08-21-2003, 12:25 PM

Source: MacMinute.com

In his latest column for the Baltimore Sun, David Zeiler takes a look at the current state of virus problems for Windows and Mac users. Is Mac OS X really more secure, or are hackers simply ignoring the Mac and focusing on Windows machines? "As the latest Microsoft Windows infection spread across the Internet last week, knocking out thousands of PCs in homes and businesses, Macintosh users did what they usually do during a computer virus outbreak -- they continued working." Update: Sam Diaz has written a similar article for the Mercury News -- "Mac users watch from sidelines."

08-21-2003, 11:55 PM

One thing I do believe that goes against what a lot of people say is that security through obscurity does count. It's just got the caveat of not being a *real* security feature. It's got it's ups and downs, but so do almost all security features.

I'm willing to bet that MacOS X and most other UNIXes have, beside the security through obscurity advantage, a decent edge over Windows. Not a great one, but still, an edge.

Of course, Windows programming is so much more out there and difficult compared to MacOS X or UNIX that it just may well go the other way

08-22-2003, 07:52 AM

I'm part of the better safe than sorry crowd so I do run Norton Antivirus 9.0 on my iBook and will on my Mac desktop when I get it. I do this for several reasons:

1. You never know when a worm or virus might be written for OS X
2. I work in a mixed computing environment and I want to be a good citizen by protecting myself from passing on Windows viruses even if I can't be infected by them. This has already happened more than 1 time.

08-22-2003, 10:29 AM

my biggest fear is if people were to write Applescript viruses. you can do almost anything with them. also the Safari auto run script on download, thats way to easy to figure out what harm can be done with it. since its UNIX based, i dont worry too much though

10-20-2006, 05:26 PM

Applescript will tell you it is going to run a script and asks for your permission, so it is YOUR fault if you run a dirty script you found while downloading dirty pictures...

i was disappointed by the mac/pc ads boasting about their lack of viruses and bursting the "sphere of invisibility." In the long run, though, this is a good thing, especially with so much specific feedback on security holes from benign sources such as McAfee and SANS before a potential deluge of new attacks.

On the other hand, maybe the authors of all those millions of Windows attacks are using Macs to do it... Hey, Steve! What are those programmers doing in that super-secret back room?

10-21-2006, 01:02 PM

i'd rather be safe than sorry to but happen to have the oppinion that norton on macs sucks big time as it did on my pc - i use intego netbarrier and virusbarrier on my mac mini and ibook

and as far a applescript viruses go - that would be bloody scary indeed

10-21-2006, 01:12 PM

I don't find them scary. If I download something and it asks to install anything that doesn't seem right, you just click no. Any App that would have such a virus attached would not be coming from a reputable source to begin with.

10-21-2006, 01:18 PM

I don't find it scary either... especially when this thread was from three years ago and there still hasn't been any viruses yet. :black:

10-21-2006, 05:54 PM

The press and public really just don't know what a virus is.

If I send you an email with a malicious executable, and you run it (on any computer), then the fault is really all yours.

The difference here is that the executable isn't self sustaining. Even if part of what it does on execution is email itself to everyone in your address book, it still took you to do something to make that happen and it will take similar stupidity on the part of the other email receipients.

On a Windows box, however, its entirely possible and even likely that merely connecting it to the internet without protection will result in being hacked. ie, real virus' do not need the user to *do* anything beyond turning the machine on.

With Windows you do not need to open anything to get hacked, don't even need to start up an email client. Just plug it in out of the box and boom.

I have yet to see a Mac virus like that.

10-26-2006, 04:37 AM

I don't think the smaller market share prevents people writing worms and viruses. If you're a virus writer, you're most likely an egomaniac. They all want to write something that will destroy as much as possible and get publicity for it. You'd get a lot of publicity if you could write a Mac virus that really did some damage. The BBC website occasionally has news stories about Mac viruses, although they are tame in comparison to Windows ones.

Of course, the problem is distributing viruses when only 6% of computers are Macs.

There's no doubting Windows is poor security wise, although things are much better now with all the MS updates installed and IE7.

I tried to load up a WinXP CD from 2001 on a computer I built for my dad. As soon as you connected to the internet, it got swamped by viruses and malware. The only websites I went on were Google and Microsoft, yet it was impossible to patch the thing. Viruses grabbed the network connection and constantly disconnected or connected to servers in order to download more malware.

If you think Windows is well written, just try using it with no service packs. It's like a colander covered in plasters.

10-26-2006, 05:03 AM

Quote:

Originally Posted by lonerider

If I send you an email with a malicious executable, and you run it (on any computer), then the fault is really all yours.

I agree, the question of whether it is "possible" to write a piece of software that does unpleasant things for OS X is a completely different question to whether OS X is susceptible to viruses.

Trojans and Malware are almost as possible as they are on Windows. I say almost, because by default OS X doesn't run with admin privileges, and does request a password or outright refuse to mess with the system. From that point of view, it's entirely possible to create a piece of malicious software, but as you rightly point out, it is the user, not the system, that is susceptible to it. If the user doesn't run it, it can't do anything, and if the user does run it, it can do anything that user has permission to do.

10-26-2006, 12:12 PM

Does the fact that OSX is Unix based have any effect on the fact that OSX is more or less invulnerable to viruses?

I never actually knew why OSX was virus free.... =\

10-27-2006, 06:01 AM

I think it's the way Windows uses ActiveX, and the lack of permission required for program installation. It's too easy for any program to download itself and run amok.

Windows is still based on the same shell as Windows 95, although XP is more based on NT nowadays. There are still plenty of Windows 95 icons in XP if you know where to look!

10-27-2006, 10:11 AM

I agree with Alexis, there would be huge publicity for a virus writer to be the first to create a real Mac virus. I still use Symantec anti-virus just to prevent PeeCee viruses from being transferred through my machine.
The UNIX roots of Mac OS X help in making it more secure, but ultimately, if you go to funky sites and downloads weird stuff, the user is the weakest link!

10-30-2006, 08:01 PM

Quote:

Originally Posted by digital john

Does the fact that OSX is Unix based have any effect on the fact that OSX is more or less invulnerable to viruses?

I never actually knew why OSX was virus free.... =\

It isn't really by virtue of it being Unix, but rather that unix and esp the FreeBSD core of OS X has been open for a long time (unix was developed in the 70s), so the core code of the OS has been viewed by millions of programmers and attacked by millions of hackers. Unix had some nasty virus' in the late 80s and early 90s.

As the old saying, what doesn't kill you makes you stronger. Unix has been made a lot stronger.

That said, the post about ActiveX was dead on. Windows securty nightmares really can be traced to Internet Explorer and all the apps that use the interoperability features of it (like Outlook, Outlook Express, Windows Media Player, Windows Messenger, and all the MS Office apps).

The ability of IE to run ActiveX and Visual Basic programs off the internet without the user knowing it, combined with weak protection for the UI and controls such as OLE, are what is killing Windows. As an aside, If you want to see the future for Vista security, look at the fiasco surrounding IE 7.

All of this is so heavily integrated into Windows now, I really don't see it going away.