Posted on 03/14/2005 3:34:33 AM PST by Swordmaker
Why Viruses Have Trouble Penetrating the Mac
The only problem on OS X is from macros with Microsoft products and from mail attachments. These do not harm the Mac environment but may damage a Windows computer if sent. As a normal precaution, I do not open attachments, and trash them instantly. This immunity may not last.
It may or may not surprise you, but there are no OS X viruses (or worms or trojans), partly due to the implementation of OS X and its almost-inaccessible Root. Dr. Smoke, who gave me some advice on this subject, gives a clear explanation of how the problem should be viewed at the Lab pages at www.thexlab.com/faqs/malspyware.html.
Most Mac users never need Root access. We use Administrator privileges, and if Root is needed for installation of an application or for alterations to the system -- what a virus would need to do -- a user must enter a password. This physically and consciously acknowledges an event (and its consequences).
Microsoft Macros
Mac naysayers would have us believe there are no viruses because there are so few Macs (this also applies to Linux and Unix platforms), although that could change with the Mac mini.
If the numbers of viruses for Windows keeps on growing (as of January this year, there were a total of 68,736 viruses detected, according to Symantec), the Mac may come in for some attention. There is no point spending all your time virus-writing, however, if viruses will not work.
The only problem on OS X is from macros with Microsoft (Nasdaq: MSFT) products and from mail attachments. These do not harm the Mac environment but may damage a Windows computer if sent. As a normal precaution, I do not open attachments, and trash them instantly.
This immunity may not last. There have been experiments: last year one (one!) widely reported Unix-based package was found, but it had no method of self-propagation and no delivery system.
I almost long for the days (and simplicity) of the locally written Victor Charlie (for DoS) which examined checksums to seek out unauthorized changes. A virus signature -- the common method of virus-detection these days -- may arrive days after the event.
Signature Checkers
There is a Unix-based system integrity checker, called Tripwire, which I installed. I would not suggest installing this unless you are really comfortable working at the command line. This is one that screams out for a GUI version.
What we have left, if we are going to prepare, are the signature checkers. McAfee Virex has been around for a long time -- I used a copy in System 8 -- and can be found as part of the .Mac subscription. It was withdrawn by Apple (Nasdaq: AAPL) in late 2004 for a brief time after a conflict was discovered, but is is now available again with .Mac and it is also on sale. Some users still report problems, however.
Norton Anti-virus for Mac 9.0 is also in the market and has a good following. A number of OS X users have also installed the products of Intego, which include VirusBarrier and NetBarrier.
A further commercial product is that of Sophos, which has a link to evaluate a copy of its application. This one is aimed at larger enterprises.
Mark Allan from the UK had been using an open-source application called ClamAV but he tired of the command line so, bless him, took it upon himself to develop ClamXav, a free virus checker (using signatures). Version 0.9.0f for OS X is a 2.8 MB download with a simple install process.
A panel allows you to update the signatures (you can also set this to update automatically) and a file browser gives you choices of which directories or files to scan. Preferences are available for some fine tuning: General, Internet and Schedule.
Quarantine Folder
The software has the ability to move infected files to a quarantine folder where they can be isolated. Items that can be scanned include mailboxes. Mark includes a warning that, for these, the isolation method should not be used. The mailbox needs to retain its integrity.
I ran ClamXav three or four times, first on a small selection of files, then some larger directories and also mailboxes. Half a dozen Word files that I had not used in about three years were shown as having Macro viruses. As I do not use Word, these had not come to light earlier (nor had they spread). ClamXav does not repair infected files: I opened them in TextEdit, copied the text information and dumped the originals. Problem solved.
Mark's Web site has some useful information on this utility and makes it clear that, although free, a donation might be appropriate. There is a "nag" screen for this that comes up occasionally.
For what it does, ClamXav is rightly getting some good reports from the online Mac community. It is never too early to lay the foundations for a warning system.
IT ISN'T!
Here we go AGAIN. Sigh.
This was published in November 2004... where are all the attacks, Bush? Where are all the compromised Macs? We went around the bush about this in November... and it was pointed out that for this to even be installed REQUIRES ROOT LEVEL ACCESS! In addition, it has to be a willful act of installation... it cannot install itself without administrator action.
You are spreading FUD again, Bush. Proof:
This so called "worm" is a script that has to be installed by an administrator. Its comments even say so:# This script runs in bash (as is noted by the very first line of this script)
# To install this script you need admin access or
# physical access (boot from a CD or firewire/usb, ignore permissions on the internal drive) or
# write access to either /Library/StartupItems /System/Library/StartupItems or
# write access to any existing StartupItem (which you can then replace with this script) or
# write access to the rc, crontab, or periodic files (and have them run or install the script) or
# you could trick someone who has an admin account into installing it.
# It should go in /System/Library/StartupItems or /Library/StartupItems (when it is executed it
# will move itself to /System/Library/StartupItems)That's not a worm. It's not even a trojan, because a trojan implies you installing something bad that you thought was something else. The only use for this is when someone has physical access to your machine. It is, in fact, more of a root kit than anything else, though it really doesn't go very far with that either.
This is just nonsense FUD.
You know, Bush, this gets tiresome... you like bringing up these FALSE rumors of security holes for the Macintosh DESPITE having been told (and shown) that they are not what you claim.
The purpose originally for Windows was to be an un-networked, one-user, non-multitasking machine with no security architecture at all. They later made NT to be multi-user, networked and multitasking but they used the API model from the un-networked, no-security Windows when they did it.
Contrast that with Mac, which is based on an OS that was born with networking (the first to include a TCP/IP stack, which Microsoft later cribbed), multi-user and security in mind. It was designed to run mainframes so it had to have all that.
I can tell you from experience that Macs are popular in Germany. But that doesn't mean much -- what really counts is that BSD is very popular around the world. If you can find a BSD hack, you can likely translate that into a Mac hack.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.