Many still believe OSX is (let's call it) untouchable against viruses, trojans, etc. So I have to ask here.. Can someone please explain the viruses, trojans and such reported vulnerabilities against OSX in the following links? And for that matter, why Apple finds vulnerabilities and patches them, not to mention add's Malware to a OS that supposedly "doesn't get PC viruses"?
No OS is immune to malware (which is a broader category of malicious software that includes Spyware, Adware, Viruses and Trojans - each of which is not the same thing and varies in its severity). OS X has had a handful of trojans thrown at it in the past few years. Trojans effect any platform as they are simply undesirable software that are masked to look like desirable software. They essentially play on the ignorance of a user, as opposed to actually using clever programming to co-opt a system.
I think the reason that the Mac has gotten a reputation for being free of these maladies (aside from Apple marketing) is that while OS X has had a half dozen or so trojans, their overall effect is relatively minor and their number is dwarfed by the hundreds of thousands of maladies that are Windows-specific.
But again, you will never buy a computer that is absolutely impervious to security threats. It doesn't exist, and will never exist as long as imperfect humans are creating computers and other malicious humans are writing software for them.
Charlie Miller is very talented, indeed. Unfortunately, about the only way he can "pwn" a system is to coerce or be allowed to direct a user into visiting a very specifically coded webpage that he has prepared in advance over weeks or months of research trying to find the tiniest of bugs.
Should this be of concern to the average user? Sure, but just as an unseen asteroid could impact the Earth tomorrow ending life as we know it, the likelihood that you would run into a site like this under casual browsing is slim to none. And if you do, the likelihood that an AV product would stop you from visiting it is even slimmer.
This is a trojan bundled with a pirated copy of iWork. Don't pirate software and you have nothing to worry about. Always be cautious about where you get your software from, particularly if it requires an admin password to install it.
Again, as long as software is made by humans, they will have bugs that lead to exploits. Same goes for any complex creation. Fortunately this is one that was found and patched. The moral of this story? Keep your software updated.
I have to wonder why Apple would block one of these trojans too, especially since one of the patched-for maladies is the one that's included with pirated copies of iWork (seeing as you'd think they'd want pirates to get their just desserts
).
But seriously, the two most actively distributed trojans are this one and the one that comes from porn video sites. It basically tries to convince you that you need to download a "codec" to view a video. And of course you need to enter your admin password through the process, which should throw up red flags for any relatively savvy Mac user.
Moral of this story? Again, don't pirate. And if you're on a seedy site, I probably wouldn't trust its recommendation of codecs.
If you bother with this link, be sure to read the comments section.
And if you're clinking the links, this is very interesting read..
Gigaom - Antivirus Software On Your Mac: Yes or No?
So if anyone (actually knowledgeble) can tell me why some will insist I have nothing (and have never had anything) to worry about, I will appreciate it. Sincerely.
Put simply... because at this point in time, the threats are so few and far between, the severity of those threats is so low, and avoiding those threats is so simple, that it's just not warranted. In most cases, they are more trouble than they're worth.
NO AV package can possibly protect a computer against the greatest threat to it: *YOU* Nearly every Windows machine that I remove malware from has an active, up-to-date and decent AV package on it. Guess what? These folks still get infected. Why? Because there's no AV package that can defend successfully against the hundreds of thousands of maladies that Windows is susceptible to - especially if the user doesn't apply any common sense in using the machine.
So, what is my recommendation as a seasoned Windows network admin with more than a few years of Mac experience under my belt? Just follow a few simple rules and you have nothing to worry about:
1. Make backups. If something bad happens, you can recover easily using a Time Machine, Carbon Copy Cloner or SuperDuper! backup.
2. Keep your OS up-to-date using Apple's built in Software Update mechanism.
3. Don't pirate software. Furthermore, don't download software from sites you know little to nothing about. Sites like Apple's own public domain download site, MacUpdate, and CNET's Download.com are good sources.
4. Most Mac software does *not* require an admin password to install. If it does, that means it's trying to modify the OS in a significant way. If you're installing software and you're prompted for a password, make sure it passes the following common sense test:
* I know what this software is and what it does.
* I trust the source of this software
* I know why I need it.
If you can't answer those questions "yes", don't install it.
