Posted on 03/14/2005 3:34:33 AM PST by Swordmaker
Why Viruses Have Trouble Penetrating the Mac
The only problem on OS X is from macros with Microsoft products and from mail attachments. These do not harm the Mac environment but may damage a Windows computer if sent. As a normal precaution, I do not open attachments, and trash them instantly. This immunity may not last.
It may or may not surprise you, but there are no OS X viruses (or worms or trojans), partly due to the implementation of OS X and its almost-inaccessible Root. Dr. Smoke, who gave me some advice on this subject, gives a clear explanation of how the problem should be viewed at the Lab pages at www.thexlab.com/faqs/malspyware.html.
Most Mac users never need Root access. We use Administrator privileges, and if Root is needed for installation of an application or for alterations to the system -- what a virus would need to do -- a user must enter a password. This physically and consciously acknowledges an event (and its consequences).
Microsoft Macros
Mac naysayers would have us believe there are no viruses because there are so few Macs (this also applies to Linux and Unix platforms), although that could change with the Mac mini.
If the numbers of viruses for Windows keeps on growing (as of January this year, there were a total of 68,736 viruses detected, according to Symantec), the Mac may come in for some attention. There is no point spending all your time virus-writing, however, if viruses will not work.
The only problem on OS X is from macros with Microsoft (Nasdaq: MSFT) products and from mail attachments. These do not harm the Mac environment but may damage a Windows computer if sent. As a normal precaution, I do not open attachments, and trash them instantly.
This immunity may not last. There have been experiments: last year one (one!) widely reported Unix-based package was found, but it had no method of self-propagation and no delivery system.
I almost long for the days (and simplicity) of the locally written Victor Charlie (for DoS) which examined checksums to seek out unauthorized changes. A virus signature -- the common method of virus-detection these days -- may arrive days after the event.
Signature Checkers
There is a Unix-based system integrity checker, called Tripwire, which I installed. I would not suggest installing this unless you are really comfortable working at the command line. This is one that screams out for a GUI version.
What we have left, if we are going to prepare, are the signature checkers. McAfee Virex has been around for a long time -- I used a copy in System 8 -- and can be found as part of the .Mac subscription. It was withdrawn by Apple (Nasdaq: AAPL) in late 2004 for a brief time after a conflict was discovered, but is is now available again with .Mac and it is also on sale. Some users still report problems, however.
Norton Anti-virus for Mac 9.0 is also in the market and has a good following. A number of OS X users have also installed the products of Intego, which include VirusBarrier and NetBarrier.
A further commercial product is that of Sophos, which has a link to evaluate a copy of its application. This one is aimed at larger enterprises.
Mark Allan from the UK had been using an open-source application called ClamAV but he tired of the command line so, bless him, took it upon himself to develop ClamXav, a free virus checker (using signatures). Version 0.9.0f for OS X is a 2.8 MB download with a simple install process.
A panel allows you to update the signatures (you can also set this to update automatically) and a file browser gives you choices of which directories or files to scan. Preferences are available for some fine tuning: General, Internet and Schedule.
Quarantine Folder
The software has the ability to move infected files to a quarantine folder where they can be isolated. Items that can be scanned include mailboxes. Mark includes a warning that, for these, the isolation method should not be used. The mailbox needs to retain its integrity.
I ran ClamXav three or four times, first on a small selection of files, then some larger directories and also mailboxes. Half a dozen Word files that I had not used in about three years were shown as having Macro viruses. As I do not use Word, these had not come to light earlier (nor had they spread). ClamXav does not repair infected files: I opened them in TextEdit, copied the text information and dumped the originals. Problem solved.
Mark's Web site has some useful information on this utility and makes it clear that, although free, a donation might be appropriate. There is a "nag" screen for this that comes up occasionally.
For what it does, ClamXav is rightly getting some good reports from the online Mac community. It is never too early to lay the foundations for a warning system.
Another Mac PING... this for an article on Mac Security from the Bangkok Post.
If you want on or off the Mac Ping list, Freepmail me.
Windows XP users have that ability, but many don't bother with entering user/passwords at start up. I have a "guest" account on both my XP machines, and only the "Administrator" can install/uninstall/alter the Windows configuration.
But I bet that 97% of Windows users are operating in full Administrator mode.
They are actually, even those with multiple family accounts.
Its interesting you brought that up. I never thought about things like that when I ran windows machines.
Running linux and now mac os made me more aware of install priveleges and such. Especially with multiple people on one computer.
Congrats, rdb. You made a great choice :) I can't believe I went with anything less.
Virus Smirus. Big whoop. Still unaffected after so many years. Hint, don't click on things you shouldn't. Get anti-virus software and use it. Yawn. The virus crisis is over. The spyware crisis will soon be over and soon spam will be a thing of the past. Whatever the next scam will be will pass like all the rest.
Send users an email with an icon that said "Click on this and it will Kill your dog" and 2% of users that like their dogs will click on it. If you still get viruses on your computer, turn it off and get another job or hobby.
My die-hard-Mac-friend's Dell arrives tomorrow. She had to use the Windows machine at work (and got to enjoy the things she could do). Even after preaching the Mac dogma for years and faithfully buying each new Mac, she quietly ordered the Windows machine for her home and put her Mac away. Couldn't get the software from work to run on her Mac and "man, these PC's are cheap!". And, it works nicely with her iPod.
Did cyborg sell you on it? ;O)
Two reasons for why a Mac seems less vulnerable.
#1, far fewer hackers care about Macs because hardly anyone use them compared to PCs.
#2, the purpose originally for windows was to be almost automatic with windows and the internet for updates, and when it was made so, hackers were able to make access to it.
So if Mac ever gets a following in the future and their use grows, expect Macs to get more bugs.
Regarding MS, I think future versions will become more hack proof.
Of course if you click YES when you shouldn't, you can still invite adware or malware in under the best of situations.
The "Security by obscurity" claim has been shot down so many times I am not even going to bother doing it again... suffice it to say that the UNIX underpinnings of Mac OSX are considered "Industrial Strength" security.
#2, the purpose originally for windows was to be almost automatic with windows and the internet for updates, and when it was made so, hackers were able to make access to it.
To a certain extent I agree with this.. Windows problems arise from trusting too much... however, Macs also are updated from the internet and are set to check for updates automatically, but the difference is that on the Mac, before you can update or install software, you MUST enter your administrator password. Nothing can touch the core OS files without a proper password... and even that password does not get you access to anything that requires ROOT access.
Of course if you click YES when you shouldn't, you can still invite adware or malware in under the best of situations.
That's true on PCs... Macs still require that pesky password before anything gets installed. Just clicking "Yes" in email or on the internat won't do that much damage. Even then, it could only trash that particular user's files and could not touch anything else.
Macs aren't where the action is for hackers, the number of macs around this nation hardly approaches 10% and around the world the number probably falls like a rock from the USA numbers.
Most of these hacks, viruses, seem to come from Germany, Philippines, which have hardly ever heard of a Mac.
Not having access to such a machine, they know nothing about hacking it and being such a small number, hacking with viruses and such isn't going to be a satisfying for a Mac.
I believe "Security by scarcity around the world" is a legit issue.
On my #2, I think we will see MS improve the security and not have so much trust in the net.
Macs may have the "pesky" security code built in to load stuff, I'm sure you can increase security setting and block lots more access as well.
To be honest, I operate with only a Zone Alarm firewall and don't get infected.
You have to either approve loading or frequent lots of porn site to get infected IMO.
There are over 14,000,000 OSX Macs.... and four years that OSX has been in use.
There were far fewer OS9 and under users before OSX became available... and yet those hackers found Mac attractive then. There were at least 12 Mac viruses that came out in the last two years of the old operating system. So, now we have 14m Mac users and four years and the PSX virus count is still ZERO.
Why the sudden loss of hacker interest?
There has been ONE Trojan observed in the wild (a file claiming to be a pirated copy of MS Word for Mac) that trashed someone's user files because HE installed it... and one or two proofs of concept that did not have a vector AND to be effective required the user to be operating in ROOT, something that less than 1% of Mac users would do .
You should also note that UNIX is found in many servers... a target that is well worthy of any hackers efforts. More and more xServers are being installed and they are Unix AND OSX... again a good target that can hit all computers in the server's area of service.
There has been a large cash prize offered for any hacker who could compromise the UNIX security. I heard the prize was dropped because of lack of applicants. Those who tried, failed.
Those who program enterprise apps with UNIX state that while it IS theoretically possible to design a UNIX/OSX virus, the degree of difficulty is a NINE on a scale of one to ten where ONE is the degree of difficulty for writing a Windows virus.
You have to either approve loading or frequent lots of porn site to get infected IMO.
Actually, I don't think you get too many infections from porn sites... it does happen but for the most part, they are businesses who don't want to piss off their potential customers. The REAL culprits are on-line game sites. ALmost every time I have found a client's PC heavily infested with Malware its because some kid visited an on-line game site...
Nawwww not me...you can run that penguin software on a powerbook :-)
Congrats. Did you get root yet?
A friend just finished a computer forensics class (geared towards law enforcement and investigation applications) and utilized the knowledge thus gleaned to have a look at his hard drive at home (Wintel system). Said he was taken aback by the amount of garbage on his system, and can only attribute it to the gaming sites he's visited.
So yeah, I can second your observation, in a second hand kind of way.
Virus? Which virus is that Bush? How did it get there, Bush? What self-propagating vector are you proposing?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.