Ready For the Big Mac Virus? 560
An anonymous reader writes "The IT security manager of the University of Otago, New Zealand, has been educating his OS X users in security best-practices. According to Mark Borrie, many Mac users believe they were immune to security problems -- a trap many Mac fans seem to have fallen into. He said around 40 percent of the computers at the uni are Macs. "On the security side of things I reckon the Mac community has yet to wake up to security. They think they are immune and typically have this idea that they can do whatever they want on their Macintosh and run what they like," said Borrie. "If I can get our Mac users up to speed and say 'you are not immune' -- so when [the malware] hits, hopefully we will be pretty safe," he said. "We want to be ready for the first big Macintosh virus -- because it will come. Some day, somebody will say 'I am going to create a headline and write a virus for Mac'," said Borrie."
Question about old Mac Viruses (Score:5, Interesting)
What happens to the new Macs if they encounter these old foes?
Mac OS X not Unix? (Score:3, Interesting)
Is it just me or does this not really make sense given Mac OS X's unix underpinnings?
As someone who supports the Mac professionally... (Score:5, Interesting)
it can be tough to avoid complacence, particularly when the solution is an impediment in itself.
I do realize that Macs are not immune; indeed, if they were truly immune, Apple wouldn't have to release periodic security updates. OTOH, Mac are not currently affected.
Someday, they may be. Any potential virus would still have propagation issues--it's not as easy to find another Mac that the infected Mac knows about, as it is for a Wintel to find another Wintel. But on the other hand, getting users to install virus protection is problematic, let alone getting them daily updates. We just don't have the culture of paranoia that Windows IT folk do, and the immediate response infrastructure that could potentially be necessary and is pretty well developed on the Windows side. The tools for such aren't available, or if they are available, they aren't well known; they certainly aren't tested and deployed.
Christ, I'm in the biz and I don't run anti-virus on my own machine; it's not worth the trouble. And I can say that since I've NEVER seen a single virus for OS X. But maybe one day one will come, and it'll find the other Macs on my network via BonJour nee Rendezvous using an exploit that Apple learned of a week ago but hasn't released a patch for yet.
As Jayne says, "that'll be an interesting day."
if its popular it will be targetted argument.. (Score:4, Interesting)
Okay so lets see first theres the arguement that actually that is only true if all software is built and developed and criticised in a equal fashion. Then it assumes that there are an equal number of equal security issues in all operating systems and then it assumes that what works in targeting one system will work ( with adjustment ) at targetting all platforms.
Lets review the facts
1. Mac OSX and Linux are built from different code bases and structures to each other and windows.
2. OSX and Linux come from a parentage that have been available to target for at least 10 years. Of which an equal amount of time has Windows been available.
3. Despite the internet being avialable 24hrs a day 7 days a week for well over a few million machines world wide its as a majority the MS machines and servers which keep bringing the disruption to the network.
4. Its not just one version of windows that keeps being affected but many different versions and releases are able to be targetted with many the same vulnerabilities. Mac OSx, Linux other Unixes due to their hybridisation and differenation enable enough differences to form the defence against similar architecture attacks.
So in Conlcusion :
Yes there is a risk for 1 person but its unlikely to be able to become a risk to every one else in the network. Unlike a Windows Platform where by the risk to one immediately creates the risk to others. Which is where the misconception of the "risk" management issues arises.
Re:Where's that power button again? (Score:5, Interesting)
Re:Are you ready? (Score:4, Interesting)
So not only would Mail.app have to have an exploit, but it would have to be able to flush the entire contents of the address book (which is a separate program entirely, and the app queries as a user process based on what's typed in to the respective fields in a new email) into a "to" field, and then send itself out using SMTP which is disabled by default on a mac. And that's just for an email virus to propagate. It would have to also find a way to infect the system from Mail.app, which doesn't run as a low-level process in any way nor give a user any access to other applications directly through the application. Sure, it interacts smartly with other applications, but that's because of the OS handling user preferences.
If my memory serves me correctly, a lot of the major Windows viruses were exploits of very basic services that had ridiculous security settings for their access. The Blaster worm propagating through a port that was open by default? WTF! Why would a default open port have such open access to the system? It's stuff like that that's caused Windows problems, not its marketshare.
A lot of boot-sector viruses (Score:4, Interesting)
One could speculate that elimination of boot sector viruses was a big reason for Apple to stop including floppy drives so early - people just do not boot off CD's to the same degree, not to mention it's not nearly so easy to get a virus onto a CD without the user knowing something is up. When people were using floppies for data transfer it was a bigger issue.
Sure, Mac malware could happen... (Score:3, Interesting)
I've seen and heard of instances where OS X Server installs have gotten owned - it's not common but it does sometimes happen. Unlike Client, Server does give you services to use and admins are traditionally less eager to patch a running server - so updates may not be applied as quickly.
But as of right now, Mac OS X is fundamentally far more secure than Windows - period. And although someone _could_ write malware for OS X, as long as Windows dominates the universe they are exceedingly unlikely to try. And the dumb user is much better protected on the Mac than they are on Windows still - even with all the post-SP2 improvements to default policy and the much better 2003 Server.
yawn.... (Score:2, Interesting)
The difference is that on ALL *NIX platforms (that I can think of) the default is that you must have administrative (root) privledges to install any program or pretty much screw up your system.
On windows, all a user has to do is double click that file that says "pr0n!!!.exe" and they are infected. Most version of windows have the main default user as the admin by default and no password or red flags or anything launch when a program wants to do something suspicious.
Re:Are you ready? (Score:3, Interesting)
I remember the CEO of Linspire saying the exact opposite, that user data is most important. If my internet connect was hijacked by a virus or worm, I would clean it up and be done with it. If I got someone deleting my files for fun, I'd be peeved. User data is most important.
Re:Question about old Mac Viruses (Score:1, Interesting)
nVIR viruses were probably the most common of a dozen or so "classic" infections, and I'm pretty sure all they did was cause random system crashes. Also, I think either System 7 or 8 broke them or something. I doubt that they would run in "Classic Mode." Even if they did, all you'd have would be an infected System 9 -- it wouldn't affect OS X's performance.
Re:Are you ready? (Score:3, Interesting)
The apps are the risk (Score:3, Interesting)
Imagine you're running OpenBSD, and MS has ported MS Word to that platform. Someone emails you a MS Word document. As a clueless user, you start MS Word and load the document. Then, a macro stored in the document executes. Maybe, thanks to OpenBSD, it's not able to get local root access. But it is able to delete every file in your home directory after "backing those files up" by emailing them to various people.
Fear the apps. If you are a Mac user and you run apps that treat data as code (i.e. most Microsoft apps) or which have UIs that allow you to easily treat data as code (i.e. mail readers that allow you to execute an attachment merely by clicking on it) then you are in nearly as much danger as MS Windows users.
Re:Mac OS X is more secure, period. (Score:3, Interesting)
I agree with the latter, but I disagree with the former. A lot. The tradeoff for antivirus on Macs is simply horrid, and I don't believe there is any point to it at the moment.
1. There are no Mac viruses or worms. Sure, there probably will be. But there aren't any NOW, which means we have no idea if Symantec/MacAfee/whoever is going to be any good at getting out a signature for the first one in a timely fashion. Or if the signature will be any good. Or if the automatic update will get the signature in time. Or....
2. On the other hand, the first Real Mac Virus Or Worm is going to be a big deal. You'll see it on Slashdot, CNN, your local news, your fellow Macheads, everywhere. You may well see it before the signatures get out, and can probably do something about it (like unplug your network while you figure out a fix, in the worst-case Worm of Death scenario).
3. How damaging is the first Mac virus/worm likely to be? Most malware isn't really all that damaging. Bad, yes, but destroying your disk? Making your computer burst into flames? Killing your network bandwidth by sending out lots of baby virus emails is sad, but fixable. Because remember, the First Real Mac Virus or Worm is going to be a big deal. If you're reading this, you'll find out about it.
4. So, when the first virus/worm comes out, what are the chances that the AV software is going to protect you more than good old Mr. Power Key? This depends, I suppose, upon your faith in Symantec/MacAfee/whoever.
5. That said, what are the chances that your AV software will cause problems on your computer? Pretty good, actually. They add complexity to a system. They take up processor cycles. Symantec AV is notorious for destabilizing systems -- and even if it weren't, I personally won't trust AV software from a company that makes Norton Disk Doctor (Kevorkian edition). MacAfee ate people's data -- I can't recall if it was the hard disk or the Mac.com iDisk, but it was bad. And the current trend in malicious code is to target the security applications. Witty Worm, anyone?
6. Yeah, it will keep you from being a Typhoid Mary and forwarding on Windows viruses. I'm not that good a neighbor, and you shouldn't have to be either.
Given that AV software costs money, currently protects your computer against nothing whatsoever, adds complexity to the system, and may well cause problems or eat your data, I don't consider it a good tradeoff. At all.
I consider backing up your data religiously a much better solution, as it protects your data against all kinds of threats -- not just particularly mean viruses, but also hardware problems, chair-keyboard interface issues, etc.
Me, I watch the headlines, pray to my external hard disk every Sunday, set my plushy Cthulhu on my monitor to protect my computer from physical access, and trust to Apple's security updates. If and when there is a Real Mac Virus or Worm, I will reevaluate my strategy. But I bet I won't change it, because sufficiently current backups are indistiguishable from magic. (And before anyone says that regular users can't do this: I say, regular users can't cope with Norton/MacAfee squirreliness, either, and they're still much more likely to run into that.)
Re:Are you ready? (Score:3, Interesting)
What if there was a small device, small enough that it could fit into one's pocket, that you could plug between the network card and the cable modem that had the firewall security of a router (NAT, closed ports unless forwarded, etc.) but was designed for a direct connection?
Such a thing could probably be manufactured fairly cheaply (one female, one male ethernet port), powered by a USB attachment (unless there's a way to power it with standard ethernet, I'm not sure), and given away by ISPs as an all-in-one "security dongle". It would definitely keep support costs down...
Trojan executables on OS X (Score:5, Interesting)
Not strictly true. You can do a "mydoc.doc.pif"-style trick on OS X.
I have made a proof-of-concept trojan horse that appears to be a JPEG file, opens a JPEG in Preview, and to the layman appears to be a JPEG file. In fact, it's an Application in the form of a
OS X is smart enough to realise that an app called "foo.jpeg.app" is nefarious, and displays its full name. If, however, the first period is replaced with a similar-looking Unicode punctuation character, the OS displays just "foo.jpeg". With a suitable application icon, it looks a lot like a genuine image. (The only obvious difference is the absence of size information under the filename, but I think most people wouldn't notice that.)
Admittedly, you still have to package it as a
Oh, no you don't... (Score:3, Interesting)
There are several reasons why Macs remain immune:
1) The Windows market share exposes a significant target.
2) Windows has been historically less secure by design (and let's face it, sloppy coding) than it's Mac brethren.
3) Microsoft, through it's inaction and lack of resolve to fix security issues with it's OS (and related OS interoperable products such as Explorer and Word) when viruses, malware et al began to emerge on the net allowed the problem to mushroom into the nightmare that exists today. The door was left wide-open for far too long. Spyware is big business now, and the most nefarious malware authors aren't just script kiddies; they are seriously clever and inventive software authors. Malware authors have established their turf, and despite Microsoft's present initiatives, malware authors have demonstrated that they aren't going anywhere. Thus, Microsoft's present attempts at securing it's software (including "Vista") are doomed. Malware authors will always have the advantage because they know Windows, they know Microsoft, and they are in a position to be flexible, adaptive, knowledgeable and responsive for the release of Malware 2.0. In this game, Microsoft loses. They helped create a Malware-at-large environment where it can only react (patch) over and over and over again. And that assumes (or, more accurately - prays) that malware authorship doesn't become more sophisticated than it's present level of ability. In the meantime, expect - at a minimum - more of the same for Vista.
4) Unlike Microsoft, Apple has taken a consistently proactive stance towards security in OS X. Despite the fact that not a single form of malware exists on the platform, Apple doesn't rest on it's laurels and diligently issues security-related patches and OS updates on a regular basis. OS X 10.4 included additional security-related measures implemented system-wide. Overall, Apple's performance regarding security in it's OS has sent a very clear message to any potential malware authors with designs on OS X: if you are going to try, it won't be as easy as it was with Windows, and you will be quickly stopped.
5) Unfortunately, Windows users (and IT management) have not seriously held Microsoft accountable for security lapses and issues in Windows as well as interoperating products. Instead, paying third-party vendors for virus and malware eradication and other OS extra-management functions have become ingrained as a way of life for users of the Windows platform. Microsoft itself has even joined the fray. In a moment of classic irony, it's producing virus eradication software - essentially protecting it's customers from it's own operating system. One word: bizarre.
Mac users will remember the "widget of doom" scare that occurred early in the release of 10.4. The 10.4.2 update explains just how seriously Apple takes security, whether a real threat exists or not. If you're a Windows user and don't know what I'm talking about, well, that is a shame.
Re:It's less about security than... (Score:4, Interesting)
If I follow your logic, Native Americans wouldn't catch colds.
Re:Part of the problem is no consequences yet (Score:3, Interesting)
Actually, you know very-well how much easier it has been to corrupt a windows machine via normal web surfing: Because of ActiveX and the browser's tight integration with the operating system.
microsoft shipped a long time ago the ability to run and install software from a web document without thoroughly thinking through the vast array of possible social engineering exploits this would open hapless end-users to. For one, an ActiveX warning box would show-up each and every single time you'd load a web document. Navigating through sites overzealous ad banners instantly becomes hell, and many people WILL click "Yes" to "make those annoying messages go away". In those instances, installing and running software on one's computer is no-longer a conscious, educated choice. It is a byproduct of trying to improve one's browsing experience.
Not to mention the many security flaws that were found throughout the years to completely bypass ActiveX warning dialogs.
Saying "Don't download and install random shit off the 'Net" has actually far better chances of being a successful message to keep Mac users out of trouble, because Apple has worked very hard to make the only way to "install and run shit" the result of an effectively educated, conscious choice. When you "install and run shit" on a Mac, you know you're "installing and running shit".
On Windows, there have been, and continue to be, a number of user interface and security flaws that make the message you outline an ineffective message to most average/novice users. Granted, throughout recent Windows XP patches, a lot of these issues are slowly going away. I still think ActiveX needs to die or far more seriously rethought [blogspot.com].