Slashdot Mirror
Mac's Immunity To Recent Virus Attacks
bluepinstripe writes "
An article over at MacCentral references two articles about the Mac's immunity to the recent virus attacks." This is nothing new, but worthy of note, from time to time, such as now.
← Back to Stories (view on slashdot.org)
I would have had first post, but my computer was infected with MSBlast!
To most of us, it is common sense that Windows-based viruses and worms won't affect Macintoshes, but there are end users out there who think that viruses affect all platforms.
Unfortunately, none of those naive users browse this site.
More than enough BS
they still have to worry about the excess traffic generated.
my own company's mail server (which has an AV on it to check attachments) got the equivalent of a DDoS because of all the people who have us in their address books.
we ourselves did not get infected, but our mail server sure was (is still) sluggish.
In the article they claim there are about 50 Mac viruses. Does anyone know how many viruses there are for Linux?
-- Cheers!
People vaccinated against polio are immune to polio attacks. Duh!
The other thing that seems to slip people's attention, is that most of these Windows email viruses spread because of Outlook and Outlook Express. People running other mail clients like Eudora, Mozilla, etc. are not affected by these attacks either.
Overrated / Underrated : Moderation
1) immunity to WINDOWS viruses.. these aren't COMPUTER viruses, they are WINDOWS viruses (and worms).
.. is your inbox clogged wiht 10000 copies of Sobig and your mail program having fits? Write (or download, or have someone else write) a script to go into your POP server, and use the TOP command to search the headers for one of the 8 sobig subjects, and delete them. You can use Perl, Ruby, Python, PHP, AppleScript, Java, or awesome Objective-C!
2) easy to program
3) No open ports by default!
That being said, I'm personally not willing to say with 100% certainty that OS X is "immune" to viruses and worms like this. What if OS X was on thousands of desktops in each big company, like windows is? Imagine all those dumb, untrained users sending each other arbitrary executables... combine with ease of programming from #1 above... yeesh...
So join the crusade. Give your mom a mac!
A Multiplayer Strategy Game for Mac OS X, Windows, and Linux
And if you can't stomach the thought of ditching ms and switching to Linux/FreeBSD, then you could at least ditch those ridiculously compromised default email and internet clients and switch to something like Opera and Forte Agent if you want proper support or else go with the multitude of OSS solutions and rely on support via newsgroups and mailing lists
The biggest problem these days is not the actual MS Windows OS, but what gets bundled with it...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
Macs aren't "vaccinated" against Windows-based e-mail viruses or worms.
Saying Macs are "immune" in this case is about like saying my car is immune to Polio. It just doesn't apply in this case. Macs won't be "immune" to Mac-based viruses, when they come along.
Anyone dumb enough to launch an executable e-mail attachment without first virus-scanning it is dumb enough to do it on any platform they run. Bragging about Macs not being susceptible to this round of viruses is merely bragging about how few Macs there are, and how it isn't worth the time of the virus-writers to make Mac-based viruses. Whoopee.
I'm still saving up money for a G5, though it has nothing to do with how susceptible to viruses it is or isn't.
Wrong. A virus that exploits a cross-platform program such as Mozilla can infect multiple platforms.
A well-known class of Win-Mac viruses are the Microsoft Office macro viruses. MS Office is available for both Windows and Macintosh, and the versions for both platforms accept the same documents and viruses. With so few Mac-specific viruses available, these macro viruses were once the biggest threats to Mac users, but only those who had certain Microsoft programs. Now these viruses are forgotten as newer Office versions protect against macro viruses.
==========
There are two types of people: those who are in the world, and those who aren't.
I don't get all these nasty comments about Macs. I don't actually own one, been a Linux user since 1994 and before that I was a SUNOS guy. Never really liked Macs but I could see that people found them easy to use so that was fine. OSX is by far the best of both worlds, my next laptop is almost certainly going to be a powerbook, doesn't mean I won't continue to like Linux, its all UNIX, its all good.
The one thing I find odd is the lie that is simplicity. Macs are a doddle to use and yet they are clearly also nice secure systems. Windows is less easy to use and yet easier to write viruses and trojans for. Chewbacca defense? It does not make sense! If Macs were as common as PCs they still wouldn't suffer the same level of viruses and worms as Windows does. Same is true for Linux. Besides which, what if we had 25% Windows, 25% Linux, 25% Macs and 25% others. I bet Windows would still have by far the greatest number of viruses etc.
Cool off guys. Macs are good. Its all UNIX and that is good. A little bit more of this and Windows will be the minority just as it should be.
"I have the attention span of a strobe lit goldfish, please get to the point quickly!"
Mac's seem to be immune from viruses not because Mac's are totally secure, it's due to the fact that the clowns that write viruses HATE Microsoft and want MS to look bad. Every OS has holes of some sort. No software is perfect.
"Patriotism is supporting your country all the time, and your government when it deserves it." Mark Twain.
Actually, we have fun at work with all the viruses and worms. I have my TiBook at home and don't really care about anything (obviously). Here at work I'm using Windows. Every time an email comes in, me or my officemate will read the subject name and who it's from and then try to guess what the contents are. "Generic Viagara" is a common one. Then if there's an attachment, try to guess if it's a .pif or .scr. You should try it. And then go home, hop on your Mac, and be productive again.
"He uses statistics as a drunken man uses lampposts...for support rather than illumination." - Andrew Lang
"It is our blasphemy which has made us great, and will sustain us, and which the gods secretly admire in us." - Zelazny
What I wouldn't give for a shiny little app that identifies these and autoresponds to the postmaster and abuse addresses with "I'm on a Mac, you insufferable bint. You're a sysadmin, for god's sake. You should know that SoBig.F spoofs the FROM: line. I am not infected with this virus, you are dumb, and I have notified your superiors that you have absolutely no clue as to how to run a mail server and that you should be fired. I hear the U.S. Army is hiring."
They could call it iSmackYouUpsideTheHead.
Obliteracy: Words with explosions
Anti-virus software maker Sophos PLC's Graham Cluley told the Sun's Zeiler that Macs have "no more inherent security" than their PC counterparts, it's just that they've failed "to capture interest" among the creators of these viruses.
The Unix/OSS security model in OSX (and lack of Outlook type automatic unsecure scripting) is not the only protection. This exists in Linux and BSD et al also. The use of x86 machine code in buffer overflow attacks will not work on PPC or Sparc machines.
I'm immune too, because my computer was patched long before the virus was released, and I'm not stupid enough to open .pif, .vbs, .bat, .cmd, .lnk, .exe, .scr, or .com files that came in an email.
I used to bulls-eye womp-rats in my pants
(Yes, I know -- mod me down because I won't drink the Kool Aid... but I -did- just order myself an iPod for use with Linux.) :-)
From another article I read a week ago. The 50 was really for OS 9 and earlier. The old OS is a very insecure OS, with little interms of memory protection, and multi-user access levels, but was left alone given low usage levels.
OS X however inherites from BSD, so it also inherited all the fixes to past problems in BSD, which is mainly used as an Enterprise Unix solution. And also keep in mind it is a new operating system, version 10.2 has only been around for just over a year. That said, it does come with a more secure default configuration, with most services disabled by default, which is the weakness of most Unix and Linux systems, since they're usually deployed as servers and have most of their services on by default.
Mac OS X uses micro kernel technology. This provides better memory protection between applications, and the ability to sperate the OS into different components and levels. This becomes key when updating the OS. Most updates, since it does not involve the micro kernel, a complete system restart isn't necessary. The micro kernel will continue to run while the rest of the OS is patched in restarted, reducing start up time for kernel updates.
With so few Mac-specific viruses available, these macro viruses were once the biggest threats to Mac users, but only those who had certain Microsoft programs.
What kind of Mac user are you, to imply that we would use MS Office?
Seriously though, you are correct. That was the primary reason why I shifted away from using MS products as soon as I was finished my university schooling. Abstinence is the best form of prevention.
"Smart is sexy." -- D. Scully ("War of the Coprophages")
Us Canadians enjoy english.
:-)
Even in Quebec?
Tk
At some point, somewhere, the entire internet will be found to be illegal.
I run a small on-site computer consulting company, and a local station (KOIN-6 in Portland) called to ask if they could come along on a service call to remove the worm, and film it (with the client's permission, of course.) So I found a client willing to do it, and met the news people there.
As part of the (short) interview, they asked how to avoid it, and I mentioned that Macintoshes and Linux machines were immune. That made it on the news. (Along with very little else of my interview.)
Another non-functioning site was "uncertainty.microsoft.com."
The purpose of that site was not known.
Would it not be possible to write a virus in AppleScript that took entries from the AddressBook and used them to send itself out to the rest of the world via Mail.app? Legitimate question. If the answer is "Yes" then why is Mac OS X more resistant to viruses than Windows/OutLook? Could it be that Mac OS X is only like 2% of the market and thus not a significant target?
Stuart Eichert
Or protect you from stuff on the web (popups, pop-unders, RPC worms) People want convenience, and that runs against security.
Ok, no more email attachments, of any kind. Also, since your web browser can cause popups, no more web browsing. And, since your unpatched Windows computer will let RPC calls on it, no more PC for you.
Ladies and gentlemen: computers are complex machines. Much more so than your car, for example. However, you need some form of training to operate a car. Why do people think they can just go to a store, buy a box with some electronics in it, and have everything they want and nothing that they don't want? It's a tool. Learn to use it properly. If you hit your thumb with a hammer, you don't blame Stanley. </rant>
Overrated / Underrated : Moderation
thus its clear MS is cavelier.
On the other hand keeping unix secure is truly hard work. there are lots of dark alleys few sys admins really know about and the development is distributed so one has to trust an awful ot of people.
I fear keeping my linux systems patch and basically just rely on aa fire wall.
with macs I know that 1) a single entitiy has considered the system as whole and tries to keep everyone having the same config (redhat susue, united linux encourage highly modified configurations). and 2) because of this and their large commercial market share they have an excellent pathc distribution system that does not seem to break your computer.
thus macs I think actually have reasons they are more secure. and I believe apple is managing security better than MS.
Some drink at the fountain of knowledge. Others just gargle.
Am i the only one that thinks this article should be on the front page?
Big red concentric circles - traditional target
At 10 'oclock - Mac OS X logo
At 2 'oclock - Tux
At 4 and 8 'oclock - Darts with a virus and a worm riding them
Dead center - the Windows logo
Across the bottom - Move out of the bullseye!
A simple, accurate description of the main reason you're safer Anywhere But Windows.
To a Lisp hacker, XML is S-expressions in drag.
By all means get your Mom a Mac but don't let Mac OS 9 and previous lull you into a false sense of security. The notion that Macs are a nice safe place to avoid virii and worms is obsolete. With Mac OS X Mac's are now much more vulnerable and a highly inviting target:
(1) They have excellent remote user capabilities. This not only aids in compromising the system but it's Unix nature makes it an excellent place to run various hacking tools from. An excellent proxy.
(2) They have very poor administration. Few Mac users, hell few Linux box owners for that matter, are capable administrators. There machines are as vulnerable their last Software Update as last weeks update shows: "Today, Apple released Security Update 2003-08-14, which 'addresses a potential vulnerability in the fb_realpath() function which could allow a local or remote user to gain unauthorized root privileges to a system.'"
These two facts will draw much more attention to Macs by virus and worm authors.
Macs derive some benefit from their approach to "administrator rights". I've got them, but to actually do anything, I need to type a password.
On Windows (at least W2K) if you need administrator privileges, then they're on all the time. Accidentally run a virus while in administrator mode, and it gets to use those administrator privileges, too.
Well, the Mail.app client which most MacOS X users use doesn't automatically run executable files like Outlook runs those .pif, .exe and .scr files.
Hence, while it is possible (and easy) to write a virus for the Mac, it's more difficult to spread it -- that's my impression, anyhow.
I've never, ever, ever got MacOS X virus...there has to be a reason, and I think this one is it.
This point was argued today on another list. I think it is of merit for discussion here:
I may be the Last person in the world to defend M$, but is it not the fact that M$ OSes are the most prevalent, that causes the virus writers to exploit their
weaknesses?
NO.
I worked in Academic Computer Services at my college last century and when virii came out for macs with an exploit, Apple patched the system so that they were not able to leverage that exploit (where possible) in the next release.
Init 39, scores, nVir and MDEF and WDEF virii are the ones I encountered.
Nothing happened from Microsoft. It's like shipping a barn with the barn door locked open. These systems were exploitable BY DEFAULT and it was a SIMPLE MATTER to ship with many of the doors closed.
Now I am referring to exploits that do not really require deep code experience to perform. A much lower skill level was needed to take advantage of many MS open holes. Someone using VB could write an email virus.
It was not the case on the mac in those days, it was harder to write a virus.
It was literally sickening to watch. There were so many simple open areas that any bored teenager could take advantage of.
I performed the virus protection for the Mac and PC clusters (and sometimes VAX) so I know this firsthand.
There are about 70 THOUSAND pc viruses. There are about 50 mac viruses.
At my house, I ran my mac server for about 3 years without a firewall, someone probably hacked it once but I just rebooted it. There were many many attempts to access formmail.cgi and run many windows infection routines - but I chose to name my hard drive something I wanted. This alone made the pathname invalid - let alone I was running on a mac. SIMPLE THINGS like being able to call your hard drive whatever you want made it harder to assume a path to sensitive information that could be exploited.
The lameness of windows and lack of response from MS and their ignoring their obligation to provide simple security to their customers has disgusted me about MS for a long time.
- Zav - Imagine a Beowulf cluster of insensitive clods...
True, but only to a point.
The earliest macro virus, concept (1995), ran rampant on both Macs and PCs (despite the fact that MS Office 4 for Mac was a Piece of Sh*t) before Office had macro detectors.
Since then, almost all macro viruses in Word and Excel documents create havoc only on Windows operating systems because the viruses make procedural and path calls that work only on Windows, such as going to a directory path on C: drive, or activating a function that requires the full Visual Basic or ActiveX functionality found in Windows but stunted or non-existant in the Mac version of Office.
The Mac version of Office screams bloody murder when it detects macros and warns the user. If a modern macro virus is let to run on a Mac OS system, it fails to run or runs only to a point.
A point that should be made throughout all this virus hoopla is that while Macintosh users are generally immune from any direct attack from PC viruses, a Macintosh user can be a "typhoid Mary" style carrier by passing along a virus from an email or infected file. Also, due the SOBIG virus and BLASTER, everyone, including Macs, suffer from the Internet slowdowns that affect the servers that manage it, as well as intranet slowdowns in businesses.
Vos teneo officium eram periculosus ut vos recipero is.
The Mercury News article quotes Rob Enderle, president of a 'technology research firm' as one of it's sources. A quick google search on this guy reveals he does nothing but generate quotes for news articles.
I did finally turn up some background on him here. He has a background in marketing, and market research into Microsoft products and trends. He actually has the distinction of being the most widely quoted analyst one year!
Not someone I'd consider an expert on viruses, or the internals of operating systems.
www.lucernesys.comHorizon: Calendar-based personal finance
No, IDC's numbers actually are not based on sales. I used to work for Red Hat and went to a couple of the presentations that IDC gave to senior management, where they talked about the difficulty of measuring usage of a free OS. They described their methodology, which consisted of polling and sampling from multiple sources.
It's not perfect, but I'd bet that their numbers are within 20% of the actual usage.
"It is our blasphemy which has made us great, and will sustain us, and which the gods secretly admire in us." - Zelazny
So not only is my Mac immune to Windows viruses; it also helps those viruses destroy Windows machines?
So what's the downside?
"The point is that Mac OS X boxes can get root'ed and Apple releases updates to prevent this periodically."
You miss the point in reply. Mac OS X out of the box CAN'T get root'ed because the root account is disabled.
The only way (I know of) to enable it is through the GUI. You must launch "NetInfo Manager", then authenticate as an administrator. You can then choose the option to enable the root account and enter a password.
Along with the root account being disabled, just about every server/service not necessary for the GUI is diabled. CUPS is perhaps the only thing running by default that's even close to being remotely exploitable.
"The next exploit could be in something as common as Safari (default web browser)"
That would not be a virus, that would be a trojan. Trojans require uninformed users to do something silly like run code from an unknown source. Apple's update system prevents that.
The fact is here also that a: root is disabled in the default install b: the users don't run at even the admin level by default. So if you were to launch a trojan it could ONLY ravage your own home directory and perhaps be used in DDOS attacks, spam, worm propigation and exploit searches. To be successful at that, the thing would probably need to save off a binary executable and fork it as a background BSD process.
I consider trojans to be more on the level of having physical access to the machine (just you do it by proxy). A trojan is not a remote expoit, not a virus and not a worm. The simplest way to catch them is to have a process check for any files having their execute bit(s) toggled and prompt for authority. that would pretty much leave an interprited type trojar in Perl or TCSH, which can be run without the execute bits being set.
Article X: The powers not delegated... by the Constitution...are reserved...to the people
I didn't see anyone pointing out that Apple has an excellent automated software update mechanism in place, which by default looks weeky for updates and asks if users want them. If you hit return rather than cancel, you get your update. No sysadmin assistance is required, but that factor in Mac adoption is another story. Some users will reject an update because they don't want to take the chance that it requires a reboot (most security patches do not, but other updates often do). But at least during virus scares, the updates are likely to be accepted. If Macs were more common, it seems like the necessary updates would be in place more universally than they are among Windows users.
Can anyone comment on how effective the comparable process is for PC, Linux, Unix, and whether there is a differential between these and the Mac update process?
ThosEM