“It may or may not surprise you, but there are no OS X viruses (or worms or trojans), partly due to the implementation of OS and its almost-inaccessible Root,” Graham K. Rogers writes for The Bangkok Post. “Most Mac users never need Root access. We use Administrator privileges, and if Root is needed for installation of an application or for alterations to the system — what a virus would need to do — a user must enter a password. This physically and consciously acknowledges an event (and its consequences).”
Rogers writes, “Mac naysayers would have us believe there are no viruses because there are so few Macs (this also applies to Linux and Unix platforms), although that could change with the Mac mini. If the numbers of viruses for Windows keeps on growing (as of January this year, there were a total of 68,736 viruses detected, according to Symantec), the Mac may come in for some attention. There is no point spending all your time virus-writing, however, if viruses will not work.”
Rogers writes, “The only problem on OS X is from macros with Microsoft products and from mail attachments. These do not harm the Mac environment but may damage a Windows computer if sent.”
Full article here.
Related MacDailyNews articles:
Microsoft to roll out anti-virus subscrption protection racket – May 13, 2005
Microsoft Windows Sober.P worm shows ‘epidemic’ spread; Macintosh unaffected – May 03, 2005
Apple touts Mac OS X security advantages over Windows – April 13, 2005
New ‘highly critical’ Office flaw embarrasses Microsoft – April 13, 2005
97,467 Microsoft Windows viruses vs. zero for Apple Mac’s OS X – April 05, 2005
Symantec details flaws in its antivirus software – March 30, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Symantec warns about Mac OS X security threat – March 21, 2005
Apple’s Mac OS X is virus-free – March 18, 2005
68,736 Microsoft Windows viruses vs. zero for Apple Mac’s OS X – March 12, 2005
Microsoft tries to turn its own security flaw into commercial gain – February 25, 2005
Cybersecurity advisor Clarke questions why anybody would buy from Microsoft – February 18, 2005
Microsoft’s Gates espouses homogenous operating system environments for better security – February 07, 2005
Windows’ mounting security problems make some consumers eager to purchase Macs – January 03, 2005
Windows Media songs and videos found to carry Windows malware payloads – December 30, 2004
Anzae/Inzae worm affects all Windows versions after 3.1; Macintosh unaffected – December 28, 2004
Unlike Windows users, Mac OS X users surf the Internet without a care in the world – December 28, 2004
Multiple unpatched Windows holes crop up; Windows systems compromised within minutes in experiment – December 24, 2004
Windows spyware mess is out of control, get a Mac and surf with impunity – December 21, 2004
New Microsoft Internet Explorer exploit spoofs Web sites on fully patched Windows XP systems – December 17, 2004
Microsoft may charge extra for Windows spyware protection software – December 16, 2004
Detroit Free Press: Windows malware problem getting worse, it’s time to get a Mac instead – December 16, 2004
Sick of spyware, adware headaches? Get a Mac and surf the Internet freely – December 13, 2004
Mossberg: Windows PCs plagued with problems, Apple’s Mac is ‘rock solid, elegant and affordable’ – December 09, 2004
Security expert: Don’t use Microsoft Windows, Office, Outlook, Internet Explorer – December 09, 2004
Security test: Windows XP system easily compromised while Apple’s Mac OS X stands safe and secure – November 30, 2004
Sick of spyware, adware infecting your PC? Don’t fret, just get a Mac – November 01, 2004
Microsoft: The safest way to run Windows is on your Mac – October 08, 2004
Spyware plagues Windows users while Mac users surf Net with impunity – November 01, 2004
Ballmer blames Windows users for not upgrading systems as Microsoft’s biggest security problem – October 22, 2004
Windows users line up to pay for spyware removal; Mac users surf Web with impunity – October 18, 2004
Microsoft: The safest way to run Windows is on your Mac – October 08, 2004
Windows users’ security woes spark interest in Apple’s secure Mac OS X – October 06, 2004
Windows desktop monopoly threatened by secure, safe Apple Mac OS X – October 04, 2004
Even Bill Gates can’t avoid Windows malware; Mac users surf the Web freely – October 03, 2004
Cyber-security adviser uses Apple Macintosh to avoid Windows’ security woes – September 27, 2004
Information Security Investigator says switch from Windows to Mac OS X for security – September 24, 2004
Mossberg: Apple iMac G5 ‘powerful, affordable, virus-free with better, more modern OS than Windows XP’ – September 23, 2004
USA Today: people are switching from Windows to Mac because of security issues – September 21, 2004
Windows besieged by hackers; number of Windows viruses soars by more than 400% – September 20, 2004
USA Today columinst angry about Windows viruses, adware, spyware – September 15, 2004
University of Chicago recommends all students patch Windows at least once a day – September 14, 2004
Windows XP worm speaks to users as it deletes their files; Macintosh unaffected – September 13, 2004
Security is top priority in Apple’s Mac OS X – September 12, 2004
Millions of Windows PC’s hijacked by hackers, turned into zombies; Macintosh unaffected – September 08, 2004
Mossberg: Dump your Windows machine and get an Apple Macintosh to free yourself of spyware – August 25, 2004
Tired of patching patches to patch Windows patches? Writer suggests getting a Mac – August 03, 2004
Windows ‘Scob’ virus designed to steal financial data, passwords; Macintosh unaffected – June 26, 2004
Gartner: Worms jack up the total cost of Microsoft Windows – May 07, 2004
Spyware, adware plague Windows users online; Mac OS X users surf freely – April 19, 2004
SmartMoney: Long-suffering Windows users can only dare to dream of Mac’s ease-of-use – February 12, 2004
Mac OS X has no viruses; what’s wrong with Windows? – February 11, 2004
Gates: Windows ‘by far the most secure’ system; tries to use ‘Mac OS X secure through obscurity’ myth – January 27, 2004
Columnist tries the ‘security through obscurity’ myth to defend Windows vs. Macs on virus front – October 1, 2003
New York Times: Mac OS X ‘much more secure than Windows XP’ – September 18, 2003
Wall Street Journal’s Mossberg on making the switch from Windows to Mac – September 18, 2003
Fortune columnist: ‘get a Mac’ to thwart viruses; right answer for the wrong reasons – September 02, 2003
Shattering the Mac OS X ‘security through obscurity’ myth – August 28, 2003
Is Mac OS X really inherently more secure than Windows? – August 26, 2003
Chicago Sun-Times columnist: Windows ‘many holes in its security’ but ‘none of my Macs have ever been affected – August 26, 2003
Sick of worms and viruses? ‘Move to Mac OS X’ suggests Chicago Tribune columnist – August 25, 2003
Virus and worm problems not just due to market share; Windows inherently insecure vs. Mac OS X – August 24, 2003
Boo hoo – poor windows users (sob)… get a Mac and you wouldn’t have these problems.
Rogers writes, “The only problem on OS X is from macros with Microsoft products and from mail attachments. These do not harm the Mac environment but may damage a Windows computer if sent.”
Here is another good reason to switch to a Mac.
Wow – he got it (mostly) right.
Someone who writes using his brain. Incredible and unbelievable.
He’s a newspaper tech writer. He’s just saying to Microsoft, “I’m here and until you pay me I will continue to tell the truth about Macs”.
“Someone who writes using his brain”
—
he’ll
be
fired
in
a
week
Forgive me for asking, but…
Don’t you think that out of 68,736 potential virus writers, at least one of them would write a trojan/malware knowing that at least a few bungle heads would willfully give out their admin password and install a virus into OS X ?????
Obviously it hasn’t happened or maybe it has… but not enough Bungle Heads out there did give their admin passwords to move along towards a “critical mass” where it can survive in the wild.
Hmmm…. so lets say that in theory, every Mac user was a Bungle Head and blissfully installed every attachment they were sent. Would this be enough to create a critical mass? The answer lies with another variable. Viruses propogate by accessing a users address book, right? So how many addresses in a Mac Users Address book is the email address to another Macintosh computer? Hmmmmm…. I know I’m at the fray here, but this is the only criteria that is a-kin to the security through obscurity myth. Every Mac user would have to have at least one other Mac user in his/her address book to propagate a virus and that Mac User would also have to be a Bungle Head.
So, therefore even if you were a complete moron, chances are that the Mac Computer users in your Address book are not idiots and a virus outbreak would be short lived.
But at this time and day, why has no one even stepped forward to say that they thought that maybe they were sent a Mac-centric Virus, but refused to give the root password!? That’s what i find mysterious.
i like his article…
except for his statement that there are no ‘trojans’ for OS X. A trojan can rely simply on user stupidity, not OS security.
There certainly ARE trojans available for OS X. Anybody remember the sudo issue just a few weeks ago???
Mac OS X is a million times more secure than windows, but NO computer is secure unless it is unplugged from all networks/access/power/etc… Let’s not put Macs on such a high platform that they can only “fall” (MDN-MW)
maybe i’m just flat out wrong, but I think writing a virus for OS X would be the creme de la creme in virus writing these days.
I’m not a psychologist by any means, but I’m guessing most virus writers do it for publicity and fame. What more fame would there be if you wrote the 1ST true, dangerous (I don’t think the other “threats” count) virus for an operating system? If I wrote virii, I would only spend my efforts on OS X. These are just my opinions and may be way off, but with all these “No virii for OS X” articles coming out, a lot of hackers are going to notice.
I welcome such a challenge for OS X.
I’ve been mulling something over in my mind for a while and this topic seems like the appropriate place to bring it up.
If (now go with me here for a minute, dispite the unrealistic possibility)
MicroWorst managed to discover THE magic bullet that rendered all
mal-ware caput, what would we use then as an argument to promote the Mac over WinBlows?
Now, I’m not talking about generalities here like “easier to use” or “cooler”, no, I’m looking for specifics.
I was thinking about listing “less prone to crashes”, but would that really still be so true if WinBlows wasn’t subjected to buggy mal-ware anymore?
I’m just asking, because I want to be able to make a case for Mac over MicroShit that doesn’t always rely so heavily on the mal-ware issue. We must have more going for us that just that.
Not ever having been a WinDoz user, I really can’t speak from a first person perspective when doing a feature/feature, capability/capability comparison.
Comments? Thoughts?
“There are no viruses for Apple’s Mac OS X”
Great achievement. Really!
But the main reason is because it is based on Unix.
Apple did a very sensible thing moving to a unix based platform.
Other than that decision I dont see why Mac fans are so excited that they are shouting from the rooftops…
I know the guys are excited becoz there are no viruses for Macs, but seriously, you should be thanking Unix for that.
Rara Avis: THERE ARE viruses for UNIX.
There are not for OS X, without beleaguering Unix. And Unix is a very general term. The wise decision was to go BSDUnix that has a great record security-wise, although NOT zero viruses for it.
Actually, the very first viruses were for Unix. Windows was not even there.
Then Windows came and it was so frigging easy to write viruses for it and crack it that people started to play with it. AND, it had nothing to do with market share or presence: Windows became target #1 when Unix was predominant and Windows a puny single digit presence on the market.
McAfee detects first Linux Virus.”
— IT headlines, February 7, 1997
Headlines screamed “Linux virus” on February 7, 1997, as it was “proved” that a virus for Linux could be written. The virus source was posted on several sites, after the compressed tar file had been byte swapped, uuencoded and rot13’ed, apparently so that curious novices could not inadvertently use it. The virus was blissfully called Bliss. “Vaccines” appeared promptly from various sources on the Internet, including an all too happy McAfee.
Note that there was an earlier “virus” for Linux, calle Staog, that used buffer overflow vulnerabilities in mount and tip, and a bug in suidperl, to try to gain root access.
In any case, Unix viruses are not that new, and they were not invented in 1997. We saw earlier that Cohen created some experimental Unix viruses. Here is a note from Dennis Ritchie on Unix viruses:
“A few years ago Tom Duff created a very persistent UNIX virus. At that point we had about 10-1 th or 9th edition VAX 750s networked together. The virus lived in the slack space at the end of the executable, and changed the entry point to itself. When the program was executed, it searched the current directory, subdirectories, /bin, /usr/bin for writable, uninfected files and then infected them if there was enough space.”
Still, no OS X viruses. Sure, it has great ground base but not a NO-VIRUS ground base.
Cheers
Rara Avis: “Great achievement. Really!”
Actually, the great achievement is from Microsoft. After all, with Windows they are the only one OS to give breeding grounds for all types of viruses, trojans, worms, malware of every possible kind.
I mean, you MUST really want to do that in order to be able to provide such a great support for a large variety of software from all over the world. And they are as well backward and forward compatible: write a virus for Windows 98 and it infect Windows XP as well. Which other OS can give you such a performance, really?!
jcw: we keep PCs virus and malware free. Crash the same and corrupt register the same, and freeze the same, and people have to reboot when change network, lock-ons, etc etc
virus is a minor thing really. No one gets a virus here really and people are switching a lot.
They may not have Viruses. But the’ll come. And OS X isnt short on Vulnerabilities.
Systems Affected
Mac OS X version 10.3.9 (Panther) and Mac OS X Server version 10.3.9
Overview
Apple has released Security Update 2005-005 to address multiple
vulnerabilities affecting Mac OS X and Mac OS X Server. The most
serious of these vulnerabilities may allow a remote attacker to
execute arbitrary code. Impacts of other vulnerabilities addressed by
the update include disclosure of information and denial of service.
I. Description
Apple Security Update 2005-005 resolves a number of vulnerabilities
affecting Mac OS X and OS X Server. Further details are available in
the following Vulnerability Notes:
VU#356070 – Apple Terminal fails to properly sanitize input for
x-man-page URI
Apple Terminal on Mac OS X fails to sanitize x-man-page URIs, allowing
a remote attacker to execute arbitrary commands.
(CAN-2005-1342)
VU#882750 – libXpm image library vulnerable to buffer overflow
libXpm image parsing code contains a buffer-overflow vulnerability
that may allow a remote attacker execute arbitrary code or cause a
denial-of-service condition.
(CAN-2004-0687)
VU#125598 – LibTIFF vulnerable to integer overflow via corrupted
directory entry count
An integer overflow in LibTIFF may allow a remote attacker to execute
arbitrary code.
(CAN-2004-1308)
VU#539110 – LibTIFF vulnerable to integer overflow in the
TIFFFetchStrip() routine
An integer overflow in LibTIFF may allow a remote attacker to execute
arbitrary code.
(CAN-2004-1307)
VU#537878 – libXpm library contains multiple integer overflow
vulnerabilities
libXpm contains multiple integer-overflow vulnerabilities that may
allow a remote attacker execute arbitrary code or cause a
denial-of-service condition.
(CAN-2004-0688)
VU#331694 – Apple Mac OS X chpass/chfn/chsh utilities do not properly
validate external programs
Mac OS X Directory Service utilities do not properly validate code
paths to external programs, potentially allowing a local attacker to
execute arbitrary code.
(CAN-2004-1335)
VU#582934 – Apple Mac OS X Foundation framework vulnerable to buffer
overflow via incorrect handling of an environmental variable
A buffer overflow in Mac OS X’s Foundation Framework’s processing of
environment variables may lead to elevated privileges.
(CAN-2004-1336)
VU#706838 – Apple Mac OS X vulnerable to buffer overflow via vpnd
daemon
Apple Mac OS X contains a buffer overflow in vpnd that could allow a
local, authenticated attacker to execute arbitrary code with root
privileges.
(CAN-2004-1343)
VU#258390 – Apple Mac OS X with Bluetooth enabled may allow file
exchange without prompting users
Apple Mac OS X with Bluetooth support may unintentionally allow files
to be exchanged with other systems by default.
(CAN-2004-1332)
VU#354486 – Apple Mac OS X Server Netinfo Setup Tool fails to validate
command line parameters
Apple Mac OS X Server NeST tool contains a vulnerability in the
processing of command line arguments that could allow a local attacker
to execute arbitrary code.
(CAN-2004-0594)
They’re beginning to look alot like Microshaft.
IT Guy, Are you even an IT guy? With comments like this, its questionable..
“cw: we keep PCs virus and malware free. Crash the same and corrupt register the same, and freeze the same, and people have to reboot when change network, lock-ons, etc etc
virus is a minor thing really. No one gets a virus here really and people are switching a lot.” – IT Guy
Other IT Guy (PC MacGuy): and you mean what? That the problem with Windows is *just* virus infections?
Try this on XP: compile some C++ code with library linkage on a remote server while connected on ethernet cable. Put the laptop to sleep. Go to a wireless-only meeting room. Wake up the computer and try to resume the compilation acquiring the network wirelessly.
9 times out of 10 the bastard dies. The 10th time it doesn’t but you have lost your work. Here, for this reason alone people is switching.
You listed OS X security flaws (only 3, the rest is common to all Unix flavors) that have been fixed! you want to list Windows security flaws that are still there after years? And exploitable?
Give me a break.
The crucial difference – that seems to escape your mind – is that people usually come to know about Windows flaws when they are exploited royally. You know of OS X (which for the most are common to all Unix flavors, hence NOT OS X flaws per se) because they are patched before idiots could exploit them. Your list contains 3 OS X *fixed* flaws. The rest is Unix: know anything about it? Other IT Guy my ass?
With comments like YOURS you appear just like a PC troll and of a little league even.
When a company fixes security flaws BEFORE they have a chance to be exploited they are doing their job. Comparing this to what Microsoft has on its record labels you as nothing but a troll, pal.
Cannot but stand by IT_Guy here.
PC MacGuy, either you are trolling or are a Micro-IT techie. The knowledge shown is about the same.
What PC trolls and the average Micro-IT techie seem to never realize – having little to none knowledge of anything Unix and epidemiologically limited to Windows – is that it is not truly a problem to write a virus for Unix. The problem is having it to spread and reproduce.
On Windows the OS solves this problem for the virus writer. On Unix it is a very hard and tough task that is made even harder on OS X.
If it does not spread you are limited to proof of concepts – that I call *jokes* – which Unix sports a lot. Academic trials and nice show-offs but they do not spread. Capish?
Never mind, PC trolls and Micro-IT do not seem to ever get this. They simply point at some *fixed* security flaw and claim: “See, as Windows”. Risible.
You seem to believe that the hardest part is writing code that exploits a security flaw in an OS. BZZZZZ. Wrong. That is the trivial part.
Cheers
None of what any of you say changes the fact that common Buffer Overflows are a problem on the Mac platform as well as Windows.
And as my Handle would suggest, I use both, Im fanatical about both. They are both great platforms.
Buffer overflows are as old as the hot water. On Unix (and OS X) are very difficult to exploit in a virus because that – per se – does not imply propagation.
On Windows propagation is a non-issue, that’s why there are viruses on that platform.
AND none of what me and IT_Guy said were meant to change the fact that buffer overflows exist in Unices as they DO EXIST and are proactively fixed by the Open Source developers community that do plug security flaw in Unix since the very beginning. The simple fact that those do exist does not imply per se that you way create a virus based on that.
Once again – since you still do not get the message – writing code that exploit a buffer overflow is not the difficult part. The daunting problem to solve in Unix is the parabolic spreading of such an exploit that constitutes the signature of a virus. Otherwise it is a proof-of-concept which do exist for Unix and have been shown for OS X.
The crucial difference is that Windows solves the spreading part by design practically so that the main problem become not how to spread the infection but writing the exploiting code. That makes for the virus ready-kit to exist for Windows off the net. Just google: one does not need programming experience to release a virus on the wild attacking Windows. No such tools exist for Unix (or OS X). You need great expertise to even try to have a virus spreading (otherwise it is just a prank) on Unix. BSD in particular.
Again, if it does not spread it is a joke not a virus. You may write jokes on Unix, less so effective viruses.
So, to your dreadful Buffer Overflows: yeah, SO?
Seahawk, IT_Guy, et al. with a working brain: indeed!
I even have a white paper with detailed malware code for OS X exploiting… a buffer overflow. In the end the author discusses how to spread it: send the code to OS X users, with instructions on how to install it, enable the root account, issuing some commands on the terminal and finally launch the *virus*. Repeat with the next user.
Automatic reproduction and spreading? “No known ways”.
If OS X allowed with its API – as in Windows – the total control of all applications and system tools without limitation we would see THOUSANDS of viruses on the Mac. Market share excuse is just a ludicrous Windows spin doctors twist.