (i.e. mail readers that allow you to execute an attachment merely by clicking on it) then you are in nearly as much danger as MS Windows users.

  • by wandazulu (265281) on Friday September 09, 2005 @03:52PM (#13521537)
    According to Wikipedia [wikipedia.org], the "first" worm was in fact targed to Unix machines running on the VAX and Sparc. IIRC, there were two versions, one for each platform, and they would bring over the source code and compile it on the infected machine, then run.

    What separates that from today is that it wasn't designed to do any actual damage (bugs in the code caused it to replicate wildly, causing the actual damage), and depended on there being a C compiler available.

    Sigh, regardless of the damage done back then, it all seems so quaint in comparison to the stuff running around today.
  • by neo (4625) on Friday September 09, 2005 @04:27PM (#13521813)
    It takes time to write a decent mac virus because you have to make it user friendly and it has to look good.

    The gui interface has to be just right and when they switched from the candy buttons to the more metalic look I had to start over from scratch.

    But I promise, this time next year I'll have the mac virus you've all been waiting for and I just can't wait to release it into the wild. Probably debut at MacWorld.
  • Oh, no you don't... (Score:3, Interesting)

    by Anonymous Coward on Friday September 09, 2005 @05:15PM (#13522224)
    I think there is a major distinction that needs to made here. Mac users are, hypothetically, at risk for potential virus infection, malware, et al. However, they are unquestionably immune from WINDOWS viruses, malware, et al., which happen to be ALL of the known viruses, malware et al on the net today.

    There are several reasons why Macs remain immune:

    1) The Windows market share exposes a significant target.

    2) Windows has been historically less secure by design (and let's face it, sloppy coding) than it's Mac brethren.

    3) Microsoft, through it's inaction and lack of resolve to fix security issues with it's OS (and related OS interoperable products such as Explorer and Word) when viruses, malware et al began to emerge on the net allowed the problem to mushroom into the nightmare that exists today. The door was left wide-open for far too long. Spyware is big business now, and the most nefarious malware authors aren't just script kiddies; they are seriously clever and inventive software authors. Malware authors have established their turf, and despite Microsoft's present initiatives, malware authors have demonstrated that they aren't going anywhere. Thus, Microsoft's present attempts at securing it's software (including "Vista") are doomed. Malware authors will always have the advantage because they know Windows, they know Microsoft, and they are in a position to be flexible, adaptive, knowledgeable and responsive for the release of Malware 2.0. In this game, Microsoft loses. They helped create a Malware-at-large environment where it can only react (patch) over and over and over again. And that assumes (or, more accurately - prays) that malware authorship doesn't become more sophisticated than it's present level of ability. In the meantime, expect - at a minimum - more of the same for Vista.

    4) Unlike Microsoft, Apple has taken a consistently proactive stance towards security in OS X. Despite the fact that not a single form of malware exists on the platform, Apple doesn't rest on it's laurels and diligently issues security-related patches and OS updates on a regular basis. OS X 10.4 included additional security-related measures implemented system-wide. Overall, Apple's performance regarding security in it's OS has sent a very clear message to any potential malware authors with designs on OS X: if you are going to try, it won't be as easy as it was with Windows, and you will be quickly stopped.

    5) Unfortunately, Windows users (and IT management) have not seriously held Microsoft accountable for security lapses and issues in Windows as well as interoperating products. Instead, paying third-party vendors for virus and malware eradication and other OS extra-management functions have become ingrained as a way of life for users of the Windows platform. Microsoft itself has even joined the fray. In a moment of classic irony, it's producing virus eradication software - essentially protecting it's customers from it's own operating system. One word: bizarre.

    Mac users will remember the "widget of doom" scare that occurred early in the release of 10.4. The 10.4.2 update explains just how seriously Apple takes security, whether a real threat exists or not. If you're a Windows user and don't know what I'm talking about, well, that is a shame.

Bus error -- please leave by the rear door.

Working...