Macs May No Longer Be Immune to Viruses

Bill writes "MSNBC reports that the combination of Apple's growing market share and their recent switch to x86 processors has made Mac OS X a new target for viruses. Unfortunately, it seems that many Mac users are in denial. '[Computer security expert Tom] Ferris said he warned Apple of the vulnerabilities in January and February and that the company has yet to patch the holes, prompting him to compare the Cupertino-based computer maker to Microsoft three years ago, when the world's largest software company was criticized for being slow to respond to weaknesses in its products.'"

Heh.

[c0l0]

One might wonder why this (non-)story is featured on the front page of MSNBC... ;-)

Re:Heh.

[h4rm0ny]

Yeah but don't worry - did MSNBC just report that Macs were gaining market share? Whoops. ;)

Switch to Intel

[pryonic]

I can see how the increased market share would make them more of a target, but I can't really imagine how the change in CPU would. The vast majority of x86 viruses target Windows using very specific windows API functions or by patching Windows components. If a writer is targetting a x86 Mac, how does the CPU matter, it would just be compiled for that processor.

Maybe we'll be seeing x86 and PPC virus fat binaries?

Re:Switch to Intel

[Whiney+Mac+Fanboy]

I can see how the increased market share would make them more of a target,

The ability to run Mac OS X in virtual machine lowers the barriers to entry to test exploit code from $2000 to (effectively if you allready own a PC) $0.

The intel transition makes it cheaper & easier for crackers, phishers, etc to develop for OS X. (As well as making assembly easier to port).

Its about making it easier to port exploits rather then having fat binary viruses.

Re:Switch to Intel

[Rosyna]

I can see how the increased market share would make them more of a target, but I can't really imagine how the change in CPU would

The Harvard architecture that the PowerPC uses is inherently more secure than x86. A remote exploit on running code has a very low chance of working on the PPC, but nearly a 100% chance on the x86 (which is why all these IE exploits work all the time). When they fail to execute code, the PPC application just crashes. I'd think if someone went to a place that causes their browser to crash 10 times in a row, they'd stop trying to go there.

Then again, Apple has taken massive steps on the x86 side to prevent these kinds of attacks. Such as enforcing the NX/XD bit and enforcing a non-executable stack. The former goes a long way, it was even able to prevent the WMF exploit from working on Windows, if it was available in hardware. Luckily, all ICBMs ship with the hardware support.

Re:Immune?

[Scudsucker]

It's just that most virus writers don't give a crap about Macs.

And the fact that Macs never had Outlook, the PC version of Internet Explorer, Active X, ports and services open all over the place, or piss poor priveledge seperation. That is why Macs don't have viruses (Linux as well, for that matter), not because of market share.

Re:Gosh, it does sounds like MS.

The advisory is from 9 days ago. It is from a company that would like to sell you stuff related to its advisories. No known instance of the alleged flaws exist publicaly. The descriptions of the flaws do not support the conclusion of either a DOS attack being possible or compromising of one's system. As such, I invite you to use this flaw to do anything to my Mac.

Or, even present me with a URL where I can observe the alleged flaws in the wild.

Your handle, Whiney Mac Fanboy (963289), should be a tip-off that you are not posting about this matter in good faith.

Re:Article is a troll

[rolfwind]

The $2000 barrier to entry you used to have to pay to use OS X (and test exploits against it) no longer exists, if you don't think that makes a difference to hackers (many of whom are in far less afluent countries then you), then quite frankly, you're insane.

I suppose you haven't actually checked the Apple Store the last few years. The barrier of entry has been around $500-600 the last few years. Unless haxors absolutely need l33t 15" Powerbooks instead of a mac mini.

And on that point, wouldn't some haxors love to also be one of the few to make a sucessful virus/trojan/etc OS X or Linux (where's the barrier of entry here?) instead of one of the few thousand for Windows? I thought prestige was some sort of motivation. Pff.

Experts eh?

[Keen+Anthony]

Apple's iconic status, growing market share and adoption of same microprocessors used in machines running Windows are making Macs a bigger target, some experts warn.

Sadly those "experts" could not be reached for explanation because they were out buying antivirus software for Linux and FreeBSD - cause, you know, they're both iconic, have a growing market share, and run on the same microprocessors as Windows.

"They didn't know how to deal with security, and I think Apple is in the same situation now," said Ferris, himself a Mac user.

Sure, being a minority OS does mean fewer virus writers targeting the Mac, but Mac OS X has been cool for a few years now, and I'm still waiting for those dangerous viruses. I'd say Apple knows a little something about dealing with security - certainly enough not to pawn off the responsibility to the antivirus aftermarket.

The Mac's vulnerability could also increase as Apple transitions to a product line that uses microprocessors made by Intel Corp., security experts said. With new Macs running the same processor that powers Windows-based machines, far more people will know how to exploit weaknesses in Apple machines than in the past, when they ran on the PowerPC chips made by IBM Corp. and Motorola Corp. spinoff Freescale Semiconductor Inc.

Who are these security experts, and do they work weddings and bar-mitzvahs too? Since when did familiarity with a microprocessor lead to intimacy with an operating system. There's so much I still don't know about BeOS and I've written assembly on PowerPC and x86. The vulnerabilities described in the article may be found here. For the most part, it looks like flaws in the way Safari and Preview handle GIFs, TIFFs, BMPs, and bad ZIPs can cause an application crash, and *possibly* allow code execution (even via certain malformed HTML tags). I've had corrupt graphics files and zip archives crash Preview and Safari in the past, but never any virus-like behavior. Still, it's a good thing to note, but the reporting could have been much better.

Re:Macs have never been "immune" to viruses

[JulesLt]

Incorrect. OS 9 and prior certainly had viruses, despite a market share comparable to OS X based machines. Not as many as Windows, but enough to cause problems for Mac users. Hell, I remember virus problems on Macs when the only way of distributing a virus was by floppy disk and the operating system was held in a ROM.

OS X is substantially more resistant to virus attack than all prior Mac operating systems, and most default Windows installations.

That doesn't mean it's 'immune'. Equally an increase in popularity will almost certainly raise the threat level - but that doesn't change the fact that the underlying system provides better protection by default. Failing to be 'immune' does not mean 'equally vulnerable'.

The default installation implements much of what corporate Windows admins have to implement to secure a Windows system / will be implemented by default in Vista.

Obviously there are other Unix systems that are still more secure - some security has been sacrificed for ease of use. It would be much more secure if new startup services and firewall changes had to be manually configured - but users won't stand for it. (Hence why we got in this mess in the first place).

If there is a virus out there...

...why won't they tell me what it is?

That whole article is based on one key event. Mac users did SOMETHING, and got a virus that did SOMETHING. What did they do? And did it involve giving an admin password?

If they have a story, why aren't they telling it?

The argument about market share is just stupid. In order to write a virus you have to be something of a programmer. In order to write a Mac virus you have to be a Mac programmer. And who becomes a Mac programmer unless they like the Mac platform?

There are plenty of people working on Windows who hate and despise it. They work on it because there's lots of work out there. There aren't a similar number of people working on Mac who hate Mac OS.

Anti-virus company campaign propaganda

[bananaendian]

What? So Macs were immune against viruses?

Seriously, it's way too easy to have a go at this MSNBC BS. What is more worthy to note is the frequency and desperation with which these articles keep appearing, claiming sleeping beauty mac-users are in imminent danger if they continue to refuse to take part in the virus paranoia of the Windows world.

I have been using W2K with no anti-virus software for years with no side effects. Sadly and with amusement do I follow the antics of my fellow XP users with their shiny anti-virus crapware popping up redundant warnings and notifications and slowing the machine to a crawl. And to top the irony they have to turn off anti-virus whenever they install anything or run certain software. And when you go to your workplace or school the machines there have been made almost entirely useless by over zealous protection software.

Having a go at Macs for security is either stupidity or plain propaganda. Security doesn't come from anti-virus programs. It comes from the underlying architecture of the OS and the third-party software having to comply with the security principles of the underlying architecture. Anti-virus software only protects the computer against clueless users and thus it can be claimed that any computer/OS architecture requires some.

And as for the age old user base threshold argument I'm still waiting. OSX has been for some time the most common UNIX based OS. It is remarkable how little vulnerabilities have been found considering the amount of software and services running on OSX by default. Thus, comparatively, statements involving OSX and poor security continue to be plain ludicrous.

As for me I'll merrily continue running my apparently 'immune' W2K box (behind two tailor made firewalls) and wave my greetings and encouragement to my fellow mac users.

well duh!

[john_uy]

no system is 100% virus free. there may be systems that have probability that is very low.

people supporting alternative systems such as linux and unix (including mac os), etc. should avoid claiming they are not able to be infected with virus and worms. such false advertising may cause people to abandon the adoption at the end because they will just think "hey, why spend all the fuss when you get the same problems.)

ignorance is the problem. education is the solution. it may be easier to avoid getting worms and viruses in linux than windows but educating a user might be able to avoid the same with windows as well.

The never were immune

[Vexorian]

Although the article claims that they may no longer be immune, the reasons it states are that the mac market has grown which is equivalent to saying that the reason no one made viruses for mac before is that hackers didn't give a crap.

well oh well

[zpok]

I've been running sophos anti virus software on my mac since, well, since they became available. Thing is, apart from updating itself once in a while I haven't had ONE virus showing up. Every now and then I even scan my system. Just for kicks (I'm easily excited).

Apart from all the other "usual crap", I wonder how this type of articles make it to mainstream news outlets. Even Steve Jobs' brand of underwear would be more newsworthy than this kind of FUD.

There is - like in most of this type of journalism - no real defense against it. Whatever argument you use against "two guys encountering something weird" in "serious news outlets", you must be a mac zealot in denial. Right?

That is very similar to cell phone viruses hype

[S3D]

Antivirus vendors are looking for new markets to expand. Especially with looming Microsoft extrance into anti-virus market.

re: Why? One good reason....

[King_TJ]

It's important to "throw poorly researched stories to the wolves" once in a while, so people can pick them apart.

I, for one, am happy when Slashdot finds these stories with ridiculous claims or patently false information and brings them to our collective attention. Otherwise, as an I.T. professional, it can become really frustrating when a client drags one of them out as ammunition to back up a potentially bad business decision. If you're previously unaware of such an article and it suddenly gets thrown in your face - you're put on the spot to defend against it.

The point of the article...

[SiMac]

"The bottom line is we still feel more comfortable using a Mac than a (Windows) PC," said Alan Paller, director of research for SANS.

But as Daines can attest, there are no guarantees.

"We're all sort of waiting with bated breath to see if any problem will happen and the jury is still out," said Thayer, the independent security consultant. "I don't think you'll find a consensus."

The article seems to be saying, "look, two people with Macs got infected with a virus! Now Windows is more secure than the Mac." For some reason, I trust the director of research at SANS more than this British chemical engineer or the "independent security consultant." Macs have never been immune to viruses, it's just that there are thousands of times fewer Mac viruses than PC viruses. And this is still the case.

Re:Car thieves steal Accords because they are comm

Real car thieves respond to market forces and steal the car that either needs the most repair parts or will sell the easiest on the black market. For a while, Hyundais were a popular theft car, not the most popular on the road, but needed the most parts...

Re:Immune?

[stefaanh]

I don't agree.

Virus writers, malware and adware writers are not that different from burglars.

Nobody claims Mac OS X or Linux to be super secure. Especially not Apple or any engineer for that matter. Hence the number of security updates. But the process is very transparent for everybody, user, engineer, hacker or cracker.

Of course social engineering works regardles of platform.
I agree that the number of infections has to do with the popularity of the platform.

But the speed and the ease of infection has to do with the platform.
I still think that most crackers are lazy, and take the road of the least resistance, just as burglars do. (To answer another post here: The Honda Accords with a poor alarm system will get stolen first.)

Overall, it is easier to compromise a Windows platform than a Unix platform.
And after all many of these problems, although application specific (eg. Outlook), exist because of architectural (read: OS) flaws.

Most kind of attacks or hijacks indicate that Windows gives instant cracker satisfaction and "reward".

The one example you mention, is still only a social engineering hazard, where the user is responsible for what he allows to run on his system. At least on a Mac for instance, out of the box, no app has access to the system without an explicit confirmation of an administrator - which I think is the least Apple could do to protect the user from her/himself.

It still can get a lot better.

Let's hope that computers get safer - and users more aware of the dangers that lie in trusting this technology.

Re:Article is a troll

[jimktrains]

Quite a few of my friends use macs, and they are not coputer geeks. They are like joe smoe windows user, basicly.

Let me tell you, they get freaked out and call me ANY TIME the "enter your admin password" box comes up. Even if I'm AT their computer they don't like me doing it (well, have them enter their password for me) and I get a bizillion questions.

And no, I never told them to be aware of this...

I think many non computer literate users don't like something that is not ordinary or looks like they need to enter a password for something that they didn't themselves do.