One In Five Macs Holds Malware — For Windows

judgecorp writes "One in five Apple Macs is infected with malware, according to Sophos. But most of that is harmless to the Mac... it is Windows malware ready to be transmitted to the Windows population. Only one in 36 Macs has OS X specific infections."

Infected?

[Rosyna]

If the code never can run on Mac OS X, how can Mac OS X be infected? To Mac OS X, it'd just be a useless file full of some kind of data.

Re:Infected?

[StoneyMahoney]

They may only be able to carry the germ without symptoms, but that still sounds like an infection to me.

Re:Infected?

In biological disease, there's a phenomenon called a carrier. For reasons unknown, the person is infected, but doesn't show any of the symptoms and never will. They are however able to infect others. As such, they are still considered infected. I think that's how the mac is considered infected.

Re:Infected?

[masternerdguy]

Correct but it does indicate mac peeps aren't particularly careful about what they download or what sites they visit. This is going to cause them problems later when we see more mac malware.

Re:Infected?

[jdgeorge]

True - if it's inert, it's not really an infection. However, this is why you see Linux workstations running anti-virus software in an enterprise environment. It's not because your Linux system will get "infected"; it's so your Linux system won't inadvertently infect vulnerable systems.

Re:Infected?

[tlhIngan]

If the code never can run on Mac OS X, how can Mac OS X be infected? To Mac OS X, it'd just be a useless file full of some kind of data.

The same way lots of people are infected with some very potent diseases. It's just they're immune to it, so they're really just carriers of the disease. Heck, isn't something like chickenpox able to hide for decades in people only to infect those who haven't had it yet?

Heck, I'd be the rates of Linux infection are the same - Linux is immune to practically all malware, but it certainly can be a carrier of them. Heck, if you think about it, Linux may cause the spread of it (via Linux-based email servers)

Re:Infected?

[Joce640k]

...but how is it 'transmitted'? That implies an installed transmitter, ie. malware.

Re:Infected?

[ColdWetDog]

In biological disease, there's a phenomenon called a carrier. For reasons unknown, the person is infected, but doesn't show any of the symptoms and never will. They are however able to infect others. As such, they are still considered infected. I think that's how the mac is considered infected.

Macs are the computer equivalent of Typhoid Mary?

This should go over well.

I'll just make some more popcorn.

Re:Infected?

[quasipunk+guy]

I'd wager the majority of the Windows malware "infections" are trojan exes from shitty porn sites.

Re:Infected?

[phantomfive]

After going through the links to find a better source, I think I understand what happened.

The study comes from Sophos, with data collected from computers which downloaded their free anti-virus for Mac.

The most commonly found malware on the Macs was apparently fake antivirus scareware. My guess is that a lot of users saw the fake browser popup telling them a virus was found, and then clicked on it. This started a download which didn't run, but now they have a malware binary in their download directory that they can't use.

These are the people who downloaded free anti-virus from Sophos. No correlation.

Re:Infected?

[Daniel+Dvorkin]

The same way lots of people are infected with some very potent diseases. It's just they're immune to it, so they're really just carriers of the disease. Heck, isn't something like chickenpox able to hide for decades in people only to infect those who haven't had it yet?

Not really comparable. Carriers are still infected, in the sense that the pathogens can still reproduce inside their bodies; they just don't show any symptoms, presumably because their immune systems are capabable of keeping the infection at a subclinical level. Malware infections, OTOH, are, well, binary -- a system is either infected or it's not.

The "Macs" that are infected with Windows malware, it sounds like, are really Apple-branded machines running both OS X and Windows, through dual-booting or with something like Parallels. The only thing comparable in medicine would be if someone were a chimera of different species, vulnerable to two different sets of diseases and with two different immune systems to deal with them, and both the diseases and the immune systems switched places throughout the day. IOW, there's really no such thing.

Re:Infected?

[ashpool7]

Contaminated would be a better word, since the viruses have no way to spread or affect the computer.

Re:Infected?

[WrongSizeGlass]

...but how is it 'transmitted'? That implies an installed transmitter, ie. malware.

I guess we'd have to attach it to an email and send it along to them. Since it's can't act on its own, and it isn't active on the system, it's just sitting there like any other file on my Mac.

Re:Infected?

[Wild_dog!]

Not really similar since a carrier is replicating and spreding the disease. The disease cycle is still progressing even though a carrier doesn't know it and there are no ill effects for the carrier. The mac isn't even a dead end host like many parasitic infections which are not meant for humans. Those actually can cause a disease process that has symptoms.

The malware on macs isn't replicating and spreading.

It is more like someone picked got a piece of mail addressed to nobody with no forwarding address and it is in a pile of junk in a drawer. Unless someone gets it out of the drawer and sends it to someone else, there is not really a problem.

Re:Infected?

[machinelou]

Actually, she was forcibly quarantined twice. The first time was because she was spreading it without her knowledge. After at least a year, she agreed not to work as a cook and they let her go. A few years later, there was an outbreak of Typhoid in a hospital and when investigators arrived, they found Mary working in the kitchen. This time they forcibly quarantined her because she knowingly put others at risk. At the same time, there were a number of individuals in the New York area who were also showed no outward symptoms but were nonetheless infecting others. These individuals were not similarly incarcerated. Hence, in retrospect, incarcerating Typhoid Mary was more 'security theatre' than anything else. It was a visible but largely ineffective solution to a bigger problem.

Re:Infected?

[narcc]

I would have to say I'm infected, but not affected by it.

Either way, you're fected.

Re:Infected?

[Billly+Gates]

I'd wager the majority of the Windows malware "infections" are trojan exes from shitty porn sites.

The majority are from flash and java and javascript exploits by driveby downloads from infected servers or ads. Infact slashdot hosted a virus by a fake virgin mobile ad 3 weekends ago.

Thank God I ran Avast!. If you are one of those types who feels they are virii free who are running Windows and reading this, well your system is 0wned if you came here 3 weekends ago. Oops

Apple is easier to target for malware writters anyway because their users typically do not run anti virus software and feel safe clicking on shit anyway because the genius at the Apple Store said they are secure.

Windows users know better and have anti virus software and run Windows 7 (hopefully if they are home users) with full updates.

Re:Infected?

[b4dc0d3r]

Please don't inure people to the idea of "security theater". It really is a great description for a lot of what is being done publicly to pretend to do something, often at great expense, and frequently to the financial benefit of well connected people.

She swore by affidavit not to cook, but returned to cooking. Under a different name. Her release as a carrier depended on her not cooking, which she didn't follow.

She was the first carrier identified (at least in New York), and the policies evolved as more information came along. The effective solution to the bigger problem was to restrict carriers' activities, and Mary was used as the example of what would happen if you didn't comply. The rest were considered not justified for quarantine, again as more information was discovered.

Making up policies as you go along, and having to fight an obstinate woman who refused to acknowledge her danger to others, is not even close to security theater. You may be able to call it "meting punishment based on public perception" since she became relatively famous, which is not a whole lot better.

http://cythereabast.wordpress.com/2007/02/20/the-board-of-healths-exile-of-mary-mallon-was-it-justifiable/

Re:Infected?

[wkcole]

...but how is it 'transmitted'? That implies an installed transmitter, ie. malware.

A lot of Windows malware is transmitted via email, because there's a long history of Windows mail clients (most importantly Microsoft's crapware) being directly vulnerable and/or facilitating deceptive mail.

I have a lot of Windows malware on my Macs because I have email addresses that have been used openly and actively for 20 years and so have made it onto all sorts of indiscriminate spamming lists that are used for malware distribution. Because mail abuse is a professional focus of mine, the archives of malware-bearing spam I have accumulated is a resource, not an infection. I'm not sure why anyone else would retain all of their junk forever, but many people do so. It is a rare hour when I can't identify a log entry from my mail server rejecting mail that is almost certain to be bearing malware, and a rare week when I don't have at least one spam slip through carrying some form of malware.

If you dig down past the click-bait page referenced in the /. submission, the original source of this story is a blog post by Graham Cluley at Sophos: http://nakedsecurity.sophos.com/2012/04/24/mac-malware-study/ and it includes a breakdown of the strains of Windows malware seen on Macs. The top 2 I recognize as mail-borne and some of the other named ones are likely to end up the browser cache of any carelessly wandering user. It is an act of irresponsible fearmongering by Cluley to say (as he does) in an unqualified way that these "can still be spread to others" and compare the 20% infection rate to the 20% rate of Chlamydia infection in young men in the UK. Those in men are infective, a Mac with a Windows trojan in its browser cache or junk mailbox is not.

Passive carriers

[sandytaru]

Isn't that like 90% of tuberculosis infections? Many people are infected, but only ten percent or so ever develop an active infection, and the rest of them never develop the diseased form at all.

Re:Passive carriers

[oneiros27]

Yep. When I changed virus scanners a few years back, it found hundreds of infections on my system ... because I save my spam for when I need to train new filters.

The bigger problem is going to be people with infected files on a webserver that they're serving to the world ... JPEG exploits, word macro viruses, etc.

And it's compounded by the fact that some virus scanners don't bother scanning for older infections, so they can save CPU cycles & size of the virus definitions.

This is true.

[Tokerat]

I've run Macs most of my life, and recently backed up the entire contents of a machine to a Windows box with the space needed for the backup; close to a million files (app bundles contribute largely to this number), about 120 common-use files had various infections that Norton picked up.

Re:This is true.

[lennier1]

If even Norton picked up 120 infections imagine what a real scanner would've found.

Confirmation Bias - better title

[Qwerpafw]

One in five macs where people chose to install antivirus software have (inactive) Windows malware.

Which is a bit like saying "one in five cars brought to the mechanic get serviced for something." The survey is skewed due to the sample group - most Mac users never install any anti-virus software.

The only places I've seen it installed are on computers in corporate environments where there are already viruses being passed around commonly via email attachment, USB stick, and network drives. These places install antivirus on Macs so users don't forward a virus to Windows users - and it sounds like from this survey, that's with good reason.

Apple's Mail software (and Microsoft's Outlook for Mac) cache attachments locally on the user's disk, so it's very easy to "have" malware and viruses if you just receive email (even without opening it).

It's a bit ridiculous to claim they are "infected" however, and again, the sample group is not really representative. That said, I don't think Macs are in any way immune from viruses. Apple's iOS-like sandboxing and signed-app requirements would likely help OS X considerably in this regard, but of course every decision that increases security by removing control from the user also infuriates free/open software proponents and hackers. Think of jailbreaking iOS and how Apple patches security holes - this is maddening for people who want to jailbreak, but is ultimately an attempt to fix a potential infection vector.

Re:Antivirus Software on a Mac

[tripleevenfall]

It's always been a good idea to have a virus scanner on a Mac - at the very least, it's a courtesy to users of other platforms who may be more vulnerable to any infectious crap you may pick up without realizing.

(I use OSX exclusively at home)

You want me to pay for an antivirus suite, or devote system resources to it all the time, as 'courtesy to users of other platforms'?

Nah. I'm good.

Re:Antivirus Software on a Mac

[phantomfive]

There are those who believe that having a virus scanner anywhere is a bad idea. Especially something like Symantec, which can slow your computer down more than many viruses.

More marketing ......

[King_TJ]

The last sentence in the article makes their motives clear: “What Mac users really need to do is protect their computers now or risk allowing the malware problem on Macs to become as big as the problem on PCs in the future.”

Sophos simply wants to scare up some more business selling Mac business users their anti-virus software. (At least right now, home users can get it from them for free, at: http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx)

I'm in no position to challenge their numbers, but even "1 in 36 Macs" having a Mac specific infection seems awfully high to me. Maybe this last trojan horse that made the rounds pushed that number way up ... but I haven't encountered a single Mac that was infected yet, out of the ones my co-workers own (and always ask me for help with when they have problems), out of the ones we use at home, or out of the ones I support for clients in my side job. I don't think any of my Mac using friends on Facebook mentioned problems with it either.

Regardless? The concern of Macs harboring Windows malware is nothing new... That's been a potential issue for as long as I can remember. I recall the office running Norton anti-virus for the Mac on iMac G3 machines running MacOS 8.6 and 9.1, at one of my old jobs, just for that reason. They didn't want to accidentally spread an infected file they might have gotten via email to a Windows recipient.

The main reason Mac users stopped that practice, as I recall, was the really poor quality of most anti-virus packages when OS X came out. Apple even gave away copies of Virex for OS X to .Mac account holders at one time, and the software bogged down and destabilized the machines so badly, everyone I knew removed it in a matter of days!

Re:Antivirus Software on a Mac

[robinsonne]

Unless you're a business, why would you pay for an AV suite in this day and age?

Unless you're running some old crappy Mac from 8 years ago, why would your big bad super duper Mac even notice the miniscule amount of system resources devoted?

You don't have a problem infecting other people's computers? Thanks a bunch!

Re:Antivirus Software on a Mac

[w_dragon]

I'm not worried about the virus slowing down my computer, I'm worried about it storing kiddie porn on my computer, or stealing documents, or blowing a bunch of bandwidth for a DDOS attack.

Best practices say: Run antivirus!

[williamyf]

No matter if your OS is Windows 5.x, 6.x, Mac OS X 10.x or GNU/Linux Kernel 2.4.x or 2.6.x. If your machine is a desktop run an antivirus.

You owe it to the rest of the world to exterminate viruses/trojans/malware, both the many (or few) that your machine is susceptible to, as well as those that, even though will not infect your machine, will be passed on to someone else... ...because YOU, saavy and enlightened slashdot user, did not catch and exterminated them.

Do it for the unwashed masses, that are clogging the pipes with port scans and attempts to infect, do it to have a tad fewer cheap viagra/penis enlargement offers in your spam folder... do it for the children!!!! :-)

If you "feel confident" (note the quotes) that your OS is "safe", that you use "safe practices", and the AV is a "Waste of resources", then fine, get an AV with a small footprint, both in system resorurces, and in $£¥€, and run it while you are sleeping, so it does not affect your daily work routine.

I am writing this fom Firefox 10.0.3 esr in a Mac with 10.6.8, and I am not scared at all about these developments, but, as safe practice, run ClamXav manually. I scan my machine and its external hard-drives every night, and scan smaller/unknown removable media every time it is inserted. ;-)

So, please my Linux and Mac OS X brothers and sisters, stop being a bunch of snobs, get on with the program, and run an antivirus. :-)

--

I'm blaming Paul Allen

[smittyoneeach]

For the sake of variety.

Re:Antivirus Software on a Mac

[phantomfive]

Avoiding anti-malware in order to "enhance performance" is about as rational and well-planned as avoiding condoms for the same reason, and generally produces the same results.

A statement that demonstrates this point: "analogies are like nuclear weapons: you can use them to avoid making a good argument."

global warming

[OrangeTide]

Why should I waste electricity scanning for viruses that can't infect my computer?