Slashdot Mirror
Apple Quietly Goes After Mac Trojan With Update
Th'Inquisitor was one of several readers to point out coverage of Apple's stealth security fix, included along with the recent Snow Leopard 10.6.4 update. Graham Cluley of Sophos first noticed the update to protect Mac computers from a Trojan, and the fact that Apple didn't mention it in the release notes. The malware opens a back door to a Mac that can allow attackers to gain control of the machine and snoop about on it or turn it into a zombie. "You have to wonder," writes Cluley, "whether their keeping quiet about an anti-malware security update like this was for marketing reasons." While he certainly has a point that Apple benefits by its users' belief that the platform is secure, you also have to wonder whether any such publicity from a security company has a marketing subtext, as well.
Why is the information publicly available? Why would most generic Mac users care to seek it on their own? Should Apple shove it in their face?
It isn't even the first one that apple's built in "detection" looks for in downloaded files, this is the 4th or 5th i think.
OSX is based on UNIX (and is a certified UNIX OS)
Linux is Not UNIX and although compatible is quite different to OSX
I know.. this is Bill Gates and Linus Trovalds secret plot to make Apple look bad. Theres no such thing as mac malware, Steve Jobs would never allow it. He has out best interests at heart.. right.. RIGHT?!?!
Anyways even if there was mac malware, They would be forthcoming, and quit claiming to be malware free... I mean they would never lie or mislead us right.. RIGHT!?!?
Disclaimer to the mac fanbois, if you cant take a joke, don't bother replying.
You are entitled to your own opinions, not your own facts.
trojan != virus
Sometimes a trojan prevents a virus.
Let's face it, most of us are scoffers. But moments before zero hour, it does not pay to take chances.
Trojans aren't viruses.
Please list off all the viruses that will run on Snow Leopard.
Apparently the mods cannot read either.
'Political power grows out of the barrel of a gun.' - Mao Tse-tung
There's no wondering involved. They had a commercial that blatantly said that Macs don't get viruses. Liars.
This may be news to you but trojans are not viruses. There are, in fact, no Mac OS X viruses in the wild. There are some spyware, adware, and trojans but they are few and far between and there is protection built-in to the operating system to deal with most of them.
Saying that Mac OS X does not have any viruses at this point in time is 100% true.
Sapere aude!
I think you don't know what a trojan is. A trojan is a simple program that pretends to be something that it isn't. Any OS is vulnerable to such program because OSes are designed to, guess what, run programs, no OS is that smart to identify if a program is not doing what is claiming to do. (not getting into details, there are way to limit the damage and heuristics, but the main idea is that a trojan is a program that the user is running because he/she doesn't know any better).
Actually the big part of the problem is running programs from random sites on the internet, Linux for example has the advantage that most of the programs come from well vetted sources not from random sites that can be also be subject to phishing.
"It is our choices, Harry, that show what we truly are, far more than our abilities." -- Prof. Dumbledore
We PCs like to hear about updates about malware, trjoans or some new exploit in the system was found, and when a fix is available, because then we are then warned about the dangers of it, and ways to avoid it until we get the fix.
With Macs, it seems they aren't getting a warning at all, and thus, could get into trouble before a fix arrives.
It's good to be a PC.
This is a good opportunity for the world to rethink its perception of what viruses, trojans and the like are. Due to the vast and never ending list of problems and software defects that plague the dominating platform (i.e., microsoft windows) since it's inception and continue to affect it up to this day, the world has been conditioned to think that having a base system with so many profoundly serious defects is somehow acceptable. I mean, these bugs are so serious that they even let other people take over your system, a system that you've paid with your hard-earned money to be able to use as you use fit. Why exactly should this be normal, let alone acceptable?
In this instance we have a very rare glimpse of what the issue of software vulnerabilities is and how it should be handled. A very serious software bug could be exploited by malicious people to be able to gain control of the system and that problem was fixed by fixing the software bug. That is exactly how it should be. Yet, what Microsoft forced us to believe it is the right way of handling this thing is let that security hole stay wide open. What Microsoft forced the world to believe is that you solve the problems arising from any security bug by paying some third-party vendor for a piece of software that monitors your system for a hand full of instances of malicious code that made it's way into your system through those security holes. And this has become acceptable why? It's as you've bought a house with so many holes that could be used by malicious people to enter your house as they see fit and take over it. The problem lies in those holes being there and the problem doesn't go away if you employ security guards instead of plugging those damn holes your incompetent builder left there.
Slashdot, fix your code or at least hire someone who is competent at it to do it for you.
>And before you go back to licking Steve Ballmer's asshole
Apple zealot detected.
So how does Mac "detects" it ?
Does Mac have a built-in anti-virus or do they rely on something simpler like checksums or something like that ?
Anyway, as said in TFA, I guess all MAC users should install anti-virus software. I use clam on Linux although I run no daemon process. I only scan emails or other very suspicious downloaded files and I run a full scan every week during the night. I also rely on common sense and digital signature when I download/install software.
Everything I write is lies, read between the lines.
There's been malware out for mac for well over a year. The big one I run into is a self-decoding shell script that installs a root cronjob to redirect your dns servers. The machines get brought into me because their web browsing has gotten slower, due to the malware dns server the machine is now using being a lot slower than their ISP's.
I've actually ran into ONE example of a mac that was back-door'd, but thought it was an isolated targeted attack. (the victim was "high profile") But maybe it was just an early version of what's discussed in this thread.
BUT, tossing my hat into the ring as to whether or not Apple should be "hiding" the fix... check out the latest security update from Apple. HUGE list of security patches. (over 40?) All with accreditation to the people that brought the issues to Apple. It's not like they don't have issues, and it's not like they systematically hide them. They just tend to fix them very quickly, and have very few (relatively speaking) to fix in the first place. Apple is well-known to include security updates and fixes in their OS updates, they don't all land in security updates. That's all this one was. It's very likely there were a dozen other security-related fixes made in the 10.6.4 update. This one they just happened to notice. Apple just doesn't usually put a security-fix accreditation readme in with their OS updates. Is that the real issue here I wonder?
I work for the Department of Redundancy Department.
My Windows box is perfectly safe because I'm not a moron.
The stories and info posted here are artistic works of fiction and falsehood.
Only fools would take it as fact.
Part of writing serious malware, the sort that uses shellcodes and relies upon particular calling conventions and memory layouts, is very platform-specific. That kind of thing has to be learned anew for every platform one wants to target, often including different architectures of a given OS.
Trojans, on the other hand, are literally nothing other than programs that the user doesn't realize he is installing. They may attempt to hide themselves using platform-specific tricks, but at the end of the day, it's a program written like any other. OS X may emphasize Objective-C and de-emphasize its UNIX underpinnings for many things, but at the end of the day it uses a POSIX API very similar to the one found in Linux.
Hell, I've written software for the POSIX subsystem of NT on x86, and successfully ported it to Linux on ARM, with fewer than one #ifdef per KLOC. I strongly suspect that OS X is a lot closer to Linux than SUA (Microsoft's NT Subsystem for UNIX Applications) is to Linux, yet it wasn't hard at all. It wasn't malware, but if I'd wanted to I could have invisibly slipped it into an installer for some other program and then it would have been a trojan.
There's no place I could be, since I've found Serenity...
I hate story blurbs that suggest the sinister ('one has to wonder!') when the only news is that apple added yet another trojan to it's list of other trojans. If you wanted to say something intelligent you might instead say something like "is apple the only OS that, at the OS level, has explicit trojan filters?" then you could remark about Linux distro's or various editions of Windows or maybe even Baracudda routers or something. But there is nothing sinister here, it's all good. Reminds me of Aharon AppleMcHater over at TGdaily. always the negative spin!
Some drink at the fountain of knowledge. Others just gargle.
Trojans for Macs are really no different than any other OS. It just takes a bit of social engineering or something like that, because a trojan, unlike a virus, requires the user to install it. When you install something on a Mac (and windows depending on your settings) you need to type in a password and specifically give permissions to do so. Mac trojans and assorted malware have been around for awhile. What I'm not aware of are any successful Mac OS viruses in the wild, i.e. a "drive-by" infection: getting infected simply by opening an e-mail or a web page.
I still cannot find the droids I am looking for...
Trojans aren't viruses.
Please list off all the viruses that will run on Snow Leopard.
Mac users are very fond of pointing out this distinction, leaving out that trojans and malware, and social engineering, these days are the overwhelming majority of Windows issues as well. The traditional virus is mostly a thing of the past.
What would you choose?
"Unsinkable" modern passenger ship with no lifeboats or worn African ferryboat with more lifeboats than seats?
There's no wondering involved. They had a commercial that blatantly said that Macs don't get viruses. Liars.
This may be news to you but trojans are not viruses. There are, in fact, no Mac OS X viruses in the wild. There are some spyware, adware, and trojans but they are few and far between and there is protection built-in to the operating system to deal with most of them.
Saying that Mac OS X does not have any viruses at this point in time is 100% true.
Only problem being, by that definition, Windows nowdays doesn't have viruses either. They just have spyware, adware, and trojans. Which work just as well, thank you very much.
So either Apple was lying or they're just as slimy as the used car salesman who'll sell you a lemon on technicalities.
Actually funny you should say that, as I would say that most Windows users would be safer as they know there is malware for Windows and thus are more likely to have AV and Antimal. I had to clean up a few Macs infected with the "Mac Codec" DNSChanger awhile back, and I literally had to take them to a security site and show them a security report saying "This is Mac malware" because they completely refused to believe it was possible for a Mac to get malware, because that was what they had been told so often. One even got irate with me because "WTF is the point of spending all this money buying a Mac and a bunch of new stuff to go with it if I can still get infected!!!". I told him to go take it up with the guys at the Genius Bar, because I just fix boxes.
So I would say, especially with Windows 7 where there are features like ASLR, NX bit, and Windows Defender by default, that Windows users are probably safer because they know of the dangers out there. Many Mac users think they can run whatever they want and do anything because "Macs can't get bugs" and are therefor less likely to have good safety practices like have an AV or worry about updates. BTW all the guys that hope for a "Year of the Linux Desktop"? Guess what inevitably comes with clueless users? Can you say malware and headaches boys and girls? Believe me, I tried converting a "must click on teh pron!" Windows user to Linux once, he managed to break the OS in just three days. No matter the OS, stupid is as stupid does.
ACs don't waste your time replying, your posts are never seen by me.
Don't malware writers turned over to writing malware for profit AND mischief instead of just mischief?
Do non-trojan viruses even exist anymore? Isn't all malware today some kind of trojan?
"This may be news to you but trojans are not viruses."
This may be news to you but I've written several trojans for DOS that were indeed viruses.
You might wish to rethink that statement you just made.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Being open about one's shortcomings is a prerequisite for trust.
I'd rather drive a car that underwent several public recalls instead of a car with defects that the manufacturer kept silent about.
> I think you don't know what a trojan is....
I think you do not know who you are talking to ;-)
More seriously, I agree with what you say although. The best way that I know of to protect against trojans is to verify digital signature as I posted here:
http://apple.slashdot.org/comments.pl?sid=1691914&cid=32627744
Then again, the line is slim between installing a trojan because you think it is iPhoto and installing a program because you are misguided into clicking onto something while browsing the web.
In modern times, the distinction between trojan, virus and spywarre and what not is harder to make. The iPhoto trojan is basically a rootkit. It doesn't matter if you get that rootkit installed by making the user believing he is installing iPhoto or by exploiting something else in the OS, you still end up with a rootkit installed on a remote machine.
As a matter of fact, the hackers will probably find another way to install their rootkit if they haven't already found one. Security is a global topic, punctually plugins holes isn't the way to go although it is required sometimes. Punctually plugging holes is part of a good security policy but it is no policy in itself.
Everything I write is lies, read between the lines.
Every pedant in this thread likes to say that trojans are technically different than viruses.
The kind of person who would buy a mac because they "don't get viruses" would be very pissed after stumbling upon this article and especially this condescending, duplicitous thread.
People from the Windows world know this - the average user dosen't give a shit about the differences between viruses and trojans. If it makes their AV software blink red, it's bad.
remember that one Dr Who episode?
"If I told you everything you wouldn't need to trust me"
I use apple's software update server to distribute patches and updates at my company. I never understood why apple gives us a mechanism to centrally control and distribute patches, but no way to automatically install them.
This is one thing that Microsoft got right. Centrally distributing and installing patches is stupidly easy in the windows world. It pains me to say this, but the lack of automatic patching will bite apple and their users one day.
While we are nitpicking, the Trojans are the good guys. You have to be on the lookout for the sneaky Greeks.
Beware of Greeks bearing gifts! And in all seriousness, using the proper term might cause a few more users to think twice about clicking "Ok" and instead thinking about ancient stories and their modern parallels.
Trojans aren't viruses.
Please list off all the viruses that will run on Snow Leopard.
Well, via Parallels or VirtualBox, one can run the following viruses on Snow Leapard: Windows XP, Windows Vista, Windows 2000... and I am sure others. ;-)
StarTrekPhase2 - The Five Year Mission Continues!
"It doesn't matter if you get that rootkit installed by making the user believing he is installing iPhoto or by exploiting something else in the OS, you still end up with a rootkit installed on a remote machine."
It does matter how the stuff gets installed, it matters if malware gets installed only by browsing a site that has a malicious ad that distributes malware, or the "hacker" needs to convince the user to install a fake iPhoto program. Just like it matters how you get a disease, by having sex or by drinking water, a disease is still a disease, but it matters a lot how it spreads. Wearing condoms won't protect you against water-related diseases.
"It is our choices, Harry, that show what we truly are, far more than our abilities." -- Prof. Dumbledore
I know a guy who made a car that also works as a boat.
Therefore cars are boats. Anyone who says differently is lying,
I don't care if it's 90,000 hectares. That lake was not my doing.
While he certainly has a point that Apple benefits by its users' belief that the platform is secure, you also have to wonder whether any such publicity from a security company has a marketing subtext, as well.
How exactly are these two objectives different from each other?
The kind of user that buys a Mac probably doesn't care about "details".
A virus is called a virus for a reason. It's called a virus because it
shares an important characteristic with biological organisms.
It can replicate itself.
A Trojan is just a stupid program that doesn't do what it says.
Similarly, a Trojan is called that for a reason. You have to go outside
the city walls and drag it back inside your perimeter before it does you
any damage.
Yes, these little "details" like words and terms that have actual specific meaning are important.
A Pirate and a Puritan look the same on a balance sheet.
So youre saying security updates are the lifeboats, and we can judge the security of a program by how many security updates per unit time it has?
thats real good advice, Ill keep that in mind.
...except Windows is automated to the point that "trojans" become viruses.
That is the whole problem that Windows has created and magnified. They
have taken situations that previously didn't have any risk of viral
infection and added automatic execution of random untrusted programs.
It's like having walls that pull through any Athenians or Spartans that happen to standing outside.
Suddenly, the Trojans are wondering WTF is Achilles doing in the middle of the Palace.
A Pirate and a Puritan look the same on a balance sheet.
and thus are more likely to have AV and Antimal.
Ive never understood this. Can anyone explain why there is a significant difference between virus and malware, and why anyone would recommend 2 security programs running simultaneously? Doesnt this run dangerously close to the "2 antiviruses will wreck your machine" line?
Really just sounds like an attempt by security vendors to convince you to pay twice TBQH, last time i checked most of the free AVs made it clear they cover viruses, trojans, worms, malware, etc.
Yes, it's like coppery.
Well, assuming your claim is true, you wrote malware which included trojan and virus features. There are tens of thousands of those on Windows. They can replicate through a variety of mechanisms which don't require users to provide special authorization, or even take any action (viruses), propagate to other systems via network accessible security holes (worms) or trick the user into clicking something (trojans). Perhaps you have an english-as-a-second-language issue, but trojans are still not viruses, even when you link them into the same binary. You might want to rethink that last statement you just made.
If you mod me down, I shall become more powerful than you could possibly imagine.
This may be news to you but I've written several trojans for DOS that were indeed viruses.
A trojan is a program that appears to do something the user desires but instead does something malicious behind the scenes. A virus is a self-replicating bit of code that attaches to executing code in order to replicate.
You may have written a trojan that released a virus but that doesn't mean that a trojan is a virus.
There are currently no viruses in the wild for Mac OS X. Trojans are another story.
Sapere aude!
You an really only go as far as saying "There are, in fact, no known Mac OS X viruses in the wild".
"Saying that Mac OS X does not have any viruses at this point in time is 100% true."
I'm sure that will be great comfort to the victims of OS X malware.
OSX is based on UNIX (and is a certified UNIX OS) Linux is Not UNIX and although compatible is quite different to OSX
Slightly OT, but amusing:
Linux Is Not UniX ia a (near-perfect) recursive acronym.
Crumb's Corollary: Never bring a knife to a bun fight.
Well, you should have mentioned digital signatures anyway. "Well vetted sources" means nothing.
I have no time to argue further whether "how it is installed' matters more than the end result.
Everything I write is lies, read between the lines.
Only problem being, by that definition, Windows nowdays doesn't have viruses either. They just have spyware, adware, and trojans.
Oh really? You mean these aren't viruses?
These all fit the definition of a virus and there are tons more in the McAfee Threat Center.
Sapere aude!
If you're just starting to wonder now then you're gonna be in for a shock. Apple has never been a really transparent company about what they do, and they've always just pushed and bundled things however they like.
The clash of honour calls, to stand when others fall.
Golly, Apple is the only company out there that has pushed an update "...in secret...", so let's bash Apple. Tee hee heee!
Sir, you're never going to get modded up here if you continue to insist on posting clear, intelligent and rational comments that actually discuss the issues involved, backed up by your personal knowledge and experience.
You an really only go as far as saying "There are, in fact, no known Mac OS X viruses in the wild".
Of course! Just like you can say "There are, in fact, no known Flying Spaghetti Monsters in the wild."
Sapere aude!
So, what? It's okay to twist terminology to make it look like Windows is full of holes and Macs are vulnerability-free?
The same types of vulnerabilities and same types of malware exist on both; less of either have been found on Macs, but that's explained by the lower market share. The architecture of Mac OS X may make cleanup easier, but viruses stuck in user space aren't harmless.
I also lack time to discuss every time I cannot come up with good arguments for my position :)
"It is our choices, Harry, that show what we truly are, far more than our abilities." -- Prof. Dumbledore
The difference with Windows to OSX is Windows has a lot of backward compatibility with older software that weakens it. Renaming an installer to a specific filename defeated the protection in Vista.
To to mention autorun from USB sticks and other braindead convenience features (which are being removed or have been).
Security in OSX is mostly based around sound Unix principles. There's no awful backward compatibility in the Unix underpinnings.
I don't see how current Windows situation is different from DOS times. "Classical" viruses (in DOS) also required user interaction to be run. What makes virus a virus is just an ability to replicate.
Coding etudes
...because it was mentioned in a blog.
The pursuit of absolute tolerance leads to the most rigorous and ludicrous intolerance. - REX MURPHY
But does he weigh as much as a duck?!?!
This is an event in a way. For ages security folks have told Apple to do something about the vector of attack - at least somehow protect against malware which pretends to be Apple's own app (what is easy: just copy-paste an icon and no-one would be able to tell the difference). There were rumors about trojans on Mac OS for ages. Some of pirated Mac software on P2P networks is said to be infected. As that was probably the source before, Apple might have been reluctant to act.
Apple acknowledging existence of malware and actively doing something about it is an event.
All hope abandon ye who enter here.
macs used to be just as bad is pcs pre osx. it was the change to unix that made macs more secure then a pc. unix and its brother linux have one critical advantage over windows. you can upgrade the core of the os at anytime. so a pice of bad soft where can always be patched. this is why linux and osx maleware etc are short lived. as i tell users that ask me the question if linux can get infected i always tell them yes but if you stay up2date the chances of it are slim.
Wearing condoms won't protect you against water-related diseases.
That depends on where you wear the condom.
Anything can be found funny, from a certain point of view.
A virus attaches it's code to programs and spreads itself to others when you run an infected execuable on a system. Viruses are pretty much old school and are easy to detect because they modify the code of executables. They also can't infect programs outside of the priviledge level of the infected software and also cannot do a lot of crazy things outside of the user's access level. They are pretty much old school and are not very profitable, just destructive or annoying.
Malware spreads through an exploit vector or social engineering. It installs software and drivers to the system which it attempts to hide through various tricks and obscure OS functionality. Malware can often have a rootkit driver which make them invisible or impossible to remove when booted normally. Malware is designed to make a profit too (like making your machine send spam, logging passwords or other info, popping up ads...).
The reason for the two different levels of software is because malware initially was difficult for vendors to define. Some software for example, presents it's negative aspects in the EULA and it's assumed to be valid software if you install it. Who's to say that WGA isn't spyware or any software that reports activities back to a central server? Malware is also hard to detect heuristically and antimalware apps instead rely on lists of file/registry locations and hashes.
But the two AV programs shouldn't be an issue because they do their blocking and checking at different points. Antivirus needs filter drivers so it can scan files for attached virus code or activity. Antimalware just needs to periodically scan a set of locations and ensure no malware is there. But yeah, most of them can be integrated pretty easily and it makes sense.
The clash of honour calls, to stand when others fall.
Just as a side note are there really anymore actual viruses in the wild? I remember back in the DOS days everything was in one directory and with barely any hash check algorythms implimented by the software spreading these puppies were common place. I could grab a copy of porntris which would more often than not be infected and it could infect word star, most DOS utilities, WordPerfect, etc,etc. Now you couldn't gather all the files and reg entries if you tried let alone actually install it on another computer. So who would really waste their time writing an actual virus anymore? Most of this stuff now a days are Trojans, backdoors, etc but not really any viruses. Or am I wrong?
A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
Classic case of PR over practicality.
We don't need as many lifeboats because the ship can't possibly sink. Just put em on to keep the officials happy.
And as the ship is unsinkable, no lifeboat drills.
Oh.. and a few lower grade rivets will be fine, cos' the ship is unsinkable remember... No harm saving a few quid eh?
Of course, a PR driven product couldn't exist like that today, because so many technical people would point out the flaws, and the company wouldn't get away with it. Right?
It is difficult to get a man to understand something when his job depends on not understanding it.
The kind of user that buys a Mac probably doesn't care about "details".
I'm probably going to be accused of being an Apple fanboy here but the same argument can be used for people who buy computers with Windows preinstalled because most computer users really don't care about such "details" but there are definitely Mac users who do know the difference between a virus and a trojan (I've actually tried my hand at constructing both types of programs, a small harmless asm virus back in the DOS days and a C#.NET trojan that just annoyed the user and always tried to spawn a new process every time the user attempted to kill it a few years back, never deployed either (short of sending it to a friend of mine just to be an ass)).
Greylisting is to SMTP as NAT is to IPv4
It depends on the user I'm talking to what terminology I use. For someone with a clue, I'll state virus (very rare these days -- people don't share executables), worm, Trojan/Trojanized program (the most common attack), browser/add-on exploit, drive-by download, logic bomb (like a disgruntled sysadmin keeping a file that if it doesn't get a touch in x amount of days, causes a rm -rf /net), or use the generic term, malware.
For Joe Sixpack who does not care about the difference, I just use "virus" for all malicious software, like Southerners use "coke" for any type of soda water. "Virus" already connotes something nasty where anyone who has ever gotten sick has learned what bad anything with that term does, while a something called Trojan might connote something used for pleasure at a truck stop, as opposed to something that is not to be run.
Windows users are probably safer because they know of the dangers out there
Not necessarily. I believed the same thing until I married my (non-tech savvy) wife three months ago. After we got married and she started using my computer I found it started to slow down... because of malware. I never used AV protection before because it seemed to slow down my PC more than the malware would. But I didn't realize just how clueless she was until I saw her clicking on the images of the "Close X" to close a pop-up (that somehow got past Firefox... because she disabled the pop-up blocking and no-script), and the click-through took her to a site that supposedly sped up computers, but I'm pretty sure would only slow them down. Now I'm faced with trying to figure out a way to keep my computer fast and I'm not sure which way to go...
Not looking for trouble, but really what was the last virus to hit the windows world? Trojans yes by the bucketload that then download all sorts of malware, but since XP SP2 wnet mainstream viruses as such seem dead. OK a piece of social engineering like the "I love you" will still get people but users are users. All you can do is make them non admins but crudware can still destroy their data and I don't see how other OS's can stop that, the machine might be OK but that user's data is toast and that's generally where most people value things. "The machine is fine, the only thing I couldn't recover is that special photo of your dead Gran" is not what folks want to hear.
I also lack time to discuss every time I cannot come up with good arguments for my position :)
Not me, only when the argument list is too long for both side and that arguing would be futile because the viewpoints are too closely interrelated.
Anyway, my point was that a malware can have several means to install itself. So, that rootkit, which is according to you a trojan, would become a virus if it could exploit a hole in one of the daemon running as root to install itself without user intervention. Once installed, the way to detect it and remove it would be sensibly the same although.
Everything I write is lies, read between the lines.
""Unsinkable" modern passenger ship with no lifeboats or worn African ferryboat with more lifeboats than seats?"
++ for marine analogy. (A chubby is sprung forthwith!)
I'll go for an Open Source Coast Guard cutter that is fully equipped but requires I become a crewman instead of a passenger.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
"I was back up and running in two hours where as to do the same with a PC would have cost me a day or two."
Two hours beats usual Windows + apps install time from standard media, but a day or two is a bit much. If I had a Windows machine with that much...stuff on it I'd image the thing and back it up frequently.
"This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
He's not saying that Macs are immune, he's saying that Windows had some bad design concepts at one point. Microsoft went through a phase where they integrated things like scripting and COM into everything they could, but there was very little consideration for security. It wasn't until worms and malware started rampaging across Windows machines that they actually started considering and working on security.
Take Outlook for example. E-mail was normally safe because it's was only text and images. Then add VBA scripting capabilities and embedded ActiveX controls to the mix...suddenly there are huge vectors for hostile software to use in plain old e-mail messages. Internet Explorer would ask if you wanted to install an ActiveX control, if you said yes it would have full access to your system to do whatever it wanted. NT based systems ran will a full compliment of services exposed to the internet and ready to use.
No one considered that people on the internet might be assholes and take advantage of those handy features for completely hostile purposes. Even if they did Microsoft had no clue where to begin and would take years of hard lessons to get Windows into a decently secure state.
The clash of honour calls, to stand when others fall.
I don't get it. Why would anyone pirate iPhoto? It comes with every Mac sold, already installed.
planet texture maps and more
Golly, other companies have done this before so it must be ok for apple to do it too, and anyone that criticises them must just be a hater. tee hee hee
You're a tool.
Allow your old PC repair pal Hairyfeet to help you out there bud. What you want is a combination approach, using Comodo AV and Comodo Time Machine. Comodo AV, with full firewall, only uses around 19Mb of RAM and less than 1% CPU when not running a scheduled scan, and Comodo Time Machine allows you to "go back" and remove any malware she is clueless enough to ignore the warnings and install anyway. I have customers and relatives that can fill a PC with more viruses than a Bangkok Whore, and Comodo has kept them squeaky clean.
One word of warning though: Comodo Time machine will NOT work on a dual boot that includes Windows 7 in any location but the C: drive, due to the fact that Win7 changes everything to C: even if you install it in another location like D:. It won't screw anything up if you try it, it just won't work. But for a single boot, a dual boot with a non Win7 OS, or a dual boot with Win7 on the C: drive, Comodo AV + time machine is a life saver! Believe me, I know where you are coming from, my GF lives 126 miles away and having to repair her PC when she screwed it up was a pain. Thanks to Comodo time machine when she screws something up bad I can walk her through having her OS back to normal in under 15 minutes. And Comodo AV keeps the bugs away, as I had her bring it down just a couple of weeks ago to give it a checkup and all was good.
Both are 100% free, work on X86 and X64, and Comodo AV even has a sandbox built in that will automatically run installers and new apps in the sandbox if you desire, and you can have it run any app at any time sandboxed. You can even tell it to run her FF sandboxed and she'll never know the difference. Trust me, Hairyfeet is good, Hairyfeet is wise ;-)
ACs don't waste your time replying, your posts are never seen by me.
Trojans work because of faults in the human operator, not because of faults in the OS.
It's not a Mac fault, and to carry your allegory forward, it'd be like if car companies recalled cars because it was possible to get in a wreck if you drive them into a wall.
http://lkml.org/lkml/2005/8/20/95
My dear friend, every time Microsoft makes a secret/undocumented/shady update, there is a massive uproar in Slashdot...And I recall reading similar stories about other companies recently, and the comments are way harsher than in here.
Because it's an Apple-related thing, I think commenters are even going soft on them to avoid the Rage of the Fanboi.
Mod parent up. TFA (2nd link) conflates two very separate beasties.
Frankly, the anti-virus and anti-trojan bits of software they seem to advocate installing on OSX are arguably trojans themselves, with the express immediate purpose of slowing down your computer, but quite possibly the next vector for infection in the future.
Who watches the watchers?
I must look into this Comodo you are talking about.
Exactly, Windows XP could actually be very secure but that would break a lot of big-name programs that were written so they can't run without administrative privileges. So the default settings of a typical Windows install is rather insecure. Windows 7 and server versions are much more secure, but it can be painful and de-securing getting things to run.
"The ability to delude yourself may be an important survival tool" - Jane Wagner -
On one hand, Apple could have very well done the same with other parts of the software, providing fix without disclosure. This goes on to say that vulnerability disclosure is a very poor indicator of software quality. However, in this case, it could have said something as trivial as "updated malware signature database." It's not fixing a vulnerability.
On the other hand, this article highlights the very interesting fact that there *is* a market for anti-virus software, even when the base OS is robust and secure. The base OS could be immune to virus and malware attack when there is no user action involved. However, the user could become the weak link to compromise their own system. Anti-virus software prevents high-risk users from being affected by their reckless action.
It's just like how only certain people need to be HIV tested regularly. You only need to worry about HIV infection if you received blood transfusion, or if you engaged in promiscuous sexual act (willfully or as a rape victim). If you did neither, then you don't need to be tested, hence you don't need to spend money on the pharmaceutical products for the HIV test. You should definitely be tested regularly if you know what you do carries a high risk of contracting HIV.
You may still need anti-virus software, depending on if what you do online carries a high risk of contracting malware. It has less to do with whether your operating system is secure.
I once had a signature.
You might even say backronym
"I think it would be a good idea" Gandhi, on Western Civilisation
Trojan: A program the is presented as one thing when in reality it is another.
For example, You download and install the new freeware game Tetris-Extreme, expecting to play some version of Tetris when you run it, it instead deletes all your picture files, and changes all document files to read "HAHA! FOOLED YOU!".
The name is derived from the legendary Trojan Horse.
These have been around since the early days when someone wrote a script file to delete your hard drive and named it readme.
Technically, a trojan doesn't even need programming skill, just the ability to trick people.
I think there are still viruses around which spread via documents (word macro viruses and the like). Also the USB-stick path would still be an interesting way to spread viruses.
Wearing condoms won't protect you against water-related diseases.
That depends on where you wear the condom.
And how big the condom is.
ad astra per alia porci
Get her her own computer. Do the best you can vis a vis protective software, and resign yourself to having to do periodic maintenance/resurrection on her machine. Discuss with her and persuade her to do nothing important (e.g., online banking, billpay, etc.) on her computer, but only on yours, on which you maintain all the protective stuff and protocols you can. It is possible she will learn over time what's happening and why she needs to not do what she now does. It's also possible she won't. Your marriage is way more important, prioritize that at the top and make the computer issues conform to that.
That if any Apple user would have heard anything about it, they would have preferred to keep the Trojan installed, so they could use it to sneak out of the walled garden once in a while. ;) ;)
Also, fanbois wouldn’t be able to parrot how their system has no known viruses at all. And we all know that Apple relies nearly completely on...ehrm... viral marketing.
Any sufficiently advanced intelligence is indistinguishable from stupidity.
Given the ubiquity of little applets that are used on platforms like OSX and Windows in order to view various types of web data, and all the little business like Bonjour that a lot of people are unaware of but install because they feel safe with a Mac, it might be something of a distinction without a difference for most users.
What's insecure about Bonjour? It just advertises that services exist, it doesn't grant access to them. At most it saves an attacker the 5 seconds needed to do a portscan.
The malware blacklist has existed since Mac OS v10.6.0, and has always had 2 Trojans on it. Now Apple added a 3rd because there is a new one. That's how it's supposed to work. If this is news, it says really good things about Apple because it's man bites dog. New malware on Windows is dog bites man.
The Mac is not invulnerable to malware. No system is. That would be like saying a building is invulnerable to graffiti. However, if you paint over graffiti the instant it appears, you remove the entire incentive. Apple's Software Update patches 75% of the community within a week or so, and the rest within a month or so. There's just not much to be gained with Mac malware. Whatever you exploit will be replaced almost immediately by Apple. Snow Leopard is not one version of an OS, it's 10 discrete versions. There were 11 versions of Leopard. Each lasts only 2-3 months. A typical Windows version lasts 2-3 years or more. It's a very different situation.
Another thing to understand is that Sophos and other companies who make their living solely because Windows is mismanaged always want to expand into the Mac market and so they like to pretend that it's not a question of platform management but rather that malware is a fact of life and their services and scanners are necessary. No. The 10-20 built-in security systems of Mac OS are superior to anything you can bolt on to Windows.
Well, I've run into several covert Apple "pushes" in the (thankfully) short period of time I've had to deal with their cobbled system. I seem to recall two stealth pushes of Java in particular which broke the platform we were using: anyone watching upstream would see security issues being discovered (and fixed), but Apple made no such disclosure and just installed them. That's really nice on a server. (Microsoft, you're an ass for doing same with 'new' packages like the latest version of IE, even when SUS has things set to require authentication prior to install.)
Note: OS X itself isn't bad, from a design perspective. Neither are the BSDs. It's the user utility/ability in being able to control the platform once you've got it (without painful regressions, downtime, etc.).
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Mac users are very fond of pointing out this distinction, leaving out that trojans and malware, and social engineering, these days are the overwhelming majority of Windows issues as well.
Yes. Yes they are.
Now please list the count of Windows trojans vs. mac trojans. I'll get you started with the Mac count:
1 (or is this trojan actually in the wild yet?)
After all, we are talking about active trojans in the wild...
Do you not think that a system with a few orders of magnitude fewer active security threats might not, in fact, be more secure for the average user.
"There is more worth loving than we have strength to love." - Brian Jay Stanley
Uh, so Sophos' hard drive encryption software is because Windows is mismanaged? Huh?
OK, so trojans aren't viruses. Likewise, your average drive-by malware isn't a 'virus' in the traditional sense (leveraging design weaknesses instead of infusing itself with executables).
So, OSX implements binary checksumming and all that good stuff, I'm sure. That prevents it from getting viruses, right?
Wrong. I can write a perl or bash script which will do all the various insideous things the typical (and archaic) Windows virus does. Likewise, similar functionality could be implemented which mimics a modern piece of malware. In fact, once the executable is on the system (like in Linux) OSX is an easier target than Windows (in terms of 'available tools to do the job, quickly and easily).
Honestly, using the archaic definition of "virus" doesn't serve anyone here but Apple and Steve Jobs. You're deceiving yourself to believe that a Mac is invulnerable to viruses.
BTW,even if it wasn't for shell and perl scripts, there's still AppleScript, which allows for hooking every which way into the UI. This is trivial to do (using the thoughtfully considered and included Automator). These scripts can then be included inline with perl or vice versa, or sourced by a shell script.
At the end of the day, OSX has as many practical avenues for exploit as Windows does (if not more, due to documented design flaws). Downloading warez with poisoned payloads, cracks, or even font installers - whatever. It happens, just not nearly as often with Windows due to nobody really caring about Macs.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
Bad example. Many people know in their hearts that there _is_ a Flying Spaghetti Monster.
They whose government reduces their essential liberties for temporary security, receive neither liberty nor security.
It's not that MacOS has better built-in security, it's simply that you cut your profits by a factor of 10 if you target MacOS than if you target PC. Your "security" is "obscurity". Simple as that. Malware is a profit-driven industry, and there's never been any reason to target anything but windows. If I develop a mac exploit and/or malware, I'm only targeting 10% at the most -- that's going to pay far worse, so why do it? A good windows exploit only goes for 10k on the black market these days (or so we're told). What do you think a MacOS exploit is worth? If you have the skills to find exploits, which OS are you going to spend your time on? It's not hard to see why MacOS gets a free pass.
If anything, Microsoft has put far more into securing it's OS simply because they've had to. Apple has not because they have not had to. Weekly updates, a malware removal tool that's updated weekly automatically (as opposed to "monthly"), anti-virus and firewall built in. Hell, Microsoft even turned all their systems into a botnet so they could use idle cycles to "fuzz" Office and find new exploits/bugs before anyone else found them. Fuzzing is how the guy who beat all the Mac systems at the last pwn2own found all his exploits -- it was apparently quite easy for him to find exploits for Safari/MacOS, he just needed the financial motivation that doesn't exist without pwn2own.
The day MacOS gets 50% marketshare is the day they suddenly have a *huge* security problem. They will be Microsoft 10 years ago -- caught completely unaware and unprepared.
"Antimalware" generally speaking is the term the industry has come up with to describe solutions that bundle Antivirus and Antispyware into a single package, rather than having them run separately. Generally if you're running an Antimalware product that should be all you need.
That's true, but the number of ordinary members of the public - the people a commercial like that would be aimed at - that actually know about and understand that difference is vanishingly small.
If they actually did say that in an advert then they would seem to be at least being disingenuous, given the audience they were targeting.
It's official. Most of you are morons.
They didn't "push" it in secret, it's a large update with lots of things included. It's a pull that customers choose to install. Usually they document everything in a security update, they neglected to in this one, probably the page will be updated in a couple of days.
Apple Menu -> System Preferences -> Software Updates -> Uncheck "check for updates" box. BTW, Software Updates are _never_ pushed on OSX, there isn't even an auto install option, unlike Windows.
System per OS X eg.7-8-9 had a very small user base but had lots of malware - no free pass for older Macs.
A *huge* security problem is hard to graft onto the back of Unix.
Microsoft was never caught completely unaware and unprepared, they just spent time, cash and upgrade cycles on usability and networking vs any security.
Great for building market share and entering new markets, not so good for your data.
MS now puts a lot of effort in selling you the idea of security, beyond Win 7 is the real test.
Also recall the 'fuzzing" effort was used by an ex NSA worker, ie it should be quite easy.
If it where easy we would see sites like this listing many many active Mac virus like threats. The count now is 0, just lots of user installed malware and a few per OS X efforts.
http://www.iantivirus.com/threats/
Domestic spying is now "Benign Information Gathering"
I want a system, where the unthinkable - if it happens - is prepared for. And if that happens, I want system owners/vendors/operators to admit it.
Hiding security patches does the opposite: even those technical people reading the release notes will be unaware that a danger exists or existed. They can take no countermeasures or prepare themselves - which they must, as now seems to be the time when Macs become so close to the mainstream that malware writers start to put their sights on them.
(My GP was modded overrated 3 times now, so that tells me I've hit a weak spot with the zealots, so they like to slip past meta-moderation)
Are you absolutely certain of that? Also, can you speak for Mac OS X Server?
For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
They had a commercial that blatantly said that Macs don't get viruses. Liars.
Technically speaking they're telling the truth. But it's a bit disingenuous because viruses in the traditional file-infector sense are all but dead. Most modern "viruses" are actually trojans and worms, which no operating system is ever going to be immune to.
No, what you're thinking of is a worm.
It has happend to me with Microsoft and Sony and with Apple in the past. I stopped using their update services because they are not trustworthy.
I'd rather take my chances with the wild and woolly Internet than except downloads from suppliers that abuse my trust in them.
regards
Snow Leopard is not one version of an OS, it's 10 discrete versions. There were 11 versions of Leopard. Each lasts only 2-3 months. A typical Windows version lasts 2-3 years or more. It's a very different situation.
That is a lot of nonsense. You are either deeply ignorant or trolling. A tiny revision of the version number just means some stuff was changed. Windows updates are more numerous than Mac updates, you can take that to mean either that Microsoft cares more about timely updates or that they are more incompetent and thus need more updates, it's a whole separate argument. Either way, the version numbers don't mean much. Service packs increment Windows' build ID but that isn't very interesting, and neither is a tiny version number increase in OSX. In either case, a lot of stuff changes, and a lot of stuff doesn't change.
Another thing to understand is that Sophos and other companies who make their living solely because Windows is mismanaged always want to expand into the Mac market and so they like to pretend that it's not a question of platform management but rather that malware is a fact of life and their services and scanners are necessary. No. The 10-20 built-in security systems of Mac OS are superior to anything you can bolt on to Windows.
10-20 built-in security systems of Mac OS? Snicker snort. I really hope you're a troll because nobody could be this dumb. OSX is FreeBSD using Mach as a HAL and with operating system components and user applications various frameworks in multiple languages. It is not fundamentally different from a conceptual basis from Windows with its HAL also written in multiple languages. Nor is Linux/Unix/whatever. In fact, at least one of the "security systems" in OSX is known to be inferior to Windows and Linux's implementations, namely ASLR, which is totally useless on OSX, more or less works on Linux, and is amazingly good on Windows. Of course, this doesn't stop Windows from being the security equivalent of mesh pantyhose, but fishnets have their place.
OSX is just another Unix. It has some different frameworks than other systems, and some that are the same. It also contains some spectacular failures.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
You might wish to rethink that statement you just made.
Hey, where's my fucking dollar?
Yes, I AM going to follow you around and label you as a bet-welcher. Especially when you're being an asshole who doesn't understand the difference between correlation v. causation, and the associative principle.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Ive never understood this. Can anyone explain why there is a significant difference between virus and malware, and why anyone would recommend 2 security programs running simultaneously? Doesnt this run dangerously close to the "2 antiviruses will wreck your machine" line?
Take a look at what Spybot S&D does by way of example. It has an "immunization" feature that tweaks registry and browser settings to try to prevent you from being compromised in the first place. Then it has a scan system which not only looks at files (I agree that if it finds anything in this way, your antivirus program has failed) but also at registry settings and the like, which is somewhat out of the scope of the average antivirus program (which probably SHOULD be monitoring all registry access, which regmon proves can be done with acceptable overhead.) But Spybot also reports on programs the user has chosen to install which are spying on them, but which might actually be installed on purpose by someone sometime (like Bonzi Buddy was) so that's a whole class of malware from which Antivirus software can't effectively protect you.
Ideally these functions would all be handled by separate tools integrated with a single GUI, so that only as much of the protection system would be running at any given time as necessary. I guess we're halfway there so far.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Actually, Steve Jobs probably would allow malware, if someone paid Apple for those rights. He has shown as much contempt for Apple end-users as Bill Gates has for Windows end-users. The difference between the two is that in Apple's case Apple controls the machine and the user's experience, In Window's case Microsoft doesn't give a crap about the quality of their software so they leave it to the end-user to decide who controls their machine - either the malware writer's or themselves.
Personally If I had to choose to live in a world only with Microsoft and Apple, I would choose Microsoft because at least with them, I have the freedom to choose. With Apple there is no choice - it's their rules, or the highway.
I use Linux when I can, and Microsoft when I have to. And will start using stone tablets before I ever use or develop for any Apple product. You can "take them words" all the way to Bill Gates' bank accounts...
That is so awesome, I am currently backing up my system to reinstall Windows, so it will be great to get this on there to start with... thanks Hairyfeet!
One limitation on Trojan effectiveness unlike a virus is related to the user rights. Trojans on OS X like other Unix/Linux based systems run only with the same rights as the user. If the user has low level privileges, then the Trojan is limited. In order for the Trojan to do serious damage, it must somehow take advantage of a privilege escalation flaw or the user or the user must have administrative rights.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Oh King Nerd, I don't deserve to be in your almighty presence, much less use the same OS as you! It's you against the stupid world! You better lock your basement from the inside so the general stupidity of the world can't interfere with your omniscient productivity.
"From the depths of my skeptical and rationalist soul, I ask the Lord to protect me from California touchie-feeliedom."
Most mac users don't. They have write access to everything in /Applications by default. They just drag the program into the Applications folder. If the program then decides to replace iTunes with a backdoor or whatever, it can without the user's knowledge.
"there isn't even an auto install option, unlike Windows."
I love that mac users point out missing options with pride. Like the lack of the option is a feature. And I think Parent was referring to 'trojan' security patches... he patches one thing through Mac updater and something else he didn't want comes in.
Buy her her own computer and have a clean version to reset it too when she fucks it up too much. Sharing a computer with a non-tech person would probably hurt the relationship more than a few hundred dollars to get another one.
I wasn't pointing it out in "pride". The GP claimed that Apple had "pushed" an install, I was pointing out that this is, in fact, not possible with Mac OS. You can decide whether this is a good or bad thing, but the parent's story is demonstrably false - or at least wildly inaccurate.
Glad to help, as I tell my customers I do my damnedest to make it so they won't need me except for new hardware upgrades or new PCs. If it is a new install might I suggest another couple of additions to make your life easier? I'd add Winutilities Pro Free which thanks to that link is not only free but comes with free updates, and allows you to easily automate HDD and reg defrags, reg cleaning, shortcut cleaning, basically gets rid of the cruft that builds up in Windows over time. And I would go to Ninite on first boot, which gives you a web based unattended installation of most of the popular apps, like Flash, FF, and .NET, along with media players like iTunes and IMs. Really cuts down on the time it takes to get a desktop up and running.
So there you have it. You use the above links with the earlier Comodo links I gave, and you'll have your desktop up and running in no time at all.
ACs don't waste your time replying, your posts are never seen by me.
I'd prefer flying.
I'm linux.
"Method of Infection -
W32/Winemmem is a file infecting virus. Infection starts with manual execution of the binary. Executables in network shares may also get infected if accessed by the compromised machine"
Sounds like a trojan.
McAfee specifically tags each entry with its classification. They have a trojan classification and there are plenty of entries classified as such. If they classified this as a virus then it's probably a virus.
The description probably means that you need to execute the binary that the virus is attached to. That's how viruses work in the first place, they are attached to some binary and spread when the binary is executed. The actual nature of the binary really doesn't matter, it can be a valid program or a trojan, the virus is still a separate entity from the binary.
Sapere aude!
Now I'm faced with trying to figure out a way to keep my computer fast and I'm not sure which way to go...
User accounts?
Contempt for Apple end-users? Oh bullshit. They have taken a path that you might not approve of, or don't understand, but overall they have a great, solid platform. Wrapping your BS argument in the flag of "freedom" is pathetically misleading.
"...we have received no reports of infections from customers."
So, anti-virus company warns us to be on the lookout for trojan that they have yet to see in the wild?
News at 11!
Insanity is the last line of defence for the master diplomat. But you have to lay the groundwork early.
I switched to Mac last year, and it's mostly been a good experience. However, one of the things that really bugs the snot out of me is that nearly every application you download and install wants to be put in the /Applications folder. This by itself wouldn't be a problem except Apple makes you authenticate to elevated privileged to put anything in there.
A lot of apps you simply drag them to the /Applications folder (which is included as a shortcut/symlink in the image you download), but many apps use an Installer.
Having to authenticate to install an app is the normal mode of operation on Mac. So your average everyday mac user is just going to click OK and authenticate without thinking twice anytime that authentication dialog pops up. The dialog could say, "This application needs to authenticate in order to convert the bytes on your drive to 0x0", and people would still click "Authenticate" and happily type in their password.
It would be simple to write a trojan that mimics the installer app, reporting back the user's password or installing a key logger.
Thanks guys for an interesting and education exchange! Here is the only bit I could verify myself:
http://www.google.com/search?q=qbox+exploit+UPnP
I paid the going retail price for a Windows screen reader and got a free Unix computer!
and then someone went and installed iCeburg onto it...
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
If it where easy we would see sites like this listing many many active Mac virus like threats. The count now is 0, just lots of user installed malware and a few per OS X efforts.
Again, this is where you go wrong.
There was a time when Malware was written by people just for fun. There were premade software kits from which you could very easily and with little technical skill build your own. All you had to do was name it "Cute Kittens.exe" and email it to 50 random people and you all set.
Those days are gone -- now it's a business. If you're in the business, you do it for money. Maybe you're stealing WoW accounts and selling the gold, maybe you're creating a botnet and sending out spam, maybe you're just making it and selling it to someone else and letting them decide what to do it with it. Either way, its about money.
To make this money you have to spend a lot of time and effort honing a very particular set of skills -- possessing vast quantities of otherwise highly esoteric knowledge. Low level system calls, APIs, assembly, whatever. To get that acquainted with MacOS, spend the time necessary to find exploits and write the malware, only to see 1/10th of the return on your investment? That would be madness. There's 0 reason to waste time finding MacOs exploits except when there's prize money involved -- but when there is, people find them every year. That should tell you all you need to know.
The economics of malware gives MacOS absolute protection -- it's never been about how the operating system is built or the coders who wrote it. It's economics and nothing more.