Grey Matters header image
Photo taken from deck of Warren's home.

Mac Viruses

Jan 17th, 2006
by Warren.

Written: January 17, 2006

I recently received email which said: “… you sent an email awhile back about how some people say that Macs do not have the viruses written for them because there are so few Mac users… I’m starting to hear that a lot at work lately… If you have it handy, can you re-send… I’ll be sending it around work to at least two guys I work with.” In response to this request, I’ve expanded on the email I sent previously to try and clear up some things and to specifically address the “Macs-have-no-viruses-because-of-low-market-share” issue.

_____

This guy offered a bounty for proof that a Mac OS X machine had
ever been infected by a virus. http://wilshipley.com/blog/2005/09/mac-os-x-viruses-put-up-or-shut-up.html

All of the viruses I find on my Macs are Microsoft viruses (peculiar to Windows OS, MS Word macro viruses, etc.)

I’m not saying that Mac OS X will never suffer a virus. Nothing is ‘impossible’ — there are just things we haven’t figured out how to do yet. And no one has thus far been able to figure out how to propagate a Mac OS X virus.

That’s not to say there’s no ‘malware’ — software that can do damage, if run. But as for real viruses propagated all by themselves from one Mac OS X machine to another? Hasn’t happened yet.

There was this thing called ‘Opener’ which is a root kit, not a virus. If someone were foolish enough to install it on their system (it cannot install itself, unlike viruses) then you’ve just given away control of your machine.

I operate my own Internet servers and I permit my ISP to use one of my DNS servers for his clients’ recursive lookups. Twice in the last year I have alerted him to spambots on his clients’ PeeCees — ‘zombied’ Windows machines that had unwittingly downloaded and, without knowledge or participation by the machine’s owner, installed a spam sending program so they could churn out hundreds of thousands of spam per day. I was alerted by the huge numbers of MX (Mail eXchanger) lookups done by these infected Windows machines.

As noted previously, software has to be installed by an admin user on a Mac. Software cannot install itself. I’ve never heard of a zombie Mac. (Go ahead and google ‘zombie PC’. Now compare that to ‘zombie Macintosh’)

I subscribe to a number of Mac mailing lists. The topic of anti-virus software often comes up. The discussion thread typically goes like this:

Q. What’s a good anti-virus program for Mac?

A. You don’t need one.

Q. But all my friends said I am crazy not to have anti-virus software.

A. All your friends probably use Microsoft Windows. There are lots of Microsoft viruses for Windows. There are no known viruses for Mac OS X.

Q. But there are Mac anti-virus programs on the Market. Why, if there are no Mac viruses? (Hah! Gotcha!!)

A. The best reason to run anti-virus software on a Mac is to prevent passing on Microsoft viruses to your Windows using friends. Though Macs are immune to Microsoft email viruses and such, you could inadvertently pass on a virus by forwarding an infected email or document.

There are a few viruses for the ‘classic’ (pre-OS X) Mac OS which Mac anti-virus software will catch as well, but if you run only OS X, this should not be an issue.

Another reason to run anti-virus on a Mac is to flag Microsoft macro viruses. But you can configure your Mac Microsoft Office applications to simply not allow execution of macros and be protected from these.

Mac “anti-virus” software also looks for Trojan Horses and other malware of the non-virus variety. For the most part, if you simply don’t install software from untrusted sources, you can remain malware free. 

Q. So I’d run anti-virus software on my Mac primarily to protect people using Windows?

A. Yup. The great vast majority of computer viruses are rightly called Microsoft viruses. If you do not use Microsoft products (operating system, email program, application programs) then you really don’t need anti-virus software on your Mac.

Q. Well, why aren’t there any Mac viruses?

A. Mac OS X is based on Unix. Unix got its start in 1969 and really took off in the ’70s. As a multi-user operating system, security has been an important factor for decades. Many versions of Unix, including the BSD Unix which is the basis on Mac OS X, are ‘open source’ software. That is, the source code is available for everyone to examine. This means that many, many people are able to check the code and look for vulnerabilities. Because of this openness, there are very few vulnerabilities and those which are found are quickly patched.

As a result, Unix-type operating systems tend to be quite secure. A virus simply cannot install itself and propagate to other Mac OS X systems. They lack the permission to do so. If a virus cannot spread, there can be no outbreak. Remember, to be a ‘virus’, the software must be self-propagating.

Q. But isn’t Apple’s low market share a factor? If Macs were more widely used, they’d be targeted more by virus writers, right?

 A. Targeted? Perhaps. But that’s not he same as being successfully infected. The whole point of creating a virus program is, after all, to succeed — to infect lots of computers. You can go on the Internet and download do-it-yourself virus writing kits which will help you create your own Microsoft virus. There are so many security vulnerabilities in the Windows operating systems that the process of writing a virus can be semi-automated. Pick which security hole you’d like to exploit and go from there.

As for targeting OS X, what would be the point of aiming for a target you cannot hit? When’s the last time someone “targeted” Fort Knox for a robbery? More often targeted are liquor/convenience stores which are ‘doable’.

The last viruses for Mac were in the pre- OS X days. Go ahead and google “Macintosh Virus” and you’ll find lots of hits from 1999-2000 and talk of Systems 6 and 7. There were a couple of pretty good outbreaks way back when, showing that Mac IS targeted when it’s doable. There have been no outbreaks on OS X because no one has figured out how. Contrast that to even the latest Windows XP OS.

Even if it were true that the only reason Macs have no viruses is the low market share, isn’t that enough of a reason to switch to Mac?!? Do you really care WHY Macs are virus free, as long as they are? If you were in an area where malaria was a common affliction, And your friend in Arizona said malaria wasn’t a problem there, would you respond: “Oh, the only reason malaria isn’t a problem in Arizona is that there are so few mosquitos there”?

Q. So if I’m using Mac OS X, I’m completely safe?

A. Not quite. There are ‘malware’ programs out there — programs that will do your OS X Mac harm if you install and run them. But that’s the key: install software only from trusted sources. There have been a few ‘proof-of-concept’ developments that showed that a Mac could be harmed in some way, but they all relied on being run by someone with permission to do so. I’m not aware of any malware that can install and run itself on OS X by simply visiting a web site, as can happen on Windows operating systems, for example.

As for true viruses for Mac OS X, there have been none. Software simply cannot install itself on your Mac OS X computer, run itself and spread to other Mac OS X computers the way it can on Microsoft OS computers.

In summary, Microsoft products are the ‘vector’ that allows computer viruses to spread. The more ‘Microsoft’ you have on your computer, the more you need anti-virus software.

This ends our Q & A.

I’ll end with some A-V related excerpts from a Mac mailing list.

At 6:11 AM -0700 10/6/05, Jim wrote:

http://securityresponse.symantec.com/avcenter/vinfodb.html is the searchable database. I just searched for the word Macintosh and got 2,869 documents found, top 500 by relevance.  I have obviously not read all of them to see how many reference actual threats to a Mac.

Here is what is in the defs for NAV 10 on my Mac, dated 10/5/2005 say:

33,658 Virus names found, 70,732 total virus definitions.
I can then sort by type.
Hypercard Virus — 12 (I doubt most Mac folks still use Hypercard)
Macintosh file infector–34
Macintosh Trojan Horse–19
Macintosh Worm–2
Macros–too many to count. These are cross-platform on Office documents.

PC Virus–too many to count. I don’t know how many of these might be a threat under Virtual PC because I don’t have it. Running a Windows AV program under VPC might be recommended for those who do but again I don’t have it.

There is no breakdown listed as to how many are OS X although I recognize a few related to concept viruses or worms that have not been seen in the wild but have been mentioned online.

 
At 8:29 PM -0800 11/27/05, Randy wrote:

There are *no* viruses for OS X specifically. There are literally thousands of Word and Excel macro viruses, but you can keep them from running by enabling “macro virus protection” in preferences in those programs. (Business users, who frequently receive legitimate Word and Excel documents with embedded macros, may prefer to have an anti-viral program that can actually detect and clean a malicious macro from a document, and preserve the document.)

There are two or three Trojans/worms for OS X (not just “concepts”), but they are incredibly rare, and they aren’t self-propagating, so you are unlikely to encounter them, and only then if you engage in downloading from peer to peer networks.  Trojans for OS X include Opener/Renepo, the WordInstaller Trojan, MacCowHand, and MP3/Concept. MP3/Concept does not exist in the wild as anything other than a proof-of-concept.

http://www.sophos.com/virusinfo/analyses/maccowhanda.html

http://www.macintouch.com/opener02.html

http://securityresponse.symantec.com/avcenter/venc/data/macos.mw2004.trojan.htm

http://www.macworld.co.uk/news/index.cfm?

NewsID=8406http://www.intego.com/news/pr41.asp

http://www.securityfocus.com/archive/1/395107/2005-04-03/2005-04-09/0

As for MP3/Concept, when someone posts a proof-of-concept on the Internet, my personal feeling is that it is sort of like providing a construction kit for psychopathic geeks to create malware. Thus, the mere existence of such a proof-of-concept on the Internet heralds the need for increased security.

There is no spyware for the Mac that can be disseminated via a Web site or e-mail, so it is highly unlikely that you might become infected with spyware.

There are classic viruses (for OS 8/9) that can infect Classic running under OS X, but they have become very rare because they were designed to propagate via floppy, and Macs haven’t used floppies in ages. (Folks don’t seem to share user-recorded CD’s like they did floppies.)

So, your chances of encountering any malware at all, if you are running OS X, is minuscule. Most Mac users feel that using anti-viral software is a waste of money. I have used anti-virus software religiously for at least the last couple of decades, and its been a long while since it flagged anything other than a Windows virus that has shown up as an e-mail attachment. (Windows viruses are completely harmless to Macs.)

 

Posted in: Technology.

Comments are closed.