Slashdot Mirror
Mac's Immunity To Recent Virus Attacks
bluepinstripe writes "
An article over at MacCentral references two articles about the Mac's immunity to the recent virus attacks." This is nothing new, but worthy of note, from time to time, such as now.
← Back to Stories (view on slashdot.org)
People vaccinated against polio are immune to polio attacks. Duh!
The other thing that seems to slip people's attention, is that most of these Windows email viruses spread because of Outlook and Outlook Express. People running other mail clients like Eudora, Mozilla, etc. are not affected by these attacks either.
Overrated / Underrated : Moderation
1) immunity to WINDOWS viruses.. these aren't COMPUTER viruses, they are WINDOWS viruses (and worms).
.. is your inbox clogged wiht 10000 copies of Sobig and your mail program having fits? Write (or download, or have someone else write) a script to go into your POP server, and use the TOP command to search the headers for one of the 8 sobig subjects, and delete them. You can use Perl, Ruby, Python, PHP, AppleScript, Java, or awesome Objective-C!
2) easy to program
3) No open ports by default!
That being said, I'm personally not willing to say with 100% certainty that OS X is "immune" to viruses and worms like this. What if OS X was on thousands of desktops in each big company, like windows is? Imagine all those dumb, untrained users sending each other arbitrary executables... combine with ease of programming from #1 above... yeesh...
It depends on if you count worms, and what you consider "part of the OS".
Lots of software run on Linux/BSD/other unix-like systems, so if a worm uses a flaw in that software, can you really call it a Linux problem?
It's not as clear cut as it is in the proprietary software world. where programs generally run on one platform only, and MS/Apple bundles tons of stuff tightly with the OS.
There have been a couple honest to goodness Linux viruses, but none that I know of have ever spread widely. If you count worms that exploit only Linux, that have made it very far in the wild, you could probably count them on one hand.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
"It is our blasphemy which has made us great, and will sustain us, and which the gods secretly admire in us." - Zelazny
you'd be suprised...
Altough most are worms, there are about 50-60 virus existing.
Symantec: 1592 results found (includes articles)
Mcafee: found 58 record(s) matching
I live in Soviet Canuckistan you insensitive clod!
From another article I read a week ago. The 50 was really for OS 9 and earlier. The old OS is a very insecure OS, with little interms of memory protection, and multi-user access levels, but was left alone given low usage levels.
OS X however inherites from BSD, so it also inherited all the fixes to past problems in BSD, which is mainly used as an Enterprise Unix solution. And also keep in mind it is a new operating system, version 10.2 has only been around for just over a year. That said, it does come with a more secure default configuration, with most services disabled by default, which is the weakness of most Unix and Linux systems, since they're usually deployed as servers and have most of their services on by default.
Mac OS X uses micro kernel technology. This provides better memory protection between applications, and the ability to sperate the OS into different components and levels. This becomes key when updating the OS. Most updates, since it does not involve the micro kernel, a complete system restart isn't necessary. The micro kernel will continue to run while the rest of the OS is patched in restarted, reducing start up time for kernel updates.
like... worms. yeah. good catch. or was there anything else? no? didn't think so.
Once more for the slow people.
UNIX(R) is a registered trademark. UNIX, on the other hand, is a generic term used to describe computer operating systems.
Mac OS X is not UNIX(R). Mac OS X is UNIX.
Clear?
For both points, you are referring to problems that have to be opened up explicitly. By default, all those excellent remote user capabilities are turned off, and the one place that uses fb_realpath() (the FTP server) is off by default.
The situation on X is not as good as it was with, for example, 7.0, where getting anything remotely exploitable up demanded a multi-digit number of clues, but it is still many steps back from the default Windows situation. After all, who outside of Redmond is conscious of the fact that every Windows machine is running a DCOM RPC endpoint mapper?
The biggest problem these days is not the actual MS Windows OS, but what gets bundled with it...
Hear, hear. My buddy's windows got fucked up, and he had to reinstall. He did, and the next day I went over to his house. 24 hours after the reinstall (a Compaq), and not having touched the net or anything, I ran Ad-aware. He had 199 malware objects installed. BY THE FUCKING MANUFACTURER!!!!!! I was livid.
True, but only to a point.
The earliest macro virus, concept (1995), ran rampant on both Macs and PCs (despite the fact that MS Office 4 for Mac was a Piece of Sh*t) before Office had macro detectors.
Since then, almost all macro viruses in Word and Excel documents create havoc only on Windows operating systems because the viruses make procedural and path calls that work only on Windows, such as going to a directory path on C: drive, or activating a function that requires the full Visual Basic or ActiveX functionality found in Windows but stunted or non-existant in the Mac version of Office.
The Mac version of Office screams bloody murder when it detects macros and warns the user. If a modern macro virus is let to run on a Mac OS system, it fails to run or runs only to a point.
A point that should be made throughout all this virus hoopla is that while Macintosh users are generally immune from any direct attack from PC viruses, a Macintosh user can be a "typhoid Mary" style carrier by passing along a virus from an email or infected file. Also, due the SOBIG virus and BLASTER, everyone, including Macs, suffer from the Internet slowdowns that affect the servers that manage it, as well as intranet slowdowns in businesses.
Vos teneo officium eram periculosus ut vos recipero is.
A well-known class of Win-Mac viruses are the Microsoft Office macro viruses. MS Office is available for both Windows and Macintosh, and the versions for both platforms accept the same documents and viruses. With so few Mac-specific viruses available, these macro viruses were once the biggest threats to Mac users, but only those who had certain Microsoft programs. Now these viruses are forgotten as newer Office versions protect against macro viruses.
However, even that was actually a potential threat rather than real one. Virii are rarely truly portable. The (in)famous Melissa was probably the closest to be a cross-platform virus. It could infect MacOS Office documents, but still it could not affect MS Outlook for MacOS (and thus could not spread further). So yes, theoretically you could write a cross-platform virus that would achieve exactly the same effect on Windows and MacOS (provided that both will have Microsoft Office), but the guys who write this stuff rarely put portability on the top of their priority list. They are really screwed, no question about it, but not that much...
Actually, the ppc remains harder to to hack, because it has a weakly consistent memory model. If you perform a buffer overflow attack that injects new in the target system, then you have to execute an isync instruction to synchronize the processor instruction cache with the new memory contents. Otherwise, when you jump to your new code, the old code (or whatever was at that address) may be executed. This requires you to know an address where you can find such an instruction and a way to jump back to your new code after executing it.
Donate free food here