Viruses ?

discombobulated · Jun 19, 2004

Hey i've been surfing around a lot lately and I've been a pc user for pretty much my whole life (19 years). Planning on switching in August to an ibook. I read some post where people talk about how Macs can't have viruses or that I shouldn't have to worry about viruses. Why come Macs can't get viruses ?

ApplejustWorks · Jun 19, 2004

they have a much more secure system, they aren't constantly logged on as root...(Windows is or something like that)uhhh....I don't really know exactly why...but I just know that they are!

Strider · Jun 19, 2004

Of course Macs can get virii/worms. Its only a matter of time. If someone wants to write a virus for the Mac, they can do it. Its only a question of circulation. Macs are fewer, much fewer, than PCs. So virii don't circulate around the globe. Hence they are safer.

MAC-simus · Jun 19, 2004

discombobulated said:
Hey i've been surfing around a lot lately and I've been a pc user for pretty much my whole life (19 years). Planning on switching in August to an ibook. I read some post where people talk about how Macs can't have viruses or that I shouldn't have to worry about viruses. Why come Macs can't get viruses ?

the OS X system is much secure then windows. I give you few examples:
1. no constantly open ports (5 ports are open on windows)
2. every software insallation requires administrator password (unlike windows)
3. apps require permissions to execute.

and there are many more that i dont know.
for these reasons, no viruses can sneak into system, if they do, they can not install themselvs and finaly they cannot execute unless the root permits it.

chek it out and deside

http://www.usfca.edu/~trembath/smon/macpc.html

technologist · Jun 19, 2004

Well, it's complicated. Here's the Cliff's Notes version:

For one thing, the Unix permissions structure that Mac OS X (like all Unix-like OS's) uses is very strong. No program (virus/worm/trojan) can modify a file without permission. Since the System is protected by a very high permission threshold (called "root") it is very difficult to infect.

Besides that, Macs are less common. Which means three things: firstly, that there are fewer people who know enough about them to write viruses/worms/trojans; secondly, that there are fewer potential victims, and thirdly, that it is much harder for viruses (etc.) to spread. (Remember, it's a chain reaction: one machine infects another, which infects another. On a platform with 95% market share, this is easy; when you have only 5% or less, it's much harder to find the next link in the chain.)

NOW. That said, there has been one (Yes, one) confirmed case of a Mac trojan. It was a simple program that deleted files, and was spread on filesharing networks (Gnutella/Limewire.)

But:
1. You first had to download it manually using Limewire
2. You then had to double-click it manually
3. Because of the OS X permissions system, it would only delete files belonging to the User who double-clicked it. Meaning, other Users' files, and the OS itself, were completely unaffected.
4. It would not run again unless the you double-clicked it again. (Since it had no way to infect the OS itself.)

witeshark · Jun 19, 2004

discombobulated said:
Hey i've been surfing around a lot lately and I've been a pc user for pretty much my whole life (19 years). Planning on switching in August to an ibook. I read some post where people talk about how Macs can't have viruses or that I shouldn't have to worry about viruses. Why come Macs can't get viruses ?

One central reason Mac (and Linux/BSD) are so less prone is because they don't have the windows registry, which is often edited to the worm writer's convenience

discombobulated · Jun 20, 2004

Good stuff guys ! As of yet i can't afford my ibook... so i took all the cash i have and bought apple stocks on monday.. so far it's gone up $2.91 hooray.

TylerMoney · Jun 20, 2004

Right now the only way you can get a mac virus is to download it, and then run it...no virus can just come onto a mac and automatically run...at least not at this time.

So, if you do get a virus on a mac...you kind of diserve it...though, not really....it's just not as faultless as getting one on a pc.

d4rr3n · Jun 20, 2004

TylerMoney said:
Right now the only way you can get a mac virus is to download it, and then run it...no virus can just come onto a mac and automatically run...at least not at this time.

So, if you do get a virus on a mac...you kind of diserve it...though, not really....it's just not as faultless as getting one on a pc.

Wasn't there a big fuss made about a os x exploit? Wasn't it something you could program onto a website that allowed you to run any code you'd like on any os x machine that opened the website (essentially taking control of the machine)? Maybe i'm confusing this with something else

technologist · Jun 20, 2004

d4rr3n said:
Wasn't there a big fuss made about a os x exploit? Wasn't it something you could program onto a website that allowed you to run any code you'd like on any os x machine that opened the website (essentially taking control of the machine)? Maybe i'm confusing this with something else

Well, firstly, this was a vulnerability, not an exploit. Meaning it was possible, but never actually used for nefarious purposes.

And secondly, it's been patched.
http://secunia.com/advisories/11689/

Description:
A vulnerability has been reported in Mac OS X, allowing malicious web sites to compromise a vulnerable system.

The problem is that code silently delivered using variants of the "disk" URI handler vulnerability described in SA11622, can be executed without using the "help" URI handler.

Two methods have been discussed, allowing malicious websites to execute code from mounted disk images:

1) A disk image or a volume (e.g. AFS, SMB, FTP, or DAV) can register arbitrary URI handlers, which will execute code placed on the disk image when accessing the URI.

2) A disk image or a volume can change an unused URI handler (e.g. TN3270) to execute code placed on the disk image when accessing the URI.

This problem is escalated due to the fact that it by default is possible to silently download and mount disk images using two known methods (silent download and execution of "safe" files and the "disk" URI). Furthermore, it is reportedly also possible to mount volumes using other methods such as SMB, AFS, FTP, DAV and others.

This vulnerability has been confirmed on a fully patched Mac OS X systems (including the patch "Security Update 2004-05-24 for Mac OS X" released by Apple, which fixes the "help" URI handler vulnerability) running versions 10.3.3 and 10.3.4.

Reportedly, working exploits using "ftp" exist, but also "afp" seems to be a likely attack vector.
It may also be possible to use "ssh" to open a connection to a remote site allowing the remote site to gain direct access to a vulnerable system.

The core of the problem seems to be the design of URI handling in Mac OS X. It is likely that many other URI handlers are affected in various ways.

Attack vectors include browsers and programs supporting Mac OS X URI handling.

Solution:
Apple has issued Security Update 2004-06-07, which addresses the vulnerability by presenting users with a dialog box the first time a file is launched automatically.

It took Apple two tries to get it right (The first patch only fixed the Help Viewer vulnerability) but it was completely fixed about a month after the exploit. Not a great response time, but better than some Windows vulnerabilities.

One more reason to run Software Update regularly.

d4rr3n · Jun 20, 2004

Well what's difference between an exploit and a vulnerability? You are exploiting the vulnerability, so it's the same thing. What is the difference with this vulnerability and alot of windows vulnerabilities, seems both OS's are capable of being taken over by a website. Do all apples currently ship with this vulnerability fixed or do you have to update it yourself?

witeshark · Jun 20, 2004

d4rr3n said:
Well what's difference between an exploit and a vulnerability? You are exploiting the vulnerability, so it's the same thing. What is the difference with this vulnerability and alot of windows vulnerabilities, seems both OS's are capable of being taken over by a website. Do all apples currently ship with this vulnerability fixed or do you have to update it yourself?

The main difference is that exploits can fully engage their task without aid by the target computer - or user. Vulnerability needs at least some user help to do anything

d4rr3n · Jun 20, 2004

witeshark said:
The main difference is that exploits can fully engage their task without aid by the target computer - or user. Vulnerability needs at least some user help to do anything

Well by connecting to the internet and allowing your computer to send and receive information aren't you providing some user help to an attacking computer?

witeshark · Jun 20, 2004

d4rr3n said:
Well by connecting to the internet and allowing your computer to send and receive information aren't you providing some user help to an attacking computer?

To a minimal extent; because real system changes need admin permissions, so any attempt to make changes should cause a password prompt which allows you a chance to prevent it. In windows, registry edits can just happen without any sign. The system just goes pear shaped all in a sudden.

d4rr3n · Jun 20, 2004

witeshark said:
To a minimal extent; because real system changes need admin permissions, so any attempt to make changes should cause a password prompt which allows you a chance to prevent it. In windows, registry edits can just happen without any sign. The system just goes pear shaped all in a sudden.

So what about that website vulnerability? Did it give people a chance to prevent what could happen? From what i read the person exploiting it could basically set up the website to do/run whatever they wanted on your computer.

witeshark · Jun 20, 2004

As it was when it first came out, it was able to perform what amounts to a outside drive mount, and from there possibly remove much of your file system. There was never really any benefit for anyone to do so, so AFAIK no one ever did, and of course now it doesn't work, at least not without a user prompt

Osiris22x · Jun 20, 2004

witeshark said:
One central reason Mac (and Linux/BSD) are so less prone is because they don't have the windows registry, which is often edited to the worm writer's convenience

I'm not sure where you got that idea, witeshark. The Windows registry is used merely as a convenience in most small applications. Almost no trojan's/viruses use the registry whatsoever. Most imbed themselves in applications that already have entries and that already have execution permissions.

Osiris22x · Jun 20, 2004

witeshark said:
The main difference is that exploits can fully engage their task without aid by the target computer - or user. Vulnerability needs at least some user help to do anything

No, no no no NO.
I really wish you would do some homework before you start posting nonsense.

An exploit is when you have already taken advantage of a vulnerability.
A vulnerability is a security flaw in a system.

Thus, you EXPLOIT a system VULNERABILITY.
What you said, witeshark, is nonsense.

Next time, do some research.
www.whatis.com
www.google.com
secinf.net

technologist · Jun 20, 2004

Osiris22x said:
No, no no no NO.
An exploit is when you have already taken advantage of a vulnerability.
A vulnerability is a security flaw in a system.

Exactly. If I leave my door unlocked, that's a vulnerability. If someone comes in through my unlocked door and steals my PowerBook, that's an exploit.

Joeytpg · Jun 20, 2004

Osiris22x:

There's no reason at all for you to be so sarcastic towards witeshark, this is supposed to be a "brotherhood Forum" and we all come here to learn, EVEN YOU, maybe you are this very experienced Windows - MAC - Computer Freak/geek/nerd/professor/science man.....or whatever, but you also had to learn and you also said pretty "nonsense" things ....and i bet you still do, even here on this forums i bet we can find nonsense posts or comments from you, so for real buddy don't be so sarcastic/mean when criticizing other posters/members comments and opinions.

And i don't want to start a fight at all, i just find it a little bit uncomfortable and disrespectful, when i see things like that. and remember that there's a saying that goes: "respecting other people's rights/thoughts is peace"

Viruses ?

discombobulated

ApplejustWorks

Strider

MAC-simus

technologist

witeshark

discombobulated

TylerMoney

Guest

d4rr3n

Guest

technologist

d4rr3n

Guest

witeshark

d4rr3n

Guest

witeshark

d4rr3n

Guest

witeshark

Osiris22x

Osiris22x

technologist

Joeytpg

Guest

Shop Amazon