Slashdot Mirror
One In Five Macs Holds Malware — For Windows
judgecorp writes "One in five Apple Macs is infected with malware, according to Sophos. But most of that is harmless to the Mac... it is Windows malware ready to be transmitted to the Windows population. Only one in 36 Macs has OS X specific infections."
If the code never can run on Mac OS X, how can Mac OS X be infected? To Mac OS X, it'd just be a useless file full of some kind of data.
It took me about an hour to track down and eliminate some windows malware running in wine. it turned my poor Linux box into a free p2p seeder for some freeium MMORPG. It ended up saturating my poor little cable modem until I clobbered it.
Only one in 36? Sounds like a lot to me!
Isn't that like 90% of tuberculosis infections? Many people are infected, but only ten percent or so ever develop an active infection, and the rest of them never develop the diseased form at all.
Occasionally living proof of the Ballmer peak.
I've run Macs most of my life, and recently backed up the entire contents of a machine to a Windows box with the space needed for the backup; close to a million files (app bundles contribute largely to this number), about 120 common-use files had various infections that Norton picked up.
CAn'T CompreHend SARcaSm?
One in five macs where people chose to install antivirus software have (inactive) Windows malware.
Which is a bit like saying "one in five cars brought to the mechanic get serviced for something." The survey is skewed due to the sample group - most Mac users never install any anti-virus software.
The only places I've seen it installed are on computers in corporate environments where there are already viruses being passed around commonly via email attachment, USB stick, and network drives. These places install antivirus on Macs so users don't forward a virus to Windows users - and it sounds like from this survey, that's with good reason.
Apple's Mail software (and Microsoft's Outlook for Mac) cache attachments locally on the user's disk, so it's very easy to "have" malware and viruses if you just receive email (even without opening it).
It's a bit ridiculous to claim they are "infected" however, and again, the sample group is not really representative. That said, I don't think Macs are in any way immune from viruses. Apple's iOS-like sandboxing and signed-app requirements would likely help OS X considerably in this regard, but of course every decision that increases security by removing control from the user also infuriates free/open software proponents and hackers. Think of jailbreaking iOS and how Apple patches security holes - this is maddening for people who want to jailbreak, but is ultimately an attempt to fix a potential infection vector.
study shows 1 in 5 macs have software they can't even run, because it is written for windows. get vmware / parallels and start running ALL the software already on your mac -- seamlessly!
I'd mod this funny, but I'm out of mod points...
It's always been a good idea to have a virus scanner on a Mac - at the very least, it's a courtesy to users of other platforms who may be more vulnerable to any infectious crap you may pick up without realizing.
(I use OSX exclusively at home)
You want me to pay for an antivirus suite, or devote system resources to it all the time, as 'courtesy to users of other platforms'?
Nah. I'm good.
There are those who believe that having a virus scanner anywhere is a bad idea. Especially something like Symantec, which can slow your computer down more than many viruses.
"First they came for the slanderers and i said nothing."
The last sentence in the article makes their motives clear: “What Mac users really need to do is protect their computers now or risk allowing the malware problem on Macs to become as big as the problem on PCs in the future.”
Sophos simply wants to scare up some more business selling Mac business users their anti-virus software. (At least right now, home users can get it from them for free, at: http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx)
I'm in no position to challenge their numbers, but even "1 in 36 Macs" having a Mac specific infection seems awfully high to me. Maybe this last trojan horse that made the rounds pushed that number way up ... but I haven't encountered a single Mac that was infected yet, out of the ones my co-workers own (and always ask me for help with when they have problems), out of the ones we use at home, or out of the ones I support for clients in my side job. I don't think any of my Mac using friends on Facebook mentioned problems with it either.
Regardless? The concern of Macs harboring Windows malware is nothing new... That's been a potential issue for as long as I can remember. I recall the office running Norton anti-virus for the Mac on iMac G3 machines running MacOS 8.6 and 9.1, at one of my old jobs, just for that reason. They didn't want to accidentally spread an infected file they might have gotten via email to a Windows recipient.
The main reason Mac users stopped that practice, as I recall, was the really poor quality of most anti-virus packages when OS X came out. Apple even gave away copies of Virex for OS X to .Mac account holders at one time, and the software bogged down and destabilized the machines so badly, everyone I knew removed it in a matter of days!
Unless you're a business, why would you pay for an AV suite in this day and age?
Unless you're running some old crappy Mac from 8 years ago, why would your big bad super duper Mac even notice the miniscule amount of system resources devoted?
You don't have a problem infecting other people's computers? Thanks a bunch!
Sophos also recommends this. However, should one really sign up for a subscription of virus signatures for operating systems they don't use? I don't carry an Epi-Pen around just because I happen to be eating at a restaurant where other people might have peanut allergies.
You're free to run whatever software you'd like on your computer. However, this article is long on FUD, and as a fortunate side effect for Sophos, hundreds of thousands of mac users have downloaded their antivirus software. There is an inherent responsibility and conflict-of-interest in a researcher working in a for-profit company recommending their own software.
I'm not worried about the virus slowing down my computer, I'm worried about it storing kiddie porn on my computer, or stealing documents, or blowing a bunch of bandwidth for a DDOS attack.
No matter if your OS is Windows 5.x, 6.x, Mac OS X 10.x or GNU/Linux Kernel 2.4.x or 2.6.x. If your machine is a desktop run an antivirus.
You owe it to the rest of the world to exterminate viruses/trojans/malware, both the many (or few) that your machine is susceptible to, as well as those that, even though will not infect your machine, will be passed on to someone else... ...because YOU, saavy and enlightened slashdot user, did not catch and exterminated them.
Do it for the unwashed masses, that are clogging the pipes with port scans and attempts to infect, do it to have a tad fewer cheap viagra/penis enlargement offers in your spam folder... do it for the children!!!! :-)
If you "feel confident" (note the quotes) that your OS is "safe", that you use "safe practices", and the AV is a "Waste of resources", then fine, get an AV with a small footprint, both in system resorurces, and in $£¥€, and run it while you are sleeping, so it does not affect your daily work routine.
I am writing this fom Firefox 10.0.3 esr in a Mac with 10.6.8, and I am not scared at all about these developments, but, as safe practice, run ClamXav manually. I scan my machine and its external hard-drives every night, and scan smaller/unknown removable media every time it is inserted. ;-)
So, please my Linux and Mac OS X brothers and sisters, stop being a bunch of snobs, get on with the program, and run an antivirus. :-)
--
*** Suerte a todos y Feliz dia!
For the sake of variety.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
Just curious...
One in five Apple Macs is infected with malware, according to Sophos. But most of that is harmless to the Mac... it is Windows malware ready to be transmitted to the Windows population. OnlyOne in 36 Macs has OS X specific infections.
FTFY. A 2.8% infection rate is pretty significant.
You know what? Stop surfing to fucking dodgy porn sites (or other dodgy sites of questionable content) and you won't get infected whether or not Mr. Mac up above runs antivirus software on his macbook pro.
Stop clicking on every fucking popup too.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Only one in five? I'm guessing they got their numbers from Macs with Sophos installed. That should have made it a solid five in five.
This space intentionally left blank.
So 20% macs have infections on it that they have no reason to counter. Woo. A stat like how many would actually make it onto a system that would have a reason to guard against that virus would be an important stat to guestimate. If you assume there are hardly any windows machines with rudimentary enough security to accept the majority of these viruses to begin with - a story which would sync with known windows infection rates -, this becomes a nonstory. But this essential fact wasn't looked at, making this entire story worthless propaganda.
It's actually the wrong terminology.
The Mac system has been contaminated with the Windows virus, which, to use the "viral" analogue, doesn't have the correct DNA to infect the host.
In the same way that a farmer which has been handling sheep with Foot and Mouth disease can become contaminated and pass the infection onto another sheep the Macs which have been contaminated with the disease can potentially pass the infection on, especially if it's infected Microsoft Office documents.
Agrajag: "Oh no, not again!"
I don't use p2p, I don't use pron sites, and I don't use Windows or IE. Viruses aren't really a part of my life.
Don't ask me to pay for the shortcomings of the platform you've chosen.
I'm sure Sophos' sample size is too small to be of any use. Hardly anyone knows who Sophos is or uses their antivirus. I like it, but I haven't run AV on my Mac since moving to OSX 10.3 when Norton failed to make the jump in a timely manner. And I've never seen Macs on OSX brought down as hard as PC's on XP.
Don't forget, Malware & Trojans are a different beast than viruses. A lot of viruses can spread just by the fact that your Windows PC is connected to the same network as an infected PC. This does not happen to Macs with OSX, no matter how loudly Leo Laporte whines about it. Or Sophos.
Remember kids, if you're not paying for the service, YOU ARE THE PRODUCT THAT IS BEING SOLD.
That's not true any more. Most of the infections we have to address at work are coming through the ad networks. A harmless site spinning content from a company that puts up anything where a check clears. Local radio stations are the worst with a little player surrounded by ads from various providers.
I surf porn sites all the time and I've never gotten a virus
I still can't decipher where exactly this malware is on OSX, I suppose it's just sitting harmlessly in the browser's cache?
Avoiding anti-malware in order to "enhance performance" is about as rational and well-planned as avoiding condoms for the same reason, and generally produces the same results.
Who said pay? There are plenty of free versions for Mac available that you do not have to pay for that work just fine. You can continue to stick your nose up and walk by everyone else but the fact of the matter is there are more malicious software files written today for Macs and it is exponentially increasing. Having a anti-virus/mal-ware software on the machine wouldn't hurt but rather add an extra layer of security on your machine. Why sit there in your armored car laughing at normal cars thinking your king of the world until a tank turns the corner and explodes your world and you sit there wondering wtf happened? Nothing is 100% safe but having nothing to detect the threats makes you 100% unaware of what is really happening on your machine. Security through obscurity is fine and dandy but I will add an extra layer of defense to my computer thank you very much.
Avoiding anti-malware in order to "enhance performance" is about as rational and well-planned as avoiding condoms for the same reason, and generally produces the same results.
A statement that demonstrates this point: "analogies are like nuclear weapons: you can use them to avoid making a good argument."
"First they came for the slanderers and i said nothing."
Nah, no need, not even at a business level. Note that there are no known viruses for OSX, and a properly configured mac makes even malware difficult to run.
All that aside, this article is extremely suspect - 1 in 36 macs were infected with malware? 600K macs estimated to be infected with flashback, the only really known problem malware at the moment. So that would indicate about 22 million macs according to the story. According to Apple's Q1 2012 results, they sold over 5 million macs just this quarter, meaning that this article is saying 25% of the macs out there were sold this quarter? Of course, Sophos sells "security" software, so is this a surprise?
The cesspool just got a check and balance.
Infection via legitimate ad channels on respectable sites is not unknown.
Rgds
Damon
http://m.earth.org.uk/
Sure... when people who run other platforms that are more susceptible to viruses start paying me for the CPU time and other computing resources that the virus scanner must utilize on a system that *I* paid for.
File under 'M' for 'Manic ranting'
Whatever makes you feel better, just remember to pull out before the scripts load; that always works.
I don't use p2p, I don't use pron sites, and I don't use Windows or IE. Viruses aren't really a part of my life.
Don't ask me to pay for the shortcomings of the platform you've chosen.
That's idiotic. For one example, Flashback relied on none of those things. Viruses and malware don't just come from porn sites or file sharing, and Windows and IE aren't the only pieces of software with vulnerabilities. So you don't use email? You never open attachments? You don't click on links, you manually type in every address you go to? You don't use flash drives? There's a countless number of attack vectors from a countless number of sources.
There's something fundamentally flawed with what amounts to using an elaborate grep command to ensure computer security.
File under 'M' for 'Manic ranting'
I like your analogy to condoms. I don't use them because there are better solutions to birth control. Same goes for anti-malware, you can avoid it altogether by making better choices when it comes to the software that you run on your computer.
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
I still can't decipher where exactly this malware is on OSX, I suppose it's just sitting harmlessly in the browser's cache?
Macs (and Unix boxes) might also harbor infected MS Office docs.
We had this problem a few years back - one of our end users repeatedly would get his box thoroughly infected. His group shared a workspace drive that was on a Linux box running Samba. He'd upload a doc that'd sit there, biding its time on the Linux box, until one of the other users grabbed it - then they'd either get a pop-up from their antivirus, or they'd get hosed themselves.
I'm not a Windows sysadmin, so I found the whole thing rather funny - but my Windows compadres didn't see the humor in it.
#DeleteChrome
Good analogy...
Koalas. They're telepathic. Plus, they control the weather. -Margaret
You can avoid condoms safely... you just have to avoid having sex with people you can't say are certainly uninfected, abstaining entirely if you must.
Interestingly enough, that analogy is still actually applicable back to avoiding anti-malware... you just avoid doing the things that are liable to result in infection.
File under 'M' for 'Manic ranting'
I like your analogy to condoms. I don't use them because there are better solutions to birth control.
/facepalm
you can avoid it altogether by making better choices when it comes to the software that you run on your computer
"She looks clean."
You can avoid condoms safely... you just have to avoid having sex with people you can't say are certainly uninfected, abstaining entirely if you must.
And, similarly, you can safely avoid antivirus software provided you abstain from connecting your computer to anything, and pre-screening any and all new software on a system that does have anti-malware tools.
But the people who avoid anti-malware software because of performance issues also tend to be the ones engaging in the riskiest behavior, such as connecting to random LANs for gaming. And so the ones who proudly boast this behavior should be avoided like the plague-carriers they are.
Why should I waste electricity scanning for viruses that can't infect my computer?
“Common sense is not so common.” — Voltaire
Cluley adds that while the spread of malware to and from Macs is no different than that for Windows computers, a lack of anti-virus implementation means that it sticks around for longer. Some samples collected by Sophos found malware dating back to 2007.
For shits and giggles, I ran a scan on my email archive, some of which dates back to 1994, and it resides on a linux machine.
I found *two* Windows trojans.
I didn't bother removing them. So this means I'm infected?
What a load of horse-pucky.
--
BMO
No, I don't use flash drives or open email attachments that aren't from trusted senders or use p2p specifically for that reason.
I think the real truth is, if have some computer savvy and you use a little common sense your chances of getting a virus even on Windows is pretty low.
Because most of it is due to user stupidity, I simply don't feel bad at all about not running virus software on my Mac so Windows users can continue to click "happybirthday.jpg.exe" when it shows up in their email.
Contaminated is actually a more apt description as you say although even if contaminated it can't rub off as Foot and Mouth contamination can exactly.
Where it can be shown that the mere act of simply connecting the computer to a network creates a clear and present infection risk, then yes. Windows isn't *QUITE* that bad... at least not when coupled with sound administrative practices (not visiting unknown websites, avoiding software that has not prescreened, users not having administrative privileges, etc).
File under 'M' for 'Manic ranting'
Setting up ClamXav to scan the folders likely to be infected is a bit of a drag, but it's not much of a drag on system resources. I did this last week after a scan flagged some files on my Macbook as infected. They were mostly e-mail attachments from students and FLV files I'd gotten via Facebook posts. I figured that, since I share files quite a lot with colleagues, it'd be a good idea to check myself. The nice thing with ClamXav is that you can set it to scan lots or a little; it's not like that godawful stuff on Windows that seems designed to frack up your machine (excluding Security Essentials, which is very nice). The end result is a negligible drag on my processor, less than 1% if top is right, and I'm checking a very full list of candidate folders: all the launchagents, caches, internet plug-ins, along with obvious spots like ~/Downloads and the Mail.app attachments folder. I've been having ClamXav doing a full similar set of scans on an PPC machine for years now. It's a dual G4 500MHz machine, which is pretty weak by today's standards, yet ClamXav's process barely registers in top on it.
I surf some sleazy websites, but my infections have come from e-mail attachments sent by coworkers and from a couple of flash videos I snagged from YouTube. All of the skanky pr0n I've downloaded seems to have been disease free.
Maybe you've been living under a rock for the last few years, but "happybirthday.jpg.exe" hasn't been a big attack vector for a long time.
Most of the infections I've seen in the past 3-4 years have been from some dodgy ad on otherwise legitimate sites exploiting a security hole somewhere. News sites are common for that, or anywhere else where lots of people visit (don't even get me started about facebook).
Malware aren't usually out to pwn the computer for the lulz anymore. It's about expanding their botnets for spam ($$$), or getting credit cards from people ($$$). No system in the world is going to protect a user that decides they want to give their CC# for something.
"can potentially pass the infection on," How? The entire pathogen analogy is invalid in this case. Biological pathogens put into an environment that doesn't support them die. The same is true of a malware file downloaded to a Mac. It's dead. The malware delivery truck went over the side of 1000 meter cliff and left bits of nothing significant, just some file clutter.
The potato it is uninformed.
One in eight statistical analyses are made up on the spot.
/* No Comment */
Typhoid Macintosh. Seriously, this is nothing new - years ago when I did some publishing on the Mac we'd often get Word docs infected with various stuff; it got to the point we simply ignored the warnings since even when we emailed the author a warning we'd often get another article with the same infection.
I'm a consultant - I convert gibberish into cash-flow.
Well technically, as most of said viruses are Windows binary, they won't run on an actual non windows OS. (I mean outside of some virtualised box).
Thus you don't really need to constantly have background analysis turned on: because there's no running viruss that needs to be unmasked, or exploits that need to be prevented before accessing a compromised file.
What you need, to do a 'courtesy to other platform' is simply scanning at the entry point.
Use a plugins like Fireclam on FireFox so any newly downloaded file is checked.
Do something similar with your P2P client.
Now you've covered most source of new malware.
Also, add an option to scan plugged in media, if you're into sneakernet too.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
That's your prob, Bob. I'm not the one who neglected to wipe a poorly written piece of shit OS for one that actually works, and not only works but works how I want it to work.
You don't want me giving you viruses? Get rid of your OS. It sucks. It's not MY fault that your OS is insecure. You don't want to catch the flu from me? Get a flu shot, same thing.
Free Martian Whores!
I run adblock and flashblock at all times. I also do not use IE, I don't have Adobe et al. installed, JRE and the OS itself are kept meticulously updated.
In a larger sense - in all my years of home computing under Windows, almost all of that time running Norton or later McAfee - I never got a virus warning.
Call me crazy, but it doesn't seem like most people have virus issues unless they engage in high risk behavior.
But but but, digital vaccinations cause digital autism :D
This is the sig that says NI (again)
http://blog.chron.com/techblog/2008/07/average-time-to-infection-4-minutes/
That's about XP, mind you. I can't find where anyone has done a similar test with Windows 7, but Windows 7 continues has had its fair share of buffer overrun issues that didn't require user intervention to be exploited.. Only a fool would think that the last patch cycle had finally fixed them all and perfected the OS.
An example could be an infected word document which requires Visual Basic scripting to cause the agent to run won't work on the Mac version of Microsoft Office. However, the "DNA" of the infection will stay in the file harmlessly until such time as it is transported to a PC and opened within the Windows version of Microsoft Office, which does have the scripting language available.
It is true that most of the drive-by attempted infections will fail, as do most biological attempted infections by viruses when they land on the wrong host.
Agrajag: "Oh no, not again!"
Avoiding anti-malware in order to "enhance performance" is about as rational and well-planned as avoiding condoms for the same reason, and generally produces the same results.
My machine could get pregnant? What?! What?! What?!
It's fixed enough of them that the simple act of hooking a (up-to-date patched) windows xp computer up to a network does not tend to compromise it.
File under 'M' for 'Manic ranting'
'Infected by Malware' means that the Malware was able to attempt to do stuff on a Mac and left a couple of signature files(?) but the Malware would have stopped because it wasn't running on Windoze. 'Potential' vector for Malware, means that they don't have evidence that people do this, but it's possible, it's also possible for Mac users to pass bad Word or PDF files onto other systems. So the lesson here is buy their product (sarcasm) and this will make the world safer for Windoze users and Mac users. As for Flashback, a sad tale where not patching Java, and stupid users, mainly those that frequent sites in Europe/Russia, have caught a bug, life goes on.
There was an unknown error in the submission.
We saw this in action in our Graphic Design classes. The class size was 25, with 20 Macs, and 5 PC's, we found the PC's were constantly being attacked. Fortunately the PC users had protected themselves, but eventually a mistake was made and one got infected. That person lost their computer for three days, and almost pulled down an ongoing project involving the entire class. Once he figured out what hit him, we started a search and found 15 of the Macs carried the virus. Once found it took only a few minutes to purge the malware from all the Macs. But...the original reaction from the Mac users was essentially "bummer pc dudes, buy a mac," however the pc folks pointed out their entire class project almost failed because of their not practicing safe computing. Next we pointed out that most of the folks they were working for outside the class were pc users, and every time they sent a presentation or passed a usb drive at a customer site, they most likely spread the infection. Panic ensued as they immediately begin reaching out to their clients. That was when they really learned the hard lesson of being a carrier. In the end only one Mac student purchased a form of protection. So if you're a client using a service provided by a Mac environment, be very wary, and perhaps add into your requirements that the service provider demonstrate they are aware of this risk and have taken steps to minimize it. If they don't, then move on.
My spam folder (on my Mac) at any given time usually has some windows malware in it. Who cares?
"...one in 36 Macs has OS X specific infections..."
Ah yes, only in Mac-land would they spin that into a positive!
Three Squirrels
Thanks
"First they came for the slanderers and i said nothing."
As for new threats...the last round of Mac malware got right by every antivirus vendor out there, too. By the time the part-time intern that Symantec has working on their Mac version came back from Spring Break and added a definition, Apple itself had finally released a removal tool.
True, and yet, apple released a removal tool, all antiviruses now detect the threat because all the interns are back from spring break, and yet, the botnet keeps going strong and even growing a bit...
What that tells you is that people do not run antivirus, nor do they apply patches...
We teach with example, you know?
*** Suerte a todos y Feliz dia!
wash your hands, that's what my mom taught me, I don't do ether of those things though.
Note that there are no known viruses for OSX, and a properly configured mac makes even malware difficult to run.
600K macs estimated to be infected with flashback, the only really known problem malware at the moment.
Off the top of my head, there's also Flshplyr, SabPub and Maljava. If you don't keep up with the tech world, at least check your facts before getting on your soapbox. There's been PLENTY of OSX malware, mostly trojans and scareware - the aforementioned, Dloadr, FakeAv, Miner, Imuler, Renepo. Yes, there have been viruses, worms and malware for OSX. This is a matter of indisputable fact. This is not the first, it's not the only vulnerability currently out there. None of this is news.
So, with the exception of Renepo, which doesn't exist except as a concept and was for PPC Macs, the real problem was Flashback. All the other recent Trojans were targeted. I'll also note that Sophos now estimates the Flashback to be less than 275K infections as of last week. What was your point again?
The cesspool just got a check and balance.
Try NortonDNS. It will filter out bad domains for you. OpenDNS does as well if you use the paid version. The free one does have phishing and banking protection for home use.
That should save you a lot of effort and it is easy to setup on your router for all devices.
http://saveie6.com/