Daniel Eran Dilger in San Francisco
Random header image... Refresh for more!

The Mac Malware Myth

register fear

Daniel Eran Dilger
According to proponents of the Mac Malware Myth, Mac users should be afraid of a series of reports about a “rising tide” of malicious software and in panicked response, install anti-virus software from the vendors who propagate those dire warnings. They’re wrong, here’s why.
.
For more than a half decade, the Windows-enraptured tech media has been banging on a drum about the imminent arrival of Mac viruses. As proof of this coming wave, they always cite researchers employed by anti-virus vendors who recount vulnerabilities found in Mac OS X or occasionally trojan horse malware designed to dupe Mac users into manually installing software that intentionally causes problems.

This is like warning the population of the threat of a global pandemic outbreak based on press releases issued by a homeopathic group concerned that isolated reports of individuals hitting themselves with a hammer might portend a greater public health crisis, unless more people coat themselves with 30x ferrum phos obtained from one of their practitioners.

Somewhat ironically, a good long time ago, well before any of today’s pundits were trying to suggest that Windows isn’t really that insecure and the Mac isn’t really any better, there was a time in the 80s that Macs did suffer from regular infections, at least if you were in a school setting where kids were passing around floppies infected with boot sector viruses. That was in the days before Microsoft ported the Mac desktop to the PC and called it Windows. A lot has changed since. (Correction: There Were Never Any Mac Boot Sector Viruses )

Someday, someone might develop code that attacks Mac OS X, then replicates itself, and propagates the attack to other systems. Of course, for that type of viral attack to have any real and lasting effect, it will also require Macs to be widely installed by millions of users in the 1990s, prior to the development of Software Update over the Internet. You’ll know this is about to happen shortly after the first time machine is invented.

Until then, you can rest assured that every article you read about a wide spread virus attacks is really about Microsoft Windows. Of course, there will also be those sneaky articles written in CNET and Wired and the Register that insinuate that trojan horse attacks are the same thing as viruses because they are both “malware,” just like stubbing your toe and the Black Death are both “health-related issues.”

 Wp-Content Uploads 2008 04 200804010234-1

The Unavoidable Malware Myth: Why Apple Won’t Inherit Microsoft’s Malware Crown
Office Wars 3 – How Microsoft Got Its Office Monopoly

Goodin Questions Security Using Obscurity.

One recent example of this comes from Dan Goodin, filling space in the Register. If you’re one of the millions of web readers who stopped reading the Register back in the late 90s when its effeminate sassiness grew tiresome, let me fill you in on what the site has been up to lately.

Goodin’s most recent article “Mac malware tide on the rise!” (exclamation point added to highlight the silliness) desperately bends backwards to conflate a) malicious software dressed up as pirated warez that tricks one individual Mac user into manually bypassing operating system security to install it once with b) the self-installing, self-replicating viruses that rapidly spread to millions of Windows PCs overnight, like the recent Conficker virus (aka Kido or Downadup), which has now infected more than 15 million Windows systems across the globe.

Goodin was careful not to directly refer any of the four Mac malware reports that made up his “rising tide” as actually being viral, but he expertly wove in mentions of “anti-virus providers,” purposely muddying the waters to suggest that Macs have no security advantage over PCs running Windows, the platform that must always run anti-virus software or else face immediate infection.

Warning: yikes link Mac malware tide on the rise • The Register

The Business of Fear Gets an Education.

Googin’s article was sponsored by Symantec security ad banners and made direct reference to “Mac anti-virus provider Intego” and “anti-virus provider Kaspersky.” How is it that there is any software industry built around Mac anti-virus when there are no Mac viruses?

Fear. And ignorance. It is certainly conceivable that a Mac virus could be written, even it if would not pose the same widely infectious threat that Windows users face every day they are connected to the public Internet. However, it is not accurate to say that installing anti-virus software would protect Mac users from such a theoretical situation.

In fact, anti-virus software itself is a key target for infection. That’s because anti-virus software sits in a powerful, trusted position within the operating system and has its own mechanisms for accepting updates from the network, which are often easier to corrupt than the operating system itself.

Apple itself discovered this when it began shipping Virex as part of its Dot Mac package. While the anti-virus software was never compromised by an external virus attack, it did cause other low level problems for the system, which got so bad Apple yanked the title and stopped distributing any anti-virus tool at all for Macs. It also stepped up its advertising of the fact that Macs had no viruses in the wild. When dealing with fear, sometimes the best defense is a good offense: education.

Apple’s other offensive is in working to progressively bolster the security of its platforms. That means regular updates to its system software, new technologies incorporated into Mac OS X, and new security policies that make infecting the iPhone and iPod touch virtually impossible.

 Wp-Content Uploads 2009 01 Road-To-Sl-080826-6-1

Road to Mac OS X Snow Leopard: 64-bit security
New QuickTime 7.6 addresses quality, security
iPhone 2.0 SDK: How Signing Certificates Work
10 FAS: 10 – Apple’s Mac and iPhone Security Crisis

Managing Risk.

Anti-virus software on Windows, like Windows itself, has actual exploited vulnerabilities that have been used to spread infections. That risk is usually overwhelmed by the greater risk of not running anything and being more likely to fall victim to one of the tens of thousands of active viral attacks that can infect Windows software.

On the Mac, there is no background danger of viral infection, only a theoretical one. That makes running anti-virus software a risk not worth accepting. It’s not just that there’s no valid reason to run anti-virus software, but that there is real danger in installing anti-virus software on the Mac and assuming that you are now protected from any problems.

Installing anti-virus software on a Mac puts you at greater risk because the anti-virus software itself provides new opportunities for potential infection. If that’s hard to comprehend, imagine covering yourself with band-aids with the hope of avoiding any potential for infection; the reality would be that those bandages wouldn’t do anything to protect you from being infected if you were actually injured, and up to that point they would only serve as a potential media for culturing infectious bacteria and keeping it in contact with your body.

 Wp-Content Uploads 2008 04 Nocountryforoldwindows

Five Factors Shifting the Future of Malware and Platform Security

Prophylaxis not Always a Panacea.

Similarly, because there are no known signatures for Mac viruses (because no viruses yet exist), there is no way to prevent infections that might be developed. The security software would have to be updated to provide any protection, but that update mechanism also serves as a potential vector for distributing elements of malicious attacks, either directly or by opening up potential new vulnerabilities.

Were there some real, plausible risk of Mac viruses being developed (say, you operated a large lab of Macs that served as a valuable target for attackers), it might make some sense to install anti-virus tools so that you could mitigate damage once a threat was discovered. It also might make some sense for some institutions to install tools that limit what software its users can install.

However, for home users, Mac anti-virus makes no sense whatsoever. All it can possibly do is slow down the system, add some irritating interruptions, and provide a false sense of security while actually undermining real security by adding new layers of potential vulnerabilities. Very targeted attacks, ones that might exploit a vulnerability to gain access to your system, are not preventable with anti-virus software that only scans for known patterns of malicious software.

Really, how useful is it to install anti-virus software that can realistically only stop you from installing software you should know better than to attempt to install in the first place, whether it’s the pirated version of Photoshop or the pirated version of iWork or an unknown anti-virus package from the web? Yes, those are the four fearsome malware examples Goodin cited as his “rising tide” of Mac malware, and which, coincidentally, Intego cites as the reasons to buy its Mac software.

Of course, the security experts at Kaspersky, Symantec, Intego, and others don’t want you to know that. They want you to read scary articles like those that regularly appear on CNET, Wired, and the Register, which are based on press releases issued by those vendors, all suggesting that Macs are really damn close to being dangerous to use, and that their products are really critical for your continued safety.

Because when you’re in the business of fear, an educated population is the worst thing you can imagine, and a lazy media content with republishing your press releases is your only hope in preventing that from happening.

Did you like this article? Let me know. Comment here, in the Forum, or email me with your ideas.

Like reading RoughlyDrafted? I’d write more if you’d share articles with your friends, link from your blog, and submit my articles to Digg, Reddit, or Slashdot where more people will see them. Consider making a small donation supporting this site. Thanks!

86 comments

1 wintercamp { 01.29.09 at 2:51 am }

Hi! I always love your articles! I’m not so into “effeminate” as a derogatory term, though.

2 whmlco { 01.29.09 at 3:35 am }

I think you may be making a bit much out of the article being “sponsored” by Symantec, as it was probably just a contextually placed ad.

Much, I assume, as was the Cyber-Defender anti-virus ad that adorned the top of the Roughly Drafted article…

3 ronhip { 01.29.09 at 4:50 am }

Odd that given the subject of this article, two of the three ads associated with it were spyware and security scan ads…

[Not odd at all considering that they are positioned by context - Dan]

4 Brau { 01.29.09 at 6:18 am }

Man! A subject close to my heart. Well said.

A few other things most people don’t realize about virus software:

1. Viruses have to be coded very lean and if even one bit is out of place they won’t work. AV software can’t actually run any code to see if it’s truly viral so they only compare it to known virus strings, within a percentage. This means over 90% of the pop-ups users receive warning of a “possible” virus are usually false and the user is being denied viewing a perfectly legit file. The result is that the user thinks it’s actually protecting them when it’s not. Sometimes it’s simply the file name.

2. AV software cannot protect you from future viruses, only past ones.

3. Running any brand of AV software causes infinitely more problems for Mac users than not. Norton, McAfee, Sophos, and even ClamX all have extensive troubleshooting forums detailing tens of thousands of issues ranging from HD erasure, critical data loss, and even phantom user accounts. Scary stuff, given there are no Mac viruses that can do any of these things.

4. Many Mac dealers often profit from getting Mac users to install free AV software as they make a ton of money on the resulting service calls. I had a knock down, drag-em out public confrontation with the local Mac User Group (hosted by a local dealer) who was openly pushing all Mac users to run AV software to be “good netizens” and “just to be safe”. Thankfully many other Mac users were just as enraged by this as I was and they were thoroughly embarrassed into backing off.

5 QdK { 01.29.09 at 7:17 am }

Thanks for this article. I agree with some of your points: all additional programs can potentially become new attack vectors when it comes to viruses or malware.
Quite possibly the anti-virus packages for the Mac actually protect against Windows viruses so when a Word or autorun-based virus travels on i.e. a USB stick from an infected pc to a Mac to an uninfected pc, the Mac will have intercepted and cleaned the medium before it hits the uninfected pc. To this day, anti-virussoftware for the Mac isn’t so much protecting your Mac, but other pcs, if I’m correct in this assumption.

However, the article on The Register details a hacked version of iWork which was then distributed as a torrent. Downloading something you ought to know you can’t trust while saving only $79 is just stupid, but people seem to do it. The problem arises when the user launches the iWork installation tool. By that time, the tool can anything it wants, with the rights of the user (such as launching a daemon, etc). It probably asks for your password and by giving this, the (hacked) tool can do even more, like installing a KEXT or, like the hacked iWork seems to do, make a daemon start when the OS starts. The malware KEXT can then serve the purpose of a keylogger, the daemon as a spam hub.
This question on the Cocoa-dev mailing list caught my attention last year:
http://lists.apple.com/archives/accessibility-dev/2008/Oct/msg00006.html
It reminded me of a malware distributor we found out we had as a user of our services (I work at an ISP). He distributed torrents (for Windows programs) with malware which used a keylogger. This logger would then, with intervals, FTP a file with all keystrokes including the active window name to a homepage the user had created. Needless to say the account was closed and reported to management, but this kind of trick would work as well on OSX if the user is tricked into giving his/her password.

Self-propagation like a virus would do is still seemingly out of reach for OSX, but trojans apparently aren’t. And it’s trojans the malware writers of today are writing, since there’s enough morons allowed to use computers.

6 John Muir { 01.29.09 at 7:25 am }

@Brau

True. That last point is the only justification for Mac anti-virus software that I’ve heard. “Be a good citizen. Don’t pass viruses on!” Oh please, what a load of bunk. Do people really think the Internet works just like passing around floppy disks like the old days? Apparently…

Every system which ever touched the Internet is responsible for its own security, period. And for hassle free living, that is best a Mac or something else rooted in UNIX.

7 Joel { 01.29.09 at 7:36 am }

Its interesting how much the Register article confuses malware with trojans. I’m surprised they didn’t manage confuse the two with “computer viruses” or worms… They must still have a technical person writing…!

The interesting thing is the computer security industry could be wiped out very quickly if Microsoft took the same design precautions Apple has. Instead of having a secure OS from the start they added half-baked security precautions in Vista that are having no real effects. One wonders why they don’t do anything. Are they incompetent, or are they afraid of being sued by the anti-viral companies for loss of business…?

Another point… If Levi sold jeans that allowed the build-up of bacteria against the skin, and caused a nasty rash that could spread to others there would be a class-action suit in minutes. Why can’t the same be applied to Microsoft…?

Pity they miss out that the quickest way to deal with iWork Trojan is by running the command “sudo rm -rf /System/Library/StartupItems/iWorkServices” from the command line (ie Terminal.app). Some sophisticated attack…!

8 Joel { 01.29.09 at 7:39 am }

In that comment, the last paragraph should be the 2nd one… :D

I wonder when Dan will address these other myths:
The “Security through Obscurity” Myth.
The “Computer Virus will Occur Naturally Everywhere Anyway” Myth

9 chuckb { 01.29.09 at 9:30 am }

Laughed out loud at this, “Of course, there will also be those sneaky articles written in CNET and Wired and the Register that insinuate that trojan horse attacks are the same thing as viruses because they are both “malware,” just like stubbing your toe and the Black Death are both “health-related issues.””

Well put. The FUD put out on this issue by Windows apologists and anti-virus software purveyors has clouded this issue for many people. Thanks for a great piece of debunking.

10 warlock7 { 01.29.09 at 9:48 am }

@wintercamp:
I don’t believe that the term was used in a derogatory manner. It was merely descriptive, as well as being accurate.

11 gus2000 { 01.29.09 at 11:48 am }

I used Virex when I first got dotMac, but quickly removed it when I discovered it was worse than any virus I ever had.

In the early days of the PC Plague, antivirus was actually quite useful against “unknown” attack vectors since they plugged many of the infection-holes left open by Windows. They also did things like keep checksums of COMMAND.COM to make sure it hadn’t been modified. Computer systems are far more complex now, and malware more sophisticated unfortunately. For instance, viruses are now defeating signature-based rules by distributing interpreted code that uses randomized internal names.

Call up Sun, IBM, or HP and ask them what kind of anti-virus software they use. Chances are you’ll get a “wtf?!?” response, even though their servers are used in the most critical data centers around the world. Why? Because they use Unix (or a variant) which wasn’t coded to act like a drunken prom date. OS X is based on NeXT, which is based on Unix, just like the big servers!

Daniel, you might as well keep this article in generic form (“Tech analyst $NAME at site $URL spreads Mac malware myth $TODAY”) so that you can avoid repeating yourself as this happens over and over and over again.

12 stefn { 01.29.09 at 12:08 pm }

How far back has it been true when a techie with even an ounce of ethical principles could have recommended using Windows rather than Mac for home users?

Ten years? And still I hear it all the time.

13 gus2000 { 01.29.09 at 12:46 pm }

Big, heavy sigh.

This myth is now being spread by the mainstream (non-tech) media:

Jennifer LeClaire, newsfactor.com – Fri Jan 23, 12:09 pm ET
“Who said Macs are immune to viruses? Some malware makers aim to bust that myth with a Trojan horse that’s being downloaded across the Internet.”

Apparently, using “virus” in the first sentence and “Trojan” in the second sentence did not trip any of the author’s Cognitive Dissonance Detectors. She repeatedly referred to the malware by both terms, despite its inability to spread to uninfected Macs.

To answer Ms. LeClaire’s question: no one said Macs are immune to viruses. However, Macs do have a superior security architecture over Windows that make them far less vulnerable. Oh, and viruses are not the same as Trojans, just like being a “writer” does not automatically make you a “journalist”.

14 Joel { 01.29.09 at 12:55 pm }

From NewsFactor : “Noteworthy is the fact that although Apple is known for a virus-resistant platform today, in the 1980s and early 1990s the Mac was among the top platforms for spreading malicious code. That changed with the introduction of Windows 95 and the Internet. Security researchers recommend Mac users stay protected with security software.”

Just because you surf the Internet doesn’t make you a tech writer…

15 gus2000 { 01.29.09 at 1:20 pm }

ZOMG, and now the Windows Apologists are taking their case to the people via FauxNews:

Experts: New PC Virus No Reason to Panic
Monday, January 26, 2009 | FoxNews.com
“A new computer virus is spreading across the Internet, but security experts say that it hasn’t resulted in much damage and that its impact is primarily psychological.”

Yes, it’s infected over 15 million systems and counting, but there’s nothing to see here! These are not the malwarez you’re looking for. Move along. Move along.

16 WebManWalking { 01.29.09 at 1:24 pm }

I think you could make a good argument for Macs running antivirus software that detects WINDOWS viruses, so that we don’t pass along something malicious to that community. I couldn’t talk my youngest sister out of going 100% Microsoft in her household, for example, and I wouldn’t want to send her something that proved to be malware.

On a similar note, I’m all the time recommending funny or interesting or erotic websites to my coworkers, but I visited them at home on a Mac. Didn’t hurt me a bit. Software for a Mac that identified websites that are actually Windows virus vectors would save me from inadvertently hurting a friend’s computer by recommendation.

If you really want to be a good netizen and not pass along malware, it seems patently obvious what kind of malware to be most worried about: the kind that’s made for Windows.

17 Brau { 01.29.09 at 1:51 pm }

@ WebMan

Sorry, but it makes no sense at all for Macs to run AV to protect Windows users. They have chosen to purchase a system they know is full of holes and simply must be responsible for their own security. Metaphorically, they are choosing to live without skin then blaming others when they get an infection. People who decide to run Windows deserve whatever they get and it is unfair to coddle them into a false sense of security by allowing them to blame Mac users for their laziness.

18 daGUY { 01.29.09 at 2:15 pm }

It seems like every couple of months an article comes out about how attacks on Macs are “on the rise” and there could “soon” be an outbreak of dangerous Mac viruses. This has been repeated for years and years, and yet there is still not ONE SINGLE Mac virus, as far as I know.

There’s a few Mac trojans out there, and yes trojans are malicious, but they are NOT viruses. Trojans don’t automatically spread between computers, and they work by tricking the user into *intentionally* giving them secure access to the machine – hence the term “trojan.” They don’t take advantage of an actual vulnerability in the system; they take advantage of users who blindingly install software without considering the source. Big difference – you can patch security holes, but you can’t prevent users from purposefully deciding to install something.

The scare tactics are just to drum up hits and attention. For all the feigned panic about Mac viruses that don’t exist, THREE NEW Windows viruses come out every DAY on average! And that’s real viruses, not trojans or proof-of-concept things like you see sporadically on the Mac.

Finally, with all the disproportion attention already being given to the possibility of Mac viruses, don’t you think somebody out there would create one JUST to capitalize on that? Imagine how berserk the tech media would go if a REAL Mac virus was released! And yet, OS X’s been out for 9 years are there aren’t any.

19 daGUY { 01.29.09 at 2:23 pm }

@Brau: but a lot of Windows users don’t even realize that they’re at risk, or that there are other, safer alternatives to Windows. Other users may not have a choice (for example, I have to use a Windows PC at work). So, even if you’re on a Mac, it would be irresponsible to pass along a Windows executable through email if you’re unsure of where it came from. That’s the one reasonable argument I can see for running Mac AV software.

20 NB { 01.29.09 at 2:32 pm }

Dan,

Mac OS X is just as vulnerable to drive-by malware installations as Windows is. Flash; QuickTime; WebKit. Three prime vectors.

The first user-friendly iPhone jailbreak was executed via a buffer overflow in MobileSafari that could lead to execution of code supplied by the attacker, leading to full compromise of the device, for example.

You can claim that trojans are not self-replicating and thus not viruses but that is a semantic difference. They both lead to compromises of the computer’s integrity and thus of the user’s data. I can’t find statistics on how many compromises were from viruses (that exploit bugs in the OS for remote code execution) versus trojans (that require some amount of user interaction such as navigating to a website) for Windows but certainly some of the high-profile ones in recent memory have been the latter kind. Continuing to claim “Look, no horse shit on my driveway!” when you have a large dog kennel there is not useful if you want to be free of shit.

Obviously, nobody is going to write a Warhol Worm that runs on Mac OS X, purely due to the much lower market penetration of Mac OS X. Nobody is arguing with that. That doesn’t mean that the first occurrence of malware distributed with fresh software released in the OS X P2P community isn’t worth writing about anymore.

Ironic, by the way, how you bashed The Register for carrying Symantec ads, while your own page carries similar ads, by e.g. Intego – and additionally an ad for “Remove Antivirus 2008: Detect and Remove Antivirus 2008. Antivirus Removal (Free Scan)” which sounds distinctly unwanted and spyware-like to me.

21 O Mito do Malware para Mac perpetuado por (surpresa!) fabricantes de anti-virus » AppleMania.info { 01.29.09 at 3:33 pm }

[...] mais detalhes no altamente recomendável artigo completo de [...]

22 danieleran { 01.29.09 at 3:36 pm }

NB: no anti-virus software would protect iPhones from being exploited through a WebKit vulnerability.

Also, I did not “bash” the Register for having a Symantec contextual ad, I simply referenced it to allude to the big money behind the anti-virus industry, which is necessary on Windows and really wants to make money selling to Mac users too.

“You can claim that trojans are not self-replicating and thus not viruses but that is a semantic difference”

Yes, it is a semantic difference, which is why we have dictionaries and assign words meanings in the first place.

23 jfatz { 01.29.09 at 5:01 pm }

It’s a Symantec difference?

24 hylas { 01.29.09 at 5:13 pm }

gus2000
“I used Virex when I first got dotMac, but quickly removed it when I discovered it was worse than any virus I ever had.”

I got VirusBarrier X5 with a bundle recently, I got curious and installed it, weeks later I’d forgotten, and was swapping firewire drive – copying on to the other, it kept telling me a certain Linux .iso was corrupt. Twice.
“Real-Time Scanner” was fscking me.
Curiosity over.

Brau
@ WebMan
“Sorry, but it makes no sense at all for Macs to run AV to protect Windows users. They have chosen to purchase a system they know is full of holes and simply must be responsible for their own security.”

With the exception of Servers with Window clients, I totally agree.

There is an instance of one that is of concern, it’s not a virus, more of a rootkit – logic bomb hybrid I have (and others) run across. (X-Platform)
In ’97 and ’05 this thing got a hold of me. The first time on a 68040, Quadra 610 and it’s networked Mac IIsi. the second time G4s, G5s (everything) and Xserves.
Another researcher (Nancy) has named it, and it’s appropriate:
Subversion.
(on Nancy’s site you’ll get a warning on Site Identification [it seems to be expired] click through to read)

https://tagmeme.com/exmachina/a/002450.html

It’s like nothing you’ve ever seen or will see.

It’s BAD – really bad, and it’s genius, no way out. (ISYN)

She’s on Windows (now Mac), it reads like my experience (on Macintoshes), very similar hallmarks.

Nancy:

https://tagmeme.com/exmachina/a/002450.html

https://tagmeme.com/subhack/whoarethesepeople.html

The quest for ring 0:

http://www.securityfocus.com/columnists/402

http://www.securityfocus.com/comments/columns/402/33600#33600

(^replaces a broken link^)

http://www.mackido.com/EasterEggs/CD-System70.html

Researchers: Rootkits headed for BIOS:
(comment especially)

http://www.securityfocus.com/news/11372

http://www.securityfocus.com/comments/articles/11372/33017/threaded#33017

http://www.securityfocus.com/comments/articles/11372/34206/threaded#34206

http://www.securityfocus.com/comments/articles/11372/33500/threaded#33500

http://www.securityfocus.com/comments/articles/11372/34207/threaded#34207

http://www.securityfocus.com/cgi-bin/index.cgi?c=articlecomments&op=display_comments&ArticleID=11372&expand_all=true&mode=threaded

http://www.spywareinfoforum.com/index.php?s=3a3ce02c4055e269a0220c239560f3f9&showtopic=6056

The reaction is alway (you’ll notice):
no way
this is a hoax
you’re mistaken
you’re an idiot
you’re incompetent

Ad nauseam, ad infinitum

I’m starting a Journal (blog) about this @ lunatechnical.net in the near future (forgive the self-reference) It’ll be a small personal project as I collect the people this has affected to fully document this major problem that flies so low to the ground as to never be seen.

P.S.

I’m completely behind Daniel’s above article, the whole two times I’ve ever run AV on a Mac it has been the problem – corruption of the disks.
They need a new model.

25 daGUY { 01.29.09 at 6:37 pm }

“You can claim that trojans are not self-replicating and thus not viruses but that is a semantic difference. They both lead to compromises of the computer’s integrity and thus of the user’s data.”

Yes, but the difference is that trojans work by tricking the user into running something, rather than taking advantage of a security hole. A theoretical system that was 100% secure (zero security holes) could still get bitten by a trojan. So doesn’t it say something about the Mac’s security that there have been trojans, but no viruses?

26 Malware on the Mac: Anti-virus or no Anti-virus? | edu.Mac.nation { 01.29.09 at 9:35 pm }

[...] The Mac Malware Myth — RoughlyDrafted Magazine  For more than a half decade, the Windows-enraptured tech media has been banging on a drum about the imminent arrival of Mac viruses. As proof of this coming wave, they always cite researchers employed by anti-virus vendors who recount vulnerabilities found in Mac OS X or occasionally trojan horse malware designed to dupe Mac users into manually installing software that intentionally causes problems… [...]

27 enzos { 01.29.09 at 10:34 pm }

A deliciously crafted squib!
Cheers Dan
-Enz
PS: I’ve used Macs on and off uni networks since the SE, never used AV software and never once been bitten. [fingers crossed, touching wood]

28 enzos { 01.29.09 at 10:40 pm }

PPS: daGuy makes a good point, and a sharp retort to the security through obscurity mantra.

29 Michael { 01.29.09 at 11:44 pm }

great article daniel, you’ve been really prolific lately with your writings, i look to see more! anyway, i laugh everytime people say they don’t run antivirus on windows vista, BUT they advocate running antivirus software on mac os x, which hasn’t had any real attacks compared to vista’s paper maché record on virus protection.

of course, people will rant since they don’t need antivirus protection on windows, they have defeated the mac’s main selling point. until they get a virus. anyway, smart users don’t (and won’t) install pirated software, especially if it’s reasonably priced.. but there are those who take the chance to pirate anyway, and they pay for it, just not with monetary costs. As far as I know, you can just grab the serial key and download the trial version from Apple’s website, therefore having the best of both worlds, pirated software being downloaded legitimately.. not that i’m advocating anyone to do that, of course. But those news media outlets were apparently brainless enough to not realize that there ARE other sources for getting your clean iWork copy. And yeah, that one line removal in Terminal posted by Joel would solve the problems created by that trojan.. try doing that in Windows!

30 Joel { 01.30.09 at 4:55 am }

Well… Once the infected versions of the pirated copy of iWork were either flagged or removed, the chances of being infected decrease significantly. Its why I sceptical of the 20,000 Macs being infected figure. I would guess probably about 5,000 at most, and then the majority of them being cleared up. So I would guestimate that by now a maximum of 1,000 Macs are still infected. Big deal…!

31 Joel { 01.30.09 at 4:56 am }

The full command line removal is :

1) (open Terminal.app)
3) sudo rm -r /System/Library/StartupItems/iWorkServices
4) sudo rm /private/tmp/.iWorkServices
5) sudo rm /usr/bin/iWorkServices
6) sudo rm -r /Library/Receipts/iWorkServices.pkg
7) sudo killall -9 iWorkServices

32 Bradley { 01.30.09 at 5:28 am }

Hey Dan,
We run AV on our 700+ Macs because we don’t want them to harbour anything that would infect out 4000+ XP machines.
It’s a pain but a necessary evil.
Brad

33 stefn { 01.30.09 at 11:35 am }

@NB
More semantic differences: cat/dog, black/white, up/down …

34 stefn { 01.30.09 at 11:56 am }

Not@NB

Semantic difference, as in “merely semantic difference.”

A world of Orwellian nightmare lurks within this usage, when it lets the user abandon of any form of intelligent or articulate argument in favor of making it all up. In other words—avoiding too fine a semantic point—employing fabrication, obfuscation, mendacity, lies.

War is peace. Torture is dialogue. Oligarchy is democracy. Greed is need. Poverty is prosperity. Oppression is freedom.

35 daGUY { 01.30.09 at 1:04 pm }

@enzos: I think “security through obscurity” is still part of it, too. Obviously, if you’re writing a virus, you want it to spread and cause as much damage as possible. So naturally, you’re going to aim for the biggest target – Windows PCs.

I think the lack of Mac viruses is a combination of both factors – OS X is inherently more secure, and at the same time, it’s used by far fewer people so it’s a much smaller target. Why expend more effort to create a virus that did less damage? It makes no sense.

The only incentive I see for creating a Mac virus is media coverage – the first legitimate, widespread infection would generate a lot of attention. But yet even after 9 years of OS X on the market, that hasn’t happened. So either it’s too difficult, or it’s simply not worth the effort.

36 mihomeagent { 01.30.09 at 1:21 pm }

Funny you should mention this at this time. Here’s USAToday showcasing a claim of an infected MacBook. The details are not actually believable–in fact, they sound impossible.

http://www.usatoday.com/tech/news/computersecurity/2009-01-28-hackers-data-scams_N.htm

“Cybercriminals have launched a massive new wave of Internet-based schemes to steal personal data and carry out financial scams in an effort to take advantage of the fear and confusion created by tumbling financial markets, security specialists say. [. . .]

“Among those caught in the most recent barrage of scams was Justin Terrazas, 27, a beverage merchandiser from Seattle. He clicked on a Web link that infected his MacBook Pro laptop with a data-stealing program. Not realizing the laptop was compromised, Terrazas later typed his Bank of America debit card number and PIN to pay his Verizon cellphone bill online. The data-stealer swiftly siphoned his information.

“A few days later, someone used Terrazas’ debit card account to make a $501.41 online purchase from Modabrand.com, a designer clothing store. The merchandise was shipped to London, leaving Terrazas to unravel a big mess.”

37 Derek Currie { 01.30.09 at 1:48 pm }

HISTORY: ‘The Sky Is Falling’ FUD started in August of 2005. The first perpetrator was our old pal Symantec. Who else. McAfee fell in line by the end of the year. But oddly, the CEO of McAfee was then quoted as saying the single best way to avoid malware on computers was to, you guessed it, use a Mac.

In the following three years there was an actually wonderful event: The FUD got to Apple and they got seriously serious about Mac OS X security. Believe me, Apple had NOT been serious about it previously. As a result there was an exponential increase in Apple Security updates. There was also one enormous revelation: Apple QuickTime was a massive security hole. If you review the security improvements in Quicktime over the last year you’ll realize this is a fact. The problems first became obvious in December 2007 when one of its vulnerabilities was exploited by hackers at MySpace who managed to use a cross site scripting hole in Quicktime to hack thousands of MySpace pages. Apple rapidly provided a fix and got to work cleaning up the rest of their messed up code.

In October 2007, the very very very first Mac OS X malware in-the-wild showed up in the form of a porn site Trojan horse masquerading as a Quicktime component you were supposed to install in order to watch a website porn video. That was over TWO YEARS after ‘The Sky Is Falling’ FUD began. Then over the last year a horrifying TRICKLE happened. While Windows was flooded with thousands of new malware, including real life viruses, Mac OS X was made slightly damp with another seven Trojan horses. Did I feel a drop?

You can read all the gory details over at my Mac-Security blog:

http://mac-security.blogspot.com

;-Derek

38 Derek Currie { 01.30.09 at 1:51 pm }

TYPO:
Was “The problems first became obvious in December 2007″
Is “The problems first became obvious in December 2006″
SORRY!

39 beetle { 01.30.09 at 1:53 pm }

@NB
As is appropriate, you have been chastised for asserting that the disctinction between worms and viruses is trivial. Perhaps under Windows the differences are less relevant?

You also give as an example of triggering user interaction:
> such as navigating to a website

Sorry, but if it only takes a URL to let a piece of malware infect an operating system, that is more like a virus than a trogan. Under Unix (including OS X), the latter requires user authentication.

40 Derek Currie { 01.30.09 at 2:00 pm }

“Security By Obscurity”
… Is a joke, always was, and I suspect always will be. I wrote a shocking article, over at my Mac-Security blog, about how to prove it is a joke to all but the most dimwitted among us. It uses mathematics, which apparently confuses dunderheads and trolls.

Why is there no such thing as ‘Security By Obscurity’ for Mac OS X?

Because Mac OS X is UNIX. It’s certified! Look it up! UNIX was built from day one to be profoundly secure. Windows never was. That’s why Microsoft, to this day, have the single least secure operating system commercially available. Very sad. Very true.

Do not ever expect Mac OS X, even if it becomes as popular as Windows, to have any amount of malware as massive as Windows. Mac OS X is, here’s that word again, PROFOUNDLY more secure than Windows. There is no such thing as perfect security. Mac users have no excuse for not paying attention to security. But never let any joker, dimwit or troll fool you that there is such a thing as ‘Security By Obscurity.’ What really exists is solid state Mac OS X security that prevents hacking and cracking far better than anything Microsoft will ever come up with. That is literally why they have 99.99999999% of the malware and Mac OS X users statistically have next to nothing. And yes, they’ll hate you for telling them the truth. Just smile back.

;-Derek

41 Derek Currie { 01.30.09 at 2:24 pm }

OK, so you want to be a responsible Mac OS X user, and want to be prepared for any Mac malware lingering out there in the wild. What do you do?

1) Never install anything that you have not verified as 100% legitimate software. That means specifically two things:

A) Never believe any notice anywhere that says you must install something being offered to you. Go check it out and download it from a reputable site that checks out software and provides user reviews. These include Versiontracker, MacUpdate, Download.com, TuCows, etc.

B) Never install pirated software. The most recent Trojan for Mac OS X specifically hides inside pirated software installers, pretending to be an installer package, installed right along side the legitimate installer packages.

2) Go get a decent free anti-malware program. (The term ‘anti-virus’ is out of date). My only recommendation for a FREE program is ‘iAntiVirus’ free edition from PC Tools. It is up to date. Do NOT bother with ClamXav. It is well over a year out of date regarding Mac malware. (I have personally attempted to improve this situation but found it fruitless).

Of the commercial/shareware anti-malware programs, the only one I recommend is Intego’s VirusBarrier. It works great. I own it. Got a nice deal on it too. Downside: You have to pay every year for updated malware definitions. Not worth it! See #1 above. Go get iAntiVirus.

3) Keep up with security updates. Always install Apple Security Updates when they are provided via Software Update for your Mac. Always install updates to applications and plugins. Quicktime has security holes. Adobe Flash has security holes. RealPlayer has security holes. Etc.

4) Use security tools and techniques. This includes working as a ‘Standard User’ on any network, not as an Administrator. You can also encrypt your account using Apple’s provided File Vault. You can also lock down your Mac using a Firmware password. There are loads of other security utilities on the net. Three I like are 1Password, Little Snitch and Gnu Privacy Gaurd (which is free!)

5) The #1 Rule of Computing, repeat after me:
Make
A
Backup.
If you don’t, you get what you deserve. Cruel. Reality.

That’s my list!

The end.

;-Derek
http://Mac-Security.blogspot.com

42 Joel { 01.30.09 at 3:05 pm }

@daGuy: There’s two other advantages to creating Mac Virus or Malware program. First, not many Mac users are running anti-nasty software. So if you are successful, then you will infect lots of Macs before anyone notices, and removal of your nasty will be much slower.

Secondly, aren’t Macs supposed to be stereo-typed as being more expensive than Windows machines. Ergo it follows the users will have more cash to be stripped out of their accounts…

And I wouldn’t dismiss the bragging rights as unimportant. To the low-life scum that make up malware/virus creators their reputation is everything…

43 enzos { 01.30.09 at 4:55 pm }

>But yet even after 9 years of OS X on the market, that hasn’t happened. So either it’s too difficult, or it’s simply not worth the effort.<
We’re on the same wavelength, daGuy. It wasn’t bravado that I didn’t use AV. It’s just that we had a mixed network: some departments like Chemistry had Mac networks (invariably maintained without fuss or downtime in his/her spare time by a single techo or academic) and some (like Biology) succumbed to ITS pressure and ‘upgraded’ to Wintel (and were serviced at great expense by ITS). My security was that most other people on the uni’s Mac networks had AV running.. but never found anything to swat… so I never bothered to install any on my machines: the Law of Parsimony (a favorite bullshit-buster in the physical sciences) says that if there’s no *proof* that you need it – in a Theory or hypothesis – leave it out. The Wintel networks were another matter, of course, they crashed and burned at least a couple times a year and would sometimes beg assistance from our hopelessly obsolete system. Indeed, the only viruses, worms &c I dealt with in the last decade havee those on our grad-students’ Windows disks and thumb-drives (bloody krag.exe &c.).
-Enz

44 Ephilei { 01.30.09 at 5:02 pm }

Nice. But unless you’re misogynist, don’t use “effiminate” or “sissy” as derogatory. Nothing wrong with femininity.

45 gus2000 { 01.30.09 at 6:59 pm }

“Security through obscurity” is total BS.

The installed base of OS X Macs is around 25 million (not including iPhone/Touch!) and I’d say most of those connect to the internet. However, the year that Windows 95 was released, there was a total of only 16 million users connected to the internet worldwide (internetworldstats.com).

So there are now more Macs connected to the internet than there were Windows boxes on the internet when Win95 took off and the malware boom was hitting its stride. But we’re supposed to believe that Macs are still too small a demographic to get noticed?

Viruses are not written to “do damage”. They are not written by little kids playing pranks, but by thieves looking for personal data to exploit, or severs for delivering spam. They want quality, not just quantity. Still, a virus that could infect only 1/10th of 1 percent of Macs would get 25,000 systems. If each of those nets a single credit card number worth a measly $100, that’s a $2M-dollar virus program you’ve written there. And just think of all the effort that security researchers went through to crack OS X and claim a tiny $10,000 prize!

There’s a thread about the USA TODAY article over at the Apple discussion forums. The consensus is that the victim either got spoofed and handed his info over directly, or that the “link” was a malicious plug-in for watching FREE PR0N! that the user happily agreed to install.

There’s no AV program for Social Engineering. The Vista UAC tried, but simply ended up training users on how to click “Allow” repeatedly in the least amount of time.

46 benlewis { 01.30.09 at 7:01 pm }

@ the knee-jerk political correctness police: Get over yourselves. To say “their effeminate sassiness grew tiresome” is a legitimate expression distaste for a particular writing style. One could also say “their manly braggadocio grew tiresome” if one were being critical of another style of writing.

47 PXT { 01.30.09 at 7:07 pm }

I would like to know the statistics for an average virus of how many uninfected unix servers it passes through to infect say a million PCs.
If a PC in New Zealand passes a virus to a PC in the US, how many non-microsoft OSs does it pass though?

48 PXT { 01.30.09 at 7:10 pm }

BTW – I’m pretty sure that ‘effeminate’ is inherently derogatory in that it applies to a scenario in which being feminine would not be a positive thing – such as a gladiator in the colosseum. Use of the word does not imply that being feminine is itself bad.

49 hodari { 01.30.09 at 11:35 pm }

Derek Currie “Because Mac OS X is UNIX. It’s certified! Look it up! UNIX was built from day one to be profoundly secure. Windows never was. That’s why Microsoft, to this day, have the single least secure operating system commercially available. Very sad. Very true.”

REALLY ?

Contrary to you and what some “UNIX based OS” users mistakenly think, Unix like systems are inherently less secure than Windows NT based operating systems.

NO commercial Unix ever got C level or B level certification when the NSA was still certifying software. The Windows NT core OS was architected at the B level, implemented at the C level (B level is too difficult to be practical for use by anyone but military and intelligenc agencies) and certified as C2 compliant.

One big reason for the Unix failure at that level of security is it’s designed for only limited access control levels (3 categories with rights represented by an octal digits) and even that is only checked at a high level. Windows NT architecture, on the other hand, has granularity of security at the object and call level, a modern ACL architecture and all calls pass through a certified security subsystem.

Now, some modern Unix based systems have a modern security system bolted on to them but that’s not the same as having it architected into the design.

“reality” is that OS X is a VERY vulnerable operating system and Apple has a horrible record of fixing security holes.

It’s also reality that fewer of the criminals who attack vulnerabilities have bothered going after OS X since they automatically start out with a 96%+ failure rate if they target OS X because of its tiny market share.

Does that leave Mac users vulnerable? Absolutely. All it takes is one of the syndicates that launch these attacks (and it isn’t teenagers in basements anymore) to decide that it’s financially worth it and all those unpatched Macs with no anti-malware are toast.

50 daGUY { 01.31.09 at 2:52 am }

@Joel: think of it this way. Macs have about a 5% marketshare in the world (give or take a few percentage points). So, to generalize, 5% of the world’s computers are Macs and the other 95% are Windows PCs (for the sake of argument, I’m leaving Linux, etc. out).

Anyway, imagine a hypothetical Mac virus that was so successful it spread to *every single* Mac in use. That would still only account for 5% of the world’s computers! Windows is such a huge target that even a mildly successful virus can spread to more PCs than there are Macs in existence!

So, I do think security through obscurity is part of it. Why create a Mac virus when *at best* you would only be able to infect a tiny fraction of the world’s computers?

51 Derek Currie { 01.31.09 at 4:14 am }

Oh great, a vehement troll in our midst. I only say so because his ‘facts’ are FUD. Yawn. Time to swat the gnat:

hodari sez: “Contrary to you and what some “UNIX based OS” users mistakenly think, Unix like systems are inherently less secure than Windows NT based operating systems.”

Total nonsense. Been there, done that, good luck backing up your rubbish. And YES, Mac OS X has no need for your ‘UNIX Based OS’ crap. I told you to look it up, and like a typical troll you never bothered, just so you could make a total fool of yourself so someone like me would come along and abuse you because, face it, you’re a plain old sadomasochist.

Rather than further enable your self-destructive behavior and your bullsh*t FUD, I am off for a happy night’s dreaming. Good luck at that on your end, little liar.

:-P

Trolls, trolls, trollzzzzzzzzzzzzzzzzzz

52 hodari { 01.31.09 at 4:41 am }

Derek – The trick is getting computers to understand what I’m saying more than some people here!

53 Joel { 01.31.09 at 6:46 am }

@daGUY:”So, I do think security through obscurity is part of it. Why create a Mac virus when *at best* you would only be able to infect a tiny fraction of the world’s computers?”

I think you underestimate the “because its there” attitude of developers and people who play with technology. I’m also tempted to create a Mac Virus myself, to demonstrate how it would be done. However I’m stopped by two constraints:

1) I’m no-longer a frustrated 14-year old

2) The attack vectors I have on Windows aren’t there. There are few unpatched holes to get in (even security researches need a bit of help), and since not everything runs as root I don’t have unfettered access to the file-system. And since my virus can’t be executed by default I’m going to have to make it some kind of trojan instead of a worm/virus thing. There’s also no real way to use the MBR to create a boot sector virus.

Damn, there goes my 15 mins of fame at being the guy who broke OS X and Unix security…

54 Joel { 01.31.09 at 8:25 am }

For Unix/Linux computers there’s another incentive to gain access… A lot of these machines are used by more than one person, and they often have useful services running on them. Think about web servers or databases holding lots of people’s login, or even credit card details…

(And anyone who thinks that just because “Unix is obscure” has never followed /var/log/secure :D)

55 daGUY { 01.31.09 at 11:30 am }

@Joel: that’s my point exactly. It would be MORE work for you to create a Mac virus rather than a Windows virus, and at best it would only be able to infect a fraction of the world’s computers. The desire to create a Mac virus “just because” obviously isn’t strong enough to sway people, otherwise we would have seen one by now.

There’s another factor in this too I forgot to mention – you have to have a Mac in the first place (or download OS X and hack it to run on your PC) if you want to write a Mac virus. Both options are more expensive and difficult than just getting a dirt-cheap Windows PC.

So, that’s three factors now:

- Higher upfront cost (spending $ on a Mac, or spending time hacking OS X)
- More difficulty in writing a virus (OS X is more secure)
- Very limited ability for a virus to spread

Combined, it’s simply not worth it to make a Mac virus.

56 gus2000 { 01.31.09 at 1:12 pm }

“More difficulty in writing a virus” is not security through obscurity. It’s security through security. Thank you for making my point.

I will reiterate that malware authors do not seek world domination, they want money. If cracking into 0.0001% of the world’s computers would make them rich, they would do so (if they could). People still rob banks, even though each branch carries only a tiny fraction of the world’s installed base of currency.

57 Joel { 01.31.09 at 3:37 pm }

This also assumes I can write one virus and one virus only. A good percentage of Windows Computers + 5 % is more profit for me. (And my l33t h@xor status as a virus writer)

Also, once a credible virus is written and seen in the wild, Mac Anti-Virus software becomes big business… :D

58 d235j.1 { 01.31.09 at 4:46 pm }

hodari: What about NSA SELinux? It uses ACLs for better permission control. OS X 10.4 and up also implements ACLs…which removes the user/group/world limitation.

59 enzos { 02.01.09 at 7:06 am }

@daGuy and PXT,
An email I sent to our uni’s ITS last semester..

>Dear Helpdesk,
>I draw your attention to three unwanted guests among the files and folders in my thumb drive (see screenshot below).
>A net-search reveals that “krag.exe” is malignant spyware for PCs spread by USB drives.
>I picked these up in 092-003 today. I removed them after yesterday’s lecture but they’re there again after delivering today’s lecture in that theatre.
>Fortunately, I have a Mac (praise be to the Mighty Jobs) but would rather not be an immune vector for the spreading of this virus to those less fortunate.
>Please advise.

They beefed up that lecture theatre’s computer AV so much it ran like treacle on a cold day (much to the amusement of the students waiting for the next slide to drunkenly stumble across the screen). But a couple of weeks later I picked another strain from the same theatre.

60 daGUY { 02.02.09 at 4:28 pm }

@Gus2000: “‘More difficulty in writing a virus’ is not security through obscurity. It’s security through security. Thank you for making my point.”

Yeah, but I said the lack of viruses was due to multiple factors. OS X is inherently more secure AND it’s used by far fewer people than Windows. So even if you were to write a Mac virus, there’s a much smaller pool of computers it could spread to.

Security through obscurity isn’t the whole story, but it’s definitely part of it. What if the marketshare numbers for OS X and Windows were reversed? Do you think people would still target Windows just because it was easier, even if that was only 5% of the world’s computers? On the contrary, I think virus authors would put the effort in to make a Mac virus since that would then open up 95% of the world’s computers to them.

61 The truth about Macs and malware - MAC.BLORGE { 02.02.09 at 7:16 pm }

[...] And here is the unvarnished sarcastic truth about Macs and malware from the wordsmiths at Roughly Drafted: [...]

62 Mac viruses? What Mac viruses? | mendax.org { 02.02.09 at 10:07 pm }

[...] to suggest that the application only appeared awesome, because it, and other applications like it, are wholly useless on [...]

63 Joel { 02.03.09 at 4:58 am }

Another argument against the “security by obscurity” are the early viruses and worms of the 1970′s. There were very limited populations of many different computer systems. There wasn’t much economic reason, so there people were doing it “because we can”.

Oh, and those iPhones things… Even with millions being sold and the handy amounts of personal information on them, how come there isn’t a virus for them things…? Or are there not enough of those, too…?

[There are a lot of things people did "because we can" in the 70s which they now want to get paid for doing. The Apple founders started out making computers because they could, only to realize they could get rich. Guess who else kept making systems for fun after they realized a market existed? Nobody.

Look at mobile software. How many people are making Google Android apps "because they can"? Now look at the iPhone store. Android app writers are now hoping to get paid (but the store isn't in place yet, and the installed base isn't going to happen quickly). Same story. You can suggest there is this huge group of well meaning people who crank out their efforts for fun, but they are a very small crowd and rarely is their stuff up to par to those who compete to get paid.

What are you, a communist? - Dan ]

64 danae { 02.03.09 at 6:32 pm }

In teaching clients how to use their Macs, I run across the anti virus issue a lot, since most of them are used to dealing with the swiss cheese that is Windows. In the three years I’ve been doing it professionally, I’ve only once encountered a reason to be running anti-virus: someone had sent an infected Microsoft Word file from windows to a client’s Mac, and it corrupted all of the .docs that she sent out to Windows machines, even though it didn’t effect her at all. When people ask me why anti-virus exists for the Mac at all, this is usually the example that I sight, and then I emphasize the context…If I work with at least 25 unique people each week, and I’ve only run across the situation once so far — well, the chances are slim. I’m going to start directing my more security obsessive clients to this article, and see how they react to the idea that the anti-virus software makes things *worse*.
BTW, I’ve been reading your articles for over a year now and I adore them. Whatever you do, keep writing!

65 d235j.1 { 02.03.09 at 8:35 pm }

@danae: now that Office 2008 has no VBA, those kinds of viruses shouldn’t be a problem. Of course, the lack of VBA is an inconvenience for many.

66 Joel { 02.04.09 at 4:40 am }

“Same story. You can suggest there is this huge group of well meaning people who crank out their efforts for fun, but they are a very small crowd and rarely is their stuff up to par to those who compete to get paid.

What are you, a communist?”

I’m going to take that as a sarcastic dig. Since I’ve contributed to open-source frameworks (some of them highly popular and well used) then I suppose that does make me a “communist”. Is it such a shock that people outside of the US do things without short-term financial incentive…? :D

67 Derek Currie { 02.05.09 at 5:19 am }

hylas sez:
“There is an instance of one that is of concern, it’s not a virus, more of a rootkit – logic bomb hybrid I have (and others) run across. (X-Platform)…. In ‘97 and ‘05 this thing got a hold of me. The first time on a 68040, Quadra 610 and it’s networked Mac IIsi. the second time G4s, G5s (everything) and Xserves…. Another researcher (Nancy) has named it, and it’s appropriate: Subversion.”

You are specifically talking about something that ran in old Mac OS, as opposed to Mac OS X. The hardware you mention only has Mac OS in common. Most of it is entirely incapable of running Mac OS X. So whatever you are saying is coming out totally incoherent. There is no such thing as malware that runs on Mac OS & on Mac OS X. Are you talking about something that runs in Classic inside Mac OS X? In any case I see no relevance to specifically Mac OS X at all.

(on Nancy’s site you’ll get a warning on Site Identification [it seems to be expired] click through to read)

Wait a minute. You’re talking about computer security but instructing people to ignore an out of date server security certificate? BAD ADVICE. I recommend everyone NOT click through. hylas, your bogosity reading just went off the scale. Are you tripping?

And no, this isn’t some knee-jerk slam. When I slam a post, I’m serious and I prove my point, as above. Work on the coherence factor please.

68 Derek Currie { 02.05.09 at 5:38 am }

Joel sez:
“Since I’ve contributed to open-source frameworks (some of them highly popular and well used) then I suppose that does make me a “communist”. Is it such a shock that people outside of the US do things without short-term financial incentive…? :D”

It amazes me how some human personalities are incapable of comprehending others. As ever, diversity rulz.

One of the most hilarious and tragic things I read comes from a certain branch of political right wingers who think there is no such thing as altruism among human beings. If one person helps another, so far example in the ‘Good Samaritan’ story, then such people say there is some psychological need on the part of the Good Samaritan to compensate for something they regret or feel guilty about in their past. A popular explanation is that the Good Samaritan feels guilty about the wealth he grew up with and compensates for his sense of guilt by helping others in need. The simple act of cooperation, collaboration, kindness and caring does not occur to this branch of right wingers. I find their point of view to be insane and I feel very sorry that their lives lack a sense of kindness and caring. Altruism is one of the miracles of living creatures.

To pull some FUD term out of one’s orifice in order to slam someone who is altruistic is nuts. Contributing to Open Source projects does not constitute being a ‘Communist’ in any derogatory sense of that word. Instead it’s plain old cooperation, collaboration, kindness and caring. If certain people can’t comprehend that fact, sorry, but you live a much more miserable life than those of use who are cooperative, collaborative, kind and caring. You also make we, the cooperative, collaborative, kind and caring, absolutely miserable with your consistently predatory attitude. Having hyenas within the human population has its benefits. But for anyone to think their personal little inner world is relevant to reality as a whole is incredibly naive and self-deceptive.

69 Joel { 02.05.09 at 6:58 am }

If click through to that tagmeme “Subversion Hack” website, and then follow it through to the dailywtf forum you”ll see where its analysed and then debunked as either a hoax, or that it probably is the paranoia of the writer.

I’m also thinking that Dan was being sarcastic when he was talking about helping others as being “Communist”

70 hylas { 02.05.09 at 3:38 pm }

“Derek Currie
hylas sez:
“There is an instance of one that is of concern, it’s not a virus, more of a rootkit – logic bomb hybrid I have (and others) run across. (X-Platform)…. In ‘97 and ‘05 this thing got a hold of me. The first time on a 68040, Quadra 610 and it’s networked Mac IIsi. the second time G4s, G5s (everything) and Xserves…. Another researcher (Nancy) has named it, and it’s appropriate: Subversion.”

You are specifically talking about something that ran in old Mac OS, as opposed to Mac OS X. The hardware you mention only has Mac OS in common. Most of it is entirely incapable of running Mac OS X. So whatever you are saying is coming out totally incoherent. There is no such thing as malware that runs on Mac OS & on Mac OS X. Are you talking about something that runs in Classic inside Mac OS X? In any case I see no relevance to specifically Mac OS X at all.

(on Nancy’s site you’ll get a warning on Site Identification [it seems to be expired] click through to read)

Wait a minute. You’re talking about computer security but instructing people to ignore an out of date server security certificate? BAD ADVICE. I recommend everyone NOT click through. hylas, your bogosity reading just went off the scale. Are you tripping?

And no, this isn’t some knee-jerk slam. When I slam a post, I’m serious and I prove my point, as above. Work on the coherence factor please.”

>·´¯ `·.¸¸.· ´¯`·.¸¸.·´¯ `·.¸¸.· ´¯`·.¸¸.·´¯`· >.·´¯ `·.¸¸.· ´¯`·.¸¸.·´¯ `·.¸¸.· ´¯`·.¸¸.·´¯`· >

Derek,
Don’t get your panties in a wad.

“You are specifically talking about something that ran in old Mac OS, as opposed to Mac OS X. The hardware you mention only has Mac OS in common. Most of it is entirely incapable of running Mac OS X. So whatever you are saying is coming out totally incoherent.”

- Really, “incoherent”?
You are confusing yourself.
Reread.

In ‘97 and ‘05 this thing got a hold of me. The first time on a 68040, Quadra 610 and it’s networked Mac IIsi. the second time G4s, G5s (everything) and Xserves.

“There is no such thing as malware that runs on Mac OS & on Mac OS X.”

- Really? (we can all go home now).

“Are you talking about something that runs in Classic inside Mac OS X?”

- No, not specifically.

“In any case I see no relevance to specifically Mac OS X at all.”

- Except maybe the hardware and all.

“Wait a minute. You’re talking about computer security but instructing people to ignore an out of date server security certificate? BAD ADVICE. I recommend everyone NOT click through. hylas, your bogosity reading just went off the scale. Are you tripping?”

- Derek, you got me there: (what’s this article -above- about again?)

See:

http://laughingsquid.net/faq/ssl/

“And no, this isn’t some knee-jerk slam. When I slam a post, I’m serious and I prove my point, as above. Work on the coherence factor please.”

- Yeah, terribly sorry about that.

>·´¯ `·.¸¸.· ´¯`·.¸¸.·´¯ `·.¸¸.· ´¯`·.¸¸.·´¯`· >.·´¯ `·.¸¸.· ´¯`·.¸¸.·´¯ `·.¸¸.· ´¯`·.¸¸.·´¯`· >

“Joel
If click through to that tagmeme “Subversion Hack” website, and then follow it through to the dailywtf forum you”ll see where its analysed and then debunked as either a hoax, or that it probably is the paranoia of the writer.”

- Joel,
You mean the link that I provided?

https://tagmeme.com/subhack/whoarethesepeople.html

There was a reason for it, can you guess why I included it?

71 Joel { 02.06.09 at 5:10 am }

You’re going to have spell this one out loud and clear, I don’t bother with guessing games… Btw, you may be in out of your depth here…

72 Joel { 02.06.09 at 5:58 am }

“There is no such thing as malware that runs on Mac OS & on Mac OS X.”
- Really? (we can all go home now).

Yep, really. The only problems would be things like Word Macro “viruses”. Unless of course you’ve got links to cross-platform Classic / Mac OS X nasties that have been found in the wild and did actual damage. (And I’d prefer web pages written by security researchers, and other respected bodies rather than random nutters and fruitloops).

I’m off ‘ome…!

73 Mac Malware On The Rise - Laptop Security Blog { 02.09.09 at 2:58 pm }

[...] authors, including Daniel Eran Dilger, warn Mac users against jumping out to get anti-virus software, which would not help in this case [...]

74 Roman Ladder » Blog Archive » Feeling Secure { 02.10.09 at 4:27 pm }

[...] – Daniel Eran Dilger has a new article on this very [...]

75 Kaspersky Sells Mac AntiVirus Fear Using Charlie Miller… Mac AntiVirus Foe — RoughlyDrafted Magazine { 03.20.09 at 2:39 am }

[...] The Mac Malware Myth Mac security researcher wins Pwn2Own contest with Safari hack [...]

76 Haywired 3.0 - Касперский сеет страх в пользователях Маков используя Чарли Миллера { 03.22.09 at 8:57 am }

[...] вы помните, в январе RouglyDragted писал о нагнетающей страх статье Дэна Година, [...]

77 furicle's status on Friday, 01-May-09 15:08:30 UTC - Identi.ca { 05.01.09 at 11:08 am }

[...] QOTD – There’s no AV program for Social Engineering – http://www.roughlydrafted.com/2009/01/29/the-mac-malware-myth/ in the [...]

78 Muskoka Mac User Group { 05.01.09 at 11:12 am }

[...] The Mac Malware Myth — RoughlyDrafted Magazine The Mac Malware Myth — RoughlyDrafted Magazine [...]

79 iPhone x 3 » Blog Archive » Microsoft announces free anti-virus service for Windows { 06.11.09 at 3:01 pm }

[...] growth in the Mac platform as a potential opportunity for expanding outside of Windows, but the lack of any significant malware threats and the problems associated with installing third party security services has largely kept [...]

80 Microsoft announces free anti-virus service for Windows — RoughlyDrafted Magazine { 06.11.09 at 5:07 pm }

[...] growth in the Mac platform as a potential opportunity for expanding outside of Windows, but the lack of any significant malware threats and the problems associated with installing third party security services has largely kept [...]

81 Chicago Boyz » Blog Archive » Snow Leopard, Macs and Malware { 08.28.09 at 10:22 pm }

[...] Macs have a problem with it than they’d gain bragging about how they can prevent infection. As this very good article points out, the Mac Malware threat is so trivial that a Mac user is more likely to encounter problems caused [...]

82 MAC future question. - Mac-Forums.com { 09.19.09 at 10:21 pm }

[...] appropriate forum. Please read before posting in Rumors & Reports. This sums it up nicely… The Mac Malware Myth — RoughlyDrafted Magazine …and this… Mac OS X: Debunking the ‘security through obscurity’ myth [...]

83 Zo, da's effe wennen, zo'n appel! - Body Resource Bodybuilding Forum { 11.21.09 at 3:45 pm }

[...] Dat is de reden dat Apple het ook niet meer verspreid. Lees ook "The Mac Malware Myth" : The Mac Malware Myth — RoughlyDrafted Magazine [...]

84 Aleex4 { 12.02.09 at 7:39 am }

The mac malware problem is trivial today, but could be serious as soon as tonight. All it is going to take is that one little well written piece of malware to infect some machines, then we will go from being in denial, to having a bunch of Chicken Littles running around, wondering why there is no antivirus available for their bulletproof Macs!

[Actually it's not like that at all. If you knew how viruses work and how they're spread, and what antivirus scanners look for, you wouldn't say any of those things. There is not "denial" among Mac users, just an awareness that Macs have fewer automatic ways to install software unwittingly, more straightforward ways to remove unwanted software, fewer opportunities to spread malicious software within a huge, susceptible monoculture, and no real business model to support the development of "well written malware." But thanks for taking the time to post ignorant fear-mongering that I can use an an example of misinformation. - Dan]

85 foke { 12.10.09 at 3:58 am }

mmm…I use ProteMac NetMine for protection

86 Derek Currie { 12.11.09 at 8:52 pm }

foke sez: “I use ProteMac NetMine for protection”

Thanks for the kewl info! I had never heard of it within my net circle. I’m in the process of checking it out. It is essentially a competitor with Little Snitch at the same price. Apparently it is also a regular firewall (as well as what I call a ‘reverse firewall’ like Little Snitch). I have to dig a little deeper to see just how effective it is at dealing with malware itself.

Oh, and very special messages to:

I) hodari: Here is a short list of operating systems in order of best proven security to worst:

1) OpenBSD
2) FreeBSD
3) Mac OS X (which incorporates aspects of both OpenBSD and FreeBSD)
4) Linux – various flavors
5) Microsoft Window, including NT, including 7ista. This is what is called ‘the bottom of the list’. AKA, you are incorrect, verifiable by anyone.

II) hylas: I think you need to get an education. Just saying…

;-Derek

You must log in to post a comment.