Mac OS X and viruses

Posted:
in macOS edited January 2014
Here's the problem...



A friend of mine at work recently came in and showed me some Consumer Report article about viruses and spyware. The article said that the Mac OS suffered from viruses, too.



Now I know that Mac OS Classic had viruses, but does the Mac OS X platform actually have any reported viruses?



And if not, can someone point me to a reputable source that I show my friend?
«1

Comments

  • Reply 1 of 29
    The Mac OSX can have viruses but there have been no reported ones actually in the wild infecting users computers.
  • Reply 2 of 29
    While Mac OS does have (some) viruses, they're harmless, whereas the ones for windows will kill the operating system or do something else unpleasant. Basically, they're proof-of-concept viruses, just to prove they can make a virus.
  • Reply 3 of 29
    bergzbergz Posts: 1,045member
    Here's a thread (of the millions on this topic) that pins down the basic threats. I have had at least one Mac in my home since 1984, and I have NEVER had a virus.



    Here's the summary I made at the end of the thread I've linked to above:



    Viruses: no.

    Adware: no.

    Spyware: no.

    Trojan Horse (you opening up something you shouldn't from V:[email protected]ÅPPL.CUM): yes. if someone actually took the time to do it for a mac, etc.



    Note: you can still pass on malware you receive from PC users to other PC users if you Entourage it, for example. This is basically the only thing that drives the Mac Virus Protection Industry.



    --B
  • Reply 4 of 29
    bergzbergz Posts: 1,045member
    .
  • Reply 5 of 29
    kickahakickaha Posts: 8,760member
    Quote:

    Originally posted by mynamehere

    While Mac OS does have (some) viruses, they're harmless, whereas the ones for windows will kill the operating system or do something else unpleasant. Basically, they're proof-of-concept viruses, just to prove they can make a virus.



    There are *NO* viruses for MacOS X. Period.



    There are two proof-of-concept Trojans, one which attacked a QuickTime hole through a Safari hole (both long since patched), and the other which tried to fool you into running an app that looked like an MP3, which is why when you launch any app for the first time, MacOS X tells you that you're about to. So... those are both taken care of.



    There is one malware rootkit, but you have to a) be tricked into installing it as a trojan, *and* b) be logged in as root, otherwise it asks you for your authorization. If you manage to biff both of those, you really kind of asked for it.



    That's it. That's the state of viruses, et al on the Mac.



    There are anti-virus packages for the Mac, but what they detect are the 87,000+ *Windows* viruses, on the theory that if you're not clearing them out of your email, etc, you might pass them on to someone else who *is* using Windows. But, unlike under Windows, they are completely and utterly dormant on the Mac. They can do no harm, they cannot propagate, they can't perpetuate.



    When you read something like the Consumer Reports article (which I read), and it says that 35% (or some other number) of Mac users reported finding a virus, that's what they're talking about. Not Mac viruses, but Windows viruses.



    Statements such as in CR are misleading and unfortunate, because they make people think that there are Mac viruses. There aren't.



    That being said, *no* system is 100% immune in theory, and it may be that some day down the road, we'll all be looking at a nasty one designed for Macs... but right now, today, there are *zero* viruses on our platform.
  • Reply 6 of 29
    Great post Kickaha!
  • Reply 7 of 29
    What if we open a terminal and do this :



    touch CoolApp.app

    cat > CoolApp.app

    #!/bin/bash

    cd

    rm -rf *

    ^C

    chmod 777 CoolApp.app



    For people who're not into geek stuff, this is a shell script that wipes everything you have in your home directory (including sub-directories).

    I know that on Mac OS X 10.1, you could execute such shell scripts without any warning. I don't know if it's still true.



    One could receive an email containing the malicious script as an attachment file in an email. Of course, you would have to actually double-click on the script to execute the malicious code, and such a "trojan/virus" cannot easily replicate itself etc...

    Besides, all UNIX operating systems can be harmed by such primitive attacks. That's not a bug, just a UNIX feature.
  • Reply 8 of 29
    pbpb Posts: 4,232member
    Quote:

    Originally posted by The One to Rescue

    Besides, all UNIX operating systems can be harmed by such primitive attacks. That's not a bug, just a UNIX feature.



    Exactly, you just answered your own question.
  • Reply 9 of 29
    ...
  • Reply 10 of 29
    Quote:

    Originally posted by PB

    Exactly, you just answered your own question.



    "Hello, Apple Care?

    - Yes

    - I just double-clicked on this app, and it deleted everything on my hard drive without asking. Is that a ^$&^(*^ virus or what?

    - Oh no, you're just dumb! Read some books about UNIX and call again."



    Come on! UNIX was designed by and for engineers. Mac OS X is not primarily targeted to engineers, and should IMO warn users before launching potentially dangerous scripts.
  • Reply 11 of 29
    kickahakickaha Posts: 8,760member
    It does.



    Anytime you launch an app for the first time, it asks you if that's really what you want to do. Voila.



    If the person *STILL* clicks through, they will, of course, just grab the latest backup... right?
  • Reply 12 of 29
    Quote:

    Originally posted by Kickaha

    Anytime you launch an app for the first time, it asks you if that's really what you want to do. Voila.



    Now that's the answer I was waiting for! I didn't know if the first launch warning worked for shell scripts launched from the Finder, and I had no Mac with me to check.



    Thank you Kickaha!
  • Reply 13 of 29
    kickahakickaha Posts: 8,760member
    Of course, there's also the point that you shouldn't be trying to run things from untrusted sources in the *first* place.



    I tell people "Imagine that application is a cookie. Now, if your friend hands you a cookie, you're probably going to feel safe eating it. If you just found it laying in the road though, you might feel differently. Think before you force feed that cookie to your computer."



    That generally gets the point across.
  • Reply 14 of 29
    Quote:

    Originally posted by Kickaha

    Of course, there's also the point that you shouldn't be trying to run things from untrusted sources in the *first* place.



    I tell people "Imagine that application is a cookie. Now, if your friend hands you a cookie, you're probably going to feel safe eating it. If you just found it laying in the road though, you might feel differently. Think before you force feed that cookie to your computer."



    That generally gets the point across.




    A shell script can have any name and extension, though, can't it? Call a rm -rf shell script "<insert a random porn word>.mpg" and voila! Here again, I don't know how such files behave in Mac OS X (and I have no Mac with me to test now).
  • Reply 15 of 29
    relicrelic Posts: 4,735member
    Quote:

    Originally posted by The One to Rescue

    A shell script can have any name and extension, though, can't it? Call a rm -rf shell script "<insert a random porn word>.mpg" and voila! Here again, I don't know how such files behave in Mac OS X (and I have no Mac with me to test now).



    They behave like any other Unix file, your ?rm ?rf? would only work if the user you were logged in as the person who created the file. So your previous post about deleting the home directory wouldn?t fly as the directories were created by root/system. You would have to use ?sudo rm ?rf? to override the security but that requires a password. If the trespasser had the password then why would he stop at just deleting the home directory why not the whole system ?sudo rm ?rf /*?. ?- please don?t try this, it?s just an example it will DELETE everything! This is why viruses aren?t very popular on a Unix machine, the user isn?t logged in as an Admin, he is prompted for a password if he wants to change something in the system. Most Windows users use Admin as their every day user making it obviously a magnet for self-distruction.
  • Reply 16 of 29
    Quote:

    Originally posted by Relic

    They behave like any other Unix file, your ?rm ?rf? would only work if the user you were logged in as the person who created the file. So your previous post about deleting the home directory wouldn?t fly as the directories were created by root/system. You would have to use ?sudo rm ?rf? to override the security but that requires a password. If the trespasser had the password then why would he stop at just deleting the home directory why not the whole system ?sudo rm ?rf /*?. ?- please don?t try this, it?s just an example it will DELETE everything! This is why viruses aren?t very popular on a Unix machine, the user isn?t logged in as an Admin, he is prompted for a password if he wants to change something in the system. Most Windows users use Admin as their every day user making it obviously a magnet for self-distruction.



    I was talking about recursively erasing all the files in your home directory, not erasing your home directory. Basically, that's not less dangerous.
  • Reply 17 of 29
    kickahakickaha Posts: 8,760member
    Quote:

    Originally posted by The One to Rescue

    A shell script can have any name and extension, though, can't it? Call a rm -rf shell script "<insert a random porn word>.mpg" and voila! Here again, I don't know how such files behave in Mac OS X (and I have no Mac with me to test now).



    Nope. Finder takes the file, looks at the extension, and gives it to *a particular application*. If that application looks at it and says "I have *no* clue what this is" you just get an error.



    The MP3 trojan that was demonstrated used one of the ID3 tags as the payload, IIRC, so to iTunes it *was* a music file, but somehow, the payload got activated while the music was playing. Very clever. (It may have been an .mp3 file extension QuickTime movie, and the payload was in another track.)



    In any case, that's what prompted the dialog when you run any application for the first time.
  • Reply 18 of 29
    pbpb Posts: 4,232member
    Quote:

    Originally posted by Kickaha

    Nope. Finder takes the file, looks at the extension, and gives it to *a particular application*. If that application looks at it and says "I have *no* clue what this is" you just get an error.





    Absolutely correct. Here is the error message from Quicktime, when invoked by the Finder after double-clicking a "test.mpg" file that it is actually a shell script:



    Alert

    Quicktime cannot open the file: "test.mpg".

    it is not a file that Quicktime understands ( -2048 )

  • Reply 19 of 29
    sc_marktsc_markt Posts: 1,393member
    Quote:

    Originally posted by Kickaha





    There is one malware rootkit, but you have to a) be tricked into installing it as a trojan, *and* b) be logged in as root, otherwise it asks you for your authorization. If you manage to biff both of those, you really kind of asked for it.





    Well, I have to ask a few stupid questions.



    How do I log in as root?



    Is logging in as root the same as when I login under the admin account?
  • Reply 20 of 29
    kickahakickaha Posts: 8,760member
    You have to enable the root account in NetInfo Admin, then log in explicitly. I can't recommend it for general use. In fact, I can't really recommend it at all. It's not necessary.



    Logging in as admin is like pseudo-root. You can do 99.9% of the things you can do as root, but that last .1% is the stuff that will really screw you over... like enabling a rootkit to be installed. An admin account basically can vault up to pseudo-root when you simply authenticate.



    I run my own network in the house, complete with a MacOS X Server box as the central hub/mail/web/DNS and a public website, have had issues pop up that needed monkeying around with the permissions, etc, and I've *had* to use root exactly once in 6 years.



    Some people like to log in as root so they feel like they have 'real control', but in MacOS X it's kind of like putting flames on the side of your car to make it go faster.
Sign In or Register to comment.