Slashdot Mirror
Mac's Immunity To Recent Virus Attacks
bluepinstripe writes "
An article over at MacCentral references two articles about the Mac's immunity to the recent virus attacks." This is nothing new, but worthy of note, from time to time, such as now.
← Back to Stories (view on slashdot.org)
they still have to worry about the excess traffic generated.
my own company's mail server (which has an AV on it to check attachments) got the equivalent of a DDoS because of all the people who have us in their address books.
we ourselves did not get infected, but our mail server sure was (is still) sluggish.
In the article they claim there are about 50 Mac viruses. Does anyone know how many viruses there are for Linux?
-- Cheers!
And if you can't stomach the thought of ditching ms and switching to Linux/FreeBSD, then you could at least ditch those ridiculously compromised default email and internet clients and switch to something like Opera and Forte Agent if you want proper support or else go with the multitude of OSS solutions and rely on support via newsgroups and mailing lists
The biggest problem these days is not the actual MS Windows OS, but what gets bundled with it...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
Macs aren't "vaccinated" against Windows-based e-mail viruses or worms.
Saying Macs are "immune" in this case is about like saying my car is immune to Polio. It just doesn't apply in this case. Macs won't be "immune" to Mac-based viruses, when they come along.
Anyone dumb enough to launch an executable e-mail attachment without first virus-scanning it is dumb enough to do it on any platform they run. Bragging about Macs not being susceptible to this round of viruses is merely bragging about how few Macs there are, and how it isn't worth the time of the virus-writers to make Mac-based viruses. Whoopee.
I'm still saving up money for a G5, though it has nothing to do with how susceptible to viruses it is or isn't.
Wrong. A virus that exploits a cross-platform program such as Mozilla can infect multiple platforms.
A well-known class of Win-Mac viruses are the Microsoft Office macro viruses. MS Office is available for both Windows and Macintosh, and the versions for both platforms accept the same documents and viruses. With so few Mac-specific viruses available, these macro viruses were once the biggest threats to Mac users, but only those who had certain Microsoft programs. Now these viruses are forgotten as newer Office versions protect against macro viruses.
==========
There are two types of people: those who are in the world, and those who aren't.
Well yes it is possible to exploit a UNIX/Mac-BSD/linux OS (now referred to as UMBL) based system, it is much more difficult to do on a generic basis. 1) They all include firewalls as part of the OS. While often they can be disabled or not turned on by default, It was not till 2000 (win2k) that Windows started including a firewall as part of the OS. Even Linux, the new kid on the block has had SOME built in firewalling for about 10 years or more. 2) There is less scripting integration of applications in UMBL than in windows. If I am using mozilla mail or pine then I have to setup these 'execute this with' options. Also I am more likely to get prompted for this. With Windows virii you just click on the mail with the preview pane open and your hozed. MS does not make it super intuitive to figure out how to shut this off either. There is NO "Preferences" in Outlook, just "Options". Options are not really preferences. MS really needs to rethink what the F*** they are doing. I'm suprised noone has decided to ask the question is it just as easy to attack UMBL machines as it is windows? Or is it that people who run UMBL (atleast UBL not sure about M) more likely to turn off services and put up firewalls?
Yes every OS has holes, but with windows these holes appear as big as the grand canyon, while on other OS'es they appear like small little volcanos. The real issue is that MS needs to start shipping their product with ALL services off and a tight firewall and VBScript OFF and make the users turn these things on instead. Add Preferences into the system. They need to make it so that you can update a system and not have to reboot it cause you installed some new updates, unless its the actual OS kernel itself.
Also they need to lighten up on the licencing, and allow for people at home to install on 4-5 machines like Mac does. Mac costs 129 for OSX and a home user license (4-5 users) Windows costs 300 for 2k / XP for a 1 users license. Linux / BSD are less than 100 or even FREE for unlimited license. I think that part of the problem of people not updating their OS is that many people cannot afford 5x300 for WIndows and don't upgrade and update their OS cause A - bandwidth, B - fear that MS will come after them for license violation.
Don't defend a company that has 40 billion dollars in excess money that allows this kind of thing to happen, and then decides to outsource to india to make its profits even greater and its userbase larger. It just isn't right!
Only 'flamers' flame!
Does slashdot hate my posts?
With so few Mac-specific viruses available, these macro viruses were once the biggest threats to Mac users, but only those who had certain Microsoft programs.
What kind of Mac user are you, to imply that we would use MS Office?
Seriously though, you are correct. That was the primary reason why I shifted away from using MS products as soon as I was finished my university schooling. Abstinence is the best form of prevention.
"Smart is sexy." -- D. Scully ("War of the Coprophages")
I run a small on-site computer consulting company, and a local station (KOIN-6 in Portland) called to ask if they could come along on a service call to remove the worm, and film it (with the client's permission, of course.) So I found a client willing to do it, and met the news people there.
As part of the (short) interview, they asked how to avoid it, and I mentioned that Macintoshes and Linux machines were immune. That made it on the news. (Along with very little else of my interview.)
Another non-functioning site was "uncertainty.microsoft.com."
The purpose of that site was not known.
Would it not be possible to write a virus in AppleScript that took entries from the AddressBook and used them to send itself out to the rest of the world via Mail.app? Legitimate question. If the answer is "Yes" then why is Mac OS X more resistant to viruses than Windows/OutLook? Could it be that Mac OS X is only like 2% of the market and thus not a significant target?
Stuart Eichert
When I had my mom running Win98 I was fielding on the average 6-5 computer related questions a week and a system crash every couple of days, and she wasn't even really on the internet that much to catch viruses. All this stressful phone tech support stuff was really me generally annoyed and pissed at my sweet little old mother, I was beginning to dread any phone calls from her at all.
Getting her that 15" iMac for Xmas was the best thing for my nerves. She is set up as a regular user and there is a separate Admin account that she doesn't know the password for, so I KNOW the system will not get accidentally corrupted. That and any damage will be confined to her Home directory. Last time I updated the OS, the uptime was like 3+ months (last reboot before that was for another OS Update). She has not had a problem with figuring out the OS or using the applications that she didn't eventually figure out herself, thanks to the very intuitive interface. I don't have to worry about her contracting a weird/inconvenient Windows social disease/virus, when I put her on a cable modem later this month, I can count on the built in IPFW to keep some bad stuff from happening and thank god Sophos has a full time background virus scanner for OS X available now just in case.
My mom is actually doing REALLY well considering she just started using computers a couple of years ago (and late in life at that). But she is in the same position I'd guess 80-90% of Windows users are in: They know just enough to get some work done and more than enough to really get in some deep trouble and screw up their systems without being aware that they are doing it.
DaveC
There are no stupid questions...just stupid people.
Well, the Mail.app client which most MacOS X users use doesn't automatically run executable files like Outlook runs those .pif, .exe and .scr files.
Hence, while it is possible (and easy) to write a virus for the Mac, it's more difficult to spread it -- that's my impression, anyhow.
I've never, ever, ever got MacOS X virus...there has to be a reason, and I think this one is it.
This point was argued today on another list. I think it is of merit for discussion here:
I may be the Last person in the world to defend M$, but is it not the fact that M$ OSes are the most prevalent, that causes the virus writers to exploit their
weaknesses?
NO.
I worked in Academic Computer Services at my college last century and when virii came out for macs with an exploit, Apple patched the system so that they were not able to leverage that exploit (where possible) in the next release.
Init 39, scores, nVir and MDEF and WDEF virii are the ones I encountered.
Nothing happened from Microsoft. It's like shipping a barn with the barn door locked open. These systems were exploitable BY DEFAULT and it was a SIMPLE MATTER to ship with many of the doors closed.
Now I am referring to exploits that do not really require deep code experience to perform. A much lower skill level was needed to take advantage of many MS open holes. Someone using VB could write an email virus.
It was not the case on the mac in those days, it was harder to write a virus.
It was literally sickening to watch. There were so many simple open areas that any bored teenager could take advantage of.
I performed the virus protection for the Mac and PC clusters (and sometimes VAX) so I know this firsthand.
There are about 70 THOUSAND pc viruses. There are about 50 mac viruses.
At my house, I ran my mac server for about 3 years without a firewall, someone probably hacked it once but I just rebooted it. There were many many attempts to access formmail.cgi and run many windows infection routines - but I chose to name my hard drive something I wanted. This alone made the pathname invalid - let alone I was running on a mac. SIMPLE THINGS like being able to call your hard drive whatever you want made it harder to assume a path to sensitive information that could be exploited.
The lameness of windows and lack of response from MS and their ignoring their obligation to provide simple security to their customers has disgusted me about MS for a long time.
- Zav - Imagine a Beowulf cluster of insensitive clods...
The Mercury News article quotes Rob Enderle, president of a 'technology research firm' as one of it's sources. A quick google search on this guy reveals he does nothing but generate quotes for news articles.
I did finally turn up some background on him here. He has a background in marketing, and market research into Microsoft products and trends. He actually has the distinction of being the most widely quoted analyst one year!
Not someone I'd consider an expert on viruses, or the internals of operating systems.
www.lucernesys.comHorizon: Calendar-based personal finance
"The point is that Mac OS X boxes can get root'ed and Apple releases updates to prevent this periodically."
You miss the point in reply. Mac OS X out of the box CAN'T get root'ed because the root account is disabled.
The only way (I know of) to enable it is through the GUI. You must launch "NetInfo Manager", then authenticate as an administrator. You can then choose the option to enable the root account and enter a password.
Along with the root account being disabled, just about every server/service not necessary for the GUI is diabled. CUPS is perhaps the only thing running by default that's even close to being remotely exploitable.
"The next exploit could be in something as common as Safari (default web browser)"
That would not be a virus, that would be a trojan. Trojans require uninformed users to do something silly like run code from an unknown source. Apple's update system prevents that.
The fact is here also that a: root is disabled in the default install b: the users don't run at even the admin level by default. So if you were to launch a trojan it could ONLY ravage your own home directory and perhaps be used in DDOS attacks, spam, worm propigation and exploit searches. To be successful at that, the thing would probably need to save off a binary executable and fork it as a background BSD process.
I consider trojans to be more on the level of having physical access to the machine (just you do it by proxy). A trojan is not a remote expoit, not a virus and not a worm. The simplest way to catch them is to have a process check for any files having their execute bit(s) toggled and prompt for authority. that would pretty much leave an interprited type trojar in Perl or TCSH, which can be run without the execute bits being set.
Article X: The powers not delegated... by the Constitution...are reserved...to the people