Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Software - Troubleshooting and Discussion > macOS > Question about trojans and viruses on OSX

Question about trojans and viruses on OSX
Thread Tools
Hawkeye_a
Addicted to MacNN
Join Date: Apr 2000
Status: Offline
Reply With Quote
May 24, 2010, 06:45 AM
 
Can malware make it into a MacOSX box, by [b]just[b] visiting a website in Safari ? or clicking on a link in a web browser ?

The reason i ask is cause despite having pop-up blocking on, occasionally when i click somewhere on a page a new window just opens up.

And does MacOSX have any malware that propagates over USB to external drives ? I read an article about this at work, and there were a couple of machines(XP) infected with some malware over USB thumb drives. The whole thing kinda freaked me out a little.

Cheers
     
turtle777
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status: Offline
Reply With Quote
May 24, 2010, 07:07 AM
 
Originally Posted by Hawkeye_a View Post
Can malware make it into a MacOSX box, by [b]just[b] visiting a website in Safari ? or clicking on a link in a web browser ?
I have never heard of such a malware / virus in the wild.

There were some proof-of-concepts, exploiting certain security holes in Safari. But they were never used for viruses, AFAIK.

Make sure to uncheck "Open safe files after download" in the Safari - General preferences.
That should do the trick.

-t
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
May 24, 2010, 07:17 AM
 
Originally Posted by Hawkeye_a View Post
And does MacOSX have any malware that propagates over USB to external drives ? I read an article about this at work, and there were a couple of machines(XP) infected with some malware over USB thumb drives. The whole thing kinda freaked me out a little.
Oh yeah, the Mac had a virus like that once.

It was called the WDEF virus, but the exploit it used was closed with the release of System 7 in 1990, IIRC. It only affected your machine if you were running MultiFinder.

I had two or three infected floppies throw up a Disinfectant warning in around 1992, but rebuilding the desktop file (Cmd+Opt when inserting the disk) fixed that.

It was the last virus any of my machines ever had.
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
May 24, 2010, 08:42 AM
 
Originally Posted by Hawkeye_a View Post
The reason i ask is cause despite having pop-up blocking on, occasionally when i click somewhere on a page a new window just opens up.
That's normal. Pop-up blocking usually just blocks a certain Javascript event that is used to open a window when a page is at a certain stage of loading. A window can still be opened as a response to a click. There is a difference: the blocked event will trigger when the page is opened, even if you went there from a bookmark or a search page, while the onClick only triggers in response to a direct action. Certain websites use this to work around blockers - when you think you're clicking a link, you're actually triggering a script that opens a window and then moves the main page - but it still requires you to read the page and then call for a second page of content, so it's less disturbing.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
Big Mac
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
May 24, 2010, 08:57 AM
 
Hawkeye, the short answer is that, as to your first concern you're worrying almost entirely over nothing. There have been exploits of a nature like that in recent computing past but not on Mac OS X. Specifically, I recall a vulnerability in a Windows mail client that could destroy data just by the user clicking to read an email message - without downloading or opening an attachment. But aside from some proof of concept tests that were fixed by Apple we haven't seen anything of the sort on OS X. And by the way, getting errant pop-ups in Safari has nothing to do with viruses or other types of malware (and don't believe the pop-up banners that tell you you're infected with a PC virus and should download their scanner). Safari 4's pop-up blocker isn't very good at blocking newer pop-up types, in comparison to other browsers on the market.

Sure, there have been theoretical exploits in OS X's point that have sounded very dangerous, like theoretical exploits of Quicktime and also malformed JPEG vulnerabilities. To my knowledge, though, those vulnerabilities were patched by Apple before any exploit got into the wild. Recently there was a hacker promising a number of serious zero-day vulnerabilities after supposedly not getting Apple to take them seriously, but I haven't heard anything about that since the initial publication of the story. (They're called zero-day because the person releasing the information on the vulnerability has not given the software vendor a single day to patch the vulnerability before releasing the information publicly, according to my knowledge of the subject.) There have been one or two trojan horse files, but they have required the user to be download and install them for them to take effect; once identified by the Mac community they're quickly taken offline.

Snow Leopard has built further on the strong security foundation and track record of previous releases of OS X. Now, it is true that Windows 7 security is even more advanced than Snow Leopard in some respects (more thorough memory randomization of system library locations comes to mind), but I personally believe OS X's approach to security is inherently superior for at least a few reasons. Additionally, Microsoft has to work hard at securing Windows because of both its legacy of insecurity and, more importantly, the fact that its overwhelming PC market share means it will continue to be a prime target for hacker attacks for the foreseeable future. Just consider that with its 90% PC market share Windows is a far, far, easier target than OS X (and remember that the Windows installed base includes a large percentage of older Windows versions with poorer security).

If you take nothing else from this post, here's what I deem important to remember: 1) You essentially can't be harmed by anything you do online unless and until you download and open a malware file; 2) OS X malware is so rare as to be virtually nonexistent, so that you're far more likely to run into Windows malware that has no effect on Mac OS X than you are to ever run into Mac malware; 3) While there have been a couple of trojans and many theoretical exploits in the past, we have yet to see a single true Mac OS X virus or worm of any real significance. (The only instance that comes close, AFAIK, was the Leap-A iChat virus from 2006 that was very rare and very limited - I don't really count it as a virus, although some sources refer to it that way.)
( Last edited by Big Mac; May 25, 2010 at 12:00 AM. )

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
msuper69
Professional Poster
Join Date: Jan 2000
Location: Columbus, OH
Status: Offline
Reply With Quote
May 24, 2010, 08:57 AM
 
This isn't Windows. You can't get infected by just viewing a webpage.

Social engineering tricks work on any platform as they rely on user stupidity/ignorance. Nothing can stop that!
     
P
Moderator
Join Date: Apr 2000
Location: Gothenburg, Sweden
Status: Offline
Reply With Quote
May 24, 2010, 09:01 AM
 
Originally Posted by Spheric Harlot View Post
Oh yeah, the Mac had a virus like that once.

It was called the WDEF virus, but the exploit it used was closed with the release of System 7 in 1990, IIRC. It only affected your machine if you were running MultiFinder.

I had two or three infected floppies throw up a Disinfectant warning in around 1992, but rebuilding the desktop file (Cmd+Opt when inserting the disk) fixed that.

It was the last virus any of my machines ever had.
I had the same situation, actually - WDEF is the only virus I ever had on any disk. There was a more straightforward Trojan for Macs in the late nineties that worked exactly like what Hawkeye describes, but Apple blocked autorun of software from writable disks in one of the OS 8 updates, and that killed any such worm. MS enabled autorun on USB drives at some point (because Win2k didn't have it, and that made the U3 software on USB drives masquerade like a CD to autorun), but disabled it again in a security update.
The new Mac Pro has up to 30 MB of cache inside the processor itself. That's more than the HD in my first Mac. Somehow I'm still running out of space.
     
CharlesS
Posting Junkie
Join Date: Dec 2000
Status: Offline
Reply With Quote
May 24, 2010, 12:03 PM
 
Originally Posted by P View Post
I had the same situation, actually - WDEF is the only virus I ever had on any disk. There was a more straightforward Trojan for Macs in the late nineties that worked exactly like what Hawkeye describes, but Apple blocked autorun of software from writable disks in one of the OS 8 updates, and that killed any such worm.
That was AutoStart.9805. I remember one of the MacAddict CDs actually getting infected by it at some point, causing a huge recall.

edit: oh, and Apple didn't just block autorun from writable disks, they killed the autorun feature altogether. Blocking it only from writable discs wouldn't have done anything to help against infected CDs like the aforementioned MacAddict disc (and angelmb's MacWorld Spain disc too).
( Last edited by CharlesS; May 24, 2010 at 06:13 PM. )

Ticking sound coming from a .pkg package? Don't let the .bom go off! Inspect it first with Pacifist. Macworld - five mice!
     
mduell
Posting Junkie
Join Date: Oct 2005
Location: Houston, TX
Status: Offline
Reply With Quote
May 24, 2010, 12:45 PM
 
Originally Posted by Hawkeye_a View Post
Can malware make it into a MacOSX box, by [b]just[b] visiting a website in Safari ? or clicking on a link in a web browser ?
Yes: there have been exploits like that in the past, and there will be in the future.

A couple years ago Safari had a default setting to automatically open "safe" files, which included Dashboard widgets which can execute arbitrary code. Apple patched it several different ways in the subsequent OS X updates; Google for the details if you're interested.

A new exploit for Safari (and Firefox and Internet Explorer and iPhone etc) is revealed every year at the PWN2OWN contest. ComputerWorld has coverage of this years event.
     
angelmb
Addicted to MacNN
Join Date: Oct 2001
Location: Automatic
Status: Offline
Reply With Quote
May 24, 2010, 12:51 PM
 
The least secure software right now comes from Adobe. That should be your main concern.

BTW, a month ago Apple hired Window Snyder, the guy played a lead role in helping Microsoft turn around their security record. What would you think about it?.

Originally Posted by CharlesS View Post
That was AutoStart.9805. I remember one of the MacAddict CDs actually getting infected by it at some point, causing a huge recall.
Same thing happened to a MacWorld (Spain Edition) years ago.
     
is not
Mac Enthusiast
Join Date: Dec 2007
Status: Offline
Reply With Quote
May 24, 2010, 01:20 PM
 
Originally Posted by angelmb View Post
The least secure software right now comes from Adobe. That should be your main concern.
I though that windows was !
     
Hawkeye_a  (op)
Addicted to MacNN
Join Date: Apr 2000
Status: Offline
Reply With Quote
May 24, 2010, 11:42 PM
 
Thanks for the information guys. I've sort of drifted away from keeping up with this stuff since i switched to the Mac (which is a good and bad thing).

Thanks for the brush up.
     
Big Mac
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
May 25, 2010, 12:10 AM
 
Originally Posted by angelmb View Post
BTW, a month ago Apple hired Window Snyder, the guy played a lead role in helping Microsoft turn around their security record. What would you think about it?:
Very interesting. Apple's taking security even more seriously. Thank you for the reference to Snyder. I read up on the subject and found out more about her:

Window Snyder (Wikipedia)

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
Person Man
Professional Poster
Join Date: Jun 2001
Location: Northwest Ohio
Status: Offline
Reply With Quote
May 25, 2010, 08:17 AM
 
Originally Posted by Big Mac View Post
Very interesting. Apple's taking security even more seriously. Thank you for the reference to Snyder. I read up on the subject and found out more about her:

Window Snyder (Wikipedia)
I think it's funny that a woman named Window worked on the security of Windows.
     
angelmb
Addicted to MacNN
Join Date: Oct 2001
Location: Automatic
Status: Offline
Reply With Quote
May 25, 2010, 08:30 AM
 


     
amazing
Professional Poster
Join Date: Jan 2003
Status: Offline
Reply With Quote
May 25, 2010, 09:22 AM
 
Wow!

Blocking pop-unders is a seriously moving target. Block 'em one way and you soon find that they've figured out another way to pop-under...especially netflix...

Here's a tip from macintouch.com, just saw it yesterday and don't know if it works consistently yet, but it certainly can't hurt, especially that annoying netflix pop-under: and apparently you have to open up the browser to accept cookies for the service to set a cookie, but once you've got that cookie you can close the browser again:


OptMD.com > FAQ

you can read the faq, and then go to the "opt out" tab. Might have to do it for every browser you use. it's working so far in firefox.
     
angelmb
Addicted to MacNN
Join Date: Oct 2001
Location: Automatic
Status: Offline
Reply With Quote
May 25, 2010, 02:08 PM
 
Beware of tapnapping.
     
Big Mac
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
Jun 20, 2010, 04:48 AM
 
Some interesting developments related to this thread:

It turns out that Apple is actively blocking some malware from executing with OS security updates. There was some doubt about whether or not Apple was selectively blocking malware from executing, but this confirms it.

And here's a good post on Slashdot that explains some reasons why OS X remains superior to Windows as far as security is concerned.
( Last edited by Big Mac; Jun 20, 2010 at 02:38 PM. )

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
Spheric Harlot
Clinically Insane
Join Date: Nov 1999
Location: 888500128, C3, 2nd soft.
Status: Offline
Reply With Quote
Jun 20, 2010, 05:00 AM
 
That /. post is smacked about fairly strongly in the ensuing discussion.
     
Big Mac
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status: Offline
Reply With Quote
Jun 20, 2010, 05:09 AM
 
And the OP defends himself and shoots down the would be smacker. I thought it was a pretty good general-scope post, at least.
( Last edited by Big Mac; Jun 20, 2010 at 02:35 PM. )

"The natural progress of things is for liberty to yield and government to gain ground." TJ
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 08:21 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,