Mac's Immunity To Recent Virus Attacks

bluepinstripe writes " An article over at MacCentral references two articles about the Mac's immunity to the recent virus attacks." This is nothing new, but worthy of note, from time to time, such as now.

Re:How many for Linux?

[GigsVT]

It depends on if you count worms, and what you consider "part of the OS".

Lots of software run on Linux/BSD/other unix-like systems, so if a worm uses a flaw in that software, can you really call it a Linux problem?

It's not as clear cut as it is in the proprietary software world. where programs generally run on one platform only, and MS/Apple bundles tons of stuff tightly with the OS.

There have been a couple honest to goodness Linux viruses, but none that I know of have ever spread widely. If you count worms that exploit only Linux, that have made it very far in the wild, you could probably count them on one hand.

Re:How many for Linux?

[Sepper]

you'd be suprised...

Altough most are worms, there are about 50-60 virus existing.

Symantec: 1592 results found (includes articles)
Mcafee: found 58 record(s) matching

Nature of Macs

[demonic-halo]

From another article I read a week ago. The 50 was really for OS 9 and earlier. The old OS is a very insecure OS, with little interms of memory protection, and multi-user access levels, but was left alone given low usage levels.

OS X however inherites from BSD, so it also inherited all the fixes to past problems in BSD, which is mainly used as an Enterprise Unix solution. And also keep in mind it is a new operating system, version 10.2 has only been around for just over a year. That said, it does come with a more secure default configuration, with most services disabled by default, which is the weakness of most Unix and Linux systems, since they're usually deployed as servers and have most of their services on by default.

Mac OS X uses micro kernel technology. This provides better memory protection between applications, and the ability to sperate the OS into different components and levels. This becomes key when updating the OS. Most updates, since it does not involve the micro kernel, a complete system restart isn't necessary. The micro kernel will continue to run while the rest of the OS is patched in restarted, reducing start up time for kernel updates.

OS X - no microkernel

[hayne]

Mac OS X uses micro kernel technology. This provides better memory protection between applications, and the ability to sperate the OS into different components and levels. This becomes key when updating the OS. Most updates, since it does not involve the micro kernel, a complete system restart isn't necessary. The micro kernel will continue to run while the rest of the OS is patched in restarted, reducing start up time for kernel updates.

While it is true that OS X includes Mach technology, it is actually a much modified mixture of BSD and Mach and along the way, one of the things that got abandoned was the idea of the micro-kernel. Current OS X does not use a microkernel in the usual sense - it is a monolithic kernel. It does however have some clever kernel extension mechanisms. Here's a quote from a Usenix paper by Louis Gerbarg:

xnu is not a traditional microkernel as its Mach heritage might imply. Over the years various people have tried methods of speeding up microkernels, including collocation (MkLinux), and optimized messaging mechanisms (L4)[microperf]. Since Mac OS X was not intended to work as a multi-server, and a crash of a BSD server was equivalent to a system crash from a user perspective the advantages of protecting Mach from BSD were negligible. Rather than simple collocation, message passing was short circuited by having BSD directly call Mach functions. While the abstractions are maintained within the kernel at source level, the kernel is in fact monolithic.

Re:Mac: False Sense of Security

[wkcole]

For both points, you are referring to problems that have to be opened up explicitly. By default, all those excellent remote user capabilities are turned off, and the one place that uses fb_realpath() (the FTP server) is off by default.

The situation on X is not as good as it was with, for example, 7.0, where getting anything remotely exploitable up demanded a multi-digit number of clues, but it is still many steps back from the default Windows situation. After all, who outside of Redmond is conscious of the fact that every Windows machine is running a DCOM RPC endpoint mapper?

MS Office Viruses Only Go So Far on Macs

[Spencerian]

True, but only to a point.

The earliest macro virus, concept (1995), ran rampant on both Macs and PCs (despite the fact that MS Office 4 for Mac was a Piece of Sh*t) before Office had macro detectors.

Since then, almost all macro viruses in Word and Excel documents create havoc only on Windows operating systems because the viruses make procedural and path calls that work only on Windows, such as going to a directory path on C: drive, or activating a function that requires the full Visual Basic or ActiveX functionality found in Windows but stunted or non-existant in the Mac version of Office.

The Mac version of Office screams bloody murder when it detects macros and warns the user. If a modern macro virus is let to run on a Mac OS system, it fails to run or runs only to a point.

A point that should be made throughout all this virus hoopla is that while Macintosh users are generally immune from any direct attack from PC viruses, a Macintosh user can be a "typhoid Mary" style carrier by passing along a virus from an email or infected file. Also, due the SOBIG virus and BLASTER, everyone, including Macs, suffer from the Internet slowdowns that affect the servers that manage it, as well as intranet slowdowns in businesses.