PDA

View Full Version : Whats the deal with Viruses


Twelve Motion
05-04-2005, 02:59 AM
Aside from the fact that there aren't enough Mac to make programming viruses "fun and exciting." What things make it so hard for a mac to get a viruses? If mac had 50% of the computer market would it be as swamped with viruses as PCs? Or are macs truly tough to infect?

acme.mail.order
05-04-2005, 05:25 AM
There's a few issues at work.

First and foremost are different processors (PowerPC vs. Intel. The code is mutually incompatible)

Second is the system archetecture (Windows vs. Unix. Programs won't work even if the processors are the same). Unix also offers a lot more built-in protection than Windows as it was designed from the beginning to stop users from playing in the system sandbox.

Third is a system with a lot of services turned on by default (windows) vs. lot of services turned off by default (Mac)

So, a virus authour wanting to go after everything must write three completely different versions, one for Windows/Intel, another for Unix/Intel, and another for Unix/PPC-Mac and arrange a distribution mechanism for all three. As the biggest bang for the buck is Windows, alternate universes are often ignored. Mac viruses DO exist, but they are really rare.

Social engineering remains the same - how to get a user to download/open/install the program, and as long as the general population insists on clicking on everything stuck in front of them, not reading what's in the box and obediently entering their password when asked, we will continue to have problems no matter what platform we are using.

cwtnospam
05-04-2005, 08:34 AM
There have been lots of unsuccessful attempts to create or at least demonstrate a Mac virus, so market share and processor type are not really protecting the Mac. The main difference has got to be the OS architecture.

Think of what you need to do in order to write a virus. First, you need to find a vulnerability that allows you to execute your code. Because fewer vulnerabilities have been found on OS X, they tend to be patched sooner and these patches are applied to a larger percentage of Macs than would be if there were many more holes. This means you need to find an undocumented hole in the system in order for your virus to have a chance.

You can't write a virus just because you can execute code. You need to find a way for your malicious code to have access to system files. That may be easy on Windows, but on Unix, and hence OS X, it's a much tougher problem.

Once you've gotten this far, you need to propagate your virus. This part shouldn't be a problem since you've gotten "full control" of the system. So, if you've gotten to this point, you should be able to propagate your virus on any platform you're writing it for. This may be where the marketshare myth began. Most hackers know how to hijack Outlook, but fewer know how to hijack Mail, or Unix mail. So at this point, security through obscurity works. That doesn't mean it applies here though, because it doesn't apply until you get through the first two barriers: finding a way to execute code and giving that code system access.

BigDave
05-05-2005, 01:55 AM
Can I just add that I think there's an underlying philosophy at work, too.

All things Wintel are seen as fair game - if not actually huge targets - by the scriptkiddies & virus writers, wheras the Mac OS is perceived to be generally more hip. Therefore there's far more kudos to be gained in attacking a Windows environment than the Mac.

Twelve Motion
05-05-2005, 03:47 AM
Hmmm so if mac ever explodes and ends up 50/50 market split with windows machines, we will have the same amount of virus problems as PC users?

BigDave
05-05-2005, 05:57 AM
Hmmm so if mac ever explodes and ends up 50/50 market split with windows machines, we will have the same amount of virus problems as PC users?

I certainly think that it would make it more likely - but given the differences in architecture & user access (as above) I still reckon that the Mac OS is inherently safer.

macg4dave
05-05-2005, 06:37 AM
I think the big difference is to do with ,$ . M$ like you to be scared that there people trying to hack into your boxs all the time so that you BUY the new windows which is safer and the anti-virus and firewall

e.g I can sell a top of the range pc with a display and make only about 200 profile but if i sell you anti-virus & firewall & drive untilies & backup stuff .... alone i can make more that a computer

plus M$ only seem to launch a os that is half finished so you need to get the online updates to make it work and thats just to get your SN#

Look how long apple took if mac os X. I know it did not feel finish before we got 10.2 but it worked well before that ( just a bit slow and no programs :) )

the only virus I know about for mac os X was made by a anti-virus biz ;)

cwtnospam
05-05-2005, 07:49 AM
Hmmm so if mac ever explodes and ends up 50/50 market split with windows machines, we will have the same amount of virus problems as PC users?
I think that is highly unlikely. It's still far easier to write a PC virus than a Mac virus. At this point that's got to be the only reason that there are no Mac viruses. If it were a matter of market share, there would have been several by now. Think of it this way, if there are over 100,000 PC viruses (and there are many more than that) then you would expect the Mac with it's 2% market share to have about 2000 viruses, not ZERO.

...there's far more kudos to be gained in attacking a Windows environment than the Mac.
The opposite is true. If you write a PC virus, you're 1 out of something like 167,000 and climbing. Nothing special. No kudos to you. If you write a Mac virus, you've done something that no one has done before! It's like skiing virgin snow on a part of the mountain no one has ever been down before. Everyone wants to do it. The degree of difficulty is what stops them.

AHunter3
05-05-2005, 09:36 AM
At least some of it is the historical Mac-user culture versus the MSDOS and Windows-user culture. From way back, Mac geeks tended to be supportive of other Mac users online there was a moderated email digest called Info-Mac which both distributed shareware & freeware and served as a forum (much like this one, in fact) where people would write in, e.g.,
Could someone please tell me how to disable the Cover page that the
* Laserprinter IInt prints out each time you turn it on?
.

For PC users, if you were having problems with your PC you asked someone else you knew who had a PC; for Mac users, being in the minority, finding another Mac user nearby wasn't always easy, and PC users would often be contemptuous and unhelpful, so Info-Mac created a vital sense of community and fostered a mutual-aid attitude, "we Mac users have to stick together" kind of thing.

PC geeks often had a different way of being helpful to other PC users there were enough of them that a competitive pecking order would arise, and some knowledgeable PC folks would balance between helping people out enough to establish that they were good at it and preserving their edge by not telling people everything they know and by not explaining the underlying reasons why, etc. Especially after the debut of Windows and an upsurge of computer newbies who were relatively ignorant about the kinds of things you used to have to know to do anything at all on a computer, asking more knowledgeable PC users for tech advice could let you in for a lot of attitude and not always much useful help.

Then along came John Norstadt, who wrote Disinfectant and kept it updated and distributed freely on Info-Mac. Every time someone would write a Mac virus, you'd read about it in Info-Mac and the free fix would be available for download very quickly.

So in the Mac culture, people were told about viruses, they usually got stomped out before they got much chance to spread, the antivirus sw was free and available from the same place that served as the general Mac community center, and Mac users tended to help other Mac users. In the PC culture, there was a less cohesive culture, less of a sense of joining a club where other PC users would warmly welcome you and help you learn, more of a tendency for more knowledgeable folks to call you "lusers" and make fun of you; the antivirus sw was commercial, and lots of people who bought it did not keep current with the updates and got infected anyway.

In the Mac world, your computer was supposed to work and not have problems, and if it had problems you consulted other Mac users until you got the problem fixed. In the PC world, if your computer didn't work right, well, everyone expected a smattering of problems and were sometimes uninclined to admit to them because some PC users acted like it was a personal failure on your part when you did.

And after a few years of that, the Mac community's tiny handful of viruses got older and older with almost no new ones popping up, while on the PC side the viruses got nastier and more destructive and more prolific every year, and coping with viruses on your own was something you were just supposed to be capable of if you weren't too st00pid to own a PC. (Even if "coping with them" sometimes meant erasing your hard drive and reflashing your BIOS and losing all of your documents. You'd tell other PC users about it like veterans telling war stories, and PC users would just accept that that's how it is, that sucks man, that happened to me once, etc)

hayne
05-05-2005, 11:25 AM
So in the Mac culture, people were told about viruses, they usually got stomped out before they got much chance to spread, the antivirus sw was free and available from the same place that served as the general Mac community center, and Mac users tended to help other Mac users.
[...]
In the Mac world, your computer was supposed to work

[...] PC users would just accept that that's how it is

Yes, I think there is a lot to this cultural aspect that will protect the Mac from ever getting into the morass of malware currently seen in the Windows world. Mac users don't (and shouldn't !) put up with as much **** as Windows users do. (This extends to applications as well - Mac users expect a higher level of usability from their apps.)

And I hope that the Mac community will be able to maintain their tradition of helpful friendliness as the percentage of (home) Macs increases towards that 50%. One of the aims of these forums (and the main macosxhints site) is to help maintain that community.

As has been pointed out above, the technical foundations of OS X make it much more resistant to malware than Windows. And the fact that these strong Unix foundations (whose source code is available for inspection) are attracting many more technically adept users from the Linux world means that the Mac community now includes many more people who will make it their job to be vigilant for security problems (and even suggest fixes).
So I am quite optimistic that the Mac will remain free of the scourge of viruses and other malware in the years to come.

(**** = trouble, trouble, toil, and trouble)

cwtnospam
05-05-2005, 11:39 AM
I don't doubt that culture has some influence, but I'm convinced that if the Mac OS wasn't technically much more difficult to write viruses for than Windows, there would be at least a few hundred known Mac Viruses right now.

Twelve Motion
05-05-2005, 03:14 PM
Well it's a good thing if I every get a virus I can probably find a fix quick from this forum :D

tlarkin
05-16-2005, 08:26 PM
Just to correct some misinformation. Yes there have been plenty of viruses out for the mac, just none to really come out for OS X. ALso, there have been trojans and secuirty exploits that come out with OS X. One thing that really differs the Mac OS X over windows is resource management. Windows has a registry, with tons of resources that applicaitons and other things need to run properly in the enviroment. Where as OS X does not and applications in OS X keep all the needed resources to run in that said applications folder. The only downside to this, is that macintosh applications are much easier to pirate, so there is overall less money to be made (potential money), where as if you can exploit any one application in windows it gives you access to the registry.

If you look at the evolution of linux, windows, and mac os, they all have their similiarities. I forsee in the next 10 years you will see a lot of things change. I am sure microsoft is well aware that the mac has less secuirty exploits out there, but they will probably not drastically change until apple has a higher share in the market. I just wish the apple corporation wouldn't get so jaded and actually get their product out, and maybe develope some more third party relations with other companies. Also they need to expand out into some newer technologies on the rise IMHO. There are talks about fiber optic processing, processors with mutliple cores per a chip, using holograms, etc. All of this stuff is not necessarily ever coming out, but its being thought of for the PC side, not the mac. Sony holds pattents on a few of those ideas (yeah I had no idea you could pattent an idea but apprently you can). If they pattented it they are probably going to maybe planning on developing it down the road.

hayne
05-16-2005, 08:57 PM
Also they need to expand out into some newer technologies on the rise IMHO. There are talks about fiber optic processing, processors with mutliple cores per a chip, using holograms, etc. All of this stuff is not necessarily ever coming out, but its being thought of for the PC side, not the mac.

You seem to be talking about stuff that you don't really understand. The technologies you mention are low-level technologies that any computer manufacturer can take advantage of - they aren't "for" one type of computer or another.
And you don't seem to be aware of the fact that PowerPC chips with multiple cores have already been developed and it's likely just a matter of time (and economics) before we seem them in new Mac models.

snoware
05-23-2005, 08:26 PM
I was at a Mac IT conference this past week. The fellow from Cupertino said that Mac OSX has minimal virus risk due to its UNIX base. Unix is open source, and the open source community is constantly searching the code for security weaknesses. As these are found and repaired the fixes are applied to the UNIX base under OSX. He mentioned that many of the security updates for OSX are actually not initiated by Apple, but by persons in the open source community. The name of the person who found the vulnerability and provided the fix is given credit in the log file.

He also said that none of the security risks found and repaired had been the targets of viruses.

The OSX/Unix community is proactive when it come to viruses whereas the PC community is reactive.

cwtnospam
05-23-2005, 09:44 PM
Unix is open source, and the open source community is constantly searching the code for security weaknesses. As these are found and repaired the fixes are applied to the UNIX base under OSX. He mentioned that many of the security updates for OSX are actually not initiated by Apple, but by persons in the open source community. The name of the person who found the vulnerability and provided the fix is given credit in the log file.
So I guess it's the culture influencing the technology that gives the Mac a huge edge when it comes to viruses! :D

voldenuit
05-25-2005, 06:56 PM
While Apple now rolls out sec-updates for the Darwin-part of the OS quite decently, there still is no such thing as a careful proactive security policy in the proprietary part of OS X.

Stuff like Safari/Help Viewer/automount should never have been possible to happen.

There have been and still are errors of that type in OS X and they don't get fixed fast. For now Apple has been pretty lucky, because nothing really bad has happened PR-wise but having lousy competitors is not a good reason to be lazy or overly confident.

And while Mac users certainly are smarter, beyond some point it starts to really annoy me when otherwise probably not stupid people mumble about cultural reasons, community and other warm fuzzy feelings to explain why Macs are safer.

1
That other OS is so extremely brittle that anything halfway decent looks good besides.

2
For now Apple got lucky and they'd be well advised to hire some security-people and have them advise early in the developement process.

3
There are some pretty scary holes unfixed and if you read in the right places, you know about them. How massively this is going to be exploited in the wild may change any day.

tlarkin
05-26-2005, 12:28 PM
You seem to be talking about stuff that you don't really understand. The technologies you mention are low-level technologies that any computer manufacturer can take advantage of - they aren't "for" one type of computer or another.
And you don't seem to be aware of the fact that PowerPC chips with multiple cores have already been developed and it's likely just a matter of time (and economics) before we seem them in new Mac models.

You see though Hayne, the PC companies have already announced them, already released information on them, already have some benchmark information on them. Motherobard manufacturers are already making boards for them. Where I am well aware of the PPC based dual core processors, you do not hear anything other than a rumor that they are in developement. Infact, IBM, Toshiba, and Sony are currently working on cell processors more than the PPC side of things. Cell processors are based off of PPC technology, but not the same technology thats in apple G5s right now. The Playstation3 Will have a cell processor in it.

The fact is apple does not announce anything early. If you GIS for dual core PPC based G5s you will only find rumors of it, nothing official. Where as the PC world they have announced it and are already developing support for it. This looks more pleasing to investors, than being all secretive and just waiting to let the cat out of the bag and thinking that you will be allright because you are apple and you are different. Thats the dogmatic thinking I was referring to. Apple should be more aggressive and perhaps more open to the market to attract more investors and developers.

voldenuit,

Great post I agree with just about everything you said. Part of being secure is up to the user (or your IT staff) not totally depended upon the OS. People who blindly believe they are secure because they are on a mac are people that will have a rude awakening when macs start to become targets for people to exploit. Once apple gets a decent share in the computer market and once they become a more commonly used OS, there will be more exploits, spyware, malware, and viruses. Especially spyware, since there is money to be made in that field now. Hackers are being paid by companies to write spyware, thats why its becoming so popular.

Unix is open source, and the open source community is constantly searching the code for security weaknesses. As these are found and repaired the fixes are applied to the UNIX base under OSX. He mentioned that many of the security updates for OSX are actually not initiated by Apple, but by persons in the open source community. The name of the person who found the vulnerability and provided the fix is given credit in the log file.

There is also a HUGE hacker community, which will also strive to exploit everything the unix community does to be able to hack into systems. The internet is run by mostly unix/linux systems. They also leave their tag in their hacks as well, and go by their handles. I would not rely on a open source developement community because they may not be there someday, and there will always be a community of hackers looking to get around it.

And while Mac users certainly are smarter :rolleyes:

DarkSaint
05-26-2005, 02:44 PM
There is also a HUGE hacker community, which will also strive to exploit everything the unix community does to be able to hack into systems. The internet is run by mostly unix/linux systems. They also leave their tag in their hacks as well, and go by their handles. I would not rely on a open source developement community because they may not be there someday, and there will always be a community of hackers looking to get around it.

I'd depend on the proactive open-source community over a large profiteering corporation such as Microsoft anyday for malware control. Where's the money in making security updates? None, just go make a new Windows OS and make people believe it's better, which Joe Schmoe will believe because M$ told him so, and sell it like hotcakes.

tlarkin
05-26-2005, 02:48 PM
I'd depend on the proactive open-source community over a large profiteering corporation such as Microsoft anyday for malware control. Where's the money in making security updates? None, just go make a new Windows OS and make people believe it's better, which Joe Schmoe will believe because M$ told him so, and sell it like hotcakes.


Where is the money in security? Hmmm, Nav, spysweeper, adaware professional, etc etc.

Your opinion is not only completely biased, its also very dogmatic.

DarkSaint
05-26-2005, 02:57 PM
Your opinion on my opinion of course does not matter to me and my mind stays the same. :D I was speaking on the part of Microsoft's security, not third-party companies filling in and repairing the holes Windows has, which really can be avoided to the smart user, but not everyone wants to be or can be on the cutting edge of defending themselves from malware and viruses.

It's also not like the open source community will one day pack up and move out of Dodge, so I currently feel reletively safe just knowing people take pride in making OS X and other Unixes more secure and safer to use. ;)

hayne
05-26-2005, 07:34 PM
Where is the money in security? Hmmm, Nav, spysweeper, adaware professional, etc

No - the real money in security is in avoiding people voting with their dollars by moving to your competitor's system. That is what motivates Microsoft to improve the security of their OS.

And I don't think the open-source community is going to go away anytime soon - unless it is legislated out of existence by more DMCA-type provisions applied to security provisions built into computer hardware (viz: the now downplayed Palladium).