Slashdot Mirror
One In Five Macs Holds Malware — For Windows
judgecorp writes "One in five Apple Macs is infected with malware, according to Sophos. But most of that is harmless to the Mac... it is Windows malware ready to be transmitted to the Windows population. Only one in 36 Macs has OS X specific infections."
If the code never can run on Mac OS X, how can Mac OS X be infected? To Mac OS X, it'd just be a useless file full of some kind of data.
If it's Windows-only malware, what does "infected" mean?
It took me about an hour to track down and eliminate some windows malware running in wine. it turned my poor Linux box into a free p2p seeder for some freeium MMORPG. It ended up saturating my poor little cable modem until I clobbered it.
Only one in 36? Sounds like a lot to me!
It's always been a good idea to have a virus scanner on a Mac - at the very least, it's a courtesy to users of other platforms who may be more vulnerable to any infectious crap you may pick up without realizing.
Upgrade from my MacG5 and XP machines to one of the new 10.7 Macs, instead of Win7 so I don't have to worry about spyware anymore.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
Isn't that like 90% of tuberculosis infections? Many people are infected, but only ten percent or so ever develop an active infection, and the rest of them never develop the diseased form at all.
Occasionally living proof of the Ballmer peak.
When the computer stops running, just buy a new one. That's what you do now.
I've run Macs most of my life, and recently backed up the entire contents of a machine to a Windows box with the space needed for the backup; close to a million files (app bundles contribute largely to this number), about 120 common-use files had various infections that Norton picked up.
CAn'T CompreHend SARcaSm?
One in five macs where people chose to install antivirus software have (inactive) Windows malware.
Which is a bit like saying "one in five cars brought to the mechanic get serviced for something." The survey is skewed due to the sample group - most Mac users never install any anti-virus software.
The only places I've seen it installed are on computers in corporate environments where there are already viruses being passed around commonly via email attachment, USB stick, and network drives. These places install antivirus on Macs so users don't forward a virus to Windows users - and it sounds like from this survey, that's with good reason.
Apple's Mail software (and Microsoft's Outlook for Mac) cache attachments locally on the user's disk, so it's very easy to "have" malware and viruses if you just receive email (even without opening it).
It's a bit ridiculous to claim they are "infected" however, and again, the sample group is not really representative. That said, I don't think Macs are in any way immune from viruses. Apple's iOS-like sandboxing and signed-app requirements would likely help OS X considerably in this regard, but of course every decision that increases security by removing control from the user also infuriates free/open software proponents and hackers. Think of jailbreaking iOS and how Apple patches security holes - this is maddening for people who want to jailbreak, but is ultimately an attempt to fix a potential infection vector.
study shows 1 in 5 macs have software they can't even run, because it is written for windows. get vmware / parallels and start running ALL the software already on your mac -- seamlessly!
The last sentence in the article makes their motives clear: “What Mac users really need to do is protect their computers now or risk allowing the malware problem on Macs to become as big as the problem on PCs in the future.”
Sophos simply wants to scare up some more business selling Mac business users their anti-virus software. (At least right now, home users can get it from them for free, at: http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx)
I'm in no position to challenge their numbers, but even "1 in 36 Macs" having a Mac specific infection seems awfully high to me. Maybe this last trojan horse that made the rounds pushed that number way up ... but I haven't encountered a single Mac that was infected yet, out of the ones my co-workers own (and always ask me for help with when they have problems), out of the ones we use at home, or out of the ones I support for clients in my side job. I don't think any of my Mac using friends on Facebook mentioned problems with it either.
Regardless? The concern of Macs harboring Windows malware is nothing new... That's been a potential issue for as long as I can remember. I recall the office running Norton anti-virus for the Mac on iMac G3 machines running MacOS 8.6 and 9.1, at one of my old jobs, just for that reason. They didn't want to accidentally spread an infected file they might have gotten via email to a Windows recipient.
The main reason Mac users stopped that practice, as I recall, was the really poor quality of most anti-virus packages when OS X came out. Apple even gave away copies of Virex for OS X to .Mac account holders at one time, and the software bogged down and destabilized the machines so badly, everyone I knew removed it in a matter of days!
What I just read is that Sophos is spying on me...
No matter if your OS is Windows 5.x, 6.x, Mac OS X 10.x or GNU/Linux Kernel 2.4.x or 2.6.x. If your machine is a desktop run an antivirus.
You owe it to the rest of the world to exterminate viruses/trojans/malware, both the many (or few) that your machine is susceptible to, as well as those that, even though will not infect your machine, will be passed on to someone else... ...because YOU, saavy and enlightened slashdot user, did not catch and exterminated them.
Do it for the unwashed masses, that are clogging the pipes with port scans and attempts to infect, do it to have a tad fewer cheap viagra/penis enlargement offers in your spam folder... do it for the children!!!! :-)
If you "feel confident" (note the quotes) that your OS is "safe", that you use "safe practices", and the AV is a "Waste of resources", then fine, get an AV with a small footprint, both in system resorurces, and in $£¥€, and run it while you are sleeping, so it does not affect your daily work routine.
I am writing this fom Firefox 10.0.3 esr in a Mac with 10.6.8, and I am not scared at all about these developments, but, as safe practice, run ClamXav manually. I scan my machine and its external hard-drives every night, and scan smaller/unknown removable media every time it is inserted. ;-)
So, please my Linux and Mac OS X brothers and sisters, stop being a bunch of snobs, get on with the program, and run an antivirus. :-)
--
*** Suerte a todos y Feliz dia!
For the sake of variety.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
Just curious...
One in five Apple Macs is infected with malware, according to Sophos. But most of that is harmless to the Mac... it is Windows malware ready to be transmitted to the Windows population. OnlyOne in 36 Macs has OS X specific infections.
FTFY. A 2.8% infection rate is pretty significant.
Only one in five? I'm guessing they got their numbers from Macs with Sophos installed. That should have made it a solid five in five.
This space intentionally left blank.
So 20% macs have infections on it that they have no reason to counter. Woo. A stat like how many would actually make it onto a system that would have a reason to guard against that virus would be an important stat to guestimate. If you assume there are hardly any windows machines with rudimentary enough security to accept the majority of these viruses to begin with - a story which would sync with known windows infection rates -, this becomes a nonstory. But this essential fact wasn't looked at, making this entire story worthless propaganda.
(Apple's) market domination one way ot the other.
It's actually the wrong terminology.
The Mac system has been contaminated with the Windows virus, which, to use the "viral" analogue, doesn't have the correct DNA to infect the host.
In the same way that a farmer which has been handling sheep with Foot and Mouth disease can become contaminated and pass the infection onto another sheep the Macs which have been contaminated with the disease can potentially pass the infection on, especially if it's infected Microsoft Office documents.
Agrajag: "Oh no, not again!"
I'm sure Sophos' sample size is too small to be of any use. Hardly anyone knows who Sophos is or uses their antivirus. I like it, but I haven't run AV on my Mac since moving to OSX 10.3 when Norton failed to make the jump in a timely manner. And I've never seen Macs on OSX brought down as hard as PC's on XP.
Don't forget, Malware & Trojans are a different beast than viruses. A lot of viruses can spread just by the fact that your Windows PC is connected to the same network as an infected PC. This does not happen to Macs with OSX, no matter how loudly Leo Laporte whines about it. Or Sophos.
Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
... Mac's have allways been toxic to any windows-network, .DS_Store anyone...?
I still can't decipher where exactly this malware is on OSX, I suppose it's just sitting harmlessly in the browser's cache?
I still can't decipher where exactly this malware is on OSX, I suppose it's just sitting harmlessly in the browser's cache?
Macs (and Unix boxes) might also harbor infected MS Office docs.
We had this problem a few years back - one of our end users repeatedly would get his box thoroughly infected. His group shared a workspace drive that was on a Linux box running Samba. He'd upload a doc that'd sit there, biding its time on the Linux box, until one of the other users grabbed it - then they'd either get a pop-up from their antivirus, or they'd get hosed themselves.
I'm not a Windows sysadmin, so I found the whole thing rather funny - but my Windows compadres didn't see the humor in it.
#DeleteChrome
Why should I waste electricity scanning for viruses that can't infect my computer?
“Common sense is not so common.” — Voltaire
Cluley adds that while the spread of malware to and from Macs is no different than that for Windows computers, a lack of anti-virus implementation means that it sticks around for longer. Some samples collected by Sophos found malware dating back to 2007.
For shits and giggles, I ran a scan on my email archive, some of which dates back to 1994, and it resides on a linux machine.
I found *two* Windows trojans.
I didn't bother removing them. So this means I'm infected?
What a load of horse-pucky.
--
BMO
Contaminated is actually a more apt description as you say although even if contaminated it can't rub off as Foot and Mouth contamination can exactly.
I eat at Burger King.
So I run a file server. The clients are running MacOSX/Linux/Solaris/Windows. The server is running MacOSX/Linux/Solaris. If I'm not running AV, it's be easy for a virus from the client to get installed on the server.
Most non-windows systems don't run AV, so it'd be easy to put a virus from those clients onto a server that wasn't running AV. It could get out to windows clients that way.
"can potentially pass the infection on," How? The entire pathogen analogy is invalid in this case. Biological pathogens put into an environment that doesn't support them die. The same is true of a malware file downloaded to a Mac. It's dead. The malware delivery truck went over the side of 1000 meter cliff and left bits of nothing significant, just some file clutter.
The potato it is uninformed.
Do it for the unwashed masses, that are clogging the pipes with port scans and attempts to infect, do it to have a tad fewer cheap viagra/penis enlargement offers in your spam folder... do it for the children!!!! :-)
...
So, please my Linux and Mac OS X brothers and sisters, stop being a bunch of snobs, get on with the program, and run an antivirus. :-)
--
Back in the early 2000s, I remember getting a lot of copies of the Melissa virus back when that was the hot new thing among Windows folks. I marked them as Junk but otherwise left them alone. (I had, and have, effectively infinite mail storage space.) They've got to still be in my mailstore, and I don't see one reason to bother looking them up and deleting them. It's not like they're going to suddenly wake up, port themselves to a new architecture, and start spewing out a new epidemic.
The smallpox locked in the CDC's heavily guarded freezer is more likely to break out than those old worms on my HD.
As for new threats...the last round of Mac malware got right by every antivirus vendor out there, too. By the time the part-time intern that Symantec has working on their Mac version came back from Spring Break and added a definition, Apple itself had finally released a removal tool.
One in eight statistical analyses are made up on the spot.
/* No Comment */
I ran sophos for awhile on my mac. Most of it was in the Apple Mail program's storage directory inside my home folder. I got rid of Sophos because it was annoying. I was disappointed so much got past clamav on my mail server though. This is exactly why I don't read my email on my Windows box.
Typhoid Macintosh. Seriously, this is nothing new - years ago when I did some publishing on the Mac we'd often get Word docs infected with various stuff; it got to the point we simply ignored the warnings since even when we emailed the author a warning we'd often get another article with the same infection.
I'm a consultant - I convert gibberish into cash-flow.
Well technically, as most of said viruses are Windows binary, they won't run on an actual non windows OS. (I mean outside of some virtualised box).
Thus you don't really need to constantly have background analysis turned on: because there's no running viruss that needs to be unmasked, or exploits that need to be prevented before accessing a compromised file.
What you need, to do a 'courtesy to other platform' is simply scanning at the entry point.
Use a plugins like Fireclam on FireFox so any newly downloaded file is checked.
Do something similar with your P2P client.
Now you've covered most source of new malware.
Also, add an option to scan plugged in media, if you're into sneakernet too.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
An example could be an infected word document which requires Visual Basic scripting to cause the agent to run won't work on the Mac version of Microsoft Office. However, the "DNA" of the infection will stay in the file harmlessly until such time as it is transported to a PC and opened within the Windows version of Microsoft Office, which does have the scripting language available.
It is true that most of the drive-by attempted infections will fail, as do most biological attempted infections by viruses when they land on the wrong host.
Agrajag: "Oh no, not again!"
'Infected by Malware' means that the Malware was able to attempt to do stuff on a Mac and left a couple of signature files(?) but the Malware would have stopped because it wasn't running on Windoze. 'Potential' vector for Malware, means that they don't have evidence that people do this, but it's possible, it's also possible for Mac users to pass bad Word or PDF files onto other systems. So the lesson here is buy their product (sarcasm) and this will make the world safer for Windoze users and Mac users. As for Flashback, a sad tale where not patching Java, and stupid users, mainly those that frequent sites in Europe/Russia, have caught a bug, life goes on.
There was an unknown error in the submission.
We saw this in action in our Graphic Design classes. The class size was 25, with 20 Macs, and 5 PC's, we found the PC's were constantly being attacked. Fortunately the PC users had protected themselves, but eventually a mistake was made and one got infected. That person lost their computer for three days, and almost pulled down an ongoing project involving the entire class. Once he figured out what hit him, we started a search and found 15 of the Macs carried the virus. Once found it took only a few minutes to purge the malware from all the Macs. But...the original reaction from the Mac users was essentially "bummer pc dudes, buy a mac," however the pc folks pointed out their entire class project almost failed because of their not practicing safe computing. Next we pointed out that most of the folks they were working for outside the class were pc users, and every time they sent a presentation or passed a usb drive at a customer site, they most likely spread the infection. Panic ensued as they immediately begin reaching out to their clients. That was when they really learned the hard lesson of being a carrier. In the end only one Mac student purchased a form of protection. So if you're a client using a service provided by a Mac environment, be very wary, and perhaps add into your requirements that the service provider demonstrate they are aware of this risk and have taken steps to minimize it. If they don't, then move on.
If the Windows-using population expects me to spend my money and give up my processor cycles because they made a poor OS choice, I sure hope they don't hold their breath waiting for me to do it.
I've had to bend to the will of the Windows world enough in the last 20 years. My Mac has had to be able to read and write their file formats. I've had to use the Mac version of Office even though it's frequently been fucking terrible, because Office is what they use. My Mac has had to be able to read and write their floppy and hard disk formats. I've had to run emulation and/or virtualization software to run some of their programs because the publisher considered making a native Mac version to be beneath them.
I will run anti-malware software on my Mac when I deem it is necessary to do so to protect myself. (Hint: Flashback is a far cry from making it necessary.) Running anti-malware software merely as a courtesy to a group of people who have never shown the slightest bit of courtesy to me over the years? Fuck that shit.
This is old news in the larger sense, although it might be news to Mac users.
Back in the day, when AS/400's gained the IFS system, it became progressively more likely that an AS/400 could become a reservoir of infection. The malware typically was not targeted at the AS/400 at all, it was simply PC malware with the potential to infect more PC's.
Eventually this corporate risk grew too high and a native AS/400 anti-malware application was developed. Some organizations also resorted to using a PC to scan the PC compatible file systems. Either way, simply ignoring the situation became unacceptable. You become a danger to yourself and those around you.
This same dynamic will eventually make itself known to Mac users, if they do not recognize it yet.
I was always curious how they "sample" the population to come up with those numbers. I have 5 macs and none of them have any malware. According to "their" study, one of them should. Hmm, how many studies are out there with false claims?
My spam folder (on my Mac) at any given time usually has some windows malware in it. Who cares?
"...one in 36 Macs has OS X specific infections..."
Ah yes, only in Mac-land would they spin that into a positive!
Three Squirrels
Of course, I block ALL ads via a custom HOSTS file that currently stands @ 1,773,392++ entries & growing of known bad sites/servers/hosts-domain, bogus DNS servers, & yes, adbanners too!
Which is FAR more efficient than other methods, since it runs in Ring 0/RPL 0/PnP kernelmode as a filter for the IP stack.
(That makes it more efficient than other methods like AdBlock which not only run in usermode/Ring 3/RPL 3, but as "added weight" on the usermode browser already too (& AdBlock doesn't even BLOCK ALL ADS BY DEFAULT anymore)).
* Plus, I have DIRECT control over it (easy edits via notepad.exe, OR, via my own "APK Hosts File Engine 5.0++" which I am releasing soon to the "general public")
Now - I haven't done a ware since, oh... late 2002. Yes, it's work, believe-it-or-not, & especially if you have regular "day job" with it, since folks demand changes in useability OR make great suggestions you didn't spot @ times, etc./et al, but?
Well - I told myself that IF things didn't "get better" on this front by 2012? Out she'd go... because the infestation problem's "outta control", even hitting MacOS X + Linux lately (mostly via ANDROID in the latter though).
So far, the malwarebytes/hpHosts folks like it - the host of the site said it's "excellent" (& they only saw the build from 2++ weeks ago, it's gotten BETTER since by far)).
APK
P.S.=> I don't fault this site for it though, now that I am aware of it happening here too (never thought it ever would)... I fault the hosters of the adbanners for NOT checking more thoroughly really! apk
wash your hands, that's what my mom taught me, I don't do ether of those things though.
Ubuntu: Problem solved. AN I don't have to touch one of this fruit oriented computers. Win Win for me
See this link near it's ending (same subject title too) -> http://yro.slashdot.org/comments.pl?sid=2802947&cid=39763905 (we both use the same things, lol, same way, in routers... & I put it into my DNS settings for the IP stack in Windows too, along w/ another in ScrubIT) - I've been noting it for YEARS to folks, in security guides for Windows users I've been writing since 1997 in fact:
http://www.bing.com/search?q=%22HOW+TO+Secure+Windows+2000%2FXP%22&go=&qs=ns&form=QBLH
* Again though - "Great Minds Think Alike" here too, though... lol! I use "layered-security"/"defense-in-depth" using those, std. stuff like firewalls/antivirus/antispyware, & of course, the custom HOSTS file I noted.
On the subject again too? However, it's NO EFFORT in building my custom HOSTS file? It's NO EFFORT... & hasn't been for me for years! I automated it long ago...
It used to be though!
(Ugh... hated it @ times, especially once it got larger around 2001 (took 4-5 yrs. but it got to be a REAL PAIN)).
See - I've been building it since early 1997, & ended up having to build 'automation' to do it around the end of 2002/early 2003 (got TOO big)
I.E.-> First, I used to use databases like Access to do the deduplication/removal of duplicate entries (This IS the part that gets "impossible" to do manually!
Once a line-record based entries file like hosts are, gets so big? It'd be impossible to finish in a whole day even!
So "SELECT * DISTINCT FROM TABLENAME" type queries were the way...
Still, I had to copy the data from sources for it, OR, find them myself (both pains, but not NEAR the pain of trying to dedup a large hosts file 'by hand/manually').
Anyhow, I started writing up an app for it, around late 2003 & I've rewritten it 5 times since then. It does the following for me in that regards - FULLY automating the process (written in Delphi XE2 64-bit Object Pascal... I even did one in Python in character mode with my nephew a year++ ago too, but I came back to Delphi):
The program's a hosts file mgt. program that does the following for end users (Calling it "APK Hosts File Engine 5.0++") written in both 32-bit & 64-bit Delphi XE2.
---
1.) Offers massively noticeable increased speed (via blocking adbanners + hardcoding users fav. sites into the hosts file for faster IP address-to-host/domain name resolutions)
2.) "Layered-Security"/"Defense-In-Depth" via blocking host-domain based attacks by KNOWN bad sites-servers that are known to do so
3.) Better 'anonymity' to an extent vs. DNSBL's or DNS request logs, as well as reliability vs. the DNS system being "dns poisoned/redirected" OR "downed" period...)
4.) Faster resolution of IP addresses for host-domain names (via hardcoding users fav. sites into hosts already ip address resolved, locally = MANY TIMES FASTER than calling out to potentially redirected/poisoned or downed DNS servers).
5.) Write protecting the hosts file every 1/2 second (supplementing UAC) - even if/when you move it from the default location via this registry entry (which if done, can function ALMOST like *NIX shadow passwords because of this program):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters
And changing the "DataBasePath" parameter there (I do this moving it to a faster media, a "true SSD" using DDR-2 RAM, in the 4gb Gigabyte IRAM I have).
5.) Automatic downloading & Alphabetic sorting of hosts files' records entries (for easier end user mgt. manually) from 15 reliable sources (of 17 I actually use).
6.) Manual editing of all files used (hosts to import list, hosts itself in its default location of %windir%\system32\drivers\etc, the hosts files to import/download & process, & favorite sites to reverse dns
50% to 60% of all PCs are infected with PC malware (ignoring that Microsoft report that says 5 % for obvious reasons) - I'll take bets there are more PCs with Mac malware than infected Macs. http://www.google.com/search?q=percent+of+pcs+infected