Mac OS X and viruses
Here's the problem...
A friend of mine at work recently came in and showed me some Consumer Report article about viruses and spyware. The article said that the Mac OS suffered from viruses, too.
Now I know that Mac OS Classic had viruses, but does the Mac OS X platform actually have any reported viruses?
And if not, can someone point me to a reputable source that I show my friend?
A friend of mine at work recently came in and showed me some Consumer Report article about viruses and spyware. The article said that the Mac OS suffered from viruses, too.
Now I know that Mac OS Classic had viruses, but does the Mac OS X platform actually have any reported viruses?
And if not, can someone point me to a reputable source that I show my friend?
Comments
Here's the summary I made at the end of the thread I've linked to above:
Viruses: no.
Adware: no.
Spyware: no.
Trojan Horse (you opening up something you shouldn't from V:AGRA4MAX@ÅPPL.CUM): yes. if someone actually took the time to do it for a mac, etc.
Note: you can still pass on malware you receive from PC users to other PC users if you Entourage it, for example. This is basically the only thing that drives the Mac Virus Protection Industry.
--B
Originally posted by mynamehere
While Mac OS does have (some) viruses, they're harmless, whereas the ones for windows will kill the operating system or do something else unpleasant. Basically, they're proof-of-concept viruses, just to prove they can make a virus.
There are *NO* viruses for MacOS X. Period.
There are two proof-of-concept Trojans, one which attacked a QuickTime hole through a Safari hole (both long since patched), and the other which tried to fool you into running an app that looked like an MP3, which is why when you launch any app for the first time, MacOS X tells you that you're about to. So... those are both taken care of.
There is one malware rootkit, but you have to a) be tricked into installing it as a trojan, *and* b) be logged in as root, otherwise it asks you for your authorization. If you manage to biff both of those, you really kind of asked for it.
That's it. That's the state of viruses, et al on the Mac.
There are anti-virus packages for the Mac, but what they detect are the 87,000+ *Windows* viruses, on the theory that if you're not clearing them out of your email, etc, you might pass them on to someone else who *is* using Windows. But, unlike under Windows, they are completely and utterly dormant on the Mac. They can do no harm, they cannot propagate, they can't perpetuate.
When you read something like the Consumer Reports article (which I read), and it says that 35% (or some other number) of Mac users reported finding a virus, that's what they're talking about. Not Mac viruses, but Windows viruses.
Statements such as in CR are misleading and unfortunate, because they make people think that there are Mac viruses. There aren't.
That being said, *no* system is 100% immune in theory, and it may be that some day down the road, we'll all be looking at a nasty one designed for Macs... but right now, today, there are *zero* viruses on our platform.
touch CoolApp.app
cat > CoolApp.app
#!/bin/bash
cd
rm -rf *
^C
chmod 777 CoolApp.app
For people who're not into geek stuff, this is a shell script that wipes everything you have in your home directory (including sub-directories).
I know that on Mac OS X 10.1, you could execute such shell scripts without any warning. I don't know if it's still true.
One could receive an email containing the malicious script as an attachment file in an email. Of course, you would have to actually double-click on the script to execute the malicious code, and such a "trojan/virus" cannot easily replicate itself etc...
Besides, all UNIX operating systems can be harmed by such primitive attacks. That's not a bug, just a UNIX feature.
Originally posted by The One to Rescue
Besides, all UNIX operating systems can be harmed by such primitive attacks. That's not a bug, just a UNIX feature.
Exactly, you just answered your own question.
Originally posted by PB
Exactly, you just answered your own question.
"Hello, Apple Care?
- Yes
- I just double-clicked on this app, and it deleted everything on my hard drive without asking. Is that a ^$&^(*^ virus or what?
- Oh no, you're just dumb! Read some books about UNIX and call again."
Come on! UNIX was designed by and for engineers. Mac OS X is not primarily targeted to engineers, and should IMO warn users before launching potentially dangerous scripts.
Anytime you launch an app for the first time, it asks you if that's really what you want to do. Voila.
If the person *STILL* clicks through, they will, of course, just grab the latest backup... right?
Originally posted by Kickaha
Anytime you launch an app for the first time, it asks you if that's really what you want to do. Voila.
Now that's the answer I was waiting for! I didn't know if the first launch warning worked for shell scripts launched from the Finder, and I had no Mac with me to check.
Thank you Kickaha!
I tell people "Imagine that application is a cookie. Now, if your friend hands you a cookie, you're probably going to feel safe eating it. If you just found it laying in the road though, you might feel differently. Think before you force feed that cookie to your computer."
That generally gets the point across.
Originally posted by Kickaha
Of course, there's also the point that you shouldn't be trying to run things from untrusted sources in the *first* place.
I tell people "Imagine that application is a cookie. Now, if your friend hands you a cookie, you're probably going to feel safe eating it. If you just found it laying in the road though, you might feel differently. Think before you force feed that cookie to your computer."
That generally gets the point across.
A shell script can have any name and extension, though, can't it? Call a rm -rf shell script "<insert a random porn word>.mpg" and voila! Here again, I don't know how such files behave in Mac OS X (and I have no Mac with me to test now).
Originally posted by The One to Rescue
A shell script can have any name and extension, though, can't it? Call a rm -rf shell script "<insert a random porn word>.mpg" and voila! Here again, I don't know how such files behave in Mac OS X (and I have no Mac with me to test now).
They behave like any other Unix file, your ?rm ?rf? would only work if the user you were logged in as the person who created the file. So your previous post about deleting the home directory wouldn?t fly as the directories were created by root/system. You would have to use ?sudo rm ?rf? to override the security but that requires a password. If the trespasser had the password then why would he stop at just deleting the home directory why not the whole system ?sudo rm ?rf /*?. ?- please don?t try this, it?s just an example it will DELETE everything! This is why viruses aren?t very popular on a Unix machine, the user isn?t logged in as an Admin, he is prompted for a password if he wants to change something in the system. Most Windows users use Admin as their every day user making it obviously a magnet for self-distruction.
Originally posted by Relic
They behave like any other Unix file, your ?rm ?rf? would only work if the user you were logged in as the person who created the file. So your previous post about deleting the home directory wouldn?t fly as the directories were created by root/system. You would have to use ?sudo rm ?rf? to override the security but that requires a password. If the trespasser had the password then why would he stop at just deleting the home directory why not the whole system ?sudo rm ?rf /*?. ?- please don?t try this, it?s just an example it will DELETE everything! This is why viruses aren?t very popular on a Unix machine, the user isn?t logged in as an Admin, he is prompted for a password if he wants to change something in the system. Most Windows users use Admin as their every day user making it obviously a magnet for self-distruction.
I was talking about recursively erasing all the files in your home directory, not erasing your home directory. Basically, that's not less dangerous.
Originally posted by The One to Rescue
A shell script can have any name and extension, though, can't it? Call a rm -rf shell script "<insert a random porn word>.mpg" and voila! Here again, I don't know how such files behave in Mac OS X (and I have no Mac with me to test now).
Nope. Finder takes the file, looks at the extension, and gives it to *a particular application*. If that application looks at it and says "I have *no* clue what this is" you just get an error.
The MP3 trojan that was demonstrated used one of the ID3 tags as the payload, IIRC, so to iTunes it *was* a music file, but somehow, the payload got activated while the music was playing. Very clever. (It may have been an .mp3 file extension QuickTime movie, and the payload was in another track.)
In any case, that's what prompted the dialog when you run any application for the first time.
Originally posted by Kickaha
Nope. Finder takes the file, looks at the extension, and gives it to *a particular application*. If that application looks at it and says "I have *no* clue what this is" you just get an error.
Absolutely correct. Here is the error message from Quicktime, when invoked by the Finder after double-clicking a "test.mpg" file that it is actually a shell script:
Alert
Quicktime cannot open the file: "test.mpg".
it is not a file that Quicktime understands ( -2048 )
Originally posted by Kickaha
There is one malware rootkit, but you have to a) be tricked into installing it as a trojan, *and* b) be logged in as root, otherwise it asks you for your authorization. If you manage to biff both of those, you really kind of asked for it.
Well, I have to ask a few stupid questions.
How do I log in as root?
Is logging in as root the same as when I login under the admin account?
Logging in as admin is like pseudo-root. You can do 99.9% of the things you can do as root, but that last .1% is the stuff that will really screw you over... like enabling a rootkit to be installed. An admin account basically can vault up to pseudo-root when you simply authenticate.
I run my own network in the house, complete with a MacOS X Server box as the central hub/mail/web/DNS and a public website, have had issues pop up that needed monkeying around with the permissions, etc, and I've *had* to use root exactly once in 6 years.
Some people like to log in as root so they feel like they have 'real control', but in MacOS X it's kind of like putting flames on the side of your car to make it go faster.