If you want on or off the Mac Ping List, Freepmail me.
Posted on 05/03/2006 9:28:53 AM PDT by Swordmaker
The recent ruckus about the claimed growing vulnerability of Mac OSX from certain sources has caused an indignant outcry from Mac advocates who claim the stories are mostly media hype. According to an expert in Unix and Linux systems, the outcry is not without justification.
Con Zymaris has been working with Unix systems for nearly three decades and for the past 15 years has been running a consultancy on open source software implementation. Zymaris says that, while it is true that a Mac can get infected with a virus, it is not easy and it is not likely to cause much damage. What's more, Mac users don't need to install firewalls and anti-virus software.
"All platforms are capable of getting viruses, including both Mac OSX and Linux. If you did your work, you could create a virus which would infect some Mac systems but not many systems, not by any stretch all Mac systems and you're not likely to do much damage," says Zymaris.
According to Zymaris, at the most basic level, Windows machines get infected by malware through poor design, which is not the case with Macs.
"Where do these things called viruses come from? In Windows there are a number of different vector approaches. One of them is that somebody sends you a word file and you open it up and get infected. In more recent generations they're blocking these things off by making Word not run macros automatically. So now it comes back and asks you: "Do you want to run this macro?" That's a big mistake. It should not ask you and it should not allow any macros to run at all ever without you specifying yes run this macro. This is neglect in design which is how many Microsoft viruses work.
"Other things that look at first glance to be a really cool idea can be a problem. For instance, we pop this CD-ROM in and Windows automatically recognises it and it runs the software that launches the program installer. That's really cool for Joe and Jane Average. Except when you get a disk with a virus on it and it goes ahead and runs it.
"If you allow the operating system to essentially launch code unbeknownst to the user then you're in deep dog doo-doo. This is essentially what Microsoft has done with Outlook. With Outlook you can send it an email with an attached script and it will go off and execute the script. What insanity is that? This is years after they had a spate of all the Word and Excel macro viruses."
So what happens in the Mac OSX world?
"Now with the Macintosh, let's say Apple did the same thing. Then essentially Macs would be infected via the same approach that Windows is with Outlook, Word and whatever else. However, Apple are clever and they don't provide that kind of facility, so that greatly reduces the chances of their devices getting a virus.
"Second port of call is a system where if you put in a disk and run a program that the system will automatically be infected, including its core system components rather than just user data. On Windows, you can put in a disk and get a virus just by running an .exe file off it. That can do substantial damage to your system because the system internal components aren't substantially protected. Whereas on the Unix based Mac, not the old Macs, and on Linux the system components are protected.
"If you're Joe User, you could never do anything that damages your core operating system. Yes, you could run a program that brings up a virus which runs something that deletes your files - and that is a problem. However, you couldn't do something that damages the system. That's because both Mac and Linux are underpinned by a Unix-based system that has a particular view on who has rights and privileges to access and modify different things in different areas. Windows never really had that which is the other big reason why they get the kinds of viruses that Mac OSX and Linux class just don't get."
So do Mac computers need firewalls and anti-virus protection?
"Essentially no is the answer. Why do we need firewalls? We need them if and only if you have services which offer connectivity from the outside world into your box. So if you're running a standard workstation and it does not have a mail server or an FTP server or a file sharing server or a web server or none of these other things that offer the outside world the ability to come and connect to your box, you don't need a firewall. On the Windows machines by default it goes off and creates all these services that sit there and create these gaping holes. Having said that, firewalls are by default available on OSX and Linux and there is no reason not to run them if you're running a small office environment.
"As far as anti-virus software is concerned if you're running Mac OSX or Linux, you don't need it. How is a virus going to infect you? If you're a Mac or Linux someone has to send you a program and tell you to login as root and run this program as administrator - that's how you would get a virus. What are the odds of that happening? In the Windows environment, you don't have that kind of rights segmentation, so when you click on that fake greeting card that someone sent you by email, the program will happily infect your system because the system didn't have to ask you to login as administrator and give it permission to make changes to itself. Having said that, there are ways around the system but they take an immense amount of work and, to do real damage, other than deleting files, a virus writer would have to be lucky enough to deliver the payload to someone logged in as administrator."
If you want on or off the Mac Ping List, Freepmail me.
This part is B.S.
First of all, there are not many virii out in the wild for *nix, but it doesn't hurt to have a little extra protection.
But more importantly, it is always prudent to have some kind of firewall managing at least inbound traffic.
RTFM
Just for sh*ts and giggles, I downloaded an antivirus program and an antispyware program for OS X last night and let them both run.
This Mac has no protection, none. The software firewall built in to OS X is disabled. I DMZed the Mac's IP address on the router not long after I bought it because the router firewall was interfering with a certain program, and I never got around to trying to turn that firewall back on, even after I fixed the problem with the other program. And I never installed any sort of antivirus or antispyware program for this Mac until yesterday.
This Mac is on almost 24/7 (I only reboot for software updates and power outages), and it is always connected to the Internet.
And this machine is a little more than three years old.
Result?
Number of suspicious items found by the antivirus software: 0
Number of suspicious items found by the antispyware software: 0
Then, just to be fair, I rebooted to what is now an external hard drive, but which was the main internal startup drive until a few months ago (and I did not reinitialize this drive when I "retired" it; I just wanted to continue to have access to my old files and have the remaining space as a dumping ground for my iPod's music). This is the drive that I used for three straight years without any wipes and reinitializations.
Result?
Number of suspicious items found by the antivirus software: 0
Number of suspicious items found by the antispyware software: 0
I disagree strongly with the author that if you have a MAC that you don't need a firewall. Any computer with internet access needs at least one hardware firewall. You never know where a defect is going to turn up. Leaving yourself wide open is terminally stupid.
Great article!
I've turned on my firewall in OS X but I do not run anti-virus/anti-spyware/anti-spam/anti-phish/anti-productivity software. I also play it safe by not opening obviously suspicious attachments, files, etc.
I've just installed BOOT CAMP on my MacBook Pro (which is AWESOME) and of course I spent $$$ and time adding ZoneAlarm so that I don't get zapped checking my email. Too bad I have to run a couple of Windows apps for work...
Great article!
I've turned on my firewall in OS X but I do not run anti-virus/anti-spyware/anti-spam/anti-phish/anti-productivity software. I also play it safe by not opening obviously suspicious attachments, files, etc.
I've just installed BOOT CAMP on my MacBook Pro (which is AWESOME) and of course I spent $$$ and time adding ZoneAlarm so that I don't get zapped checking my email. Too bad I have to run a couple of Windows apps for work...
I'd like to buy a MacBook and run Windows on it. I like macs but I need to run windows software for classes that I'm taking.
And keep in mind that XP install disc must be SP2. If your Windows CD is a few years old, you'll have to burn a "slipstreamed" CD from it that has all the SP2 stuff already included. Otherwise, Boot Camp won't recognize it at all.
Actually, it isn't. On a Mac all the ports are closed except those specifically authorized.
Recently a wide open Mac at the University of Wisconsin - Madison was placed on the internet without a firewall with the challenge to crackers to get in and alter a web page being hosted on it... it was available for over 30 hours before bandwidth issues from all the attempts being made to break in caused the CIO of the University to end the challenge days early. However, no break-in occurred.
But more importantly, it is always prudent to have some kind of firewall managing at least inbound traffic.
That above being said, I keep my Mac Firewall turned on... so I agree with you on this.
I also have NO Anti-virus running on my Macs... or on the Macs I administer... and have never had a problem.
I tried to buy the released today white 2G MacBook (education price $1199) at the local Apple Store this evening. No joy. Their shipment of 30 was sold out by dinnertime.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.