OS X inherently virus-proof?

Posted:
in macOS edited January 2014
According to this article, Mac OS X is inherenty and structurally almost completely virus-proof, thanks to its Unix plumbing. So....errrr....that would be why Apple gives dotMac users a free copy of Virex then....!
«1

Comments

  • Reply 1 of 22
    Virex really doesn't *do* anything to help Mac OS X. There are to-date still no known viruses for Mac OS X.



    What does Virex do then?



    It plays the "good neighbor" role. If you happen to have a file that's infected with a Windows virus or Classic Mac OS virus, it'll clean it so it won't go on to infect other computers if you pass it to someone else over the network.
  • Reply 2 of 22
    osx is not virus-proof. a handful of exploits have been discovered in a number of unix-like environments, and potentially more could exist in macosx. osx is very secure though against most attacks. many attacks are started when a person attempts to gain access externally, and in that respect macosx is very secure. if i created a virus (i could write one in a few minutes if you'd like), and convinced you to install it, i could gain access to your computer. but, by default, macosx doesn't have any holes (that i can think of), so it is more secure than certain more popular OSes.
  • Reply 3 of 22
    but aren't there also many fewer people looking for holes in it? the number of professional programmers who hate windows is so high that if there's a hole it will almost certainly be found, while most mac pros love them and don't try to find exploits...

    just my two cents and I'm just a JUNIOR MEMBER so don't flame me pls :P
  • Reply 4 of 22
    amorphamorph Posts: 7,112member
    Quote:

    Originally posted by pumpkin

    but aren't there also many fewer people looking for holes in it? the number of professional programmers who hate windows is so high that if there's a hole it will almost certainly be found, while most mac pros love them and don't try to find exploits...



    There are, but there are also fewer holes in it. Macs have been set up as hacker targets before, with substantial rewards for breaking in, and they're pretty much bulletproof. If you ignore the "properly secured" clause - since most people don't properly secure anything - OS X is far more secure out of the box than Windows, and many UNIXen for that matter. Since worms get around by exploiting the same vulnerabilities, OS X is secured against those; and since viruses thrive on Windows because of some really stupid decisions to automatically open and run attachments, combined with extension hiding and too-tight integration with Office, OS X doesn't have to be concerned about those, either (although Office-owning Mac users can infect Windows users, which is where Virex comes in).



    The biggest vulnerability in OS X is its setting that makes the first created user an administrator (but not root). This means that the user can theoretically be fooled into installing something that can wreak a fair amount of havoc (but not as much as if they were root). On the other hand, if Apple forced people to explicitly enable Administrator privileges the longtime Mac user community would probably call for Steve's head.



    It just occurred to me that if the malicious code came with the industry standard EULA, the hacker wouldn't be responsible for any damage to the computer it was installed on, either...
  • Reply 5 of 22
    torifiletorifile Posts: 4,024member
    Quote:

    Originally posted by pumpkin

    but aren't there also many fewer people looking for holes in it? the number of professional programmers who hate windows is so high that if there's a hole it will almost certainly be found, while most mac pros love them and don't try to find exploits...

    just my two cents and I'm just a JUNIOR MEMBER so don't flame me pls :P




    The marketshare, or security through obscurity, argument doesn't hold water when you consider the number of flaws found in other MS products, as well. You've got IIS and MSSQL as two recent and salient examples. Both have much lower market share than their competitors (at last count, Apache webservers account for well over 60% of the server market), but there are orders of magnitude fewer security holes. Face it: MS makes shoddy software. There's no getting around that.



    BTW, MS just announced 5 new security flaws in Windows and Office. That brings the total up to 38 disclosed flaws this year (that number doesn't count virii).
  • Reply 6 of 22
    torifiletorifile Posts: 4,024member
    Quote:

    Originally posted by Amorph

    It just occurred to me that if the malicious code came with the industry standard EULA, the hacker wouldn't be responsible for any damage to the computer it was installed on, either...



    How funny would THAT be?? I'd love to see it happen, if only for the havoc it would cause to software companies who cling to the "shrinkwrap-broken, EULA accepted" argument.
  • Reply 7 of 22
    bartobarto Posts: 2,246member
    Quote:

    Originally posted by torifile

    How funny would THAT be?? I'd love to see it happen, if only for the havoc it would cause to software companies who cling to the "shrinkwrap-broken, EULA accepted" argument.



    I'd love to see it happen, because the only way it could be spread is to click "agree". I betcha 9 out of 10 office workers would just click agree to "do you want this virus installed on the system", like trained monkeys.



    Then they would have no-one to blame but themselves.



    Barto
  • Reply 8 of 22
    kickahakickaha Posts: 8,760member
    Quote:

    Originally posted by pumpkin

    but aren't there also many fewer people looking for holes in it?



    In some parts (Apple bits), yeah.



    In other parts (BSD bits), heck no. The BSD code has been around for years, and has had hordes of open source code monkeys crawling over it looking for nits to pick since its inception. It's pretty rock solid.



    Remember, the base layers of MacOS X, where much of the enforcement of security policy takes place, is based on source code that anyone can download, inspect, and submit patches for. Could they also find an exploit, keep it to themselves, and use it for nefarious purposes? Sure.



    But then... why haven't they? :/



    The MS code is completely closed, and yet people find holes in it on a regular basis.



    The BSD code is available to anyone to inspect to find holes in, and yet it has a lot fewer exploits.



    You figure it out.
  • Reply 9 of 22
    amorphamorph Posts: 7,112member
    Quote:

    Originally posted by torifile

    How funny would THAT be?? I'd love to see it happen, if only for the havoc it would cause to software companies who cling to the "shrinkwrap-broken, EULA accepted" argument.



    That's actually why I'm almost hoping someone does it. That particular havoc needs to happen one way or another. Especially the bit where you pay hundreds or even thousands of dollars in order to sort-of sign a sort-of contract that you don't get to see until you've already paid, to use a product that is still owned by the vendor, who is nevertheless freed of all liability should the product be defective.



    You just don't build an infrastructure - or a business, for that matter - on that crap. It's just building castles on sand, and the tide's coming in.
  • Reply 10 of 22
    Just food for thought, here's a link reported by MacInTouch to a PDF called "Smashing the Mac for Fun & Profit" which purports to describe how to develop shellcodes to exploit vulnerabilities in Darwin.



    I'm no coder, so I have no way to evaluate the veracity of the paper. My thought is that the author has waaay too much time on his hands.



    Darwin exploit white paper (PDF)
  • Reply 11 of 22
    AFA the topic, OS X is not inherently immune to viruses. It is however less prone to catching them, for reasons stated above. But do not think that OS X is somehow above all that. No OS is. There is always a way. Someone simply hasn't taken the time to write a very sophisticated virus that would crack a mac. It will happen though.



    AFA the above post and shell scripts, that is not the same as a virus, nor a remote attack. Shell scripts are executed by someone who already has shell access... In other words, they are at the keyboard, presumably hacking into their own computer. Disclaimer: I have not read the link, but am merely using common sense.



    Keep in mind no OS is unhackable, there a merely shades of hackability, and Windows happens to top the list.



    [quote]Especially the bit where you pay hundreds or even thousands of dollars in order to sort-of sign a sort-of contract that you don't get to see until you've already paid, to use a product that is still owned by the vendor, who is nevertheless freed of all liability should the product be defective.

    [quote]



    Well put, Amorph! I never really had to deal with shrinkwrap licensing, but it sure sounds ludicrous.
  • Reply 12 of 22
    kickahakickaha Posts: 8,760member
    Man, does *that* take me back...



    Wow, nice to see folks still doing the nitty-gritty stuff I cut my teeth on. I love it.



    Yeah, these are possible exploits, from what I can see... rare ones that would require convincing someone to run a script, or find an already available hole in a protocol's socket use, but possible.
  • Reply 13 of 22
    Quote:

    Originally posted by Kickaha

    Man, does *that* take me back...



    Wow, nice to see folks still doing the nitty-gritty stuff I cut my teeth on. I love it.



    Yeah, these are possible exploits, from what I can see... rare ones that would require convincing someone to run a script, or find an already available hole in a protocol's socket use, but possible.




    Some v interesting replies, but what about this particular (admittedly rather long) passage in the article I linked to above?



    Quote:

    While creating a Mac OS X virus is not impossible, Janz said, "the degree of difficulty here is at least 9.5 on a scale of 1 to 10."

    Even harder is creating a virus or worm that could access the OS X system. The reason, Janz and several others pointed out, is in part explained by how Unix-based systems handle multiple users on the same machine.

    For instance, Mom, Dad and Sis all can have separate user accounts. This also is true of Windows. But in OS X, only an account with administrator privileges can install software -- and even those accounts cannot access or change applications or data in other accounts, especially not the core of the system software.

    Furthermore, only a user with "root"-level permissions has full access to the system, but Apple has this access disabled by default. Most users never will go to the trouble of figuring out how to enable the root user, and don't need to -- as nothing a regular user would want to do requires root-level authority.

    Denied such access, the damage that any OS X malware could do becomes limited to the account of the user who runs it.

    In other words, even if Dad got hit with an OS X virus that wiped out all his data -- and, remember, no OS X viruses presently exist -- the Mac still would operate, and Mom's and Sis's stuff on it would be untouched.

    Also, because OS X always asks the user to type an administrator password before modifying anything in the system, attempts to install malware or alter system files immediately would be flagged.

    "The virus would have to be an application," said Alan Dail, an independent senior software engineer in Wooster, Ohio. "You'd have to see that it's an application and make a conscious decision to run it for it to actually do anything."

    Windows, the programmers said, has no such protections.



    Doesn't that suggest that the fundamental structure of Mac OS X is such that a virus, as the term is commonly understood, is basically not possible?
  • Reply 14 of 22
    Quote:

    Originally posted by Brad

    Virex really doesn't *do* anything to help Mac OS X. There are to-date still no known viruses for Mac OS X.



    What does Virex do then?



    It plays the "good neighbor" role. If you happen to have a file that's infected with a Windows virus or Classic Mac OS virus, it'll clean it so it won't go on to infect other computers if you pass it to someone else over the network.




    But does the Mac version of Virex actually detect Windoze virii? I know Norton Antivirus for Mac does, but Windows malware detection was only included in the very latest version as an additonal feature (and it's a feature which has, if I remember the size of previous versions correctly, added considerable bloat...)
  • Reply 15 of 22
    dfilerdfiler Posts: 3,420member
    While I agree that OS X is fairly safe from viruses, that quote overstates the security. A few buffer overrun bugs have been found in low level APIs. Apple quickly releases security updates in these situations. These memory stomping viri tend to bootstrap themselves in with a buffer overrun, placing code into a spot in memory that will eventually be executed.
  • Reply 16 of 22
    Quote:

    Originally posted by The Blue Meanie

    But does the Mac version of Virex actually detect Windoze virii?



    Yes, as long as you keep your definitions up to date.



    Virex found the Windows klez virus in my mail a few months ago.



    PS. In the English language, the plural of virus is viruses.
  • Reply 17 of 22
    Quote:

    Originally posted by The Blue Meanie

    Doesn't that suggest that the fundamental structure of Mac OS X is such that a virus, as the term is commonly understood, is basically not possible?



    Yup. The ownership infrastructure is one of the biggest blocks for viruses on Mac OS X. If you run a malicious program, as your quote says, it can destroy your files but it can't destroy other users' files. You'd have to authenticate the program to run as root to do that.
  • Reply 18 of 22
    dfilerdfiler Posts: 3,420member
    That is, unless the virus interacts with a root process which doesn't truncate input properly...



    (PS: You're right, multiple virus == viruses in English ... so it's a good thing we speak american. )
  • Reply 19 of 22
    pbpb Posts: 4,255member
    Quote:

    Originally posted by The Blue Meanie

    Doesn't that suggest that the fundamental structure of Mac OS X is such that a virus, as the term is commonly understood, is basically not possible?



    I think that the "commonly understood" statement is the key. A virus that asks for your permission to be executed is not a virus in the common sense (as in the Windows world).
  • Reply 20 of 22
    kickahakickaha Posts: 8,760member
    Yup, that'd be a Trojan Horse. "Run me. I'm good. Trust me."
Sign In or Register to comment.