Macs May No Longer Be Immune to Viruses

Bill writes "MSNBC reports that the combination of Apple's growing market share and their recent switch to x86 processors has made Mac OS X a new target for viruses. Unfortunately, it seems that many Mac users are in denial. '[Computer security expert Tom] Ferris said he warned Apple of the vulnerabilities in January and February and that the company has yet to patch the holes, prompting him to compare the Cupertino-based computer maker to Microsoft three years ago, when the world's largest software company was criticized for being slow to respond to weaknesses in its products.'"

Immune?

[Red+Samurai]

They never were immune. It's just that most virus writers don't give a crap about Macs.

Re:Immune?

[stefaanh]

Otherwise said:
Burglars break in houses with the most vulnerable alarm system, not because of the popularity of the alarm system.

Re:Immune?

[squiggleslash]

Burglars aren't virus writers. They burgle specific homes they choose in advance.

If you were to build a robot that simply burgles as many homes as possible, using each home as a launching pad to burgle other homes, then... ok, this analogy doesn't work to begin with, and I can't see a way of stretching it to actually work. Bad analogy. This is about virusses, not about burgling homes.

If you write a virus, you most certainly DO aim it at the most popular platform amongst those it has to contact to spread, especially if all the other platforms combined don't even reach 10% of the market, unless there are serious mitigating circumstances. Computer virusses work more or less the same way as the biological equivalent. If it affects only a small percentage of the population, such that most people exposed to it will never be infected, and never spread the virus, then it has little chance of actually working.

A Macintosh-only virus will find that, on average, 90% of the computers it tries to reach after infecting the host Mac will not be compatible. They will not spread the virus at all. I don't know of anyone in my address book who actually owns a Mac, and the chances of there being many within my IP block are low. So should one infect my Macs, those will likely be the only Macs they infect, the virus going dead after that. It might work in small communities of Mac users, but any isolation they have will kill the virusses chances of moving outside of that community.

The reason the Mac hasn't encounted virusses so far has to do with that and not any bollocks about it having a "superior security model" or Apple taking some kind of pro-active attitude towards bug fixes. The truth is that all versions of Mac OS X periodically get Security Updates. The truth is that Apple's attitude towards security was so poor until recently that you could install an application on a user's PC and associate it with any file types you wanted simply by redirecting their Safari-rendered webpage to a .zip or .sit file containing the app. The truth is that Apple's "security model" consists of periodically asking you for a username and password with no validation provided to YOU that proves the application asking is actually what it claims to be in the first place. The truth is that it remains the case on both platforms that anyone can run any application they download without an admin username and password, and at minimum, that application has access to the user's files and are able, by default, to access the Internet, and if it's able to get the admin username and password, through trickery or however, the app has complete control over the user's PC. The truth is that a program can easily pretend it's just another JPEG in a .zip file, just by chosing the right icon. And the truth is that Darwin's lack of fine grained security means it has a limit to how secure it'll ever be.

The vast majority of successful "virusses" for Windows rely on social engineering to launch an application to begin with. They're not based upon real holes. They're based upon the same principles that work with every OS. They don't work for Mac OS X not because they can't work in principle given Apple's security model, but because 90% of the people receiving the trojan would never pass it on, and some might even respond to the infected victim who "sent" it with "Dude, I got all those pictures, but what's that "PCN0006.JPG.app" directory in the zip file?"

Re:Immune?

[Catbeller]

So. Where are the viruses, then? It's been at least five years.

There aren't any. That fact alone would be a challenge to a malicious hacker. The first successful writer of Mac viruses would earn enormous respect.

And it hasn't happened. Either the virus writers are idiots, or it can't be done.

This story is FUD based on the evidence. The article is spreading -- the article is the true virus. Microsoft and its little family of corps are at it again.

Again, a total non-story

[mstroeck]

Why does Slashdot continue to post Apple-related non-stories? Every time Steve Jobs farts or some idiot proclaims the coming Mac-Virus-Mayhem (tm), Slashdot takes the bait.

This MSNBC(!) story contains no facts whatsoever. No piece of significant OS X malware has been discovered so far, and I believe it's highly likely that there won't be any in the immediate future. WTF does the Intel switch have to do with that?

Forbidden Fruit

[LiquidCoooled]

Anyone knows you don't get something for nothing.

Viruses for all different operating systems exist.
There are holes and exploits for practically everything known to man.

Now, if I walk into the dodgiest parts of town (with my turtle neck sweater on) and ask the shady guy at the street corner for a forbidden secret preview of the next big thing do you really think I will survive with the same number (and size) orifices as I started with?

Once you leave the beaten track, you cannot be sure what lurks in the shadows.

Re:Macs have never been "immune" to viruses

[Scudsucker]

Nor even markedly more resistant. They have just been less targeted.

Nonsense. Microsoft is the target of viruses and spyware because of Microsofts moronic design decisions and security policies, not because of marketshare.

mixed article

[gmccloskey]

No-one can deny that with growing popularity of OS X that it becomes an increasingly attractive target. Malware writing works on similar economics to regular software: this implies that malware will exist but be a niche deployment. So it is a concern, but not the end of the world, or of Apple, as the world likes to regularly predict.

The article was mixed in accuracy. Many Mac users believe themselves to be invulnerable - the truth is they are currently /less/ vulnerable than the mainstream desktop OS. The thesis that using an intel processor increases security risks is not true - OSen don't allow direct hardware access as such, and how many script kiddies write x86 microcode?. Running Windows on a IntelMac may potentially increase security probems, and reduce the Macintosh (not OS X) brand reputation for security. It depends on how the 'wall' between x86 file access and OSX file access is implemented.

Nothing in IT or anywhere else is 100%. Currently OS X is more secure in many areas than its competitors. To maintain or improve on this, constant vigilence and innovation are required by Apple, ISVs and most importantly users.

cha-ching

[St.+Arbirix]

I wonder what percentage of some anti-virus software company's profits are a direct result of this article.

I'm in denial about invisible pink unicorns too. Put up or shut-up.

Re:Macs have never been "immune" to viruses

[strider44]

I'm calling bullshit on that. True, Macs haven't been tested with a huge market share like Windows has, but you seem to be using that as proof that Macs have as bad-a security model as Windows. My favourite analogy to this is asking which one is more bulletproof, an apple or a kevlar vest. You'd shoot the apple into smitherines then say "Obviously the kevlar vest would crumble similarly if I shot it therefore neither are bulletproof".

You're right that they have never been "immune" to viruses. I don't expect you to say something stupid like that *nothing* is immune to viruses unless you can successfully hack my hello world program, but macs definitely aren't. That doesn't mean they're as bad as Windows though, so if you say something like "Nor even markedly more resistant" how about you back up that comment...

Re:Gosh, it does sounds like MS.

I'd take an Apple spokeswoman's word over Tom Ferris's word. He's fairly good at finding crash bugs, but he frequently reports zero dereferences as "buffer overflows", etc. See his record in bugzilla.mozilla.org, for example, starting with bug 303433. I have no idea why the media keeps calling him a security expert.

Re:Switch to Intel

[jcr]

Of course, beyond the code-level measures that Rosyna mentions, there is also the fact that the Mac, as shipped, is vending NOTHING. Rather hard to get the runaway propagation typical of a windows virus outbreak, when each user has to explicitly open each port.

-jcr

Re:Macs have never been "immune" to viruses

[nathanh]

Nonsense. Microsoft is the target of viruses and spyware because of Microsofts moronic design decisions and security policies, not because of marketshare.

Nonsense. Microsoft is the target of viruses and spyware because of Microsoft's moronic design decisions and security policies AND because of marketshare.

Virus writers are writing viruses to make profit; either by stealing information, creating botnets, or proliferation of unwanted advertising. They make more profit by exploiting more machines, so it's no wonder that the most common OS is also the most targetted.

The fact that it's so trivial to exploit Microsoft software is purely because of the moronic design decisions and security policies, not because of marketshare. But the fact that Microsoft is so frequently the target of virus writers is a function of marketshare as well.

Re:Article is a troll

[Deorus]

> What a load of rubbish - viruses infect via operating system and application vulnerabilities, the chipset those are running on has very little relevance.

No, the article points out what I thought was obvious.

To write a worm/virus you actually need to know how to assemble on the target architecture for at least two reasons:
  1 - The first thing you do before attempting to exploit a crash is to debug it, now how do you debug on an architecture which you don't know? Trying to debug low level code (remember it's precompiled binaries we're talking about here, not scripts) without knowing how to assemble on the target architecture is like running the marathon without a leg.
  2 - If you find a way to inject code you'll need, well... code to inject..., and this code has to be written in the lowest possible level so that you can interrupt to system calls without depending on operating system libraries and avoid specific opcode patterns that would have a meaning to the high level application and prevent your injected code from running as expected.

Taking in account that every geek in the universe knows x86 assembly, if you think for a while you'll realize that the architecture switch makes OSX much easier to debug for the majority of people, and inherently much easier to exploit.

Re:Switch to Intel

[MyNameIsEarl]

Windows can't write to an HFS partition, so no matter what is installed under Windows I don't believe it can touch the OSX part of that hard drive.

User-base fallacy

[Dr.+Brad]

If the installed base size is the critical factor for exploit success, then why are there more successful exploits for Microsoft IIS than there are for Apache?

Take care,
brad