Welcome to the MacNN Forums.

Eyenovation · Jul 10, 2003, 04:19 AM

Hello all. I'm new to the Mac OS, and am loving it. I'm coming from PC land and I'm happy to be gone. Quick question -

I'm tight on cash now from buying the G4 1.42GHz Dual, so I will have to be careful what I spend money on.

Coming from a world where you didn't dare turn on your PC w/o Virus protection, I'm wondering if that is a big concern in OSX. Have there been viruses in the past? If so, how were they spread?

Are there legitimate virus threats with the OS or can I save my $ for a while? If so, which protection should one get?

Thanks.

sideus · Jul 10, 2003, 04:39 AM

I wouldn't worry about. The last Mac virus I ran into was back in 1993.

Gul Banana · Jul 10, 2003, 05:03 AM

To date, there are no known Mac OS X viruses.

Ludovic Hirlimann · Jul 10, 2003, 05:38 AM

Originally posted by Eyenovation:

Are there legitimate virus threats with the OS or can I save my $ for a while? If so, which protection should one get?
Thanks.

Buy something else with the money.

engaged · Jul 10, 2003, 05:40 AM

From MacUser magazine in the UK:

Mac virus is number 78 in most common chart
[MacUser] 12:16

Macs remain almost entirely free of virus threats, according to the latest figures from anti-virus specialist Sophos.
Although there are more than 60 known Mac-specific viruses, they barely register in users' experiences. In fact during the past six months, the most commonly reported Mac virus accounted for just 0.16 per cent of recorded infections and at number 78 in Sophos' chart of top viruses.

Sophos says this has nothing to do with any inherent security advantage of the Mac OS.

'Despite their cool designer looks, Apple Macs are failing to capture interest amongst the counter-culture which writes viruses,' said Graham Cluley, senior technology consultant for Sophos Anti-Virus. 'It's perfectly possible to write viruses for Apple Macs. Indeed, a Mac has no more inherent security than a PC, but virus writers appear to be motivated by a desire to cause widespread havoc and so have concentrated on the market leader.'

However Macs can be used as a conduit for mass mailing worms and pass them on unknowingly to Windows using friends or colleagues.

'Mass-mailing worms spread via the internet, forwarding themselves on to every email address they can find,' said Cluley. 'Worms don't know when they launch themselves whether they are being sent to an email address belonging to a PC or a Mac user. Many Mac users have found that their email inboxes are being filled up with PC worms which - although can do no harm on the Mac - are a nuisance to delete or may be manually forwarded on to unsuspecting PC colleagues.'

Link to article on the Sophos website.

Diggory Laycock · Jul 10, 2003, 06:48 AM

i have never seen a mac virus in the wild. I have used a mac since 1989.

MS Office Macro viruses however - I have heard of - but never seen for myself (I never allow macros in MS Office docs.)

Terri · Jul 10, 2003, 07:08 AM

What's a virus?

ddma · Jul 10, 2003, 07:47 AM

Spend the money of buying Anti-Virus to join .Mac! It comes free version of Virex (anti-virus application).

Chuckit · Jul 10, 2003, 08:22 AM

If you work with macros in Microsoft Word a lot, it might be worth your money. Malicious Word macros are, obviously, just as big a pain on the Mac as they are on the PC. But as for actual viruses, nope. I've only ever once seen an honest-to-God Mac virus, and that was several years ago at a graphics shop where I worked -- with the old Mac OS, of course.

However, I have seen several Word infections at a Mac lab I do tech support for. Mostly they just hose Word up, but it's a pain. If you turn the macros off, though, you should be fine.

DaGuy · Jul 10, 2003, 09:49 AM

I remember a fellow student loosing her dissertation due to a Word virus on a PC a week before turning it in!! And she had no backup!! Except for some hard copies.

She made fun of me for using a Performa back then. My thesis came out great not one hitch and she did a heck of lot of typing.

So in over 10 years as Mac user, I've never been bitten by any virus or worm. That's not to say that I don't practice safe computing. I got McAffee anti-virus when I join .Mac which will also provides backup services for some important files on a drive that's located way out there in Cupertino -I think.

With a setup like the above that provides anti-virus and (limited backup) as well as keeping your machines local security well-implemented (firewall, passwords etc.) and mantained, you shouldn't have any horror stories in the future. The good news is that all these counter measures are easy and fun to maintain.

besson3c · Jul 10, 2003, 09:57 AM

Sophos says this has nothing to do with any inherent security advantage of the Mac OS.

'Despite their cool designer looks, Apple Macs are failing to capture interest amongst the counter-culture which writes viruses,' said Graham Cluley, senior technology consultant for Sophos Anti-Virus. 'It's perfectly possible to write viruses for Apple Macs. Indeed, a Mac has no more inherent security than a PC, but virus writers appear to be motivated by a desire to cause widespread havoc and so have concentrated on the market leader.'

This is such bullshit.

Windows *does* have inherent security weaknesses. When a virus can attach itself to an html file and infect somebody through a freakin' *web page* you know there is something wrong. Anybody ever send that web page URL to an unsuspecting PC user that causes his/her CD-Rom tray to eject? A harmless security exploitation, but still a very scary one.

Sure somebody could write a virus for OS X, but how would it spread? Windows viruses go nuts by roaming through the Windows Address Book. Would a virus be able to have free reign on the OS X address book or address history?

When something can tap into your computer via the registry and wreak havok on your *entire system* without even knowing, you might suspect there is something wrong. At least we get a deterrent of a password prompt, and preferences which are independant for each piece of software installed. I know it is naive to think that a password prompt would be enough to prevent people from infecting yourself, but it is yet another illustration of the inherent security advantages a Unix OS like OS X has over Windows, in my opinion.

I'm sick of Windows apologists blaming their virus problems over their marketshare. Obviously, it's an important factor, but Windows is still a very insecure OS, in my opinion!

sandsl · Jul 10, 2003, 11:27 AM

There are no known viruses for osx.

Millennium · Jul 10, 2003, 11:30 AM

Originally posted by besson3c:
This is such bullshit.

Windows *does* have inherent security weaknesses. When a virus can attach itself to an html file and infect somebody through a freakin' *web page* you know there is something wrong. Anybody ever send that web page URL to an unsuspecting PC user that causes his/her CD-Rom tray to eject? A harmless security exploitation, but still a very scary one.

To be fair, that is more a weakness of Internet Explorer and Outlook than of Windows itself. Of course, now that Microsoft no longer officially distinguishes IE from the rest of the operating system...

Sure somebody could write a virus for OS X, but how would it spread?

The old-fashioned way: through apps that people share.

Windows viruses go nuts by roaming through the Windows Address Book. Would a virus be able to have free reign on the OS X address book or address history?

They could get to the OSX Address Book just as easily as any other OSX program. Address history is another matter.

The inherent security weakness of IE/Win and OE is that they automatically run code that the user downloads. This is the most idiotic security decision one could possibly make, but that concern is overlooked in the name of so-called "convenience" (as if it's inconvenient to double-click a freaking icon).

For the record, one e-mail worm actually was written for Macs a while back. Only Entourage was vulnerable (another Microsoft program, natch), and it used Entourage's Address Book. It was commonly known as the Simpsons worm, and it never spread all that far.

Sven G · Jul 10, 2003, 11:42 AM

FYI, the latest Norton AntiVirus 9.0 also scans for PC viruses: this should prevent a Mac from spreading viruses to PCs, for example...

besson3c · Jul 10, 2003, 12:33 PM

The old-fashioned way: through apps that people share.

Maybe there have been several virii for the Mac, but without the exponential growth rate that Windows virii experience, they didn't/don't get far.

They could get to the OSX Address Book just as easily as any other OSX program. Address history is another matter.

Is Address Book information Applescriptable? I know that there is an API available for accessing AB data through apps, but most virii tend to be scripts and not actual programs. It would take more work to develop an actual program than it would a simple script (hence the term "script kiddies"), I would imagine... a lot of PC virii are just variations on older scripts. It would take more effort to obtain the source code of a virus app, alter it, and recompile it.

Of course, most people have FAR more email addresses in their Address History than they do in their Address Books.

Have you ever noticed the message you get in OS X mail when iCal sends you an email reminder on the machine hosting the calendar? Something along the lines of "a program is attempting to be executed" or something along those lines. If this were to pop up for a potential virus attachment, this would be another red flag.

And another Windows security problem:

The fact that file names can be called myvirus.jpg.scr and have the actual file extension removed from the file name, fooling the user into thinking that the file is a jpg. At least in OS X, this wouldn't be hidden, there would be a clear file association and no easy way to accidently open up a jpg with the Applescript backend (therefore executing a script). Therefore, the only way to infect somebody on the Mac would be to write an app with an executable file extension and hope that Mail doesn't red flag this action.

My point with all of this:

It is possible to get a virus, there is no bulletproof system, but Windows is still *very* insecure having much too little built in security precaution type stuff.

[quoteThe inherent security weakness of IE/Win and OE is that they automatically run code that the user downloads. This is the most idiotic security decision one could possibly make, but that concern is overlooked in the name of so-called "convenience" (as if it's inconvenient to double-click a freaking icon).[/quote]

This was also a glaring security hole, although I understand the patch for this has been out for this for a long time?

Superchicken · Jul 11, 2003, 03:41 PM

Vir... what? OH right my mom had one of those on her compaq once... halarious thing is the anti virus software then went nazi on her and told her it wouldn't let her open any more attachments hahaha!

I'm like oh man... and now she's like stupid thing! And I'm like hi mom you got the virus cause you thought the thing t hat made your screen act like a washing machine was sooo cool and you forwarded it to all your friends!

besson3c · Jul 11, 2003, 04:38 PM

Legally Blonde 2 Teaser:

I'm like oh man... and now she's like stupid thing! And I'm like hi mom you got the virus cause you thought the thing t hat made your screen act like a washing machine was sooo cool and you forwarded it to all your friends!

Graymalkin · Jul 12, 2003, 05:08 AM

If I sat down for a while I could write a really nasty virus or trojan targetted at OSX. It could do some pretty nasty things within bounds of OSX's user authentication model. It would definitely be something no one would want to have on their Mac (not that I would, I'm merely pointing out it's possible). My problem after writing it would be distributing it.

Therein lies the difficulty. Spreading viruses is a difficult task, rarely are there ample means to get a virus into the wild. Spreading viruses is a two part problem. The first part of the problem is virus delivery, it needs to get from one place to another. The other part is execution, the virus needs to be executed somehow in order to work.

Delivery is taken care of most often by exploiting dumb security vulnerabilities in applications attempting to make life more convenient for users. Macroviruses like Melissa (sp?) are excellent examples of this delivery method. Melissa took advantage of the integration between Outlook and Word and the fact Word would execute embedded Macros without warning by default. Melissa also involved a bit of social engineering, the e-mail was ostensibly coming from a friend of yours or at the very least someone with your e-mail address in their contacts. You wouldn't assume Joe in the cube over or Aunt Martha would be sending you anything bad via e-mail. At least you didn't assume so before Melissa. Because of its design Melissa had an expoential infection rate. It easily infected millions of users before they were aware what was happening.

Another good example of a dumb security exploit is the now dated auto file execution vulnerability. The exploit merely took advantage of time saving features in some web browsers along with some outright security screwups. The vulnerability is something like this. Some browsers *cough*IE*cough*iCab*cough* had a JavaScript problem that let a script execute an external program, a JavaScript for example could launch Photoshop provided it knew the path to the executable. The second part of the vulnerability was a bug that allowed a refresh meta tag to automatically download a file to your disk. The last part of the vulnerability was a convenience feature of several browsers to automatically process StuffIt files when they were downloaded, i.e. extract the contents or mount a disk image. With their powers combined, they were Captain Vulnerability. Somebody could make a virus and pack it into a StuffIt disk image. Then they could put it on the web with a refresh tag that would download it when the user browsed to the page. Because the image would be mounted automatically a JavaScript in the page would know exactly where the malicious executable was and could run it and infect your system.

Both of these examples are dangerous but not horribly likely to infect a large enough swatch of OSX users to make the effort worth while. Both of these delivery methods require a lot of variables that are out of a virus spreader's control. The first method needs quite a bit of user interaction on OSX. There's no equivilent way on OSX to do what Melissa did on Windows. An AppleScript might work using Address Book and Mail but you're likely to notice the file you're double clicking is an AppleScript file. It would also be fairly obvious that programs were launching and doing things without your say-so. An AppleScript is not nearly as innocuous as a VB Macro in a Word document. Such a virus might spread and could do some damage if the script was really malicious but the likelihood of that happening realistically is small. The second method or variations on the second method might work for a little while but the damage would be light. The number of users with auto extraction enabled, if their browser even supports it, JavaScript enabled and vulnerable to the exploit, and vulnerable to file downloads without some sort of user interaction is none too large. To spread widely a virus using method two would need to end up all over the web. Unless you could get millions of Mac users to click through your site with the malicious code (assuming they're susceptible) delivery method two is not very effective.

There's lots of means to deliver viruses but without serious exploits in widely used applications it is extremely difficult to spread them. I'd be much more worried about root kits targetting OSX than I would ever worry about viruses. The best line of protection is to remain security aware, there are people who find it amusing to cause damage to other people.

Cipher13 · Jul 12, 2003, 05:23 AM

In all my years, I've run into two Mac viruses.

Sevendust (666), which infected me, and a Word macro virus, which I couldn't care less about (I don't use Word). They were in about 1997.

Sevendust infected me, and I destroyed it by hand using ResEdit. Who needs virus protection?

Graymalkin · Jul 12, 2003, 05:46 AM

I worked at an office recently with Sevendust infecting several systems. Incompitence in the IT department kept the virus going since 1997. Das comp�ter d�rken in the IT department wouldn't let the pre-press staff run anything damaging like ResEdit and required us to load the backups off the network. The kicker was our network backups contained the Sevendust virus! We could do nothing to repair our own systems and IT kept around backups containing at least one virus.

theolein · Jul 12, 2003, 06:31 AM

I had the mbdf virus back on OS8 in 1997. I got it off a file that I copied from the school lab. It was quite nasty and almost trashed all the data on my external disk. It used to hide itself in the desktop database and propgate to eevery programme that got started IIRC. It was called mbdf because that was the name of the resource of a programme that got infected. One could spot it because the menus started changing colour and not working properly.

That was the one and only Mac Virus I've ever had. OSX, is far less vulnerable due to the Unix permissions system, but a malicious applescript could do quite a bit of damage in one's home directory for example. But I've never heard of one.

On my PCs the story has been different. I lost an NT machine back in 1999 because I clicked on an attachment, and have seen computers, even today, with WinXP, which is much better than NT get infected, even though they had Norton running (Courtesy of IE). I too would not dream of connecting a PC with Windows to the net. If your PC is running Linux on the other hand, you have no more worries than you would have with OSX (apart from the occaisional buffer overflow of course)

rlmorel · Jul 12, 2003, 09:11 AM

I have never had a mac virus since I starting using macs in 1986. I did use virus software for a little while, but it caused problems for me using the old macos, so I stopped and never looked back.

My work PC has had a few viruses, but it is protected by IT at the gates. We have got a lot of those email viruses, and they had to clean up our computers remotely.

From what I understand, OSX is pretty secure out of the box. Most or all exploitable stuff is turned off by default. If you start up certain kinds of activities, I believe that OSX can become less secure.

That said, I am told it is STILL much more secure than Windows as an OS. Apparently, Windows has a lot of exploitable "features" that you cannot turn off, and it is up to the user to combat using common sense or anti-virus software. Common sense obviously doesn't work, because many people lack it, or all of us lack it at one time or another (jeeez...I opened that email from Bill...I knew I shoulda looked more closely at that because I don't know Bill...) And anti-virus software has to be completely up to date and configured correctly to work. And even that may not protect you against a NEW virus.

I am surprised that there are not more hacker viruses against OSX, since there are many in that counter-culture who hate macs. All I can guess is that they just don't know it well enough to figure out how to exploit it. They know Windows, so...those are the Windows they break for fun...

I would love to break their hands, to tell you the truth. I think Kevin Mitznik got off too damn easy. He knew exactly the implications of what he was doing. Then we hear him whine 'ohhh they took away my livelihood...'

They shoulda taken away more than that.

Spliffdaddy · Jul 13, 2003, 11:59 AM

I'm a Windows user that has never had a virus and I don't use any sort of anti-virus.

Having all the latest updates and running Zonealarm as a firewall seems to be enough protection.

My machines run 24/7 connected to the internet thru a 10/100 hub, not a switch - and they're networked to each other, as well.

Turning off Outlook's ability to execute scripts, etc - and not executing them manually, either, is the best way to avoid a virus.

Lots of FUD in here.

Four years and dozens of Windows PCs later, and I still haven't got a virus.

aecheylon · Jul 13, 2003, 06:27 PM

Wow, that's amazing that you havn't gotten a virus in all that time. While I've been virus-free on the PC side (with the help of intrusive and annoying software), I can't say we've been as lucky with our NT machines constantly under attack, with hackers constantly probing for weaknesses. Every once in a while, they get us (even with all the M$ security updates). On the other hand, our OS X server has been humming along problem-free for a few years now. There may be some FUD, but I'd say you've also been fortunate...

Brass · Jul 13, 2003, 06:51 PM

Someone mentioned the filname.jpg.exe type of disguise for a virus executable on Windows. Well, Mac OS X has a similar problem now, only much worse. Not only do you have the option of hiding filename extensions in Mac OS X, but you can easily create application packages (in a folder with a .app extension) that could contain an applescript or any other type of executable, and any icon of the creator's choosing, an appear as any type of file the creator chooses (by it's name and icon). Unless the user did a get-info or finder preview on the file, they'd have no idea what it was before they double clicked it.

Stratus Fear · Jul 13, 2003, 08:24 PM

Originally posted by aecheylon:
Wow, that's amazing that you havn't gotten a virus in all that time. While I've been virus-free on the PC side (with the help of intrusive and annoying software), I can't say we've been as lucky with our NT machines constantly under attack, with hackers constantly probing for weaknesses. Every once in a while, they get us (even with all the M$ security updates). On the other hand, our OS X server has been humming along problem-free for a few years now. There may be some FUD, but I'd say you've also been fortunate...

It's amazing? I've never had a PC virus either, on any of THREE PCs that I have. I've had one problem on my parents computer, which was no more than an annoying AOL trojan (we didn't even have the service) that had the extra payload of not letting Windows shut down. Delete a registry entry and the exe file and that was fixed. Figures that my sister was stupid enough to open that e-mail, though...

I wouldn't call it being fortunate, I'd call it not being an idiot. The only reason people get viruses is because they open any and every e-mail coming from addresses that they don't even know of.

rlmorel · Jul 13, 2003, 10:12 PM

Spliffdaddy, I would say you are fortunate. Of course, I would say I am fortunate also for using a mac that long without a virus and no virus software. But you are correct, commonsense is one of the biggest preventers of infection. I only download programs off the Internet from a reputable source, and watch what I open for email.

But FUD...given that antivirus software is one of the top sellers in the PC world, and a lot of companies have lost millions of dollars and man hours to viruses...I don't think I would classify that as FUD.

Brass · Jul 13, 2003, 11:18 PM

I get at least a dozen Windows viruses (viri?) in the email a year. I ALWAYS double-click on them, just for fun, knowing that they'll do nothing on my Mac. Of course I wouldn't do that if I wasn't sure it was a Windows virus, which is usually obvious.

Spliffdaddy · Jul 14, 2003, 12:49 AM

I agree that I'm fortunate.

There are a handful of things you just don't do on any computer - number one is to never execute applications you don't know the origin of. And don't allow your computer to do it automatically, either.

I install all current Windows updates. I choose to NOT to "hide filename extensions for known file types" and I choose NOT to allow scripting in Outlook or IE. Between these simple things and a firewall - there is very little risk of a virus or a hacker.

I approve all internet connections and approve all applications that get executed. If my machine gets fuxored it's entirely my own fault

My point is that everybody acts as if you're guaranteed to get a virus if you run Windows. I know a hundred people that run Windows - and maybe two or three get a virus every year. They 'installed' it themselves, in my opinion. Using Windows98 doesn't help either. What year is this?

waffffffle · Jul 14, 2003, 01:35 AM

I got nVIR back in 1994 from some software that my cousins gave me on a floppy disk. It screwed up my sistem software a few times and infected all my applications but it didn't cause any real damage.

One nice advantage of OS X is the protected memory which means that a virus like nVIR could never be written for OS X since applications themselves cannot become infected due to protected memory.

However in general Macs are most certainly inherently safer. I am not a PC user but I work for the IT department at my school. You have no idea how many virus removals we have to do on student computers. The university has purchased norton server software that scans all email for viruses and it has been working very well. However nimda is still running wild on the network.

I had this PC running Windows 2000 that I was running apache on (I needed to get the web server up fast so I thought it would be easier than the lengthly process of installing linux, and I was right). However I had an open network share to allow users to upload files on the campus network. I had norton installed and updated of course. I found the computer had nimda within serveral hours.

I think the reason we don't seem many Mac viruses is partly due to obscurity, partly to due inherent security (or more accurately no inherent insecurty like some other OSes), and one other major reason. I think that the "counter culture" of virus writers (16 year old kids in the UK that have no lives and spend their nights playing with VB) is not attracted to the Mac. Visual Basic makes it easy for any idiot to write malicious code and spread it just as easily due to the email and web browser exploits. In order for a script kiddie to write a Mac virus he would have to learn to code for the Mac OS, which requires real programming skill, not Visual Basic. I think that any person who spends the time to learn to program for the Mac OS must at least appreciate the operating system enough to not want to sabotage it. There are plenty of people out there who hate Microsoft but those who hate Apple are often ignorant. I don't know of anyone who dislikes Apple or the Mac OS that actually understands the operating system on a decent level. Most Mac haters are just ignorant and if they were smart enough to write Mac viruses they would be smart enough to not want to hurt the Mac platform.

moonmonkey · Jul 14, 2003, 02:44 AM

Originally posted by Diggory Laycock:
i have never seen a mac virus in the wild. I have used a mac since 1989.

MS Office Macro viruses however - I have heard of - but never seen for myself (I never allow macros in MS Office docs.)

I used to get them all the time.
MDEF, Merry Xmas and Aids- nasty name.

Many of them were TH's hiding inside crap games (which were all you had on the mac

).

In general the virus software caused more problems than the viruses through.

Richard Edgar · Jul 14, 2003, 04:11 AM

One nice advantage of OS X is the protected memory which means that a virus like nVIR could never be written for OS X since applications themselves cannot become infected due to protected memory

Wrong. It is the file permissions that should prevent that (at least for administrator installed applications).

.... partly to due inherent security

The Classic MacOS has no inherent security. Anything that manages to run has free access to everything.

In order for a script kiddie to write a Mac virus he would have to learn to code for the Mac OS, which requires real programming skill, not Visual Basic

Applescript would probably work just as well - and I doubt that's any harder than VB.

All the above comments are made on the assumption that the OS always does what it is supposed to do. This is a poor assumption - kernels are quite frequently rootable. Under OSX, a trojan should only be able to damage one user's files (not much consolation for the user - although they were foolish for running the malware in the first place). However: how many people have a special, separate admin user? If an admin account gets compromised, you can probably kiss goodbye to the whole machine. Also, are you really sure that there are no root exploits in the OSX kernel? If not, then any user running a trojan can render the whole machine vulnerable.

besson3c · Jul 14, 2003, 10:00 AM

Originally posted by Brass:
Someone mentioned the filname.jpg.exe type of disguise for a virus executable on Windows. Well, Mac OS X has a similar problem now, only much worse. Not only do you have the option of hiding filename extensions in Mac OS X, but you can easily create application packages (in a folder with a .app extension) that could contain an applescript or any other type of executable, and any icon of the creator's choosing, an appear as any type of file the creator chooses (by it's name and icon). Unless the user did a get-info or finder preview on the file, they'd have no idea what it was before they double clicked it.

The type and creator would be lost unless the application was made into a disk image or compressed as a Stuffit Archive - both which most PC users would not be able to deal with and therefore pass on.

The hiding extensions in OS X is *not* worse. It is not possible to have a double extensions and have the OS hide one and not the other.

besson3c · Jul 14, 2003, 10:05 AM

I install all current Windows updates. I choose to NOT to "hide filename extensions for known file types" and I choose NOT to allow scripting in Outlook or IE. Between these simple things and a firewall - there is very little risk of a virus or a hacker.

As long as you don't run IIS, and don't write html code you might be safe for now.

My point is that everybody acts as if you're guaranteed to get a virus if you run Windows. I know a hundred people that run Windows - and maybe two or three get a virus every year. They 'installed' it themselves, in my opinion. Using Windows98 doesn't help either. What year is this?

How many times are they *sent* a virus? You can't blame novice computer users who don't know better to get infected for the first time. NAV is insurance for novice users...

besson3c · Jul 14, 2003, 10:08 AM

I think the reason we don't seem many Mac viruses is partly due to obscurity, partly to due inherent security (or more accurately no inherent insecurty like some other OSes), and one other major reason. I think that the "counter culture" of virus writers (16 year old kids in the UK that have no lives and spend their nights playing with VB) is not attracted to the Mac. Visual Basic makes it easy for any idiot to write malicious code and spread it just as easily due to the email and web browser exploits. In order for a script kiddie to write a Mac virus he would have to learn to code for the Mac OS, which requires real programming skill, not Visual Basic. I think that any person who spends the time to learn to program for the Mac OS must at least appreciate the operating system enough to not want to sabotage it. There are plenty of people out there who hate Microsoft but those who hate Apple are often ignorant. I don't know of anyone who dislikes Apple or the Mac OS that actually understands the operating system on a decent level. Most Mac haters are just ignorant and if they were smart enough to write Mac viruses they would be smart enough to not want to hurt the Mac platform. [/B]

Well said, but I'd also add that many Windows VB virii are just variations on existing viruses... it must be easy to just alter a pre-existing script.

Millennium · Jul 15, 2003, 03:53 PM

Originally posted by waffffffle:
One nice advantage of OS X is the protected memory which means that a virus like nVIR could never be written for OS X since applications themselves cannot become infected due to protected memory.

Untrue, unfortunately.

It is true that with protected memory, an app could not be infected while it was running. However, a virus could simply seek out applications on the hard disk, write into them, and then the app would be infected the next time it was run. Or, alternatively, if the virus could somehow get into the kernel, it could overwrite in-memory apps to its metaphorical heart's content, because the kernel can do that.

SKP909 · Jul 15, 2003, 04:27 PM

yeah i had sevendust 666 virus years ago, but that was on os9, i don't think 666/sevendust can hit osx can it?

God i'm glad i use mac OSX and not wind.

Windows is such crap, i mean how easy is it to get a virus with windows? Too bloody easy! And on a mac osx box? Next to impossible!
heheheheh

Brass · Jul 15, 2003, 06:49 PM

Originally posted by besson3c:
The type and creator would be lost unless the application was made into a disk image or compressed as a Stuffit Archive - both which most PC users would not be able to deal with and therefore pass on.

And what's that got to do with Mac virusses, if they are distributed by Macs to Macs (by for example AppleScript and Mail.app) and they don't affect PCs (No Mac virus has every affected PCs that I know of)?

Using a .app bundle would be an excellent way of disguising a virus on macs to make it appear like any other file type by it's name and icon.

The hiding extensions in OS X is *not* worse. It is not possible to have a double extensions and have the OS hide one and not the other.

Shot down in flames again. Yes, it looks like I was wrong. Although I'm sure I've had exactly this problem before, I cannot do it now, so I guess it was just my imagination

Graymalkin · Jul 16, 2003, 04:24 AM

Getting an executable file onto an OSX system is not as easy as changing the extension to .app. To transfer a .app "file" you need to distribute it either on a disk image or in an HFS+ compatible compressed file. Transfering a .app "file" over the internet will not work. Files with a .app extension are really directories which require a special format just to be recognized as being executable.

The same goes for a self contained Carbon application. Without the APPL file type, OSX will think the file is just some random binary file. Without distributing the executable via a StuffIt file or disk image there'd be no way to preserve the file type of your virus.

Even transfering a virus between two Macs over a network would require some form of file type preservation. Macs won't just execute anything with a particular extension. If you had a virus file that was typed APPL but disguised as a GIF or JPEG file it would indeed execute but the difficulty lies in keeping its APPL type after transfering it over the network.