Mac OS forum

General discussion

OS X - vulnerability to viruses ?

by grimgraphix / March 27, 2008 4:51 AM PDT

I'm sitting here with a cold, so I'm not invulnerable. Wink

Anyway, I just got through reading some comments from a chap named studiotropico who was determined to argue that apple has a crippling defect when it comes to viruses. I think this person was put off in part, by the stereotypical apple fanboy cliche that apples are perfect and invulnerable to viruses - I say cliche because I really don't see too many out there saying apples are perfect compared to other OS. I think those folks with some small knowledge of computers know that macs can be jammed up with a virus. It is just much more difficult for an apple to catch one.

What has always made a computer virus so insidious is the fact that it sneaks up on you, without your knowledge. Windows machines are open to picking up viruses for a variety of reason, most common of which is simply because most of their programs will automatically run bits of hidden code embedded in a variety of files... emails, multimedia, activeX files, etc... that can gain immediate gain access to the OS, and make changes. Apples are not impervious to outside programs making changes to it's Operating System. However, because of the mac OS design, any code that can actually change the OS must be installed by the owner of the computer. Simply put, if you don't trust the software, then don't download and install it. There is no guarantee this will remain true, but for right now, I believe I have been factually accurate.

Question for those who are more technologically knowledgeable than I am...

The word on the street is that you have to install a virus yourself, to get OS X infected. Does this mean you actually have to put in the administrative pass word to install this malware or is there some other scenario that would cause an apple to get infected by the handful of OS X viruses that are out there?

In other words... what is the exact, step by step scenario of how an apple computer would get infected by a virus. I think knowing this might comfort those of us who are unsure about how this stuff works, and what dangerous behaviors we should be mindful of, as we go about our daily computer tasks.

Thanks for any input !


Discussion is locked
You are posting a reply to: OS X - vulnerability to viruses ?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: OS X - vulnerability to viruses ?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
The versions today do require a lot of help.
by R. Proffitt Forum moderator / March 27, 2008 5:33 AM PDT

From the user to install them. There is another avenue (which still requires the user to allow it in) and it's rather the insidious area I hate. It's the possibility of a driver to harbor "something" other than the driver.

I see this will be tackled in the iphone but I'm unsure if developers would submit to that on the Mac.

Collapse -
re: drivers
by grimgraphix / March 27, 2008 6:31 AM PDT

Is there a difference between a disc image based application and a device driver as far as security purposes are concerned?

Should a driver or any application you have downloaded onto your HD be examined with a program like ClamXav before installation? Would it make any difference?

If you have downloaded an application or driver, is it already too late?

Collapse -
Not with this OS.
by R. Proffitt Forum moderator / March 27, 2008 8:12 AM PDT
In reply to: re: drivers

Unlike an OS commonly used today, I have yet to hear of an issue created by just downloading.

Collapse -
PS. Sorry.
by R. Proffitt Forum moderator / March 27, 2008 8:13 AM PDT
In reply to: Not with this OS.

The disk image or such is something of an odd question which I may have to think about. But it shouldn't make any diff. To install a trojan, virus or such is far from "automatic."

Collapse -
by 3rdalbum / April 11, 2008 10:48 PM PDT
In reply to: Not with this OS.

Early versions of Safari would automatically run shell scripts inside downloaded Zip files - the option to do that was turned on by default in the Safari preferences.

There are no viruses in the wild for Mac OS X. It's certainly possible to write them, and I don't think Apple has the same security culture that you find in the Unix world (or even at Microsoft these days), but currently you're safe.

I can't say the same for the future, but of course you can re-evaluate things later down the track and decide whether you need a computer security software package. Until then, save your CPU cycles.

Collapse -
If there's any hole. People will exploit it.
by R. Proffitt Forum moderator / March 27, 2008 10:29 PM PDT
Collapse -
(NT) PS. Not a virus.
by R. Proffitt Forum moderator / March 27, 2008 10:29 PM PDT
Collapse -
OSX vulnerability
by pbuchta / April 11, 2008 11:12 AM PDT

To think of OSX operating system viruses, a la PC, would be logistical folly. Firstly and most importantly, Apple supports both the hardware and software together. You cannot say that about PCs. Most people automatically associate PCs with Windows and Vista. How so untrue! Some PCs still run DOS. Some still run OS2. (I have a client running OS2 on a security system and DOS on a HVAC framework.) Some run Unix. Apple on the other hand offers full support of their systems and software under the same manufacturer, under the same OS, and hardware. You cannot say that about any PC hardware or software manufacturer. Apple offers set guidelines that their manufacturers and software developers must follow, period.

This is not to say that there have not been issues with Microsoft applications or development. In those cases, it appears that the software developers extended themselves beyond the guidelines set forth by Apple in the development of their software.



Collapse -
hardware doesnt protect you from viruses
by EAGarcia8 / April 12, 2008 1:08 PM PDT
In reply to: OSX vulnerability

If you have an Ethernet port, you can become infected. Apple is more "bulletproof" to viruses because it focuses more on its OS than other applications, while Microsoft is trying to launch all kinds for software to take over multitudes of markets, like the recent silverlight (flash counterpart) which I would say is ****-ware. Anyways my point is, just because apple supports its hardware does not mean an OSX virus is stupid/impossible, because the virus works at the software level and has almost nothing to do with hardware. Plus coders that make viruses aim for the larger market because they can profit most from it. As Apple acquires more of the OS market, viruses and other malware will start to surface.

Collapse -
Let me try this question.
by R. Proffitt Forum moderator / April 12, 2008 10:19 PM PDT

Since there is no known virus for the MacOSX today, how would an antivirus know what to look for?

Collapse -
It doesn't
by tleMega / April 13, 2008 11:15 AM PDT

Most of the "viruses", or faults/vulnerabilities in the OS would be used a base for any AV program for Macs, but those aren't viruses that will just come up. There would need to be another user on the other line to exploit something in the system. Or, you'd have to manually download or install a file scripted to wreak havoc inside the computer. You could use a Mac AV program to scan files, but it would be looking for scripts that could exploit something. I don't think it would find a "virus".

OS X is not without problems, but Apple has time to fortify the security (and overall) features within it. Hopefully Apple will make good use of it before waves of real viruses appear. That does not prevent user-inflicted problems though.


Collapse -
by R. Proffitt Forum moderator / April 13, 2008 12:09 PM PDT
In reply to: It doesn't

And this is my final question. Do you think the call for firewalls and antivirus for Macosx is due to those that are changing from Windows?

Collapse -
by tleMega / April 13, 2008 1:55 PM PDT
In reply to: So...

So many Windows users are accustomed to using one form of antivirus protection in some way. Without AV or firewalls, they must feel vulnerable. OS X has good security in its own right, and if you use WiFi, your router should have a built-in firewall to help prevent some attacks.

So yes, maybe this issue is coming from the users who have switched. I know I looked into getting AV for my Mac when I first switched, but after realizing that I would have no real use for it, I did not. Plus, the speed reduction and performance loss from running such a program would be very aggravating. I'm quite glad that I don't have to worry about any virus-related problems with OS X. My friend who has been using Macs since the early days has never had a problem with this kind of thing. Most of the newer Mac users are switching over from Windows. Yep, I think the answer is yes.
My question is how many people it will take for OS X to become a large target. The Mac community has been growing for quite some time now. Only time will tell. Hopefully, Macs will be ready for whatever is thrown at them when that day comes.


Collapse -
What to do with the new owners?
by R. Proffitt Forum moderator / April 13, 2008 2:16 PM PDT
In reply to: Maybe
Collapse -
New Mac Users
by tleMega / April 13, 2008 2:39 PM PDT

I know Apple has that One-to-One training thing, but they really need to make it a point to explain to new users that you don't need to worry about viruses or these kinds of things. Just take care of the Mac and use it well. I'm sure most of the store employees try to explain it the best they can when they are asked about it.

Deleting all of the user files... useful if you need it, but not recommended for regular use... hmm...
I would suggest making a new sticky regarding these issues, but it would have to be temporary. Viruses may/will eventually appear for OS X and the average user will not know what he or she is doing when typing that into the command line. I bet that with experience, many new users will come to understand OS X, but some may not. Someone is always welcome to write a how-to book for Macs, describing every possible thing you could ever do with it ;). Of course these new users wouldn't read it. Ah, I bet they can figure it out. Their problem with OS X is it's so user-friendly and easy to use that it becomes too simplified for them.


Collapse -
Let's not make that into a sticky
by mrmacfixit Forum moderator / April 13, 2008 9:52 PM PDT
In reply to: New Mac Users

If people see it on a forum, then you can bet they will try it and then say "but it was on the CNET Mac forums, so I thought it was alright"!


Collapse -
by tleMega / April 14, 2008 8:59 AM PDT

I was merely suggesting it. I also said temporary because we don't know how long OS X will remain virus-free. And, not everyone believes what they read. We didn't make this up. Apple has mentioned OS X and its UNIX core as well as its immunity to Windows viruses. But, there are always those who feel like arguing this point.


Collapse -
by mrmacfixit Forum moderator / April 14, 2008 9:58 AM PDT
In reply to: True

The Mac OS is immune, and probably always will be, to Windows viruses.

Windows viruses are written to run on Windows, they will not run on OS X (Unix)

Note that most of the arguments come from recent switchers or those that just don't want to believe they have Stockholm Syndrome.


Collapse -
What I meant was
by tleMega / April 14, 2008 11:52 AM PDT
In reply to: Immunity

that the Windows viruses are the majority of the existing viruses. But yes, they will not run on OS X.

And I also know that the people who cling to these ideas are switchers. They can't understand a computer without viruses and virus protection. In time there may never be a system without viruses, but with multiple things like Linux and OS X becoming more favorable than Microsoft products, some systems may be overlooked. Apple's marketing department must be one of the best in the world, so when they say on those ads that Macs don't get viruses, you'd think that people would see the truth in that, even though most ads are somewhat inaccurate. Again, this may or will change. We could be lucky and OS X may never be targeted, but that's not really believable. Some of the security exploits found in Safari and QuickTime may be fixed for now, but others may be there too.


Collapse -
Viruses are rare, but risk is risk
by dj_erik / April 11, 2008 11:43 AM PDT

Most of the vunerablities I've seen with OSX are security issues, buffer overflows, and dos attacks. As a novice tinkerer, I would suggest that antivirus programs are not the worst idea, but I'd doubt that they would actually catch any of these problems. Apple's main flaw has been a delay in patching the OS in the first place. I would honestly say that this has more to do with the sheer need for Microsoft to patch quickly due to the more tightly knit integration with corporate business, and a lack of researchers that are looking into these flaws for the OSX platform.

Is your computer at risk? Of course. If you have any computer attached to the internet and interacting with the outside world, you are at risk.

As far as requiring a password to execute a program on your computer being necessary, that is the very reason to create a shellcode buffer overflow. Basically to dumb this down for the average user, I'll give you a brief, probably inaccurate, description. A computer program basically looks for some kind of input from a user/another program at some point in time. Allot of times programmers will expect a certain amount of data back as an answer. What a programmer looking to comprise this will do is feed it an answer that will be too big for it to understand. The program will read the information, and be left hanging in an area of memory that is actually being used to run the program. Once you have this accomplished, you can send it any instructions that will be executed as the user currently running the program. This is actually allot harder than it sounds, and I would suggest researching further if you're really interested.

A good example would be with the iPhone. This exploit was a tiff file viewed by safari that then installed the installer application (iJailbreak). I never said that all these things are completely bad from the end users viewpoint.

Collapse -
A virus and an exploit are two different things
by tleMega / April 12, 2008 5:51 AM PDT

in my book. A virus can be a piece of malicious code designed to wreak havoc with a system while an exploit is more along the lines of a loophole, in the case of the iPhone. You are "exploiting" a loophole to unlock your iPhone if you hack it, no? You're definitely not putting a virus on it.

All the anti-virus programs that I have seen for Macs have had mixed reviews. Considering the fact that there are no viruses in the wild for OS X, slowing down/crashing the system with one of these programs would be worthless. Sure, somebody is going to decide to target OS X with a virus or two sometime, but that time has yet to come. Apple finds and patches vulnerabilities in the OS, but most of them are "vulnerabilities" or "exploits". That guy who won the MacBook Air at that hacking contest used a Safari exploit, I believe, to take control over it. Not the same as a virus.


Collapse -
RE: A virus and an exploit are two different things
by dj_erik / April 13, 2008 10:10 PM PDT

Actually, they are really quite related. If you actually study writing viruses and exploits in a graduate level class, you would understand the similarities. By writing a boot sector virus, you are actually using an exploit on the bios. Script kiddies on windows machines were writing viruses that were exploiting VB vulnerabilities on the MS Office suite. The main reason that there isn't many wild viruses for the OSX platform is lack of interest in the black hat community, and a slight interest in the white hat community that has been publishing the security holes in the first place to find fixes. I would suggest actually helping out if you are truly knowledgeable about the subject. Look for the OpenSource files if you're going to try and hack the kernel, and there are quite a few programming boards out there as well.

Collapse -
Related, yes, but they are not quite the same
by tleMega / April 14, 2008 9:18 AM PDT

There aren't any viruses that currently exist for OS X in the wild. That will probably change, but for now, Macs cannot catch viruses from the web. But you are right about the lack of interest. Windows is much more popular and widely used than the Mac OS, which is why it is the primary target for hackers. The Mac market share is relatively small compared to that to Windows.

Viruses can exploit things depending on what they are scripted to do, but not all exploits are related to viruses. Loading specific image files on the iPod Touch or iPhone would cause to crash in one of the earlier firmware versions, allowing the user to "unlock" or "jailbreak" the device. Then they could install whatever applications or utilities they wanted. Those were not viruses. They made use of an exploit to gain access to the system, from my understanding. So when I said viruses and exploits are different, I was right, but you are also correct in stating that they are related. Several viruses depend on said exploits, while some exploits stand alone.

I have no interest in hacking the kernel or anything like that. I understand some of the security concepts, but my knowledge on this particular issue is from daily use and observations. I don't plan on interfering with the system. There are many others who know more on this particular subject than I do. I prefer to learn how to use the system instead of changing it, but I am trying to make some use of my Developer Tools. I plan on writing some applications for my Mac, and hopefully, I'll get them on the iPhone/iPod, but that is a long way to go for me. Still, you brought up some very interesting points.
Anyway, I prefer to use Macs for what they do best. They are very good for working with creative content and multimedia, and I am glad to use them. I am constantly fascinated with Garageband even though I've used it so many times. All of the modern ideas which have involved into OS X are just amazing when you think about.


Collapse -
Security via Obscurity
by mrmacfixit Forum moderator / April 14, 2008 10:08 AM PDT

Unfortunately there as still people who believe this myth.

Remember the first Windows Vista virus? 10,000 copies of Vista in the whole world! What percentage is that?
Remember the iPod running Linux virus? How many people run Linux on an iPod.
Remember the first OS X virus? No, didn't think so.

As a serious virus writer, what would be your biggest claim to fame? What would cause all your peers to heap praise upon you?
Yep, write the first "real" OS X virus. One that infects one machine and goes on to infect millions of others. Remember, there are virtually no Mac users running any form of Anti-Virus. That thing would spread like wildfire, all around the world. Millions of Mac users, infected and controlled.

Imagine the fame and, possibly fortune, for the first writer to achieve that.

Don't tell me they are waiting for the market share to increase before they do it!

Lack of interest is not the cause of the lack of viruses.

I am NOT saying that there will never be one, just that it is so much more difficult to create one that is actually a virus.


Collapse -
RE: Security via Obscurity
by dj_erik / April 14, 2008 10:59 AM PDT
In reply to: Security via Obscurity

I'll just point to a couple of Proof of Concept viruses to prove that no matter what you say they do exist, but no one is creating them to do allot of harm.

1st OSX/Leap.A
Seen in the wild (MacRumors website) sometimes classified as trojan with worm properties.
Unless run as root, or with administrative privledges does very little damage.

2nd OSX/Macarena
Strictly Proof of concept, not in the wild.

3rd OSX/RSPlug.A
Strictly Proof of concept, not in the wild.

Collapse -
Not the same
by tleMega / April 14, 2008 12:12 PM PDT

First off, the trojan has to be manually installed by the user, as many of these exploits require. The other pair of "viruses" that you mention are not in the wild, as you say. That defeats the purpose of having a virus. If writing a few files to crash one Mac would constitute as a virus (but not releasing it), then using a simple scripting program on your Mac could potentially create several "viruses". A few lines or so and *boom* your user files are gone.

Viruses are designed to create damage. Why else would they be written for any system? Just to say, "Hey! I found the back door!" ? You say that's why these "Proof of Concept viruses" are here, which may be true, but then those would be more like exploits if they are not in the wild.
You're entitled to your opinion of course, but that's what it looks like.


Collapse -
I thank God you don't work for Apple...
by dj_erik / April 14, 2008 12:54 PM PDT
In reply to: Not the same

Each of the Proofs are actually rather important in demonstrating the possibilities that can arise without proper diligence in OS and application development.

1st: Leap.A proves that worm behavior is possible, and helped Apple to fix a bug in iChat.

2nd: Macerana shows the ability to run viral code within the executable of another file. This is actually still possible, as I don't think that Apple or the OpenSource community has able to patch this behavior.

3rd: RSPlug.A proves that through a browser exploit one can be infected on Safari without user interaction. Also the virus runs with root/administrator permissions creating a cron job, uploading information to central location (possible botnet ability, or identity theft) The browser exploit has been fixed by Apple.

According to your recommendation, Apple should no longer patch it's Operating System, and close it's doors the OpenSource Community which developed most of the OSX foundation and continues to improve it.

PS. Viruses are not created to strictly create damage. Most universities have programs to further Information Technology, the Computer Sciences, or whatever the major may be called. One way is to demonstrate bad practices in design, Exploits, viruses, etc. Another is to improve current design, finding these issues so that they can be patched.

I end simply with a quote:
If knowledge can create problems, it is not through ignorance that we can solve them.
Isaac Asimov (1920 - 1992)

Collapse -
I think there is a misunderstanding
by tleMega / April 14, 2008 1:47 PM PDT

What I'm trying to get across is they are not true viruses. They are exploits. Of course Apple should continue to work on its system. There will never be a perfect OS. If you thought I meant that Apple should "close its doors", I didn't.
I understand that in order to better understand these things, you have to practice and study them. That's how we have security.

Wasn't the original point that there are no wild viruses for OS X? Look at some of Bob and Mrmacfixit's posts. Of course anything is possible and certain things have to be tested in order to be fixed and researched. Plus, I have said that a true, wild virus will show up at some time in the future. I understand where you are coming from, but I'm getting a feeling that you are misinterpreting my posts.

Here's what I said earlier:
"You say that's why these "Proof of Concept viruses" are here, which may be true, but then those would be more like exploits if they are not in the wild." They are exploits and you say two of the three mentioned are fixed. They are demonstrating how something like this would happen, and I believe that's what your first sentence in your post just said. I agree with that. I believe that's what I said with "that's why these viruses are here". If "which may be true" threw you off, I apologize for my wording.
A lot of your reasoning here makes perfect sense, but are you intending to claim that these "demonstrations" are true viruses? They are demonstrating, but I do not believe they are true viruses. If they were more for study and research/development rather than wreaking havoc, I would say they are not "true" viruses but are more like exploits. But I agree that that's what they are for. Your original post to which I responded to makes a lot of sense as well. I'm not trying to argue the facts. It's just that there are no wild viruses out there for OS X. OS X is definitely at risk but so far it hasn't been widely targeted yet.

"I thank God you don't work for Apple..."
I've met people at the Apple Store who don't appear to know anything about OS X when I speak to them. They just bring in a Genius or another employee who understands it. A few employees seem to insist that they are always right and the customer is wrong, from my experience. There others far worse than me ;). I could take a little offense at your comment, but I think we have had some sort of misinterpretation somewhere, and that may be the problem. Again, I agree with a lot of your points.

I think I'm just glad to know that there are others who recognize the importance of these concepts and discuss their opinions on them. I think it's safe to say we are some of them. I can call them in between and you can call them viruses, but they're still the same or similar in some ways.
Once again, as long as Macs "Just Work", that's all that truly matters, according to the ads :D.


Collapse -
Definitely a misunderstanding than...
by dj_erik / April 14, 2008 2:49 PM PDT

I apologize as well. I do get a bit agitated by people that don't put forth any effort to understanding the issue at hand, and yet claim things are perfect. And it seems like that was my misdirected conclusion.

I just hope that no one will ever feel that they are immune to computer viruses, exploits, or any thing else that someone may possibly think of in the future. It is that very feeling that they are not responsible for spam/viruses, that has led to a serious issue that we have been facing today. Things will probably never be perfect on the internet, but that's also what makes it such a valuable resource for anything to be thought of and created. Happy

Collapse -
We both misunderstood
by tleMega / April 14, 2008 3:19 PM PDT

It looks like we were both misinterpreting a few things there...
See, I never thought that Macs were "immune" from viruses. That would be near impossible. For the time being, attacks directed at Windows will not harm Macs and so far, no wild viruses are out there for them that we know of. I do not seek to have the image of being an "arrogant Mac user". I recognize that Macs aren't perfect, but I still prefer to use them. I don't like it when people try to discuss some topics and do not attempt to understand it either. Very frustrating, especially when it is an Apple employee that is supposed to help you solve a problem with a MBP ;). Been there, done that. At least there are many more "good" employees.

Nothing's perfect and nothing will ever be. But Macs are close right? Grin If only if that was true. I'm glad that my current setup is working great, with all of the networking problems I've been through. So glad to be out of that. Anyway, it's good to be able to discuss these things with other knowledgeable users. Wait... That thing you run on Boot Camp, Parallels, and VMWare is a virus! Happy You know, a lot of people who criticize Windows or OS X or usually biased, and even if they have used the other, they had poor experiences with it. My friend bought an iBook once, and somehow, the power cable fused to the power port. He removed it and ripped out a good portion of the computer. Apple wanted to charge a lot of money to fix it, and since then, he has never bought another one... I used (and still use) XP since it was released before finally switching, and I'm glad I did. Having different options makes things so much better.


Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?