Macs May No Longer Be Immune to Viruses

Bill writes "MSNBC reports that the combination of Apple's growing market share and their recent switch to x86 processors has made Mac OS X a new target for viruses. Unfortunately, it seems that many Mac users are in denial. '[Computer security expert Tom] Ferris said he warned Apple of the vulnerabilities in January and February and that the company has yet to patch the holes, prompting him to compare the Cupertino-based computer maker to Microsoft three years ago, when the world's largest software company was criticized for being slow to respond to weaknesses in its products.'"

Heh.

One might wonder why this (non-)story is featured on the front page of MSNBC... ;-)

Re:Heh.

It's just sad really. This Tom guy can't read crash reports. He reports the same TIFF crash as two different crashes, and then says there is a parsing error in CFAllocatorAllocate(), which does parse anything, it just allocates memory. In CF, most functions will call abort() and force an application crash if given bad parameters. Such as a 0 size for memory.

Most, if not all, of these just amount to DoS attacks and it's not actually possible to get them to run arbitrary executable code. But now days any kind of reproducible crash is incorrectly regarded as a massively massive security issue. It's people like Tom Ferris that make real computer security jobs into a joke.

Immune?

They never were immune. It's just that most virus writers don't give a crap about Macs.

Re:Immune?

It's just that most virus writers don't give a crap about Macs.

And the fact that Macs never had Outlook, the PC version of Internet Explorer, Active X, ports and services open all over the place, or piss poor priveledge seperation. That is why Macs don't have viruses (Linux as well, for that matter), not because of market share.

Re:Immune?

Otherwise said:
Burglars break in houses with the most vulnerable alarm system, not because of the popularity of the alarm system.

Re:Immune?

You make several good points, and it is clear a lot of people who are not in the security field overestimate the security of an OS X system. It is somewhere on par with the average Linux workstation, which is to say people out there can hack it if they are targeting you specifically. Worms might, but probably won't be an issue for an average user. Notifications and restrictions on users are middle of the road for security versus ease of use. I think, however, you are slightly incorrect on several points and are basing your opinion on several incorrect facts.

If you write a virus, you most certainly DO aim it at the most popular platform amongst those it has to contact to spread, especially if all the other platforms combined don't even reach 10% of the market, unless there are serious mitigating circumstances.

This is true in some cases, but not all. A good number of worm authors are for-profit these days they want to make money. Windows is the biggest market segment and the easiest target. It is not, however, necessarily the most profitable. Half the Windows machines out there are sitting in a business office and have no data easily exploitable for profit. Another 25% or so are home machines owned by people in the third world who have pirated the copy and don't even have credit cards.

Mac users, on the other hand, are people who shelled out big bucks for a high-end machine. Some Windows users are too, but by no means a large percentage of them. What percentage of Macs do you suppose have valuable, credit card and personal info for someone with a high credit rating?

Macs are not so rare that dumping one on Comcast's network would not net you a pile of machines. Further a cross-platform virus that hit both macs and Windows machines would solve the propagation issues. No, the reason worms don't hit Macs is not propagation or lack of a target. Nor is it lack of motivation. While many worm authors are working for profit, a large number are also just showing off and being malicious for its own sake. A lot of them would love to take "those mac users" down a peg.

The reasons we don't have mac worms spreading are:

• Unfamiliarity - many worm authors use tools and a knowledge base that is very Windows specific. Many just don't know how to write a Mac worm.
• Difficulty - There is no IE or Outlook and the default, common internet apps avoid many of the security snafus MS has made with them. Ports are closed and services not running by default. Like it or not, the average Mac is harder to attack that the average Windows machine.
• Community Expertise - you can have a worm propagate on Windows machines for weeks before it hits a honeypot or smart security guy's machine and becomes recognized. There is a higher percentage of security people and clueful professionals on Macs, so worms are/will be detected more quickly. The one attempt I know of to spread one used a Mac forum as the insertion point and was detected by users there and dissected immediately.
• Zero day to a month - The time between the discovery of a vulnerability that actually presents a real risk of worm propagation and the rollout of the fix is shorter, due to Apple's faster response time. This is party due to the complexity of the architecture and partly due to policy.
• Up-to-date security - If you're running Windows 95, 98, ME, or 2000 there are unpatched security holes on your machine. If you're running Windows XP, you may or may not be up to date depending upon your security update policy and what application you need and whether or not they work with specific security patches. If you are running any version of OS X you still get security fixes as they are rolled out. If you are running OS 9, well, there just isn't much pout there and isn't likely to ever be for a plethora of reasons.

And the truth is that Darwin's lack of fine grained security means it has a limit to how secure it'll ever be.

It is true that OS X has not implemented jails or Man

Re:Immune?

So. Where are the viruses, then? It's been at least five years.

There aren't any. That fact alone would be a challenge to a malicious hacker. The first successful writer of Mac viruses would earn enormous respect.

And it hasn't happened. Either the virus writers are idiots, or it can't be done.

This story is FUD based on the evidence. The article is spreading -- the article is the true virus. Microsoft and its little family of corps are at it again.

Switch to Intel

I can see how the increased market share would make them more of a target, but I can't really imagine how the change in CPU would. The vast majority of x86 viruses target Windows using very specific windows API functions or by patching Windows components. If a writer is targetting a x86 Mac, how does the CPU matter, it would just be compiled for that processor.

Maybe we'll be seeing x86 and PPC virus fat binaries?

Re:Switch to Intel

I can see how the increased market share would make them more of a target, but I can't really imagine how the change in CPU would

The Harvard architecture that the PowerPC uses is inherently more secure than x86. A remote exploit on running code has a very low chance of working on the PPC, but nearly a 100% chance on the x86 (which is why all these IE exploits work all the time). When they fail to execute code, the PPC application just crashes. I'd think if someone went to a place that causes their browser to crash 10 times in a row, they'd stop trying to go there.

Then again, Apple has taken massive steps on the x86 side to prevent these kinds of attacks. Such as enforcing the NX/XD bit and enforcing a non-executable stack. The former goes a long way, it was even able to prevent the WMF exploit from working on Windows, if it was available in hardware. Luckily, all ICBMs ship with the hardware support.

Re:Switch to Intel

Of course, beyond the code-level measures that Rosyna mentions, there is also the fact that the Mac, as shipped, is vending NOTHING. Rather hard to get the runaway propagation typical of a windows virus outbreak, when each user has to explicitly open each port.

-jcr

Re:Switch to Intel

Well-written viruses (which, yes, the vast majority aren't) are usually done in hand-coded assembler. For many buffer overflows, that's all you have space for. Sure, you need to know the API as well, but I think that's easier to learn than another assembly language.

Re:Switch to Intel

Windows is the only OS with viruses in the wild because it's a poorly designed, bug ridden piece of shit.

Well, this gets my vote for "Most Uninformed Statement of the Year".

Every OS is buggy. Every OS is vunerable. Windows has a dominating market share, so Windows is targeted. UNIX systems, Linux systems, OSX systems, Windows systems - all have been hacked, cracked, broken, virused up, exploited, and brought to its knees.

I'm a happy OSX home user and Windows programmer (work). I don't like Windows as much as OSX, but I've never seen such uninformed, sheep-like MS hating. It's really a shame.

Article is a troll

What a load of rubbish - viruses infect via operating system and application vulnerabilities, the chipset those are running on has very little relevance.

Re:Article is a troll

The $2000 barrier to entry you used to have to pay to use OS X (and test exploits against it) no longer exists, if you don't think that makes a difference to hackers (many of whom are in far less afluent countries then you), then quite frankly, you're insane.

I suppose you haven't actually checked the Apple Store the last few years. The barrier of entry has been around $500-600 the last few years. Unless haxors absolutely need l33t 15" Powerbooks instead of a mac mini.

And on that point, wouldn't some haxors love to also be one of the few to make a sucessful virus/trojan/etc OS X or Linux (where's the barrier of entry here?) instead of one of the few thousand for Windows? I thought prestige was some sort of motivation. Pff.

Re:Article is a troll

Well I wouldn't say it was a complete troll.

After all, if you've been writing windows exploits for x number of years in x86 assembly, which will be easier:

a) Writing OSX exploits in x86 assembly
b) Writing OSX exploits in PPC assembly

Of course I'd still be surprised if OSX had anywhere near as many security flaws as Windows, but it only takes one...

Re:Article is a troll

> What a load of rubbish - viruses infect via operating system and application vulnerabilities, the chipset those are running on has very little relevance.

No, the article points out what I thought was obvious.

To write a worm/virus you actually need to know how to assemble on the target architecture for at least two reasons:
  1 - The first thing you do before attempting to exploit a crash is to debug it, now how do you debug on an architecture which you don't know? Trying to debug low level code (remember it's precompiled binaries we're talking about here, not scripts) without knowing how to assemble on the target architecture is like running the marathon without a leg.
  2 - If you find a way to inject code you'll need, well... code to inject..., and this code has to be written in the lowest possible level so that you can interrupt to system calls without depending on operating system libraries and avoid specific opcode patterns that would have a meaning to the high level application and prevent your injected code from running as expected.

Taking in account that every geek in the universe knows x86 assembly, if you think for a while you'll realize that the architecture switch makes OSX much easier to debug for the majority of people, and inherently much easier to exploit.

Leap of Faith

I'm not even a Mac user and I still call FUD on this one. TFA was so slim on detail it was impossible to work out what had actually happened, and after searching for real info it turns out the virus, Leap.A, needs a root password to do any damage. Better article here: http://edition.cnn.com/2006/TECH/04/30/apple.secur ity.ap/index.html [cnn.com]

Re:Leap of Faith

Just wait.
Something will rip through OSX.

Something may well do so one day. This wasn't it though. This article was nothing more than hype about a three month old worm that failed to infect more than a few machines and doing little damage once it did. The worm used as an example had nothing to do with the architecture change purported to be trhe reason for the exploit. The whole thing was a puff-piece of self promotion by Tom Ferris, nothing more.

If you want to hear about damage done in *ix, ask someone about sendmail or NFS exploits, or httpd, or telnet, or xdmcp.)

I'm old enough to remember them. I'll start to be concerned about my Linux installs when there's an actual exploit that's happened less than a decade ago.

Again, a total non-story

Why does Slashdot continue to post Apple-related non-stories? Every time Steve Jobs farts or some idiot proclaims the coming Mac-Virus-Mayhem (tm), Slashdot takes the bait.

This MSNBC(!) story contains no facts whatsoever. No piece of significant OS X malware has been discovered so far, and I believe it's highly likely that there won't be any in the immediate future. WTF does the Intel switch have to do with that?

X86 myth - tool chain aspects

The funny part is what x86 would have to do with it? The x86 ABI of Mac OS X (which is SYSV like) preclude the usage of ordinary Windows tools, and getting a OSX/x86 targeting toolchain based on GCC is (slightly) harder than getting a PPC one has been.

Sensasionalist piece. Hanging is too good for them :-)

Forbidden Fruit

Anyone knows you don't get something for nothing.

Viruses for all different operating systems exist.
There are holes and exploits for practically everything known to man.

Now, if I walk into the dodgiest parts of town (with my turtle neck sweater on) and ask the shady guy at the street corner for a forbidden secret preview of the next big thing do you really think I will survive with the same number (and size) orifices as I started with?

Once you leave the beaten track, you cannot be sure what lurks in the shadows.

How about the virus name?

CNN is carrying this article and so is msnbc, however no one mentioned the viruses name. I swear this is old, it sounds like the OSX/Leap-A incident that occurred back in early February. It wasn't even a virus is was a trojan horse. Apple will patch for this like they did the others and life will go one. At least Apple patchs for these unlike Microsoft that just recommends installing its "beta" program to "fix" the problem or some other 3rd-party software that may or may not cost even more money.

Manage user expectations

If your new powerbook is running BootCamp and your currently using XP then you need to lower your expectations, its a Mac, its running a flawed OS, so unless your careful you are going to end up with a virus, just like the other X Million windows users, regardless of hardware.

If your running OS X then I'd say your risk is just that bit lower, its a less flawed OS. My last check showed 4 viruses aimed at OS X; (Symantec) OSX.Leap.A; OSX.Inqtana.A; OSX.Inqtana.B; MacOS.MW2004.Trojan; Which is a few orders of magnitude less than for Windows XP (Nevermind all the other versions).

Sure the OS X on intel has shown a few flaws and sure some of them will be exploited but its a world away from the threat to a Windows Machine. I dont think that there is an OS out there in common usage that isnt succeptable to infection, its all about how prevelent the threat is.

Take your chances and see where it leaves you.

mixed article

No-one can deny that with growing popularity of OS X that it becomes an increasingly attractive target. Malware writing works on similar economics to regular software: this implies that malware will exist but be a niche deployment. So it is a concern, but not the end of the world, or of Apple, as the world likes to regularly predict.

The article was mixed in accuracy. Many Mac users believe themselves to be invulnerable - the truth is they are currently /less/ vulnerable than the mainstream desktop OS. The thesis that using an intel processor increases security risks is not true - OSen don't allow direct hardware access as such, and how many script kiddies write x86 microcode?. Running Windows on a IntelMac may potentially increase security probems, and reduce the Macintosh (not OS X) brand reputation for security. It depends on how the 'wall' between x86 file access and OSX file access is implemented.

Nothing in IT or anywhere else is 100%. Currently OS X is more secure in many areas than its competitors. To maintain or improve on this, constant vigilence and innovation are required by Apple, ISVs and most importantly users.

cha-ching

I wonder what percentage of some anti-virus software company's profits are a direct result of this article.

I'm in denial about invisible pink unicorns too. Put up or shut-up.

Which will come first?

The Year of the Linux Desktop

or

The Year of The OS X Viruses

Inquiring minds want to know.

MSNBCFUD

Even an Associated Press article, it makes you wonder what gains Microsoft would possibly have for putting it on the front door of MSNBC.

I mean with Vista being such a slam-dunk, why would they need to engage in FUD?

Granted - Apple has warnings of running windows on their boot-camp page and what fun awaits the end user so the reported denial is obviously massive from Cuppertino and that would create a massive pile of denial from the Apple-user community no doubt.

God bless the press for keeping everyone informed of the latest threat to Mac OSX users, and to the homeland security department for keeping those colors coming. I guess I'll have to keep vigilant - albiet productive - while my neighbors reinstall windows every couple of months from all the malware slowdowns. Also special thanks for the heads-up Semantech, you're doing a great job keeping the windows world safe for NT users. Your service is no-doubt going to be needed on the Mac and boy will we be thankful.

Just about the time hell freezes over.

In other news, Chicken Little still is

warning us the sky is falling.

I know as well as anybody the Mac OS was never immune from viruses, that's impossible.

But how many times do I have to read articles where the alarmists are warning us that the big one is finally coming and we're all going to die horrible deaths.

Yeah, I expect a virus or three may come one day. But Windows and it's users has survived thousands without the apocolypse on a world-wide. Hell, many of my friends run windows without anti-virus and mostly don't have infections (can't say the same for malware).

So why should it be different for Mac? Why will a single virus there bring about such alarmists? Apple's record on security is better than MS.

Just remember, any OS is vulnerable, if not to viruses, then to Murphy's law, shit happens. So make regular backups, sit back, and relax.

Countdown ...

... until somebody starts a flamewar by saying that Macs are not immune to viruses after all and they've only managed to stay relativelly safe because there are so few of them, to which a horde of Mac religious fanatics angrily reply that Windows is much worse at which point the flames start flying back and forth all the while drowning the only 2 posts that make sense, one saying that the only mainstream OS purposelly made with security in mind was OpenBSD and the other that says that stupid users running with admin rights that open executable attachments in mails from unknown sources are, independently of the OS, the biguest cause of virus infections.

3, 2, .... nevermind, already started.

New viruses? Maybe

Perhaps a new line of malware will come along as the new macs grow in popularity, but it will be much different than the PC line of viruses. Mac OS X just doesn't have room and the customization to leave the gap for viruses. What I mean is that the software is written completely different. Safari is debatebly a very decent browser, but it's not customizable like IE is in Windows. There is no activeX, registry, plugins, etc. It runs alone, which greatly affects the difficulty of writing malicious software to take advantage of it. This is really how the majority of software in OS X is. I think the only true way that OS X could be at risk is stand-alone executables that could be downloaded and ran on their own, which of course is dependant entirely on the end-users.

Experts eh?

Apple's iconic status, growing market share and adoption of same microprocessors used in machines running Windows are making Macs a bigger target, some experts warn.

Sadly those "experts" could not be reached for explanation because they were out buying antivirus software for Linux and FreeBSD - cause, you know, they're both iconic, have a growing market share, and run on the same microprocessors as Windows.

"They didn't know how to deal with security, and I think Apple is in the same situation now," said Ferris, himself a Mac user.

Sure, being a minority OS does mean fewer virus writers targeting the Mac, but Mac OS X has been cool for a few years now, and I'm still waiting for those dangerous viruses. I'd say Apple knows a little something about dealing with security - certainly enough not to pawn off the responsibility to the antivirus aftermarket.

The Mac's vulnerability could also increase as Apple transitions to a product line that uses microprocessors made by Intel Corp., security experts said. With new Macs running the same processor that powers Windows-based machines, far more people will know how to exploit weaknesses in Apple machines than in the past, when they ran on the PowerPC chips made by IBM Corp. and Motorola Corp. spinoff Freescale Semiconductor Inc.

Who are these security experts, and do they work weddings and bar-mitzvahs too? Since when did familiarity with a microprocessor lead to intimacy with an operating system. There's so much I still don't know about BeOS and I've written assembly on PowerPC and x86. The vulnerabilities described in the article may be found here. [secunia.com] For the most part, it looks like flaws in the way Safari and Preview handle GIFs, TIFFs, BMPs, and bad ZIPs can cause an application crash, and *possibly* allow code execution (even via certain malformed HTML tags). I've had corrupt graphics files and zip archives crash Preview and Safari in the past, but never any virus-like behavior. Still, it's a good thing to note, but the reporting could have been much better.

Typos...

Macs No Longer Thought To Be Immune to Viruses

Shenannigans!

An anecdotal tale of an unconfirmed in-the-wild exploit on a site run by a corporate rival? MAN THE LIFEBOATS! Mac OS X is no longer secure! No better than Windows with Microsoft's few... ahh... few thousand virii and exploits in the wild, no sir! Panic! Mass mayhem! Purchasing of Dells!

Pfft.

The Tech Punditocracy has been banging the drum on Mac OS X's insecurity pretty heavy these past few months. I'm beginning to believe it's just a scam to sell AV software to gullible IT managers, and to protect windows VARs from a growing corporate push to switch to a more secure platform than Windows.

I have yet to be bit by any sort of malware in all my years of using a Mac. The same cannot be said of my Windows experience... virii, spyware, worms... it's a vast and growing problem. On the Mac, it's a tiny and controlled problem. The difference is mainly in software architecture and in corporate attitudes to fixing software issues. Apple comes out ahead on both counts. It ain't no OpenBSD, sure, but it beats running two AV scanners and three spyware detectors just to check your email.

     

This is a no brainer

If they are running XP on them now, but this is irrelevant of the hardware platform. The x86 issue has nothing to do with vulnerabilities other than portability or binary compatibility of the virus/worm itself. The biggest problem with virus/worms/phishing is plain old fashioned ignorance, and that is the most portable vulnerability that can be found on every hardware/software platform.

Can you say "FUD"?

This article was on CNN last night as well, under the headline "Viruses catch up to the Mac."

Uh, yeah. Sure. Two guys get hit by something, the articles are not even clear about exactly what, and it's, "Oh noes! The sky is falling!"

Yeah, viruses are really catching up to the Mac. One down (maybe), a few tens of thousands more to go to catch up to the quantity available for Windows. Look at all the crap you need to do properly secure an XP box. [comcast.net] Even if this alleged Mac virus is the real thing, you can stay safe simply by not going to dodgy sites, and thinking for a moment about why that thing you downloaded from said dodgy site is asking for your admin password.

The antivirus vendors must have realized that we just laugh at their press releases touting the dire threats to the Mac, so now they're funneling their fearmongering drivel through the Associated Press in a laughable attempt to turn it into Real News. Nice try, guys.

~Philly

Does the Author own Symantec stock?

In the interests of full transparency the news article should state if the author, news organization, or parent of the news organization (if it has one) owns ANY stock in Symantec who makes (as far as I know) the only Mac Anti-virus product.

If there is a virus out there...

...why won't they tell me what it is?

That whole article is based on one key event. Mac users did SOMETHING, and got a virus that did SOMETHING. What did they do? And did it involve giving an admin password?

If they have a story, why aren't they telling it?

The argument about market share is just stupid. In order to write a virus you have to be something of a programmer. In order to write a Mac virus you have to be a Mac programmer. And who becomes a Mac programmer unless they like the Mac platform?

There are plenty of people working on Windows who hate and despise it. They work on it because there's lots of work out there. There aren't a similar number of people working on Mac who hate Mac OS.

Anti-virus company campaign propaganda

What? So Macs were immune against viruses?

Seriously, it's way too easy to have a go at this MSNBC BS. What is more worthy to note is the frequency and desperation with which these articles keep appearing, claiming sleeping beauty mac-users are in imminent danger if they continue to refuse to take part in the virus paranoia of the Windows world.

I have been using W2K with no anti-virus software for years with no side effects. Sadly and with amusement do I follow the antics of my fellow XP users with their shiny anti-virus crapware popping up redundant warnings and notifications and slowing the machine to a crawl. And to top the irony they have to turn off anti-virus whenever they install anything or run certain software. And when you go to your workplace or school the machines there have been made almost entirely useless by over zealous protection software.

Having a go at Macs for security is either stupidity or plain propaganda. Security doesn't come from anti-virus programs. It comes from the underlying architecture of the OS and the third-party software having to comply with the security principles of the underlying architecture. Anti-virus software only protects the computer against clueless users and thus it can be claimed that any computer/OS architecture requires some.

And as for the age old user base threshold argument I'm still waiting. OSX has been for some time the most common UNIX based OS. It is remarkable how little vulnerabilities have been found considering the amount of software and services running on OSX by default. Thus, comparatively, statements involving OSX and poor security continue to be plain ludicrous.

As for me I'll merrily continue running my apparently 'immune' W2K box (behind two tailor made firewalls) and wave my greetings and encouragement to my fellow mac users.

Macs can get viruses?

I'll believe that when I see water running uphill!

What we really need

is a good open source cross platform virus/worm!

well duh!

no system is 100% virus free. there may be systems that have probability that is very low.

people supporting alternative systems such as linux and unix (including mac os), etc. should avoid claiming they are not able to be infected with virus and worms. such false advertising may cause people to abandon the adoption at the end because they will just think "hey, why spend all the fuss when you get the same problems.)

ignorance is the problem. education is the solution. it may be easier to avoid getting worms and viruses in linux than windows but educating a user might be able to avoid the same with windows as well.

Damn you x86!!

I knew once apple switched to x86 this would happen. I bet IBM is saying, "Biggest mistake of your life" -Some movie....

The never were immune

Although the article claims that they may no longer be immune, the reasons it states are that the mac market has grown which is equivalent to saying that the reason no one made viruses for mac before is that hackers didn't give a crap.

well oh well

I've been running sophos anti virus software on my mac since, well, since they became available. Thing is, apart from updating itself once in a while I haven't had ONE virus showing up. Every now and then I even scan my system. Just for kicks (I'm easily excited).

Apart from all the other "usual crap", I wonder how this type of articles make it to mainstream news outlets. Even Steve Jobs' brand of underwear would be more newsworthy than this kind of FUD.

There is - like in most of this type of journalism - no real defense against it. Whatever argument you use against "two guys encountering something weird" in "serious news outlets", you must be a mac zealot in denial. Right?

That is very similar to cell phone viruses hype

Antivirus vendors are looking for new markets to expand. Especially with looming Microsoft extrance into anti-virus market.

What increasing marketshare?

Maybe you mean increasing install base? Apple worldwide marketshare hasn't been over 3% for many years.

We never were Immune

Apple users were Just (much) safer then windows. And less of a target. But in no way were we ever immune.

Not again!

Nothing to see here, move along. This has already been covered to death EVERYWHERE, why is it being talked about again YAWN!

No, it's not the x86, it's Safari & LaunchServ

It's not the x86, it's Safari and Launchservices [scarydevil.com].

Stupid beggars. Microsoft proved that trick never works in 1998.

OSes 9 and before had MORE viruses and fewe users!

And why do we have to see this same story about Macs and viruses every month?

Architecture?

Does the Apple switch to Intel really mean anything to a virus writer? I thought it was Microsoft's crap software [IE, Outlook Express, Windows] and their associated APIs that the were the real targets? Its not like VBScript is going to run on a Mac just because the chip is a Core Duo.

And I continue to be in denial...

Since I have a G4 iBook, it is not x86 based, and viruses that target that will not target my iBook... *Plugs ears* I can't hear you. Universal binary virii will not happen.

what was the name of this 'virus`

"Daines was the victim of a computer virus .. He and at least one other person who clicked on the links were infected by what security experts call the first-ever virus for Mac OS X".

What was the name of the originating web site.
Who was the one other person who caught the 'virus`.
Can we see a sample of this 'virus`.

"In Daines' infection, a bug in the virus' code prevented it from doing much damage. Still, several of his operating system files were deleted, several new files were created and several applications, including a program for recording audio, were crippled."

Does a default Mac installation run applicions by clicking on an icon on a web page. Does the application require root to do any damage. Can a Mac be configured to not clack and run. If the home directory was made noexec would any of these alleged exploits work.

The article is a little short on real facts. Just a case of some 'security` company fudding up some business.

Nothing to see here. Move along.

This is the same "virus" that we talked about in February. link 1 [slashdot.org], link 2 [slashdot.org]. The CNN (AP, really) article mentions Benjamin Daines as finding it. MacRumors forum post [macrumors.com] from Benjamin Daines dated Feb 13 whining about how he was duped by someone posting a link to said trojan. We've gone over this before. This is nothing new. Must be a slow news day at AP...

What's the Difference Between Me and You?

The difference between OSX and Windows is that on OSX you have to download the "virus", run it and supply it with your root password. In Windows, you pretty much have to connect an unpatched install to the Internet without a firewall and wait 20 minutes.

Still, I WOULD like to see Apple try to do more to keep OSX secure. The system should only allow its system directories to be modified in single user mode -- I'm pretty sure BSD has a flag for that. I'd also like to see downloaded applications run as some other user that isn't allowed administrative access to the system at all, password or no. They'd probably have to make some changes so that the user could be restricted from changing its user ID to minimize the damage of people providing their passwords blindly when the dialog comes up. Allow the user to take explicit action if they want the application to be able to run as the regular user.

It still wouldn't be a perfect defense, but nothing can help you if the user's going to bend over backwards to give an application access to the system. Operating system companies really should err on the side of paranoia whenever possible.

I love these Apple stories!

'Cause they generate such great discussion/trolls/flamewars! Thanks Slashdot!

"No Longer" Immune?

Macs May No Longer Be Immune to Viruses

Nobody with a functioning brain thought that Macs were ever immune to viruses.

User-base fallacy

If the installed base size is the critical factor for exploit success, then why are there more successful exploits for Microsoft IIS than there are for Apache?

Take care,
brad

Excuse me, but... huh?

I keep reading posts in this thread that OS X doesn't have viruses and exploits because of this or that. Wasn't there a recent spate of OS X exploits, including a virsus or trojan of some sort? Did I simply dream that?

Just about a week before that rash of exloits happened, an article was posted on Digg that there security vulnerabilities on OS X. Some of us *nix-users pointed out that no OS is totally secure and that Mac-users do tend to take security for granted, even more than Linux/ BSD-users do. Over twenty people posted to that article claiming that OS X was completely secure, entirely dismissing the idea that OS X could possibly have any vulnerabilities. The, BAM!, a bunch of exploits pop up on the net right after that. And here we are at /., where lots of people like to say Digg-users are stupid teenagers, doing the exact same thing. If you're one those, take heed: it's you guys the script-kiddies will target. That's exactly what happened before, exploits aimed at the users who will carelessly run something that contains an exploit or malware of some sort.

One thing I'll never understand is why Linux/ BSD-users take security seriously and so many Mac-users don't. I think it's because of the way these OSes are designed, in that they require you take an active hand in security, although the more user-friendly guide you in doing so. Linux and BSD teach the user more aobut Unix-type OSes and their security procedures. OS X, despite being a BSD, doesn't seem to do that. If I were a Mac-user, this is soemthing I'd be hoping they'd change -- DesktopBSD and several Linux-distros have proven that it's possible to keep the user aware of security while maintaining ease of use. And just remember, exploits can and do happen, and it can happen to even the most secure types of *nix OSes. Carelessness will eventually result in harm to your system no matter what OS you're running.

That would just suck, huh?

Well the point is there might be files out there for dumbasses to download other than .exe. So many piss poor and obvious viruses are done on .exe...anyways, despite the claim, there are a suprizingly high number of people on macs who have no fuckin' idea how to use a computer. I'm the only one in my class of like 100, in one of the top architecture colleges in the country, who even knows the basics of HTML, FTP, etc... And there are tons of people running around with "cute powerbooks" or "cool powerbooks" whose (referring to the computer) sole purpose in life is bittorenting anime.

Bullshit.

Changing processor architectures changes NOTHING about the good and careful design of the Darwin/BSD/OSX software stack.

This is just wishful thinking on the part of people who still respect Microsoft in spite of everything M$ has done to them.

Waiting for them to be right?

Ah yet another prediction that Mac OS X is going to be swarm with viruses. Yawn!!! What is this, the 10000th one? This article should be modded -1 Redundant. Here the theme, "As soon as its it marketshare get bigger, the viruses will come. Apple won't be ready. You'll see". But, if I go online and search today for Mac OS X viruses, I can't find any information about specific viruses or stories about infection. Hell, I couldn't infect my Mac if I wanted too!!! It is obvious we are still in hypothetical land. Equally obvious, virus writers are going to attack the platform with the largest marketshare and Apple has been in single digits for the past 8 years. So, why am I going to spring money for antivirus subscription when there is no virii out there. But, I'll bet one day that they will be right. Shit, a broken watch is right twice a day. Until then, I going to keep on computing with an extra $60 in my pocket.

I'm sorry but...

How does merely changing to a different processor automagically open one up to viruses?

A virus is OS dependant not processor dependant and therefore there is equal chance of PPC OS X getting the same virus as Intel OS X if the virus writer has any degree of skill - although very few virus writers seem to be anything more than just little pathetic script kiddies.

Bring back the good old days where viruses destroyed your BIOS and knackered the bootsectors of your drives.

Re:Macs have never been "immune" to viruses

Nor even markedly more resistant. They have just been less targeted.

Nonsense. Microsoft is the target of viruses and spyware because of Microsofts moronic design decisions and security policies, not because of marketshare.

Re:Macs have never been "immune" to viruses

Nonsense. Microsoft is the target of viruses and spyware because of Microsofts moronic design decisions and security policies, not because of marketshare.

Nonsense. Microsoft is the target of viruses and spyware because of Microsoft's moronic design decisions and security policies AND because of marketshare.

Virus writers are writing viruses to make profit; either by stealing information, creating botnets, or proliferation of unwanted advertising. They make more profit by exploiting more machines, so it's no wonder that the most common OS is also the most targetted.

The fact that it's so trivial to exploit Microsoft software is purely because of the moronic design decisions and security policies, not because of marketshare. But the fact that Microsoft is so frequently the target of virus writers is a function of marketshare as well.

Re:But...but..but..

Don't worry there isn't a virus. The article says there will be one because apple switched to intel. That makes sense right?

BTW. RE your sig. I think it's amusing to quote from religious texts. My favorite is where the bible says to kill adulterers, homosexuals, people who have sex with their daughter in laws (and their daughter in law), all three people in a manage a trois if the manage trois involves a daughter and a mother, and of course all parties in any kind of beastality.

That last one kind of makes me mad though. I mean if you want to off some homosexuals fine but why punish the poor animal just because some pervert molested it?
 

Re:Gosh, it does sounds like MS.

The advisory is from 9 days ago. It is from a company that would like to sell you stuff related to its advisories. No known instance of the alleged flaws exist publicaly. The descriptions of the flaws do not support the conclusion of either a DOS attack being possible or compromising of one's system. As such, I invite you to use this flaw to do anything to my Mac.

Or, even present me with a URL where I can observe the alleged flaws in the wild.

Your handle, Whiney Mac Fanboy (963289), should be a tip-off that you are not posting about this matter in good faith.

Re:Macs have never been "immune" to viruses

I'm calling bullshit on that. True, Macs haven't been tested with a huge market share like Windows has, but you seem to be using that as proof that Macs have as bad-a security model as Windows. My favourite analogy to this is asking which one is more bulletproof, an apple or a kevlar vest. You'd shoot the apple into smitherines then say "Obviously the kevlar vest would crumble similarly if I shot it therefore neither are bulletproof".

You're right that they have never been "immune" to viruses. I don't expect you to say something stupid like that *nothing* is immune to viruses unless you can successfully hack my hello world program, but macs definitely aren't. That doesn't mean they're as bad as Windows though, so if you say something like "Nor even markedly more resistant" how about you back up that comment...

Re:But...but..but..

This is completely off-topic so will doubtless be modded as such. You will actually find that the lines: "And magnify Mohammed and his followers as thou didst magnify Abraham and his followers..." "And bless Mohammed and his followers as thou didst bless Abraham and his followers..." are recited (at least) thirteen times _per day_ in the compulsory Muslim five daily prayers. Now what use would these lines be if you didn't know whom Abraham or his followers were? The key is context, in order to find out what those lines are teaching, you have to go and do a little bit of historical homework on Abraham and why he was such a good pal of God's, to the extent that people living thousands of years after Abraham are still being taught to behave like him and his congregation. Similarly, for the verses mentioned above, context is needed otherwise the lines can easily appear to be contradictory. The verse about not taking Jews and Christians as friends is very often misused by Muslims and non-Muslims alike. But the actual historical reference (remember, that histroy homework again is needed), actually refers to when the northern Arabian tribes were becoming politically unified through their common adherence to Islam. Just as the Vatican or Israel would hardly trust its affairs to, eg, Iran or Saudi Arabia, and not necessarily because of antagonism but merely due to sensible political considerations, the same was true at the time for the fledgling Arab-Muslim state. Political Islam, or indeed Christianity or Judaism, is somewhat divorced from how you should treat your neighbour: it is how one nation should treat another. The verse about taking Christians as friends is the non-political way in which Man should deal with his brethren in the world, holding up the pious Christians of the time as an example to be followed. One can therefore easily ascertain how consistency is not lacking between the two verses, merely that people do not do their homework.

Re:Gosh, it does sounds like MS.

I'd take an Apple spokeswoman's word over Tom Ferris's word. He's fairly good at finding crash bugs, but he frequently reports zero dereferences as "buffer overflows", etc. See his record in bugzilla.mozilla.org, for example, starting with bug 303433. I have no idea why the media keeps calling him a security expert.

Re:Macs have never been "immune" to viruses

I call bullshit.

By your logic, because Apple now has a much higer visibility, it is a more likely target for viruses.

This is true, and I'm not going to argue with it. However, your reasoning behind it is faulty. Just because it is now being targeted more, does not mean that we are going to see huge numbers of viruses cropping up for OS X.

Heck, the "virus" described in the article isn't a virus at all. It's a trojan, and a shitty one at that. The guy downloaded an executable from an unknown source, and willingly ran it. "strange commands ran as if the machine was under the control of someone -- or something -- else."

Not only did the guy make a boneheaded move that would effect even the most secure operating system in the world, it was obviously apparent that the file being run was a virus the second he opened it. I don't think this is any cause for concern.

What's more, in order to inflict any serious damage on an OS X machine, you've got to provide the Administrator password. It is impossible to run OS X as root. If a program's trying to screw with your settings and files, you're going to know about it! Likewise, unlike Windows, file permissions are properly implemented (it's Unix after all...).

By your logic, because approximately 70% of the internet's web servers run Apache, we should be seeing tons of apache exploits, hacks, and viruses cropping up. The reason we don't is because Apache is a well-written and secure program, and because administrators are generally not stupid enough to run unmarked executables.

OS X and unix are inherently more secure by design than Windows is. This is a known fact that has been proven by time. I'll go a step further and say that because OS X is only 5 years old, and NT has had 10+ years to mature, that Windows should be more secure than OS X is. We all know this isn't the case. 95% of Windows viruses, trojans, and spyware would not be possible on OS X or unix simply due to the design of the OS.

Likewise, the article points out seven new vulnerabilities that were discovered two months ago that have yet to be patched, and draws the conclusion that "They didn't know how to deal with security", but later admits that the vulnerabilities wouldn't actually allow someone to execute malicious code on your machine, and that they're being rolled up into the next OS X security update. (Coincidentally, I've got to praise apple for their cumulative and bundled security updates. It makes it TONS easier for end users and administrators to install the updates, avoids confusion, and makes it significantly more likely for these people to install the updates to begin with, compared to the many crypticly-titled windows security fixes and the ActiveX horror that is Windows Update)

In short, the entire article is a piece of crap. Sure, OS X isn't perfectly safe, and it's a given that any system is vulnurable to a stupid user. However, it's damn better than anything else out there. Shame on slashdot for posting such a poorly-researched piece like this.

PS. Do not blame MSNBC for the content of the article. The article came through via the Associated Press, and appears on Cnn.com in addition to a plethora of other sites.

Re:Macs have never been "immune" to viruses

Heck, the "virus" described in the article isn't a virus at all. It's a trojan, and a shitty one at that. The guy downloaded an executable from an unknown source, and willingly ran it. "strange commands ran as if the machine was under the control of someone -- or something -- else."

That also describes the majority of Windows "viruses".

Don't bother with silly semantic games that only Slashbots care about. In the media when they say virus, they're talking about malware in general. Most Windows malware falls into the "trojan" category and requires varying levels of user interaction to get started.

Not only did the guy make a boneheaded move that would effect even the most secure operating system in the world, it was obviously apparent that the file being run was a virus the second he opened it. I don't think this is any cause for concern.

I do, because it's by far the most common vector for malware and, indeed, all security breaches.

It's also damn near impossible to defend against programmatically.

What's more, in order to inflict any serious damage on an OS X machine, you've got to provide the Administrator password.

Bollocks. For a start, any user can delete files they own - ie: the most important data on the machine.

Secondly, any user's account can turn the machine into just about anything an attacker might want, include allowing a remote login for further attempts at privilege escalation (because the OS X firewall is disabled by default).

Finally, any user in the Admin group (the default for most users) can delete (or modify !) not only just about everything in /Applications, but also other "system" files in /Library and /System.

It is impossible to run OS X as root.

Actually it's trivial. Running code as root is marginally easier than actually logging in to the GUI as root, but neither are particularly difficult to do.

If a program's trying to screw with your settings and files, you're going to know about it!

Highly doubtful. Most users have no ideas what processes run on the systems and even fewer actually monitor them.

Likewise, unlike Windows, file permissions are properly implemented (it's Unix after all...).

Windows's file permissions - indeed its security capabilities in general - are vastly more capable that OS X's.

In short the whole "but root is disabled" argument (and variants) is largely irrelevant. Elevated privileges are simply not required for the vast majority of things malware wants to do.

By your logic, because approximately 70% of the internet's web servers run Apache, [..]

(Wow, the good old Apache argument, what a surprise.)

Websites != Servers.

Also People Running Apache != People Running IIS. The bar for running an Apache server is set higher.

[...] we should be seeing tons of apache exploits, hacks, and viruses cropping up. The reason we don't is because Apache is a well-written and secure program, [...]

Actually we do. For the last few years, Apache has had a worse security record than IIS.

[...] and because administrators are generally not stupid enough to run unmarked executables.

Users are not administrators. Users have *extreme* difficulty identifying malicious code before running it.

OS X and unix are inherently more secure by design than Windows is.

False. There are many aspects of traditional UNIX "design" - including that in OS X - what are inherently less secure than Windows. For example, the concept of 'root'.

I'll go a step further and say that because OS X is only 5 years old, and NT has had 10+ years to mature, that Windows should be more secure than OS X is. We all know this isn't the case.

Firstly, the product OS X was is actually a touch older than NT. Secondly, it was basically yet another reimplementation of the flawed unix "design".

Re:Obviously written by an idiot

"MSNBC.com is a Microsoft - NBC joint venture"... this says a lot

What does it say? How does it explain the fact that MSNBC also runs stories on Microsoft-based exploits? Hmm... this says a lot.

Daines, a 29-year-old British chemical engineer who once considered Macs invulnerable to such attacks,"... this makes him a qualified source how?

Probably something to do with the fact that 99% of users of systems, be they Mac or Win, are about as knowledgeable about viruses as he is, for better or worse?

Who the fuck is Tom Ferris again?

Who the fuck is bulldogzerofive?

Re:Macs have never been "immune" to viruses

Incorrect. OS 9 and prior certainly had viruses, despite a market share comparable to OS X based machines. Not as many as Windows, but enough to cause problems for Mac users. Hell, I remember virus problems on Macs when the only way of distributing a virus was by floppy disk and the operating system was held in a ROM.

OS X is substantially more resistant to virus attack than all prior Mac operating systems, and most default Windows installations.

That doesn't mean it's 'immune'. Equally an increase in popularity will almost certainly raise the threat level - but that doesn't change the fact that the underlying system provides better protection by default. Failing to be 'immune' does not mean 'equally vulnerable'.

The default installation implements much of what corporate Windows admins have to implement to secure a Windows system / will be implemented by default in Vista.

Obviously there are other Unix systems that are still more secure - some security has been sacrificed for ease of use. It would be much more secure if new startup services and firewall changes had to be manually configured - but users won't stand for it. (Hence why we got in this mess in the first place).

Re:Gosh, it does sounds like MS.

However, what sounds most MS-like was this: ...

She disagreed that the vulnerabilities make it possible for a criminal to run code on a targeted machine.

Have you ever read the short description of a MS security patch? They quite frequently contain language similar to "A security issue has been identified that could allow an attacker to remotely compromise a computer running Microsoft® Windows® and gain complete control over it. [microsoft.com]"

To the one who modded me troll

I was sarcastic. I am a proud Debian user, you know. I was just doing the same analogy as the authors of the article do.

Re:Apple == MS

The only difference between Apple and MS/Bill Gates and Steve Jobs is cash. If history had run differently and it had been Apple that gotten to be the giant then there really wouldn't be that much change.

I think they are really two very different personalities. Bill Gates is competitive to the point of being a bit mental. He's still fairly pragmatic, but he has a win-at-all costs attitude. Steve Jobs is idealistic and dismissive. Had Apple won the war - even with Steve Jobs at the helm rather than Apple's other captains, I think the personal computer market would be far more balanced. We'd still have Amiga, C64, Atari, and TI in addition to the PC with all its OSen. Steve did hate the clones though, and he did put an end to them. Apple is very litigious, true. A lot of it has to do with animosity Apple has had with Microsoft and the anger the company has with PC vendors that have copied Apple's innovations while simultaneously trashing Apple. Yeah, at some point it gets childish. I think Apple was an angry, misdirected, company for a while, but it wasn't like SCO or Microsoft - companies that sue in order to gain strategic ground.

How many of you believe that is the media part of Sony that has been crippling the company by insisting on DRM that hardware consumers don't want?

I wanted to buy miniDisc but was overwhelmed with all that ATRAC mess. Grrrrr. I think even here though you've got a company that has more in common with Apple than it does with Microsoft. Sony does wierd things sometimes just cause it's Sony. Like Apple, Sony certainly doesn't care whether everyone uses their products, but they're so obsessed with their brand, the loyalist customers often get bit in the ass.