The Mac OS X Virus Report: Why the Disconnect?
March 22nd, 2007For months, you’ve been hearing the same old story. As Mac OS X becomes more and more popular, and Windows users continue to switch to Apple’s platform, the rise of malware is inevitable. Before you know it, Mac OS X will be subject to some of the same irritants that are inflicted on the Windows platform.
Now it’s quite true that, whenever a new Apple Security Update appears, you hear those claims all over again. The Internet criminals are just aching to be among the first to overwhelm Mac OS X with their spyware, viruses, Trojan Horses, and all the rest of that malicious garbage. Soon they’ll be turning Macs into spam-bots, so you better get ready to share the same level of misery experienced by your friends and neighbors on the Windows platform.
It’s enough to full you with feelings of togetherness for your fellow PC users, since you’ll soon be in the same boat.
Except that it never seems to happen. Sure, there are lots and lots of potential security leaks, most of which are quickly repaired by Apple. The recent 10.4.9 update, for example, patched a bunch of them. Indeed, there are likely plenty of additional tiny pathways that could be exploited, thus creating the appropriate climate for malware. Or at least that’s the theory, although the risks don’t appear to be all that great. But some of the fear-merchants won’t tell you that, because it doesn’t drive traffic to their sites and their articles.
Then there are those “proof-of-concept” viruses, which do harm in the laboratory but haven’t spread into the wild. No, I would not suggest for a moment that the makers of security software have manufactured these viruses to sell more product when there is apparently no reason to do it otherwise.
So you have to wonder: Isn’t there a huge incentive for the creators of malware to create the first real Mac OS X virus? Shouldn’t they be lining up to spread their nasty wares into the Mac universe?
Is there something about the Mac OS X platform that discourages the scourge of the Internet? Could it be that virus authors actually like Macs, so they don’t want to cause us any harm?
This is not something that I would take too seriously, of course. After all, the biggest motive today for malware is simple greed. An infected PC can be taken over and used to spread spam to your mailboxes and mine and all the other computer users on the planet. Spammers do it for ill-gotten gains, and for that there are no platform distinctions.
Now some might argue that Mac OS X is safe because of obscurity, but how is an operating system with some 22 million users obscure?
Maybe it’s just harder for those exploits to overwhelm a Mac, because you have to give a password for most new software installations, whereas you don’t under Windows Vista, even with its allegedly enhanced security model.
Maybe we’re just lucky.
Or perhaps they are just waiting in the wings, ready to inundate the Mac platform with malware when we least expect it. But I’m not a fear monger, so I wouldn’t presume to suggest any such thing.
My opinion, such as it is, might be considered a little less logical. We’re just lucky, that’s all. As the Mac platform continues to gain traction, the virus infections will appear, perhaps when we least expect it.
Meantime, I am of mixed opinions about whether you should install virus protection software, or even a full-fledged Internet security suite. To be sure, it probably won’t do any harm. Although virus protection applications have, from time to time, been notorious for causing slowdowns and conflicts of their own, this doesn’t happen much anymore.
Moreover, once malware erupts, you may not have sufficient time to rush out and buy a copy or download the software to stop the infection in its tracks.
You see, it’s not a matter of if, but of when.
Print This Post
MacGeekery? We’ll look into it Michael. Thanks for the suggestion.
Peace,
Gene
“…All third-party software I use installs by drag-and-drop, and I have it in ~/Applications not /Applications.”
I think that’s one reason why i was so peeved earlier 🙂
I was doing a first run of some new app in my (alternate user) home applications folder, and it *still* asked me for an admin id..i checked afterwards and all the prefs are in ~/Library, so I don’t get it…
ahh well..
I am not sure I understand some of the complaints. What’s wrong with being asked for a password before installing new software, or even before using an app for the first time? That hardly takes up much time. Think about the amount of time you would loose in the case of some malware ending up on your system.
We can’t have it both ways. We can’t applaud Apple for coming up with the most secure OS, yet, at the same time, expect it to never warn us of potential dangers.
“I am not sure I understand some of the complaints. What’s wrong with being asked for a password before installing new software …”
… being asked for a password *by what*?
The potential problem is with an *installer’s* asking for an administrative password. Why would it need it, and what is it going to do with it? With an adminstrative password, the program can go where it likes, including into system areas; with an adminstrative password it can run as root. There’s, effectively, no limit to what it can do.
Make a plaintext file and try to drag it into, say:
/System/Library.
You’ll find you can’t–at least not without authenticating. You are locked out of these areas for a reason. And you really, really don’t want anybody else putting anything into them. It might be necessary in a few cases, but you’d want to be doubly sure that it was and doubly sure of the software company providing the software, too.
One has to be careful where one downloads software from, but that’s not the end of the matter. There doesn’t even need to be malice involved. Incompetence will do just fine.
My point was that this is precisely how malware can open a back door…if passwords requests keep popping up, even for access to what would appear fully owned folders (a password to install into my home folder? cmon!)..then the situastion arises that these securities often get bypassed entirely, either out of frustration , or neccessity..certainly it’s common to just log in a root to bypass, if in a hurry, or have a lot of cross partition arranging or fil transfering to do, etc.
The only diff is that in win systems, in the past, it’s been the default, cancelling out any protection that it might have otherwise offered
” … this is precisely how malware can open a back door …”
I’d be interested to ask Mac users the following question: “If you met a Mac developer at a party and he asked for your administrative password, would you give it to him?”
If any would hesitate even for a second, then they’d have to remember not to treat the same request from his software any differently.
I might ask someone into my house, but I wouldn’t necessarily hand him a skeleton key that opened every door, every cupboard, every drawer, a safe if I had one, and anything else, and let him go where he wished and do as he pleased. And, again, he doesn’t need to be malicious, just less competent than he should be for what it might occur to him to do.
He might, for example, be so insouciant as to leave “a binary executed with root privileges at an user-writable path”:
http://projects.info-pull.com/moab/MOAB-08-01-2007.html
IOW, to return to the metaphor of the house he might intend no harm, but he might leave the door open so that someone else who does can walk through it.
Here’s the University of Utah on the subject:
http://www.macos.utah.edu/documentation/administration/poorly-made_apps.html
If someone had the temerity to ask me a question of that nature, I’d tell him or her where to go and how to get there 🙂
Peace,
Gene