You mean Macs aren't invincible?

Well, obviously; one of the reasons why Windows is so often targeted it because of it's huge user base. Now that Macs are becoming more "mainstream" and ending up in more homes than before, logic says that they will be targeted more often than before for viruses and malicious software.

It is perhaps a compliment for Macs, but at the same time, may end up being being it's weak spot. With the limited amount of hardware support for it, hackers and writers of malicious code know what to target, instead of just writing something in hopes that one of the victims has the correct hardware/software to be affected.

Maybe. I'm still slightly intoxicated from the night before, so what I say may or may not apply.

It would be irresponsible for them NOT to recommend the use of AV software.

TFA: "Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult," the support message reads.

That's what I like to do: install both McAfee and Norton on my rig and let them battle for supremacy.

PainInTheASP: That's what I like to do: install both McAfee and Norton on my rig and let them battle for supremacy.

that is a bad idea and a half. I've run norton on my macs for years. Not that I really expected a problem, but better safe than sorry. Sooner or later, macs are going to get hit and when they do, it won't be pretty.

Apple has always recommended Anti-Virus Software, usually Norton or Virex. Even back in the day when viruses were spread by floppy disc.

labman: that is a bad idea and a half. I've run norton on my macs for years. Not that I really expected a problem, but better safe than sorry. Sooner or later, macs are going to get hit and when they do, it won't be pretty.

Macs were hit by a fairly minor bug back about 9 or 10 years ago.

/Has always had AV SW on Mac.

RoxtarRyan: Well, obviously; one of the reasons why Windows is so often targeted it because of it's huge user base. Now that Macs are becoming more "mainstream" and ending up in more homes than before, logic says that they will be targeted more often than before for viruses and malicious software.

I never went with that line of thought, and here's why. Exclusivity.

Apple had a 10.4 percent share at the end of the first quarter of this year, compared to 7.5 percent for the first quarter of 2007, and 5.4 percent for the first quarter of 2006 (new window). But still, they've been in people's homes.

How much is cybercrime worth? $400 billion (new window) in 2005. Symantec says it's on the rise (new window).

Even with just 5% of the market a few years ago, 5% of $400,000,000,000 is EIGHTY BILLION DOLLARS.

You can't tell me that organized crime would put their noses up at the prospect of an untapped share of the pie that could be worth eighty billion a year, do you?

If the Russian Mafia discovered a way to turn Macs into malware-infected zombies like PCs, and they could install keyloggers on Macs just by having the Mac equivalent of DirectX install something on the system, don't you think they'd have done it by now? The prospect of tens of billions of dollars, and they're not doing it because its user-base isn't big enough? Newsflash for you, chief: Ferrari has a terribly low percentage of the car market. But they get stolen... because they CAN BE STOLEN (new window).

I mean, COME ON! OS X has been out for years. We're on 10.5 already. And people with Macs have more disposable income (new window). That makes them even MORE of a target. All that loose cash, and being so cock-sure they're using liquid stealth on the internet? Kaching, comrades!

It's pure positivism, in the form of a question. Why haven't organized crime written programs to infect OS X computers and cement their position, unchallenged, to a guaranteed income worth billions annually. Here's a clue: it's NOT because Mac programmers won't get out of bed for less than $81 billion a year.

TEG24601: Apple has always recommended Anti-Virus Software, usually Norton or Virex. Even back in the day when viruses were spread by floppy disc.

Usually to stop you from being a carrier (new window). Get an Excel document with macros in them from an infected machine, make all changes to the spreadsheet as necessary, save it with no ill effects to your Mac, and then email it to the next person that needs it.

In the computer world full of zombies, Macs have two eye colors.

Here's the crux: how many ACTUAL viruses have successfully been released on OS X. Not OS 9 and previous. OS X.

If you find one, there's money for you (new window). The blog page says "Part 1". There has yet to be cause to write Part 2.

Jackpot777: If the Russian Mafia discovered a way to turn Macs into malware-infected zombies like PCs, and they could install keyloggers on Macs just by having the Mac equivalent of DirectX install something on the system, don't you think they'd have done it by now?

It's a matter or resources, I would think. Why focus energy on something that you will only get a 5% chance of hitting the target when you have a much MUCH higher chance of getting someone on a Windows-based PC?

Or, are you honestly saying that Macs in their out-of-the-box form are made to be resilient to viruses?

RoxtarRyan: Jackpot777: If the Russian Mafia discovered a way to turn Macs into malware-infected zombies like PCs, and they could install keyloggers on Macs just by having the Mac equivalent of DirectX install something on the system, don't you think they'd have done it by now?

It's a matter or resources, I would think. Why focus energy on something that you will only get a 5% chance of hitting the target when you have a much MUCH higher chance of getting someone on a Windows-based PC?

Or, are you honestly saying that Macs in their out-of-the-box form are made to be resilient to viruses?

Macs out of the box have ports stealthed. You have to configure ports manually to open them. Windows PCs have theirs open.

If OSes were houses, a PC has all its doors and windows open. You can't even tell if there's a house THERE for a Mac.

Also: Macs will not install ANY new program without you entering your login password. So if you enter a website and the pop-up asks you if you want to install a program with a random-sounding .DLL name, you say "nope". Besides, Macs don't HAVE .DLL as a file suffix. Unless they're running Windows in Boot Camp, or emulation, or something.

So, in summary: yes. I am honestly saying that Macs in their out-of-the-box form are made to be resilient to viruses. And PCs are deliberately made to be open in ways you don't want to know about.

macs require user intervention (the entering of a password) for any root-level access. that means that you can only get a virus if you physically allow it to enter your system.

to date, there are ZERO successful mac viruses in the wild. there have been one or two proof-of-concept viruses, but those have required network access.

that's not to say there will never be one. it just hasn't happened yet.

and a trojan is not a virus. there are mac trojans out there. you just need need to be smart.

Good. Wake me up when they say I have to put it on my Ubuntu systems.

Yeah, I'm not holding my breath, either.

Jackpot777

Mac OS X flaws (May 24 2004) (new window)
Macs no longer immune to viruses, experts say (April. 30, 2006)
(new window)
First ever virus for Mac OS X discovered (16 February 2006) (new window)

They are not invulnerable. They are only as virus-proof as their users. Same applies to any OS.

/like someone once said (forgot who is was), "if you don't know anything about cars, the only tool that should not be the garage is you"
//something like that

RoxtarRyan: They are not invulnerable. They are only as virus-proof as their users. Same applies to any OS

This

RoxtarRyan: Jackpot777

Mac OS X flaws (May 24 2004) (new window)
Macs no longer immune to viruses, experts say (April. 30, 2006)
(new window)
First ever virus for Mac OS X discovered (16 February 2006) (new window)

They are not invulnerable. They are only as virus-proof as their users. Same applies to any OS.

/like someone once said (forgot who is was), "if you don't know anything about cars, the only tool that should not be the garage is you"
//something like that

The 2004 "flaw" was reported in the piece as "several possible exploits". Number of viruses that came from these exploits in four years - zero.

"Macs no longer immune to viruses" piece was a proof-of-concept Trojan. Not a virus (new window). He got this trojan by downloading a file that promises to give him a sneak peek at Leopard. He had to then decompress the file, and then click on the resulting decompressed file. It's what we'd call PEBKAC. Problem Exists Between Keyboard And Chair. I could write a program and package it in an installer for OS X, but people have to actually open the thing up. Not a virus, and bad reporting to boot.

The "First ever virus for Mac OS X" details OSX/Leap-A. As the link you provided yourself says: it requires user interaction (the user has to receive a file via iChat, and manually choose to open and run the file contained inside). And it gets sent to the person you're iChatting to, but THEY have to open the program and install it too. PEBKAC again.

OS X is a Unix OS with a pretty GUI. Just look at Linux. It had a great security record up until the start of this decade. Then, once it gained a lot of popularity on servers, we started to see millions of infected Linux servers, linked together in botn...

Oh. Well damn. Never mind.

It seems that despite being the near ideal target for virus-writers (always on, very fast links, powerful hardware), the most popular server platform on earth doesn't have a major virus problem. Huh. Maybe an OSes security record isn't directly linked to its popularity, maybe it has everything to do with its inherent strengths and weaknesses as it stands.

Just one more place I've been reading for the last few minutes about viruses on the Mac. (new window)

It is a thread on MacOSX.com (and a crapload of pages to read through even), but it helps to show individual accounts of experiences people have had. There are those who have never experiences viruses and exploits on Macs, and those who have. The same can be said for users of any OS. For example, despite the flaws in Windows, I have managed to make it so none of my computers are infected, meaning my laptop, my desktop and my home server. It isn't hard or time consuming at all. It just takes common sense.

It all comes down to the user making poor choices in allowing his computer to become infected, whether it be the user not having proper anti-virus protection, installing malicious software, or trying to click the monkey to win $50,000.

Jackpot777: As the link you provided yourself says: it requires user interaction

Exactly! Look, I'm not disagreeing with you on a whole lot, but if I turn on a computer and just leave it as is for 10 years, I highly doubt anything will happen to it. Only when I start dicking around on the thing will there be issues if I don't use common sense.

...more on OSX/Leap-A:

Once activated, Leap then attempts to spread itself via the user's iChat Bonjour buddy list. It does not spread using the main iChat buddy list, nor over Jabber. (By default, iChat does not use Bonjour and thus cannot transmit this virus.)

---

The thing didn't even spread using the prime way it COULD spread (iChat Buddy List). Bonjour is used to detect other people / printers on a LAN. Not on the net at all. It's used to set up local networks, so it wouldn't spread on the net at all, even if someone WAS stupid enough to open something based on their lack of understanding in matters related to social engineering.

Meanwhile, as we're having this pleasant discussion in semantics, SIX OUT OF TEN PCs ARE INFECTED WITH MALWARE (new window). Millions upon millions of infected PCs running Windows. I ask again: how many Macs running OS X (or PCs running Linux) have this problem?

Jackpot777: I ask again: how many Macs running OS X (or PCs running Linux) have this problem?

I ask again, why should someone who is writing malicious code write code for something that they would only get a 5% chance of getting a successful attack waste their time when there is a much larger user base for getting a successful attack?

If you have even bothered to read through the OSX forum, you would see that there have been people with issues on them aside from the iChat issue.

You know, fark it. It's like talking to a farking wall.

RoxtarRyan: Jackpot777: As the link you provided yourself says: it requires user interaction

Exactly! Look, I'm not disagreeing with you on a whole lot, but if I turn on a computer and just leave it as is for 10 years, I highly doubt anything will happen to it. Only when I start dicking around on the thing will there be issues if I don't use common sense.

Agreed. Here's another example of something that isn't a computer virus: rogue Flash ads (new window).

If you get the relevant Flash ad on your computer, it propogates a link to some "buy our software" website in your Clipboard. The programmers hope you post links as you send IMs and emails, because then all your URLs point to their page. But it's not installing anything on your computer, and it's not spreading information about you without you knowing, and it's not trashing your HD. It's not doing the one thing it CAN do (be sent to someone else) unless you allow it to be sent.

Social engineering is NOT a computer virus. In fact, you probably get away with more with a good scam than you would with a good virus. And malware eventually leads to the guilty party's IP address... a scam artist can blend into the crowd and never be identified.

RoxtarRyan: Jackpot777: I ask again: how many Macs running OS X (or PCs running Linux) have this problem?

I ask again, why should someone who is writing malicious code write code for something that they would only get a 5% chance of getting a successful attack waste their time when there is a much larger user base for getting a successful attack?

If you have even bothered to read through the OSX forum, you would see that there have been people with issues on them aside from the iChat issue.

You know, fark it. It's like talking to a farking wall.

They have to share the market with all the other people wanting to steal credit card numbers and PayPal logins. PC hackers get a small slice of that larger pie. Hundreds upon hundreds of criminal outfits, all over the world, looking for the 40% of newer PCs yet to be infected.

A successful Mac attacker gets the whole Apple pie, guaranteed virgin territory. And, as I said, Mac users have more disposable income. Demographics.

Jackpot777: A successful Mac attacker gets the whole Apple pie, guaranteed virgin territory.

Once again, assuming the naivety of the user to allow such a thing to happen on his/her computer, bringing it down to "user error", the same reason why people would give away paypal passwords and give their SSN for a free credit report.

Jackpot777: And, as I said, Mac users have more disposable income.

Citation needed.

/hell, someone is going to do it, might as well get your sources out now

Jackpot777: Macs out of the box have ports stealthed. You have to configure ports manually to open them. Windows PCs have theirs open.

The XP firewall is on by default. I suggest you turn it on, go to www.grc.com and try the shields up. 100% ports blocked and ICMP dropped.

The fanbois in the office were slobbering all over themselves when we put an out of the box XP machine in the DMZ at work... 4 weeks ago... no antivirus....

Did a TrendMicro 'housecall' scan this morning and 0 infections (aside from the tracking cookies).

The majority of the problems out there are layer 8 issues.

A slight threadjack but I love posting this in Apple threads

Jackpot777: Even with just 5% of the market a few years ago, 5% of $400,000,000,000 is EIGHTY BILLION DOLLARS.

I think you should do that math again...

RoxtarRyan: Citation needed.

Right here!!!!

You see, you reference an article that says nothing to support your case in hopes that no one reads it, ???, Profit!!!!

Apple users by more music at iTunes ≠ more disposable income

As someone who works on computers for a living this cracks me up. I remember when I was trying to diagnose a problem with sending emails, and I asked, "Are you running any sort of anti-virus/anti-spyware software?"

Only to be told, "I have a Mac, they don't get viruses!"

All I wanted to say was, "Shouldn't it just work then?"

Anyway, my only problems with Macs are there users. If I have to hear how superior you are for having a Mac, then fix your own farking problems. Amazingly, no, they don't just work.

Likwit: I think you should do that math again...

Shhhhh, he's on a roll.

Jackpot777: How much is cybercrime worth? $400 billion (new window) in 2005. Symantec says it's on the rise (new window).

NEVER EVER TRUST SYMATEC/NORTON numbers NEVER
/I would not use Norton if they gave it away for free
//Norton now owns AVG which this years version is full of FAIL
/Avast FTW

Alonzinator: NOW XP has ports blocked. That was not the case when it was released. It took SP2 to make that standard.

On our campus network, if you boot an unprotected machine and it is connected, within 12-15 seconds, you already have intrusion attempts from around the world.

If you don't have ports blocked and AV software installed, prepare to spend the better part of the next two days cleaning it up.

Don't get me wrong, XP is a lot better than it used to be. In fact, I'd give it A- for nearly everything it does. We've opted for our employees to not go to Vista, nor our student labs. EVER. We'll evaluate Windows 7 when it is ready for such to see if it is worth the struggle of the change. When Apple dropped OS 9 and forced final migration to OS X, it had its painful moments. The underlying technology is so radically different. But users figured out the interface very quickly and it was less a burden than expected. For the few who tried Vista...the interface wasn't all that different. But the experience was extremely painful.

And to get back back to the thread purpose...Apple has always recommended protecting your Mac with AV software. It was up to the users to do it and whether to keep it there, and many probably got a false sense of security because of the sheer lack of viruses in the wild. It is HARDER to write a virus for OSX because of the security permissions requirement of the OS. But it could and probably will happen.

NOT installing AV software is like not putting antifreeze in your car. The day will come when you need it and it's not there.

Jackpot777: And, as I said, Mac users have more disposable income.

That can go both ways, not a fair assumption. How about your average Mac user has less disposable income, they're just poseurs?

drjekel_mrhyde: Norton now owns AVG

ok, that needs a citation

cxjohn: NOW XP has ports blocked. That was not the case when it was released. It took SP2 to make that standard.

Agreed, but Jackpot777 was saying out of the box. Out of the box today is what I was referencing, not out of the box 2 years ago.

alonzinator: drjekel_mrhyde: Norton now owns AVG

ok, that needs a citation

Too much reading theinquirer.net

My *nix could beat up your *nix.

I knew this morning when I saw the articles on the Reg and /. this conversation would be chock full of rational arguments and best security practices and not degenerate into a mac v. pc flamewar as usual.

This is what they get for being trendy-a**holes. They brought the wrath of virus makers upon them. They should have kept themselves irrelevant.

emocomputerjock: I knew this morning when I saw the articles on the Reg and /. this conversation would be chock full of rational arguments and best security practices and not degenerate into a mac v. pc flamewar as usual.

Actually, it's holding it's own, with the couple of exceptions. Wait until 4pm EST for this thread to go full Palin.

What I find funny is that for years Mac, and even right now, have pushed the "Apple computers dont get viruses" and people believe it. Yes they WERE targeted less often than PC's but its a silly selling point. Buy our computers, we dont get viruses. Unless you actually all do decide to buy our computers and then we may have some viruses and be no better than a pc. I guess it worked for their advertising, but I have this feeling, that once people are made aware that Macs are not the Barack Obama of the computer world, and are not invicible to everything, then once again new mac users will decline tremendously.

This thread was far less fun to read than I had doped.

/ Mac user - if that matters.

The new hot n' sexy malware vector is the browser, partially because it's platform independent. The OS may not be a (big) problem, but you have a bunch of third party apps that will run all kinds of code from a single click. Does you OS X system have Flash? FireFox? Safari? Acrobat? Quicktime? AOL/ICQ IM?, all of these have had vunerabilities that could be theoretically explioted on OS X sinice it's come out. It most certainly has a lot more programing tools out of the box than a Windows system. OS X has some major security advantages like limited user privilege, low network service footprint, and a lower install base (both less bang for the buck and less folks that know the guts). Unfortunately that still doesn't make it prudent to use the internet without some decent malware defense.

A lot of it is user base. Why bother for 10-15% of the pie when you can reap the benefits of 80-90% (leaving some for other systems).

You'd want to wait until Apple is 50% before you unleash your waves of attacks, get more return as the users scramble to defend themselves.

Will the attacks come? Most certainly.

Will it be soon? Nobody can say.

Do I still tell my clients that it's a possibility and buying a Mac now merely because of the virus situation is not a sound decision? Definitely. If anything, having me start them on Windows based computers allows for proper 'common sense computing' training.

Kaspersky.

That is all.

dreadprophet: Kaspersky.

That is all.

Ding ding ding!

name one mac os x virus that has self-propagated in the wild. just one.

This thread smells of Cheetos and envy.

DeathByGeekSquad: A lot of it is user base. Why bother for 10-15% of the pie when you can reap the benefits of 80-90% (leaving some for other systems).

sigh. this has been debunked many times. people have been gunning for os x since it came out ten years ago. in all that time, there has not been one single successful virus in the wild. not one. are you telling me that no hacker has ever tried to infect a mac? the first one to do it would be a legend.

so macs have let's say five percent of the market and ZERO percent of the viruses. that's a pretty good ratio, eh?