[Maharaja]

I'm a switcher. I'm running panther with Norton Internet Security 3.0. My general mac-know-how is still limited but slowly building up.
My question is, whats the virus threat to OS X?

I see several Anti-Virus softwares in the market but i picked up NIS 3.0 (Firewall & AV) instead - old Windows habit hard to die. I've also read several posts in this forum not recommending Norton products. I have installed TechTool Pro 4 to replace Norton Works for my diagnostic tools. So what Anti-Virus can you recommend to replace Norton's? Thanks.

[alphasubzero949]

Virex.


BTW, there are no known viruses for OS X (aside from the MS Office stuff).

[Brass]

Although there is the potential for viruses to be written for Mac OS X (as for any unix-based system), currently, there are none (that anyone knows of).

So the threat is currently virtually nil. It could, and most likely will, change in the future, however. To what extent is anyone's guess.

One thing is for certain though. Even when viruses are written for Mac OS X (as they certainly will be one day), they are unlikey to spread as fast as on Windows, or to do as much damage as on Windows, due to the different architecture of Windows, and Mac OS X.

[andrew davidoff]

Originally posted by Brass:
Although there is the potential for viruses to be written for Mac OS X (as for any unix-based system), currently, there are none (that anyone knows of).

So the threat is currently virtually nil. It could, and most likely will, change in the future, however. To what extent is anyone's guess.

One thing is for certain though. Even when viruses are written for Mac OS X (as they certainly will be one day), they are unlikey to spread as fast as on Windows, or to do as much damage as on Windows, due to the different architecture of Windows, and Mac OS X.

i totally agree.

on a *nix OS you can't totally count out virri, especially on one like OS X that is now running on many 'average user's' systems (always a target for virri). that said, your main concern should be keeping your software up to date. almost every attack on a *nix system comes via a sofware exploit. things like openssl, ssh, etc...

andrew davidoff

[brachiator]

There is the concern that even if OSX is not vulnerable to virii you receive, you could still pass them on... a problem if you deal with a lot of Windows machines.

The problem and risk are pretty small -- some in these fora would say damn near nonexistent -- because the only virii you can pass on are those that are recieved, say, by email, and passed dormant, say, by forwarding that email. Since these virii can't run on *nix, they can't propagate themselves...

Of course, then you are spending the $70 bucks (or whatever) on s/w to take care of someone else's messes and vulnerabilities...

[CharlesS]

Who needs viruses when you've got Norton software? It can cause just as much damage.

The bottom line is that unless you're concerned about Word/Excel macro viruses or use Classic a lot, a virus scanner is a waste of money right now. Why buy something to scan for viruses when there aren't any yet?

I'm sure some idiot will eventually write a virus for Mac OS X. When that happens, then it may make more sense to buy a virus scanner. Right now, though, I don't see why you'd want to. And knowing the Mac community, if a virus did come out, someone would make a downloadable utility to scan for and kill that particular virus right away.

Originally posted by brachiator:
There is the concern that even if OSX is not vulnerable to virii you receive, you could still pass them on... a problem if you deal with a lot of Windows machines.

The problem and risk are pretty small -- some in these fora would say damn near nonexistent -- because the only virii you can pass on are those that are recieved, say, by email, and passed dormant, say, by forwarding that email. Since these virii can't run on *nix, they can't propagate themselves...

Of course, then you are spending the $70 bucks (or whatever) on s/w to take care of someone else's messes and vulnerabilities...

IIRC, most of the Mac virus scanners don't scan for Windows viruses, so they wouldn't even help against this.

[sniffer]

So the threat is currently virtually nil. It could, and most likely will, change in the future, however. To what extent is anyone's guess.

It's true that viruses exists for other *nix'es, but they aren't near as devastating and likely to spread like the WinViruses do. You might or might not blame it on marked-share, but the opinions I've read on the subject is that the barrier is technically lower to create a successful WinVirus. The main reason is that the default account equals root in the win world. Even normal users have some limited but devastating access to manipulate central files (DLLs' specifically). Basically this means that once you're in, you're in charge. In the *nix world it would equal that you are limited to the affected user.
Other problems is that the weaknesses found in Internet Explorer, the main browser, also affects how secure Outlooks gets. Any holes in I.E. is potential treads in Outlook, as Outlook have I.E. as its HTML engine.
The real potential treat is if someone manages to create a multi-platform virus and have the character of being active in many different environments. The problem is that such viruses would have been very technical challenging, so it's unlikely we will see those hit the news any time soon. But they will come.


Edit: ****ings typos.. I give up.

[Pierre B.]

The problem with writing virii for MacOS X is in part common with other Unix OSs: unlike the Windows world, you cannot access critical system files without an administrator password. And a virus that asks for an admin password to be activated, is not a virus (it has no chance to propagate).

The other side of the problem is that writing a virus for MacOS X, would mean exploit security holes in some OS layer or software piece. But as the core system is open source and Apple works actively on it, any vulnerabilities found are very quickly patched. At least that's what recent history tell us. On top of that, add the fact that the FreeBSD foundation of MacOS X is old, very well tested and known to be very resistant to attacks.

The problem of virii in MacOS X and Unix more general vs. Windows, had been analysed before in these boards by more technically skilled people. Perhaps someone could post a link from a past discussion or discuss more technical aspects of the problem. The only thing I remember by someone with many years experience in Unix programming, is that there have been certainly attempts to write a virus for MacOS X, but due to the very high degree of difficulty they were unseccessful.

[Maharaja]

Thank you for the great responses. I learn many things and gain new knowledge on this board.

Its time to exorcise Norton.

[Love Calm Quiet]

CharlesS said what my response would be to "Virus threat to Mac OSX? Norton Products?":

"The latter: NORTON products are the threat to Mac OSX"

Seriously, nasty hassles & data loss for Norton products reported for YEARS in these forums make Norton (for Mac) seem to be the equivalent of a COMMERCIAL virus -- one you buy and pay to whack your system. Maybe the latest release has been cleaned up -- but the beta tester with not be MY system !

[anybody got news about Norton's latest? Norton repair software was actually very helpful for me when used... on System 7.x

[dwishbone]

two posters have already said what i was thinking...
depending on who you ask...Norton products themselves are a virus
i dont know how a company that used to have such great rock solid and useful products has fallen so far.
It seems every version of Disk Doctor now has SOMETHING that will f up your drive.

[Millennium]

The virus threat to OSX is fairly low at the moment, unless you run Word, Excel, or Entourage.

Word and Excel macro viruses do run on OSX. They are somewhat limited in terms of the damage they can do, but some damage can still be done. Entourage is immune to most of the Outlook macro viruses written for Windows, but there is one Mac-specific e-mail worm known to exist (Windows machines are immune to it), though it is rare.

Also, you should know that even if you cannot actually become infected by Windows viruses, infected files on your machine are still infected, and so if you give such a file to a Windows user the virus will infect his machine.

Spyware-wise, there is only one spyware program currently known to exist on the Mac: LimeShop, a component of the LimeWire Gnutella client. There is no known adware for OSX at all.

For all these reasons, it is still prudent to run some kind of anti-virus software on your Mac. I recommend the offerings from Sophos; they will search for Windows viruses as well as Mac ones. Since you're a recent Switcher, you probably still have to interact with many Windows users, and so as a matter of courtest it is a good idea to ensure that you don't become a gateway.

Norton products for Mac OS 9 and lower have a very good reputation. They used to be the best in the business. Sadly, their offerings for OSX have not been nearly as good, and in some cases have caused more harm than good. I recommend avoiding these.

Virex is a joke. Do not bother.

[JKT]

It's also worth pointing out that if you use or plan to use Windows via VirtualPC, it can still be infected by Windows viruses, etc.

[Maharaja]

At work i am forced to work with Windows. I use Word on both Mac and Windows. So i do interact with Windows users a lot. At this rate, I am vulnerable to macro viruses more than anything else.

Right now I'm checking our Sophos website.

Originally posted by Millennium:
The virus threat to OSX is fairly low at the moment, unless you run Word, Excel, or Entourage.

Word and Excel macro viruses do run on OSX. They are somewhat limited in terms of the damage they can do, but some damage can still be done. Entourage is immune to most of the Outlook macro viruses written for Windows, but there is one Mac-specific e-mail worm known to exist (Windows machines are immune to it), though it is rare.

Also, you should know that even if you cannot actually become infected by Windows viruses, infected files on your machine are still infected, and so if you give such a file to a Windows user the virus will infect his machine.

Spyware-wise, there is only one spyware program currently known to exist on the Mac: LimeShop, a component of the LimeWire Gnutella client. There is no known adware for OSX at all.

For all these reasons, it is still prudent to run some kind of anti-virus software on your Mac. I recommend the offerings from Sophos; they will search for Windows viruses as well as Mac ones. Since you're a recent Switcher, you probably still have to interact with many Windows users, and so as a matter of courtest it is a good idea to ensure that you don't become a gateway.

Norton products for Mac OS 9 and lower have a very good reputation. They used to be the best in the business. Sadly, their offerings for OSX have not been nearly as good, and in some cases have caused more harm than good. I recommend avoiding these.

Virex is a joke. Do not bother.

[Arkham_c]

Most true Windows viruses/trojans come in one of two forms. Either the (a) exploit a vulnerability in Windows itself, or (b) exploit Outlook or Outlook Express.

Mac users can generally forget about (b) above, since Mac mail clients don't support any embedded scripts in emails.

(a) can still be an issue, if a vulnerability in a running service is discovered. OSX client ships with no services running by default, so it's essentially invulnerable to these attacks too unless you turn something on. OSX Server has ssh on, but is otherwise secure.

Bottom line: OSX would be a lot harder to create an effective virus for. Not impossible, but more difficult to say the least. The most likely attack that someone could make for OSX would be a trojan horse in an email that, when run, sends out emails to everyone in a person's address book, thus propagating the trojan. It would rely on some social engineering (convincing people to run the attachment), but that's the only real chance for it to work.

[Busemann]

Originally posted by CharlesS:
IIRC, most of the Mac virus scanners don't scan for Windows viruses

What do you think they scan for then

Thats the only purpose they have now, so Mac users dont pass viruses on to Windows users.

[voyageur]

Norton Anti-Virus 9 scans for Windows viruses as well as Mac.
I'm curious, what kinds of problems have people had with NAV? I'm aware of the Disk Doctor and SystemWorks problems, but we're running NAV 8 or 9 on our Macs and have only run into one minor glitch (auto-protect in v9 interferes with GraphPad Prism's export function).

[dwishbone]

ive never had any problems with NAV 9. it is a pretty solid app and scans for both mac and pc virus. most of the other Norton products have been pure crap lately.

[CharlesS]

Originally posted by Busemann:
What do you think they scan for then

Word/Excel macro viruses.

Thats the only purpose they have now, so Mac users dont pass viruses on to Windows users.

Maybe you are right, and they have updated it to deal with those. I do know that in the past it has not, however.

[brachiator]

I think that Virex also (now?) scans for Win viruses, although if Millenium says its crap I am inclined to believe him.

As of a year or so ago, I think NAV did not scan for Win viruses, despite requests by some large institutional users. My understanding was that Symantec was not too responsive to adding features to support a platform with a pretty small installed base -- even a large university's Mac installation is still pretty small.

I am going to check out Sophos, too.

[banditcosmo]

This is sort of related, what about a firewall ? I use a cable modem and a firewall is a must on a pc but what about a Mac ?

[schmoe]

banditcosmo,

IMHO a firewall is an absolute necessity for any network, PC or not. Mac OS X, Linux, Windows, etc have all had their share of bugs allowing someone on the internet to take over your computer.

OS X comes with a great firewall, but my recommendation is to buy a hardware firewall/router combo and run NAT. My favorite vendor is Netgear, inexpensive and high quality.

[sosumi]

Maharaja,

FYI, I have been using Symantec products since Mac OS 7.5, and have not experienced ANY problems with them whatsoever. That includes the latest version of Systemworks and OS X 10.3.2.

An antivirus program is an important tool, as Windows virii can be passed on by Mac users. Mac antivirus programs scan for Windows virii to be sure that this doesn't happen. There are also MS Word macro virii that can infect documents on a Mac. Norton AntiVirus has caused no problems at all on any of my machines. Not now, not ever.

While I am aware that Panther performs some measure of defragging, in a production environment it is not sufficient. I have found it very beneficial to use both Norton Disk Doctor and Speed Disk on my OS X machines, despite what the know-it-alls on this forum claim.

In the end, I think the biggest problem new OS X users face is not virii, but the level of misinformation being passed around these and other forums by people who have a single problem, immediately reinstall their OS and swear that it must have been the Symantec product. There have been issues with Norton products, just like all software products. But they have not been problems that affect all users, only the unfortunate few. It can happen with any software including your mighty OS X. Remember 10.2.8.

I can tell you from experience that just because someone here has a large number of posts to their credit, it does not indicate their level of expertise. It is more likely that they have dropped out of school and are unmotivated to find employment, so they have a good deal of time on their hands.

Please keep that in mind as you make your decisions.

[CatOne]

Originally posted by sosumi:
Maharaja,

FYI, I have been using Symantec products since Mac OS 7.5, and have not experienced ANY problems with them whatsoever. That includes the latest version of Systemworks and OS X 10.3.2.

An antivirus program is an important tool, as Windows virii can be passed on by Mac users. Mac antivirus programs scan for Windows virii to be sure that this doesn't happen. There are also MS Word macro virii that can infect documents on a Mac. Norton AntiVirus has caused no problems at all on any of my machines. Not now, not ever.

While I am aware that Panther performs some measure of defragging, in a production environment it is not sufficient. I have found it very beneficial to use both Norton Disk Doctor and Speed Disk on my OS X machines, despite what the know-it-alls on this forum claim.

In the end, I think the biggest problem new OS X users face is not virii, but the level of misinformation being passed around these and other forums by people who have a single problem, immediately reinstall their OS and swear that it must have been the Symantec product. There have been issues with Norton products, just like all software products. But they have not been problems that affect all users, only the unfortunate few. It can happen with any software including your mighty OS X. Remember 10.2.8.

I can tell you from experience that just because someone here has a large number of posts to their credit, it does not indicate their level of expertise. It is more likely that they have dropped out of school and are unmotivated to find employment, so they have a good deal of time on their hands.

Please keep that in mind as you make your decisions.

And you registered in 1999 and have 11 posts. Hmmm, I should probably be a search to see if all 11 of them defend Symantec products so vehemently?

The Norton products are really irrelevant for OS X, period.

[sosumi]

Actually CatOne, they don't. But the tone of my post is designed to counteract those users like yourself, who obviously haven't taken the time to thoroughly test the Norton products before advising people to avoid them. I have used these products for years now and continue to do so, because they are of benefit to the systems I look after.

I would suggest that in a home environment, they do not need to be used often. In a production setting though, there can be no doubt that their benefits vastly outweigh any minor troubles you may run into. And again, I have not had any troubles with these products, and would enthusiastically recommend them to anyone.

[dwishbone]

ok..ran into a problem with NAV 9. do not have it running while running DiskWarrior. it will cause a kernel panic.
turned it off and all went smooth.
my bad.
ya mule! ya!

[Millennium]

Originally posted by banditcosmo:
This is sort of related, what about a firewall ? I use a cable modem and a firewall is a must on a pc but what about a Mac ?

It is probably a good idea to run one. However, there's a passable firewall already built into OSX, so you can start with just that one. It's in the Sharing control panel, under the Firewall tab.

[tooki]

Repeat after me: vir-us-es. Not virii, virri, viri, vira, virae, or any other invented and/or misspelled invented plural.

See http://www.perl.com/language/misc/virus.html .

tooki

[CatOne]

Originally posted by Millennium:
It is probably a good idea to run one. However, there's a passable firewall already built into OSX, so you can start with just that one. It's in the Sharing control panel, under the Firewall tab.

A firewall is unnecessary on a Mac. That's because no network services are running by default. If services aren't running, and listening on ports, it is IMPOSSIBLE to attack them. Hence, no need for a firewall.

However, if you do want to run one, because this sounds like funky wacky mojo voodoo, then just click the " on" button and turn on the built-in firewall.

Note, OS X Server *does* have network services running by default, so different advice does apply.

[bergy]

For Your info ...

For trouble free computing ... I recommend ..
using these ..

Macaroni ... just set it and forget it.
http://www.macupdate.com/info.php/id/9633

Macaroni is a tool which handles regular maintenance for Mac OS X's Unix core. Normally these tasks run on a regular schedule, in the middle of the night. However if you don't leave your Mac on all night, they never run. Your Mac won't wake from sleep to handle this. Macaroni solves this problem. If a scheduled maintenance task is not run when it's normally scheduled, Macaroni automatically ensures that it's run at the next opportunity, whenever the Mac is on. Repairs permissions also, on a weekly basis.

Also every month or so ....
Cache Out X
http://www.macupdate.com/info.php/id/9538
Cache Out X clears out the cache entries on your machine, helping you recover valuable disk space on your machine. Items removed include the caches in System, Users, and Library, along with the Internet Explorer download cache. Optionally clears the IE's history cache as well.

Defragging?
From Apple ...
OS 10 Disk Optimization
http://docs.info.apple.com/article.html?artnum=25668

"For most users there is little benefit to defragging ... however ... if your disks are almost full, and you often modify or create large files, there's a chance they could be fragmented. In this case, you might benefit from defragmentation. "

I think Tech Tool Pro 4 will defrag if you need it.

Most importantly ... buy a copy of "Disk Warrior" and run it every couple of months.

As far as Norton is concerned, I've had Apple Techs tell me in no uncertain terms .. stay away from Norton.

Try to also avoid "third party system hacks".
For complete peace of mind, before a year runs out, get Applecare. It will pay for itself with one service issue.

Good luck and welcome to the Mac World!

[CharlesS]

Originally posted by sosumi:
Actually CatOne, they don't. But the tone of my post is designed to counteract those users like yourself, who obviously haven't taken the time to thoroughly test the Norton products before advising people to avoid them. I have used these products for years now and continue to do so, because they are of benefit to the systems I look after.

I would suggest that in a home environment, they do not need to be used often. In a production setting though, there can be no doubt that their benefits vastly outweigh any minor troubles you may run into. And again, I have not had any troubles with these products, and would enthusiastically recommend them to anyone.

Why is it that the Norton defenders assume we haven't used the product, and are making up the problems with it?

Many of us have used Norton products for years. I used to be a fairly large fan of Norton. It was great in the System 7 days, but later on it messed up two of my drives, one of which had been working perfectly before running Norton and which had checked out in every other disk utility with no errors. To top it off, when I ran it on my other disks it reported the same repeated error that I destroyed the first perfectly functioning drive by "fixing". No way was I letting it touch the rest.

[CharlesS]

Originally posted by CatOne:
A firewall is unnecessary on a Mac. That's because no network services are running by default. If services aren't running, and listening on ports, it is IMPOSSIBLE to attack them. Hence, no need for a firewall.

However, if you do want to run one, because this sounds like funky wacky mojo voodoo, then just click the " on" button and turn on the built-in firewall.

Note, OS X Server *does* have network services running by default, so different advice does apply.

No, a firewall is good to have even with no services on, because it makes your computer 'stealth' so that hackers don't even know a computer exists at your IP address.

For more information, go to http://www.grc.com .

[NeXTLoop]

CharlesS is right. Even if you're not running any services, a firewall is still a good precaution.

[Maharaja]

Originally posted by sosumi:
Maharaja,

FYI, I have been using Symantec products since Mac OS 7.5, and have not experienced ANY problems with them whatsoever. That includes the latest version of Systemworks and OS X 10.3.2.

An antivirus program is an important tool, as Windows virii can be passed on by Mac users. Mac antivirus programs scan for Windows virii to be sure that this doesn't happen. There are also MS Word macro virii that can infect documents on a Mac. Norton AntiVirus has caused no problems at all on any of my machines. Not now, not ever.

While I am aware that Panther performs some measure of defragging, in a production environment it is not sufficient. I have found it very beneficial to use both Norton Disk Doctor and Speed Disk on my OS X machines, despite what the know-it-alls on this forum claim.

In the end, I think the biggest problem new OS X users face is not virii, but the level of misinformation being passed around these and other forums by people who have a single problem, immediately reinstall their OS and swear that it must have been the Symantec product. There have been issues with Norton products, just like all software products. But they have not been problems that affect all users, only the unfortunate few. It can happen with any software including your mighty OS X. Remember 10.2.8.

I can tell you from experience that just because someone here has a large number of posts to their credit, it does not indicate their level of expertise. It is more likely that they have dropped out of school and are unmotivated to find employment, so they have a good deal of time on their hands.

Please keep that in mind as you make your decisions.

Thank you for your insight.

I live in Japan and finding English Mac softwares such as Sophos can be very difficult even in the new Apple Store. Norton products are abundant both in Japanese and English version. Also. almost all of the online stores in the U.S dont accept international order. Thus, I have less options and somoehow "forced" to turn to Norton's products.

Anyway...when i first got my first Mac (G5), I immediately installed Norton Internet Security 3.0 on 10.2.8 and it worked as intended. However after i upgraded to Panther, Norton broke my "Fast User Switch". So I have removed NIS completely from my system. I might reinstall NIS back once Symantec fix all the errors.

I have read many comments and recommendation from the users in this board that programmes that are built from ground-up specifically for Mac like DiskWarrior and MicroMat Tech Tool Pro are likely more reliable and stable. How does Norton Utilities/Work differs from Diskwarrior/TTP? arent' these two programmes built for Mac aswell?

[RayX]

Originally posted by CharlesS:
For more information, go to http://www.grc.com .

Is it April 1st already?

[CharlesS]

Originally posted by RayX:
Is it April 1st already?

[Millennium]

Originally posted by CharlesS:

There are quite a few people who don't like the guy behind the GRC site. I have to admit, I disagree with him on a few points; he believes that the best way no one has yet taken to secure network operating systems is to cripple the programming interfaces by not allowing access to raw sockets. However, in general, I believe he knows what he's talking about.

Running a firewall is prudent, even if you don't knowingly run any services. The ideal firewall setup would be a combination of a port-based firewall for incoming connections and an app-based firewall for outgoing connections, but currently Apple only supplies the former (you can get the latter on Macs through a product called FireWalk X). The former helps keep Bad Stuff away, and the latter helps thwart any Bad Stuff that gets through the former.

This is part of the problem with Microsoft's security model, and while Apple is better about it than Microsoft, they're still not as good as they could be. Good security assumes that some of your layers will be broken through, no matter how good they may be, and takes steps to ensure that the Bad Stuff is still limited in what it can do.

[Cadaver]

Originally posted by JKT:
It's also worth pointing out that if you use or plan to use Windows via VirtualPC, it can still be infected by Windows viruses, etc.

This is a very good point. This is why you should NEVER set up your VPC Shared Folders to anything that you couldn't afford to have deleted. If you get a Windows virus that begins deleting/corrupting files, it could spread to your MacOS volumes if you have VPC Shared Folders set indiscriminately.

[drjoe]

[QUOTE]Originally posted by Maharaja:
[B]I'm a switcher. I'm running panther with Norton Internet Security 3.0. My general mac-know-how is still limited but slowly building up.
My question is, whats the virus threat to OS X?

Believe it or not I think I finally found a virus. My ISP is VERY good about these things but this evening I found an email with a blank for the subject and from someone I dont know named "[email protected]" There was an attachment with a file named file.scr and was 24k in size. I opened it [it opened with graphic converter] and got a little fragment purporting to be the data fork of an unknown file format. Could this be the much feared MYDOOM virus that just snuck through. I have a LinkSys router and am huddled behind it, and behind the router I run HenWen - the mac osx version of the NIDS Snort. Could I have actually found a virus??? Oh My - so exciting!!!

[Maharaja]

Originally posted by Cadaver:
This is a very good point. This is why you should NEVER set up your VPC Shared Folders to anything that you couldn't afford to have deleted. If you get a Windows virus that begins deleting/corrupting files, it could spread to your MacOS volumes if you have VPC Shared Folders set indiscriminately.

Can windows viruses do its harm/ damage payload in the Virtual PC environment??? will the viruses be contained??? How would that play into this whole thing?

[dwishbone]

yes, VPC IS a Windows PC in pretty much every sense of the term. a virus could effect it just as easily as a normal windows machine. it won't spread to your mac volume though unless you have some way for it to get out. some VPC users like to setup virtual drives that are just really mac folders assigned a drive letter. windows doesnt see them any different than any other volume and neither would the virus. it can delete/modify anything that is there. as stated before...dont map to anything you can't stand to be without.

[tooki]

FWIW, I have to confirm that Norton's stuff really went downhill in the late 90's, and has never recovered.


Utility software is an area where bugs are not acceptable -- a utility has to work properly or it could not only not do its job, but make things worse such that other utilities can't fix it either! (Which is exactly what some versions of Norton did.)

Mac OS X does have some services running by default -- things like DHCP client, all sorts of Rendezvous-enabled services (Rendezvous printers, iTunes and iPhoto sharing, iChat messaging, etc), all of which potentially open up security holes. Those programs can also act as servers, which open more holes still.

tooki

[typoon]

It's great not to get the Windows Viruses and I sometimes think if I get one I should just send it to my Windows friends that'll teach'em to get a Mac. Seriously though. Everyone is forgetting a smaller player in the Virus software game Virus Barrier from INtego. They make some good product. From NetBarrier to ContentBarrier to VirusBarrier. They also have a suite for I believe 99 dollars.

[CharlesS]

Originally posted by typoon:
It's great not to get the Windows Viruses and I sometimes think if I get one I should just send it to my Windows friends that'll teach'em to get a Mac.

That would put you in danger of getting kicked off your ISP - most have lines in the Terms of Service prohibiting you from intentionally distributing viruses.

[ryaxnb]

I think Millennium wrote this.

There are no known viruses for OSX. However, OSX users can still carry Windows viruses (even if they can't actually become infected) by containing the files which host those viruses. This means that running anti-virus software is still prudent, even if only to clean out the hard drive space that virus-hosting files take up.

Can a virus for OSX be written? Yes, it can. It wouldn't even be terribly difficult to write a basic one. However, OSX is written such that the damage a virus can do is quite limited, unless it infects the root account. Unless you are dumb enough to actually run things as root all the time, a virus just plain won't be able to do all the things a virus on Windows does.

This is a major issue with Windows, for example. It's not just that it's easy to write a virus for Windows, though that is a problem. The bigger problem is that Windows has virtually no security model in place to limit the damage a virus can do, once the system has already been infected.

This is the problem with Microsoft's security model. There are three lines of defense which need to be taken into account, and Microsoft only ever bothers with one.

The outermost layer of security is the ability to keep The Bad Guy out of your machine. Firewalls are the most common example of such security. According to Billy himself, this is the only layer of security you really need. This because Billy knows little to nothing about what real security is.

The middle layer of security is intrusion detection. If someone manages to break through your firewalls, you need to know that it has happened. Many hackers only break into a machine one time, and use that time to install backdoors so that they can get in later without having to go back through the rough stuff. Sometimes they even lay low for a while after first breaking in, counting on you to not find their backdoors while keeping a low profile so that by the time you do get around to checking your logs, they will be long gone. Currently both Windows and OSX are poor in this regard out of the box, but intrusion-detection systems are available for both platforms.

The third layer is damage control. If a user gets into your system, you need to make sure that they can't do much damage. Windows doesn't even bother with this level of security, and this is why they get smacked down so hard by viruses. OSX (and most other Unices) do pretty well in this regard, though there are some operating systems out there which do even better.

[kindbud]

[QUOTE]Originally posted by drjoe:
[B]

Originally posted by Maharaja:
I'm a switcher. I'm running panther with Norton Internet Security 3.0. My general mac-know-how is still limited but slowly building up.
My question is, whats the virus threat to OS X?

Believe it or not I think I finally found a virus. My ISP is VERY good about these things but this evening I found an email with a blank for the subject and from someone I dont know named "[email protected]" There was an attachment with a file named file.scr and was 24k in size. I opened it [it opened with graphic converter] and got a little fragment purporting to be the data fork of an unknown file format. Could this be the much feared MYDOOM virus that just snuck through. I have a LinkSys router and am huddled behind it, and behind the router I run HenWen - the mac osx version of the NIDS Snort. Could I have actually found a virus??? Oh My - so exciting!!!

MYDOOM is a trojan. It doesn't just 'get into' a computer - it generally arrives as an email attachment. Even then, you'd have to open and execute the attachment before it can do anything. Sometimes email clients such as Outlook Express can be set to 'preview' attachments automatically. This can execute a trojan that was attached to an email - without the user having to manually open the attachment.