Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
OS X Businesses Operating Systems Security Apple

Mac's Immunity To Recent Virus Attacks 257

bluepinstripe writes " An article over at MacCentral references two articles about the Mac's immunity to the recent virus attacks." This is nothing new, but worthy of note, from time to time, such as now.
This discussion has been archived. No new comments can be posted.

Mac's Immunity To Recent Virus Attacks

Comments Filter:
  • Ack! (Score:4, Funny)

    by Anonymous Coward on Friday August 22, 2003 @11:18AM (#6765893)
    I would have had first post, but my computer was infected with MSBlast!
  • Common Sense (Score:4, Insightful)

    by trompete ( 651953 ) on Friday August 22, 2003 @11:18AM (#6765901) Homepage Journal
    To most of us, it is common sense that Windows-based viruses and worms won't affect Macintoshes, but there are end users out there who think that viruses affect all platforms.
    Unfortunately, none of those naive users browse this site.
    • by Anonymous Coward
      Unfortunately?

      -Bill Gates

    • by ThreeFarthingStone ( 675618 ) on Friday August 22, 2003 @11:41AM (#6766164) Journal

      Wrong. A virus that exploits a cross-platform program such as Mozilla can infect multiple platforms.

      A well-known class of Win-Mac viruses are the Microsoft Office macro viruses. MS Office is available for both Windows and Macintosh, and the versions for both platforms accept the same documents and viruses. With so few Mac-specific viruses available, these macro viruses were once the biggest threats to Mac users, but only those who had certain Microsoft programs. Now these viruses are forgotten as newer Office versions protect against macro viruses.

      • by jokell82 ( 536447 ) on Friday August 22, 2003 @12:18PM (#6766554) Homepage
        So the biggest virus threat on the mac comes/came from Microsoft? How surprising! :)
      • With so few Mac-specific viruses available, these macro viruses were once the biggest threats to Mac users, but only those who had certain Microsoft programs.

        What kind of Mac user are you, to imply that we would use MS Office?

        Seriously though, you are correct. That was the primary reason why I shifted away from using MS products as soon as I was finished my university schooling. Abstinence is the best form of prevention.

      • by Spencerian ( 465343 ) on Friday August 22, 2003 @05:46PM (#6769533) Homepage Journal
        True, but only to a point.

        The earliest macro virus, concept (1995), ran rampant on both Macs and PCs (despite the fact that MS Office 4 for Mac was a Piece of Sh*t) before Office had macro detectors.

        Since then, almost all macro viruses in Word and Excel documents create havoc only on Windows operating systems because the viruses make procedural and path calls that work only on Windows, such as going to a directory path on C: drive, or activating a function that requires the full Visual Basic or ActiveX functionality found in Windows but stunted or non-existant in the Mac version of Office.

        The Mac version of Office screams bloody murder when it detects macros and warns the user. If a modern macro virus is let to run on a Mac OS system, it fails to run or runs only to a point.

        A point that should be made throughout all this virus hoopla is that while Macintosh users are generally immune from any direct attack from PC viruses, a Macintosh user can be a "typhoid Mary" style carrier by passing along a virus from an email or infected file. Also, due the SOBIG virus and BLASTER, everyone, including Macs, suffer from the Internet slowdowns that affect the servers that manage it, as well as intranet slowdowns in businesses.
        • by commodoresloat ( 172735 ) on Friday August 22, 2003 @07:53PM (#6770225)
          A point that should be made throughout all this virus hoopla is that while Macintosh users are generally immune from any direct attack from PC viruses, a Macintosh user can be a "typhoid Mary" style carrier by passing along a virus from an email or infected file.

          So not only is my Mac immune to Windows viruses; it also helps those viruses destroy Windows machines?

          So what's the downside?

      • A well-known class of Win-Mac viruses are the Microsoft Office macro viruses. MS Office is available for both Windows and Macintosh, and the versions for both platforms accept the same documents and viruses. With so few Mac-specific viruses available, these macro viruses were once the biggest threats to Mac users, but only those who had certain Microsoft programs. Now these viruses are forgotten as newer Office versions protect against macro viruses.

        However, even that was actually a potential threat rath
  • by Anonymous Coward on Friday August 22, 2003 @11:22AM (#6765940)
    they still have to worry about the excess traffic generated.

    my own company's mail server (which has an AV on it to check attachments) got the equivalent of a DDoS because of all the people who have us in their address books.

    we ourselves did not get infected, but our mail server sure was (is still) sluggish.
    • by Anonymous Coward
      MSBlaster or a variant (perhaps Welchia) penetrated my work network on Tuesday. There was a default deny firewall in place protecting the network, but someone plugged in an infected laptop and *boom*. Traffic took down the mailserver, the webserver, and mailing list tools in about 5 minutes. So right there, Mac users were affected along with all other non-Windows users.

      The security/computer folks here were able to block the wall jacks used by infected machines, but in some cases this affected others (i

    • I have a couple email addresses posted all over the web, so I've been receiving 300+ messages per day telling me my Mac is infected with viruses that don't exist for it. I don't wade through most of these thanks to my spam filter but nonetheless it slows down traffic for me to download them. Everybody suffers from worms and viruses, even the ones that only bring down unpatched Windows boxes.
      • I have the same problem, but it is due to people mailing me dumb lists like "top 10 reasons beer is better than women" or other things that get forwarded by everyone to everyone else.

        The next biggest problem is ads for viagra. Trust me, viagra is the worst sexually oriented virus there is. I'm pretty secure about not having to worry about HIV, Herpes or all the others. But viagra spam...

  • How many for Linux? (Score:4, Interesting)

    by tsa ( 15680 ) on Friday August 22, 2003 @11:25AM (#6765965) Homepage
    In the article they claim there are about 50 Mac viruses. Does anyone know how many viruses there are for Linux?
    • by GigsVT ( 208848 ) on Friday August 22, 2003 @11:49AM (#6766253) Journal
      It depends on if you count worms, and what you consider "part of the OS".

      Lots of software run on Linux/BSD/other unix-like systems, so if a worm uses a flaw in that software, can you really call it a Linux problem?

      It's not as clear cut as it is in the proprietary software world. where programs generally run on one platform only, and MS/Apple bundles tons of stuff tightly with the OS.

      There have been a couple honest to goodness Linux viruses, but none that I know of have ever spread widely. If you count worms that exploit only Linux, that have made it very far in the wild, you could probably count them on one hand.
      • by jonadab ( 583620 ) on Friday August 22, 2003 @12:12PM (#6766508) Homepage Journal
        > If you count worms that exploit only Linux, that have made it
        > very far in the wild, you could probably count them on one hand.

        OTOH, if you count worms that exploit unix-like systems in general,
        you'll get a somewhat larger number. There have been quite a few
        worms over the years that spread through unix-based software such
        as sendmail. Naturally, most of them won't work on current versions.

        Then again, that 50 number for Mac systems is low if you count
        historical viruses that would no longer work on modern Mac systems.
        Back in the day when all Macs still sported floppy drives and ran
        a single-user out of the box, there were quite a large number of
        Mac file viruses.

        So if you only count malcode that's in the wild and will work
        on current versions... there aren't many, except for Windows.
    • by grue23 ( 158136 ) on Friday August 22, 2003 @12:25PM (#6766618)
      Just the GPL.
    • by Sepper ( 524857 ) on Friday August 22, 2003 @12:37PM (#6766762) Journal
      you'd be suprised...

      Altough most are worms, there are about 50-60 virus existing.

      Symantec [symantec.com]: 1592 results found (includes articles)
      Mcafee [mcafee.com]: found 58 record(s) matching
  • In other news (Score:4, Informative)

    by mhesseltine ( 541806 ) on Friday August 22, 2003 @11:29AM (#6766008) Homepage Journal

    People vaccinated against polio are immune to polio attacks. Duh!

    The other thing that seems to slip people's attention, is that most of these Windows email viruses spread because of Outlook and Outlook Express. People running other mail clients like Eudora, Mozilla, etc. are not affected by these attacks either.

    • bad analogy (Score:5, Interesting)

      by Tumbleweed ( 3706 ) on Friday August 22, 2003 @11:41AM (#6766159)
      Macs aren't "vaccinated" against Windows-based e-mail viruses or worms.

      Saying Macs are "immune" in this case is about like saying my car is immune to Polio. It just doesn't apply in this case. Macs won't be "immune" to Mac-based viruses, when they come along.

      Anyone dumb enough to launch an executable e-mail attachment without first virus-scanning it is dumb enough to do it on any platform they run. Bragging about Macs not being susceptible to this round of viruses is merely bragging about how few Macs there are, and how it isn't worth the time of the virus-writers to make Mac-based viruses. Whoopee.

      I'm still saving up money for a G5, though it has nothing to do with how susceptible to viruses it is or isn't.
      • Re:bad analogy (Score:5, Insightful)

        by mhesseltine ( 541806 ) on Friday August 22, 2003 @11:49AM (#6766259) Homepage Journal
        Macs aren't "vaccinated" against Windows-based e-mail viruses or worms.

        Agreed. It just seems like people brag about something that is painfully obvious (Macs don't get affected by Outlook viruses; people who are vaccinated against polio don't get polio)

        Saying Macs are "immune" in this case is about like saying my car is immune to Polio. It just doesn't apply in this case. Macs won't be "immune" to Mac-based viruses, when they come along.

        Again, agreed.

        Anyone dumb enough to launch an executable e-mail attachment without first virus-scanning it is dumb enough to do it on any platform they run. Bragging about Macs not being susceptible to this round of viruses is merely bragging about how few Macs there are, and how it isn't worth the time of the virus-writers to make Mac-based viruses. Whoopee.

        And this leads to another point. Why do we call them "Windows" viruses. It isn't a function of Windows, per se, that allows this to happen. It's a function of Outlook and OE that causes the problem. If mail.App ran binary attachments without a scan, Macs would be just as vulnerable as Windows machines.

        We should start calling them Outlook viruses. Put the blame where it belongs, on the bad email applications.

        • > We should start calling them Outlook viruses. Put the blame where it belongs, on the bad email applications.

          Well, I use Outlook, and *I* don't get these viruses. If we put the blame where it belongs, we should called them User viruses. :)
          • Well, I use Outlook, and *I* don't get these viruses. If we put the blame where it belongs, we should called them User viruses. :)

            Agreed completely. In the end, these are user problems, not technical problems. LART the lusers who run things they get in their email.

      • Macs won't be "immune" to Mac-based viruses, when they come along.

        True. But they don't. And that's the point :-)
        • > True. But they don't. And that's the point :-)

          The more popular Macs become (because of the advent of OS X the G5 hardware), the more likely they WILL come. That's the price for popularity - people always wanting to take you down a peg or two.

          Granted, a superior security model to that of MS products will help limit the damage done by such a virus, but when you have people willing to click on any attachment someone sends to them in an e-mail, you can never totally eliminate the possibility of damage.
      • Re:bad analogy (Score:4, Insightful)

        by exp(pi*sqrt(163)) ( 613870 ) on Friday August 22, 2003 @08:29PM (#6770407) Journal
        Bragging about Macs not being susceptible to this round of viruses is merely bragging about how few Macs there are...
        That's a perfectly good thing to brag about. Look. We have a software monoculture. Any environmentalist will tell you a monoculture is a bad thing. Choosing an OS with fewer users is a smart move just as exogamous mating is a good way for humans to survive disease. That's something worth bragging about.
      • Well, the analogy does work. While to say Macs are vaccinated against Windows viruses is wrong, Macs are immune to Windows viruses the same way humans are immune to canine immunodeficiency virus. No receptors means no infection. Pure biology. The thing is, while Windows is the predominant desktop OS, UNIX and UNIX-like systems have run the Internet since the beginning (and MacOS X is a UNIX-like system) and there have been few comparably massive exploits in UNIX's 30+ year history. So I think it is pos
      • Re:bad analogy (Score:3, Insightful)

        by tgibbs ( 83782 )

        Macs aren't "vaccinated" against Windows-based e-mail viruses or worms. Saying Macs are "immune" in this case is about like saying my car is immune to Polio.

        The term "immune" does not imply vaccination. There is such a thing a natural immunity. And Wintel systems and Mac systems do pretty much the same thing, they are not so different as you and your car.

        Anyone dumb enough to launch an executable e-mail attachment without first virus-scanning it is dumb enough to do it on any platform they run.

        The

  • by Anonymous Coward on Friday August 22, 2003 @11:32AM (#6766047)
    1) immunity to WINDOWS viruses.. these aren't COMPUTER viruses, they are WINDOWS viruses (and worms).

    2) easy to program .. is your inbox clogged wiht 10000 copies of Sobig and your mail program having fits? Write (or download, or have someone else write) a script to go into your POP server, and use the TOP command to search the headers for one of the 8 sobig subjects, and delete them. You can use Perl, Ruby, Python, PHP, AppleScript, Java, or awesome Objective-C!

    3) No open ports by default!

    That being said, I'm personally not willing to say with 100% certainty that OS X is "immune" to viruses and worms like this. What if OS X was on thousands of desktops in each big company, like windows is? Imagine all those dumb, untrained users sending each other arbitrary executables... combine with ease of programming from #1 above... yeesh...
  • my mom (Score:5, Insightful)

    by BortQ ( 468164 ) on Friday August 22, 2003 @11:33AM (#6766061) Homepage Journal
    This is the single biggest reason that my mother uses a mac. I'm still required for some occasional technical support calls from her, but I can't imagine how bad it would be if she ran windows.

    So join the crusade. Give your mom a mac!

    • Re:my mom (Score:4, Insightful)

      by diverman ( 55324 ) on Friday August 22, 2003 @11:45AM (#6766215)
      Amen! I have been trying to get my mom and her boyfriend to get a Mac. I got them setup with Wireless at home. I setup their laptop to work wirelessly (Running Windows 98 ... old one), and I support them and their XP desktop (*sigh*). When it came time to get a new laptop, they went the XP route (Compaq). While I think Compaq has some nice machines, it's been nothing but a nightmare in dealing with XP and its "intellegent" handling of the wireless network.

      I am still pushing for them to get an iBook. I endlessly tell them how much nicer most of their tasks would be. How much less risk they will have of viruses, etc. At least I don't let them use Outlook.

      So, the way I see it... as a 20-something (can still barely claim that) year old guy it's a wise choice to promote OS X with family members. It will seriously cut down on your overall cost of support time and generally annoying phone calls. I've almost got my dad convinced that a Mac will be his next computer. His friend concurs it's the right choice for him. Wish me luck! I need to cut down on this support overhead!

      -Alex
      • Since I use a mac myself as well I can easily avoid having to deal with all the windows tech support requests I get.

        "Sorry, I only know how to fix up macs. If you had one I could help you..."

        • Well, I do too. 2 PB's (one from work) and a PowerMac. I also have 3 servers at home running Linux.

          My point though, is that my parents don't (yet!). And THEY'RE the ones I need to support. It has nothing to do with what I run, just what THEY run. But I'm working on it!

          -Alex
    • by AHumbleOpinion ( 546848 ) on Friday August 22, 2003 @02:30PM (#6767853) Homepage
      By all means get your Mom a Mac but don't let Mac OS 9 and previous lull you into a false sense of security. The notion that Macs are a nice safe place to avoid virii and worms is obsolete. With Mac OS X Mac's are now much more vulnerable and a highly inviting target:

      (1) They have excellent remote user capabilities. This not only aids in compromising the system but it's Unix nature makes it an excellent place to run various hacking tools from. An excellent proxy.

      (2) They have very poor administration. Few Mac users, hell few Linux box owners for that matter, are capable administrators. There machines are as vulnerable their last Software Update as last weeks update shows: "Today, Apple released Security Update 2003-08-14, which 'addresses a potential vulnerability in the fb_realpath() function which could allow a local or remote user to gain unauthorized root privileges to a system.'"

      These two facts will draw much more attention to Macs by virus and worm authors.
      • by wkcole ( 644783 ) on Friday August 22, 2003 @02:49PM (#6768041)

        For both points, you are referring to problems that have to be opened up explicitly. By default, all those excellent remote user capabilities are turned off, and the one place that uses fb_realpath() (the FTP server) is off by default.

        The situation on X is not as good as it was with, for example, 7.0, where getting anything remotely exploitable up demanded a multi-digit number of clues, but it is still many steps back from the default Windows situation. After all, who outside of Redmond is conscious of the fact that every Windows machine is running a DCOM RPC endpoint mapper?

        • For both points, you are referring to problems that have to be opened up explicitly. By default, all those excellent remote user capabilities are turned off, and the one place that uses fb_realpath() (the FTP server) is off by default.

          You misunderstand. The specific problem cited in the recent update is irrelevant. The point is that Mac OS X boxes can get root'ed and Apple releases updates to prevent this periodically. The next exploit could be in something as common as Safari (default web browser). Fu
          • "The point is that Mac OS X boxes can get root'ed and Apple releases updates to prevent this periodically."

            You miss the point in reply. Mac OS X out of the box CAN'T get root'ed because the root account is disabled.
            The only way (I know of) to enable it is through the GUI. You must launch "NetInfo Manager", then authenticate as an administrator. You can then choose the option to enable the root account and enter a password.

            Along with the root account being disabled, just about every server/service not
            • You are merely playing semantic games.

              Mac OS X out of the box CAN'T get root'ed because the root account is disabled

              Apple Computer, a more reliable source of info regarding Mac OS X diagrees: "Today, Apple released Security Update 2003-08-14, which 'addresses a potential vulnerability in the fb_realpath() function which could allow a local or remote user to gain unauthorized root privileges to a system.'" {emphasis mine}

              That would not be a virus, that would be a trojan

              I am writing with respect
              • Apple Computer, a more reliable source of info regarding Mac OS X diagrees: "Today, Apple released Security Update 2003-08-14, which 'addresses a potential vulnerability in the fb_realpath() function which could allow a local or remote user to gain unauthorized root privileges to a system.'" {emphasis mine}

                I was too brief and the above could be misunderstood. I accidentally hit submit rather than preview. Doh!

                I know the specific example above requires the user to enable a service. My point was the te
      • Thankfully, just about every remote access that I can think of is turned off by default in OS X, and the root user must be enabled before it can be used (even su will not work)
    • Re:my mom (Score:4, Interesting)

      by EverLurking ( 595528 ) <slash@daveche[ ]rg ['n.o' in gap]> on Friday August 22, 2003 @03:25PM (#6768350) Homepage
      Don't get me wrong, I love my mom, but nothing gets my blood boiling and screaming like a real ass over the phone than having to support a loved one's computer problems. "I can't see what's on your screen, why don't you tell me..no you shouldn't just turn it off...er...no stop that...are you pushing the left mouse button?...um...slow down, don't just click on random buttons...Are sure you want to delete that file?...what directory was it in?...no not the windows directory...no!!!!!!!!!!!!!" etc. Why is it so much harder to teach a loved one?

      When I had my mom running Win98 I was fielding on the average 6-5 computer related questions a week and a system crash every couple of days, and she wasn't even really on the internet that much to catch viruses. All this stressful phone tech support stuff was really me generally annoyed and pissed at my sweet little old mother, I was beginning to dread any phone calls from her at all.

      Getting her that 15" iMac for Xmas was the best thing for my nerves. She is set up as a regular user and there is a separate Admin account that she doesn't know the password for, so I KNOW the system will not get accidentally corrupted. That and any damage will be confined to her Home directory. Last time I updated the OS, the uptime was like 3+ months (last reboot before that was for another OS Update). She has not had a problem with figuring out the OS or using the applications that she didn't eventually figure out herself, thanks to the very intuitive interface. I don't have to worry about her contracting a weird/inconvenient Windows social disease/virus, when I put her on a cable modem later this month, I can count on the built in IPFW to keep some bad stuff from happening and thank god Sophos has a full time background virus scanner for OS X available now just in case.

      My mom is actually doing REALLY well considering she just started using computers a couple of years ago (and late in life at that). But she is in the same position I'd guess 80-90% of Windows users are in: They know just enough to get some work done and more than enough to really get in some deep trouble and screw up their systems without being aware that they are doing it.

      DaveC

  • by advocate_one ( 662832 ) on Friday August 22, 2003 @11:34AM (#6766072)
    It's all very nice for Mac users to gloat that they weren't affected by the latest trojan du jour and msblast etc. but for most offices, converting to macs requires ditching perfectly good existing hardware... There is an alternative that also isn't affected by those same viruses and trojans etc. that's to go Linux/FreeBSD... no need to ditch your existing hardware at all. most offices won't require their users to be using soundcards or 3D graphics either so there's no hassle switching over as all you should need is basic vesa functionality and all distros provide that.

    And if you can't stomach the thought of ditching ms and switching to Linux/FreeBSD, then you could at least ditch those ridiculously compromised default email and internet clients and switch to something like Opera and Forte Agent if you want proper support or else go with the multitude of OSS solutions and rely on support via newsgroups and mailing lists

    The biggest problem these days is not the actual MS Windows OS, but what gets bundled with it...

    • So wait the 30 days until your PC's obsolete. Then buy a mac. They do last longer. Check out ebay sometime. Hell those high prices are for machines that don't even pretend to run OS X.
    • The biggest problem these days is not the actual MS Windows OS, but what gets bundled with it...

      Hear, hear. My buddy's windows got fucked up, and he had to reinstall. He did, and the next day I went over to his house. 24 hours after the reinstall (a Compaq), and not having touched the net or anything, I ran Ad-aware. He had 199 malware objects installed. BY THE FUCKING MANUFACTURER!!!!!! I was livid.
  • by GreatDrok ( 684119 ) on Friday August 22, 2003 @11:50AM (#6766270) Journal
    I don't get all these nasty comments about Macs. I don't actually own one, been a Linux user since 1994 and before that I was a SUNOS guy. Never really liked Macs but I could see that people found them easy to use so that was fine. OSX is by far the best of both worlds, my next laptop is almost certainly going to be a powerbook, doesn't mean I won't continue to like Linux, its all UNIX, its all good.

    The one thing I find odd is the lie that is simplicity. Macs are a doddle to use and yet they are clearly also nice secure systems. Windows is less easy to use and yet easier to write viruses and trojans for. Chewbacca defense? It does not make sense! If Macs were as common as PCs they still wouldn't suffer the same level of viruses and worms as Windows does. Same is true for Linux. Besides which, what if we had 25% Windows, 25% Linux, 25% Macs and 25% others. I bet Windows would still have by far the greatest number of viruses etc.

    Cool off guys. Macs are good. Its all UNIX and that is good. A little bit more of this and Windows will be the minority just as it should be.
  • by xTMFWahoo ( 470364 ) on Friday August 22, 2003 @11:52AM (#6766299) Homepage
    Mac's seem to be immune from viruses not because Mac's are totally secure, it's due to the fact that the clowns that write viruses HATE Microsoft and want MS to look bad. Every OS has holes of some sort. No software is perfect.
    • by josepha48 ( 13953 ) on Friday August 22, 2003 @12:22PM (#6766597) Journal
      Actually it has to do with the fact that Microsoft has added VBScript into EVERYTHING that they ship. Excel, Word, Outlook, IE, etc. The intention of this was good, lets make it easy for people to add macros. The outcome has been bad, as there was no security thought put in to this whole thing until AFTER virii started apearing all over windows.

      Well yes it is possible to exploit a UNIX/Mac-BSD/linux OS (now referred to as UMBL) based system, it is much more difficult to do on a generic basis. 1) They all include firewalls as part of the OS. While often they can be disabled or not turned on by default, It was not till 2000 (win2k) that Windows started including a firewall as part of the OS. Even Linux, the new kid on the block has had SOME built in firewalling for about 10 years or more. 2) There is less scripting integration of applications in UMBL than in windows. If I am using mozilla mail or pine then I have to setup these 'execute this with' options. Also I am more likely to get prompted for this. With Windows virii you just click on the mail with the preview pane open and your hozed. MS does not make it super intuitive to figure out how to shut this off either. There is NO "Preferences" in Outlook, just "Options". Options are not really preferences. MS really needs to rethink what the F*** they are doing. I'm suprised noone has decided to ask the question is it just as easy to attack UMBL machines as it is windows? Or is it that people who run UMBL (atleast UBL not sure about M) more likely to turn off services and put up firewalls?

      Yes every OS has holes, but with windows these holes appear as big as the grand canyon, while on other OS'es they appear like small little volcanos. The real issue is that MS needs to start shipping their product with ALL services off and a tight firewall and VBScript OFF and make the users turn these things on instead. Add Preferences into the system. They need to make it so that you can update a system and not have to reboot it cause you installed some new updates, unless its the actual OS kernel itself.

      Also they need to lighten up on the licencing, and allow for people at home to install on 4-5 machines like Mac does. Mac costs 129 for OSX and a home user license (4-5 users) Windows costs 300 for 2k / XP for a 1 users license. Linux / BSD are less than 100 or even FREE for unlimited license. I think that part of the problem of people not updating their OS is that many people cannot afford 5x300 for WIndows and don't upgrade and update their OS cause A - bandwidth, B - fear that MS will come after them for license violation.

      Don't defend a company that has 40 billion dollars in excess money that allows this kind of thing to happen, and then decides to outsource to india to make its profits even greater and its userbase larger. It just isn't right!

      • Are macs inherentnly more secure? on the one hand apple does not seem to do a lot of stupid things like VBS, and ActiveX and auto execute scripts in Outlook and Word. MS totally overlooked the security models when creating features and convenience. and unfortunatley they have done it again with C#.

        thus its clear MS is cavelier.

        On the other hand keeping unix secure is truly hard work. there are lots of dark alleys few sys admins really know about and the development is distributed so one has to tru

        • Exactly, and with factual cites to back up your assertion, how did they "[do] it again" with C#? Ignoring your misappropriation of C# as the responsible party in the case of CLR security, I still don't really understand the comment at all.

          You see, C# is a language. One might rationally compare it to Java. There are similiarities. The essential point here is that the language is a medium for developers to express an executable program. There is also the CLR, which you might liken to the Java runtime environ
  • by chia_monkey ( 593501 ) on Friday August 22, 2003 @11:56AM (#6766347) Journal
    Actually, we have fun at work with all the viruses and worms. I have my TiBook at home and don't really care about anything (obviously). Here at work I'm using Windows. Every time an email comes in, me or my officemate will read the subject name and who it's from and then try to guess what the contents are. "Generic Viagara" is a common one. Then if there's an attachment, try to guess if it's a .pif or .scr. You should try it. And then go home, hop on your Mac, and be productive again.
  • by American AC in Paris ( 230456 ) on Friday August 22, 2003 @12:04PM (#6766430) Homepage
    Yeah, we're not infected, but we still have to deal with all the nitwit "BIG SCARY SYSADMIN MESSAGE: YOUR COMPUTER IS INFECTED WITH SoBig.F! YOU SENT THIS TO OUR SERVER!" messages that are still streaming in.

    What I wouldn't give for a shiny little app that identifies these and autoresponds to the postmaster and abuse addresses with "I'm on a Mac, you insufferable bint. You're a sysadmin, for god's sake. You should know that SoBig.F spoofs the FROM: line. I am not infected with this virus, you are dumb, and I have notified your superiors that you have absolutely no clue as to how to run a mail server and that you should be fired. I hear the U.S. Army is hiring."

    They could call it iSmackYouUpsideTheHead.

    • That's easy! Write a little applescript script that constructs and sends the email through mail.app... Then simply add a mail filter (rule) that launches the applescript.

    • I said something along those lines (although in a somewhat nicer fashion) to the sysadmins of my university's email server. They kept bouncing messages to me saying that I was sending viruses out from my Powerbook. When I informed them of the fact that the Mac is entirely incapable of getting this virus, they told me that they realize that my computer didn't send it but couldn't do anything about it. For some reason, they didn't seem to think it would be a big deal to set up the server to check the IP addr
    • Just use the bouce to sender. Make him think that your email address does not exist :)

      -S
    • man procmail
      man maildrop
  • Not totally true (Score:4, Insightful)

    by theolein ( 316044 ) on Friday August 22, 2003 @12:09PM (#6766479) Journal
    Anti-virus software maker Sophos PLC's Graham Cluley told the Sun's Zeiler that Macs have "no more inherent security" than their PC counterparts, it's just that they've failed "to capture interest" among the creators of these viruses.

    The Unix/OSS security model in OSX (and lack of Outlook type automatic unsecure scripting) is not the only protection. This exists in Linux and BSD et al also. The use of x86 machine code in buffer overflow attacks will not work on PPC or Sparc machines.
    • He's a spokesman for an anti-virus company. What did you expect him to say?

      Good point about the architecture flaw. Does that mean the mythical OS X for x86 would also be vulnerable?
  • by recursiv ( 324497 ) on Friday August 22, 2003 @12:12PM (#6766503) Homepage Journal
    I'm immune too, because my computer was patched long before the virus was released, and I'm not stupid enough to open .pif, .vbs, .bat, .cmd, .lnk, .exe, .scr, or .com files that came in an email.
  • by mcgroarty ( 633843 ) <{moc.liamg} {ta} {ytraorgcm.nairb}> on Friday August 22, 2003 @12:12PM (#6766505) Homepage
    This is yet -another- kind of software that doesn't work on the Mac.

    (Yes, I know -- mod me down because I won't drink the Kool Aid... but I -did- just order myself an iPod for use with Linux.) :-)

  • Nature of Macs (Score:5, Informative)

    by demonic-halo ( 652519 ) on Friday August 22, 2003 @12:40PM (#6766789)
    From another article I read a week ago. The 50 was really for OS 9 and earlier. The old OS is a very insecure OS, with little interms of memory protection, and multi-user access levels, but was left alone given low usage levels.

    OS X however inherites from BSD, so it also inherited all the fixes to past problems in BSD, which is mainly used as an Enterprise Unix solution. And also keep in mind it is a new operating system, version 10.2 has only been around for just over a year. That said, it does come with a more secure default configuration, with most services disabled by default, which is the weakness of most Unix and Linux systems, since they're usually deployed as servers and have most of their services on by default.

    Mac OS X uses micro kernel technology. This provides better memory protection between applications, and the ability to sperate the OS into different components and levels. This becomes key when updating the OS. Most updates, since it does not involve the micro kernel, a complete system restart isn't necessary. The micro kernel will continue to run while the rest of the OS is patched in restarted, reducing start up time for kernel updates.
    • by hayne ( 545353 ) on Friday August 22, 2003 @02:00PM (#6767530)
      Mac OS X uses micro kernel technology. This provides better memory protection between applications, and the ability to sperate the OS into different components and levels. This becomes key when updating the OS. Most updates, since it does not involve the micro kernel, a complete system restart isn't necessary. The micro kernel will continue to run while the rest of the OS is patched in restarted, reducing start up time for kernel updates.
      While it is true that OS X includes Mach technology, it is actually a much modified mixture of BSD and Mach and along the way, one of the things that got abandoned was the idea of the micro-kernel. Current OS X does not use a microkernel in the usual sense - it is a monolithic kernel. It does however have some clever kernel extension mechanisms. Here's a quote from a Usenix paper by Louis Gerbarg [usenix.org]:

      xnu is not a traditional microkernel as its Mach heritage might imply. Over the years various people have tried methods of speeding up microkernels, including collocation (MkLinux), and optimized messaging mechanisms (L4)[microperf]. Since Mac OS X was not intended to work as a multi-server, and a crash of a BSD server was equivalent to a system crash from a user perspective the advantages of protecting Mach from BSD were negligible. Rather than simple collocation, message passing was short circuited by having BSD directly call Mach functions. While the abstractions are maintained within the kernel at source level, the kernel is in fact monolithic.
  • They even mentioned this on Bob and Tom this morning. I think Chic has a Mac. Joe
  • I run a small on-site computer consulting company, and a local station (KOIN-6 in Portland) called to ask if they could come along on a service call to remove the worm, and film it (with the client's permission, of course.) So I found a client willing to do it, and met the news people there.

    As part of the (short) interview, they asked how to avoid it, and I mentioned that Macintoshes and Linux machines were immune. That made it on the news. (Along with very little else of my interview.)
    • you know, i read an article in the paper about all of this.
      It made the front page. it does say in the very last paragraph that microsoft is the reason we have all these viruses, but i was very upset that the paper didn't say there were alternatives to Windows (Linux and Mac).

      I'm glad someone got the word out that this is *just* a windows problem, and that there is choice in this world.
  • by seichert ( 8292 ) on Friday August 22, 2003 @01:10PM (#6767098)
    Would it not be possible to write a virus in AppleScript that took entries from the AddressBook and used them to send itself out to the rest of the world via Mail.app? Legitimate question. If the answer is "Yes" then why is Mac OS X more resistant to viruses than Windows/OutLook? Could it be that Mac OS X is only like 2% of the market and thus not a significant target?
    • by Dec12 ( 600216 ) on Friday August 22, 2003 @01:38PM (#6767354)
      It would be possible to write such an apple script, however by default before Mail.app would run the script it would open a dialogue box and ask permission from the user. If the user is willing to run anything sent to them there is not much you can do about security.
    • by Anonymous Coward on Friday August 22, 2003 @02:36PM (#6767918)
      You can write such Applescript but you also would have to click yes to a dozen of messages like:

      Do you want to open this?
      Shall I send this mail to these 300 addresses
      Where do you want to unzip this executable
      Shall I start it?
      Shall I make a copy and send to all entries in your address book?

      Then yes, if you are so dumb as to answer "Yes" to all those questions everytime an app gets fired by the Applescript and opens windows on your face then yes, it would be possible.

      On Windows the OS answers "YEEEEEEESSSSSS please do" without you ever noticing what is going on.

      That's why the worm/virii spread so easily on WIndows: it is dumb.
      Also, every Windows app run as 'system' that is even IM or IE is like GOD on Windows.
      Mac applications do not have those rights and more, root user is disabled by default and the average user does not even have the tools to activate it or know how to.

      A virus on Mac would need the active collaboration of the user to spread. On Windows it has the granted collaboration of Windows. Like giving the keys of you mansion to the thieves themselves while you are on vacation.

      Keep trusting Windows, it is so clever :-)

      And oh yes: it is just visibility LOL
    • You mean, like this [sophos.com]?

      The laugh is that -- wait for it -- IT REQUIRES MICROSOFT PRODUCTS TO RUN!!!!!

      Plus it also requires user activation.

      So it technically doesn't meet your criteria (AddressBook and Mail.app). But funny nonetheless.
    • Well, the Mail.app client which most MacOS X users use doesn't automatically run executable files like Outlook runs those .pif, .exe and .scr files.

      Hence, while it is possible (and easy) to write a virus for the Mac, it's more difficult to spread it -- that's my impression, anyhow.

      I've never, ever, ever got MacOS X virus...there has to be a reason, and I think this one is it.
  • obvious? (Score:4, Insightful)

    by Anonymous Coward on Friday August 22, 2003 @01:48PM (#6767434)
    Am i the only one that thinks this article should be on the front page?
  • I can see the graphic for it right now:

    Big red concentric circles - traditional target

    At 10 'oclock - Mac OS X logo

    At 2 'oclock - Tux

    At 4 and 8 'oclock - Darts with a virus and a worm riding them

    Dead center - the Windows logo

    Across the bottom - Move out of the bullseye!

    A simple, accurate description of the main reason you're safer Anywhere But Windows.

  • by dr2chase ( 653338 ) on Friday August 22, 2003 @02:34PM (#6767893) Homepage
    Macs derive some benefit from their approach to "administrator rights". I've got them, but to actually do anything, I need to type a password.

    On Windows (at least W2K) if you need administrator privileges, then they're on all the time. Accidentally run a virus while in administrator mode, and it gets to use those administrator privileges, too.

  • by azav ( 469988 ) on Friday August 22, 2003 @04:17PM (#6768875) Homepage Journal
    This point was argued today on another list. I think it is of merit for discussion here:

    I may be the Last person in the world to defend M$, but is it not the fact that M$ OSes are the most prevalent, that causes the virus writers to exploit their
    weaknesses?

    NO.

    I worked in Academic Computer Services at my college last century and when virii came out for macs with an exploit, Apple patched the system so that they were not able to leverage that exploit (where possible) in the next release.

    Init 39, scores, nVir and MDEF and WDEF virii are the ones I encountered.

    Nothing happened from Microsoft. It's like shipping a barn with the barn door locked open. These systems were exploitable BY DEFAULT and it was a SIMPLE MATTER to ship with many of the doors closed.

    Now I am referring to exploits that do not really require deep code experience to perform. A much lower skill level was needed to take advantage of many MS open holes. Someone using VB could write an email virus.

    It was not the case on the mac in those days, it was harder to write a virus.

    It was literally sickening to watch. There were so many simple open areas that any bored teenager could take advantage of.

    I performed the virus protection for the Mac and PC clusters (and sometimes VAX) so I know this firsthand.

    There are about 70 THOUSAND pc viruses. There are about 50 mac viruses.

    At my house, I ran my mac server for about 3 years without a firewall, someone probably hacked it once but I just rebooted it. There were many many attempts to access formmail.cgi and run many windows infection routines - but I chose to name my hard drive something I wanted. This alone made the pathname invalid - let alone I was running on a mac. SIMPLE THINGS like being able to call your hard drive whatever you want made it harder to assume a path to sensitive information that could be exploited.

    The lameness of windows and lack of response from MS and their ignoring their obligation to provide simple security to their customers has disgusted me about MS for a long time.

  • Check the source! (Score:4, Interesting)

    by tb3 ( 313150 ) on Friday August 22, 2003 @06:20PM (#6769749) Homepage
    The Mercury News article quotes Rob Enderle, president of a 'technology research firm' as one of it's sources. A quick google search on this guy reveals he does nothing but generate quotes for news articles.

    I did finally turn up some background on him here [gigaweb.com]. He has a background in marketing, and market research into Microsoft products and trends. He actually has the distinction of being the most widely quoted analyst one year!

    Not someone I'd consider an expert on viruses, or the internals of operating systems.
  • Yeah, but WTF? Being on OS X doesn't stop your mail adress from being flooded (not dangerous, but still annoying) by OTHER PLATFORM's viruses...
    Recent example: I've been getting, in the past 4 days, 30 mails a day sent from a friend's friend's PC (who happened to have my mail in its contacts... This worm /virus / trojan horse ("W32.Sobig.F@mm") sends itself from that person's PC (same numerical IP), but with different senders' identities (randomly choosing from that PC's adress book). What's worse is that t
  • by tomem ( 542334 ) on Saturday August 23, 2003 @09:26AM (#6772669) Homepage Journal
    I didn't see anyone pointing out that Apple has an excellent automated software update mechanism in place, which by default looks weeky for updates and asks if users want them. If you hit return rather than cancel, you get your update. No sysadmin assistance is required, but that factor in Mac adoption is another story. Some users will reject an update because they don't want to take the chance that it requires a reboot (most security patches do not, but other updates often do). But at least during virus scares, the updates are likely to be accepted. If Macs were more common, it seems like the necessary updates would be in place more universally than they are among Windows users.

    Can anyone comment on how effective the comparable process is for PC, Linux, Unix, and whether there is a differential between these and the Mac update process?

Business is a good game -- lots of competition and minimum of rules. You keep score with money. -- Nolan Bushnell, founder of Atari

Working...