Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
MAC Operating Systems 3
- Thread starter xplicit19
- Start date
-
1
- #2
Basically it only has a 3% market share. On the other hand Windows has a majority market share. Hackers and virus writers go more for something that will affect the most computers. Since that is Windows, it gets attacked the most. Also another reason is supposably since it is built on top of Unix, it is a little more secure. But for the most part it is that a lot less of the computers are Macs.
-
1
- #3
jimbopalmer
Programmer
Actually Old Mac OSes have very good records in this respect as well.
(I am going to ignore MS macro viruses, which are cross platform and only infect MS apps, and just discuss viruses and worms that infect the OS)
Only 58 classic mac (OS 9 and before) were ever written, in part because as Apple released new OSes they 'broke' the exisiting viruses, unlike MS who preserved virus compatibility. This meant no Apple virus could last long in the wild, as until 7.5.5 Apple OSes are free, and Upgrades were always free from major releases.
Starting with OSX, Apple has a 0 virus record, in part because a standard OSX install has NO open ports, and no open ports are ever needed unless your Mac is a server.
OSX also comes with a firewall installed and operational, while no Windows before XP includeed a firewall and XP does not come with it running by default
Another feature of OSX is that by default the user is not the administrator and the admin account has a secure password, Windows starts (and often ends) with the user as administrator and no password required. This greatly aids a script that manages to get installed in Windows, as it has full authority to do what it wants.
More subjectively, it is always unwise to depend on the OS bored teenagers would be on while their parents are away, decades ago the TRS-80 had more viruses than other brands because more teens were using them. These days, as a percentage more professionals use Macs and fewer teens than Windows This produces fewer viruses per user.
I tried to remain child-like, all I acheived was childish.
(I am going to ignore MS macro viruses, which are cross platform and only infect MS apps, and just discuss viruses and worms that infect the OS)
Only 58 classic mac (OS 9 and before) were ever written, in part because as Apple released new OSes they 'broke' the exisiting viruses, unlike MS who preserved virus compatibility. This meant no Apple virus could last long in the wild, as until 7.5.5 Apple OSes are free, and Upgrades were always free from major releases.
Starting with OSX, Apple has a 0 virus record, in part because a standard OSX install has NO open ports, and no open ports are ever needed unless your Mac is a server.
OSX also comes with a firewall installed and operational, while no Windows before XP includeed a firewall and XP does not come with it running by default
Another feature of OSX is that by default the user is not the administrator and the admin account has a secure password, Windows starts (and often ends) with the user as administrator and no password required. This greatly aids a script that manages to get installed in Windows, as it has full authority to do what it wants.
More subjectively, it is always unwise to depend on the OS bored teenagers would be on while their parents are away, decades ago the TRS-80 had more viruses than other brands because more teens were using them. These days, as a percentage more professionals use Macs and fewer teens than Windows This produces fewer viruses per user.
I tried to remain child-like, all I acheived was childish.
-
1
- #4
' MAC OS's aren't as susceptible to viruses as some other OS's'
The only other OS that I know of that can have a virus self install are those from the Microsoft family.
Simply put, all other operating systems require userinput before ANYTHING is installed especially in a system directory.
Microsoft is wide open still and doesn't seem to want to fix their problems.
The only other OS that I know of that can have a virus self install are those from the Microsoft family.
Simply put, all other operating systems require userinput before ANYTHING is installed especially in a system directory.
Microsoft is wide open still and doesn't seem to want to fix their problems.
GrayShades
Technical User
Just to be clear - there is a difference between market share and latest sales figures. While a recent sales number might indicate 3% that does not indicate market share. Mac life-cycle is not nearly as short as it is for Windows machines. For example at work I have used four different windows machines, yet had used the same Mac for the same period of time (and for two years prior to that).
And the issue of market share doesn't tell the whole, or even the main, reason for Macs not having as many viruses, etc. Back when Apple's market share was substantially larger than it is today, there still were nowhere near the proportional number of attacks against it.
Software: XL2002 on Win2K
Humanware: Older than dirt
I based my statement of 3% on different refrences including this.GrayShades said:
GrayShades said:
It does not tell the whole story, but IS a main point. When Apple did have a large market share, there was not a proliferation of internet accessable PCs or Macs, and also not a proliferation of viruses on either platform because of that. Now that quite a few computers are "Always On" the internet, and Windows has quite a few vulneralbilities, virus writers a lot of times will go after something that will affect the most computers in the easiest way. Not to say that Apple does not have any vulnerabilies (like the one this week) but less people write viruses for it because it will not affect that many computers.
Question: I use a PC at work and a Mac at home and sometimes transfer files between the two. I've been told I don't have to worry about giving the Mac a virus from the PC at work because Macs don't get viruses. The latest round of viruses has me a little worried though. Is this really true?
Answer: Technically, the answer is no, that is not true. Macs can and have caught viruses. Almost every mainstream OS is at some risk of being infected by a virus.
A more correct statement would be that Macs usually aren't infected by viruses. Recent virus statistics indicate somewhere around 80,000 Windows viruses, about 10 percent of which affect Windows XP.
In comparison, less than 50 viruses are specifically targeted at Mac OS 9 and earlier. The last widespread virus occurred in 1998. There are currently no known Mac OS X viruses.
So Mac users have become accustomed to ignoring virus outbreaks.
There are several reasons for the big difference in the number of virus infections. The first is market share. Viruses usually take advantage of a specific security flaw, which means they usually have to be targeted at a specific OS or at least similar operating system's. Since most viruses are written for either notoriety or financial gain, virus writers will naturally want to target the more than 90 percent Windows market rather than the 3 to 5 percent Mac market.
Secondly, Macs tend to come with security settings mostly closed while Windows PCs tend to come with more of them opened up. Microsoft has made major improvements in this recently.
Lastly, some underlying OS structures do tend to make it easier to compromise Windows PCs.
Those virus infections numbers have lulled most Mac users into a false sense of security.
We certainly can't preclude that some talented, but twisted, individual won't write a virus that crosses platforms or is targeted specifically at a Mac OS. Mac users should still take the same steps as PC users to ensure security.
Is the Mac less susceptible? Certainly, yes. Is the Mac invincible? Certainly not.
The Wise Guys are Doug Anderson, Lam Nguyen and Michael Golden. E-mail computer questions to wiseguys@ argusleader.com or write to Wise Guys, Argus Leader, Box 5034, Sioux Falls, SD 57117-5034.
imeldesign
IS-IT--Management
Actually, the first "concept" virus was written for OSX in April. It wasn't released into the wild. The virus was embedded into an MP3 file: think iTunes. A flaw in OSX allows the mp3 icon to be displayed even if the file is not really an mp3 but an executable packaged to look like an mp3 and even play music as the virus is released.
As summer approaches and the teens are let loose from captivity I will bet the first real virus will make it's debut.
BTW the next release of "Tiger" may or may not have this flaw.
I use virus protection on all macs on my network. Better safe than sorry.
As summer approaches and the teens are let loose from captivity I will bet the first real virus will make it's debut.
BTW the next release of "Tiger" may or may not have this flaw.
I use virus protection on all macs on my network. Better safe than sorry.
jimbopalmer
Programmer
Note that if you are unwise enough to take a Mircrosoft free OS and foolishly add Microsoft applications, all bets are off. Microsoft Macro viruses can be and are cross platform and any Mac with MS Office is as likely to get/spread macro viruses as a PC with MS Office is.
I tried to remain child-like, all I acheived was childish.
I tried to remain child-like, all I acheived was childish.
jimbopalmer
Programmer
Actually, the first "concept" virus was written for OSX in April."
Thankfully that concept failed, as the only way to pass the program while retaining the false attributes was compressed, so the end user would have to unstuff it by hand so it could infect his Mac, a liablity in a virus that means it could never spread far. It COULD be developed into a trojan, but not a virus unless it can figure out a way to uncompress at the new system.
I tried to remain child-like, all I acheived was childish.
Thankfully that concept failed, as the only way to pass the program while retaining the false attributes was compressed, so the end user would have to unstuff it by hand so it could infect his Mac, a liablity in a virus that means it could never spread far. It COULD be developed into a trojan, but not a virus unless it can figure out a way to uncompress at the new system.
I tried to remain child-like, all I acheived was childish.
Ignore the statistics. Keep in mind that it only takes one virus or one hacking attempt to compromise your computer. Practice safe computing and there should not be a problem.
In terms of susceptibility, Mac OSX is just as susceptible as Windows to viruses. Every operating system can be exploited in one way or the other. The only thing we can look at is the library of existing viruses: which are mostly Windows-based. When the majority of the world uses Windows, it is no surprise that Windows has more viruses.
- - picklefish - -
Why is everyone in this forum responding to me as picklefish?
In terms of susceptibility, Mac OSX is just as susceptible as Windows to viruses. Every operating system can be exploited in one way or the other. The only thing we can look at is the library of existing viruses: which are mostly Windows-based. When the majority of the world uses Windows, it is no surprise that Windows has more viruses.
- - picklefish - -
Why is everyone in this forum responding to me as picklefish?
I think there are two questions being answered in this forum, but only one question was asked.
People are answering a question about the prevalence of Windows vs. Macintosh viruses, but the question was about susceptibility.
Prevalence has to do with market share, you bet.
Susceptibility has to do with vulnerabilities in the OS itself and has nothing to do with market share. Does that make sense?
Jimoblak, you state Mac OS X is just as susceptible as Windows. I have a problem with that statement. It implies there are just as many auto-execute exploits available in Mac OS X as in Windows. There were two known auto-execute vulnerabilities, having to do with the help viewer and with file handler registration, which were widely known about a month ago and patched 6/7/2004. At this time, there is not a known vulnerability for auto-executing in Mac OS X. Therefore, there are no opportunities for virus writers on OS X.
There is, as always, the opportunity to use social engineering in combination with a Trojan horse to trick a user into executing malicious code, but that isn't going to spread too far, if each recipient has to be tricked.
If you know something more, like a CERT reference or an Apple KnowledgeBase reference to an exploit, please post it. Otherwise, please distinguish between prevalence and susceptibility and give credit where credit is due. Apple's engineers have made many good decisions in regards to default security and it shows.
People are answering a question about the prevalence of Windows vs. Macintosh viruses, but the question was about susceptibility.
Prevalence has to do with market share, you bet.
Susceptibility has to do with vulnerabilities in the OS itself and has nothing to do with market share. Does that make sense?
Jimoblak, you state Mac OS X is just as susceptible as Windows. I have a problem with that statement. It implies there are just as many auto-execute exploits available in Mac OS X as in Windows. There were two known auto-execute vulnerabilities, having to do with the help viewer and with file handler registration, which were widely known about a month ago and patched 6/7/2004. At this time, there is not a known vulnerability for auto-executing in Mac OS X. Therefore, there are no opportunities for virus writers on OS X.
There is, as always, the opportunity to use social engineering in combination with a Trojan horse to trick a user into executing malicious code, but that isn't going to spread too far, if each recipient has to be tricked.
If you know something more, like a CERT reference or an Apple KnowledgeBase reference to an exploit, please post it. Otherwise, please distinguish between prevalence and susceptibility and give credit where credit is due. Apple's engineers have made many good decisions in regards to default security and it shows.
When someone mentions the word 'viruses', I assume that they mean anything (whether auto-executing code or not) that can compromise the security of their system. I take much less issue with an auto-executing bug that re-associates a file type with a new application than with someone who hacks into an open port and gains root control over my computer.
It is a naive statement like...
Do not get me wrong, I prefer OSX over XP but I am not foolish enough to assume that Apple's last update will solve all security issues. Apple will issue further security updates as deviants make use of further opportunities to exploit operating systems.
Being susceptible has nothing to do with market share or the number of known exploits for a particular system. In case you missed my previous statement, it only takes one virus or exploit to mess up your computer. You only need to worry about that one exploit, not the wealth of exploits already present in the Windows world.
My post was to disassociate 'prevalence' and 'susceptibility' so I'm not sure what your point is to ask about CERT references.
Do not discount social engineering exploits as being isolated. I have a web site that has accumulated thousands of social security numbers from willing registrants. I have no use for the data: I was just curious to know how many stupid people there are on the internet. Network computing allows a sucker to be born every millisecond.
- - picklefish - -
Why is everyone in this forum responding to me as picklefish?
It is a naive statement like...
...that makes Mac users susceptible to exploits if they think they are using an impenetrable system. If a system was truly secure, Apple would not need to post security updates at least once every six months.
Do not get me wrong, I prefer OSX over XP but I am not foolish enough to assume that Apple's last update will solve all security issues. Apple will issue further security updates as deviants make use of further opportunities to exploit operating systems.
Being susceptible has nothing to do with market share or the number of known exploits for a particular system. In case you missed my previous statement, it only takes one virus or exploit to mess up your computer. You only need to worry about that one exploit, not the wealth of exploits already present in the Windows world.
My post was to disassociate 'prevalence' and 'susceptibility' so I'm not sure what your point is to ask about CERT references.
Do not discount social engineering exploits as being isolated. I have a web site that has accumulated thousands of social security numbers from willing registrants. I have no use for the data: I was just curious to know how many stupid people there are on the internet. Network computing allows a sucker to be born every millisecond.
- - picklefish - -
Why is everyone in this forum responding to me as picklefish?
Jimoblak, let me take this point by point. I suspect you and I are in close agreement on this topic, I just have a little issue with some of your statements.
First, your point is well-taken that there is user-susceptibility vs. machine- or OS-susceptibility. Mac users are just as susceptible, perhaps even more so, to social engineering stunts as Windows users. Like the report of the guy who executed malicious Applescript code downloaded from Limewire because it had the Microsoft Word icon on it. Ouch. There is not an operating system out there that can prevent a user from deliberately, willfully launching malicious code. Yes, a sucker is born every milli-second.
Second, your point about only one virus or hacker being required to ruin your whole day is also very valid. I don't care if there are 5 or 5 million viruses in existence, so long as they aren't on my systems. And just one, even if it were the only one in existence, would be too many on my system. Agreed.
Here's a statement you made in your first post on this topic:
[highlight]In terms of susceptibility, Mac OSX is just as susceptible as Windows to viruses. Every operating system can be exploited in one way or the other. [/highlight]
And in the follow-up post:
[highlight]Being susceptible has nothing to do with market share or the number of known exploits for a particular system. [/highlight]
If someone asked you to devise a scale to measure or assess 'susceptibility', would you answer with a binary formula? In other words, a system is either susceptible or its not, and that's how everything will be judged under your scale? As you point out, every operating system can be exploited in one way or another, so everything would end up at the upper end of your scale, 'Susceptible'. Not a terribly useful scale if it doesn't distinguish between any systems at all, now is it?
Wouldn't it make more sense to rate systems by the number of known exploits and severity of those exploits? Yeah, it only takes one to ruin your whole day, but if we are assessing one OS vs. another, isn't this a more useful way to discuss the situation than a simple statement that all systems are vulnerable, therefore all systems are equally vulnerable? That's why I ask about references from CERT or Apple's Knowledgebase, because those places will include the severity of the exploits.
Getting back to the original question, which I don't think this thread has done a very good job of answering, why is the Mac OS less susceptible to viruses? Others have addressed Mac OS <9, along with a great remark about telnetting into a rock, which is what Mac OS 9 and earlier were. Network rocks, out of the box. Sure, you could open them up very easily by clicking a box in the FileSharing control panel, but the default settings were pretty solid.
Mac OS X, however, is a whole different ball game compared to OS < 9. I think it is important to distinguish between auto-execute and other types of vulnerabilities, for the practical reason that auto-execute stuff is what allows these Windows worms to circle the globe overnight and infect millions of machines. Anything that can't auto-execute is simply not going to be able to cover that much territory and will move way, way slower.
Here's the general answer to the question, I believe:
OS X has different privileges (modes) for different parts of the operating system, which means it is tricky to get a piece of code to execute on a box without user intervention. OS X has an idea of ownership, which makes it difficult for code 'owned' by a user to touch files 'owned' by the system, without user intervention. OS X in a managed environment, i.e., most corporate environments, is set up such that the actual user(s) of the machine aren't admins, so they can't install new software, or can't install it in the system-space. Only in their own sandbox, which greatly limits the ability of that code to do damage.
One thing I don't understand is why there isn't more malicious Applescript out there. It really should be trivial to write an Applescript that sends a copy of itself to all entries of the users address book. It would just be one email with a cc or bcc of everyone in the address book, so there wouldn't be lots of disk activity to tip off the user, if all the addresses were valid, there wouldn't be any bounces to tip off the user. Most Mac users have other Mac users, at least a few, in their address book. Attach the applescript to the outgoing email with the title "OS X Startup Optimizer script from OSXHints.com", and at least half your recipients would run it, even if they had to authenticate to do it. Okay, so there's an opportunity for a virus writer, but that's a social exploit, not an OS susceptibility.
Anyway, as I say, I think we agree very closely, I just like to make finer distinctions in the area of vulnerabilities, because I believe there are practical reasons to do so.
Thanks for your thoughts on this topic, it's been an interesting read.
First, your point is well-taken that there is user-susceptibility vs. machine- or OS-susceptibility. Mac users are just as susceptible, perhaps even more so, to social engineering stunts as Windows users. Like the report of the guy who executed malicious Applescript code downloaded from Limewire because it had the Microsoft Word icon on it. Ouch. There is not an operating system out there that can prevent a user from deliberately, willfully launching malicious code. Yes, a sucker is born every milli-second.
Second, your point about only one virus or hacker being required to ruin your whole day is also very valid. I don't care if there are 5 or 5 million viruses in existence, so long as they aren't on my systems. And just one, even if it were the only one in existence, would be too many on my system. Agreed.
Here's a statement you made in your first post on this topic:
[highlight]In terms of susceptibility, Mac OSX is just as susceptible as Windows to viruses. Every operating system can be exploited in one way or the other. [/highlight]
And in the follow-up post:
[highlight]Being susceptible has nothing to do with market share or the number of known exploits for a particular system. [/highlight]
If someone asked you to devise a scale to measure or assess 'susceptibility', would you answer with a binary formula? In other words, a system is either susceptible or its not, and that's how everything will be judged under your scale? As you point out, every operating system can be exploited in one way or another, so everything would end up at the upper end of your scale, 'Susceptible'. Not a terribly useful scale if it doesn't distinguish between any systems at all, now is it?
Wouldn't it make more sense to rate systems by the number of known exploits and severity of those exploits? Yeah, it only takes one to ruin your whole day, but if we are assessing one OS vs. another, isn't this a more useful way to discuss the situation than a simple statement that all systems are vulnerable, therefore all systems are equally vulnerable? That's why I ask about references from CERT or Apple's Knowledgebase, because those places will include the severity of the exploits.
Getting back to the original question, which I don't think this thread has done a very good job of answering, why is the Mac OS less susceptible to viruses? Others have addressed Mac OS <9, along with a great remark about telnetting into a rock, which is what Mac OS 9 and earlier were. Network rocks, out of the box. Sure, you could open them up very easily by clicking a box in the FileSharing control panel, but the default settings were pretty solid.
Mac OS X, however, is a whole different ball game compared to OS < 9. I think it is important to distinguish between auto-execute and other types of vulnerabilities, for the practical reason that auto-execute stuff is what allows these Windows worms to circle the globe overnight and infect millions of machines. Anything that can't auto-execute is simply not going to be able to cover that much territory and will move way, way slower.
Here's the general answer to the question, I believe:
OS X has different privileges (modes) for different parts of the operating system, which means it is tricky to get a piece of code to execute on a box without user intervention. OS X has an idea of ownership, which makes it difficult for code 'owned' by a user to touch files 'owned' by the system, without user intervention. OS X in a managed environment, i.e., most corporate environments, is set up such that the actual user(s) of the machine aren't admins, so they can't install new software, or can't install it in the system-space. Only in their own sandbox, which greatly limits the ability of that code to do damage.
One thing I don't understand is why there isn't more malicious Applescript out there. It really should be trivial to write an Applescript that sends a copy of itself to all entries of the users address book. It would just be one email with a cc or bcc of everyone in the address book, so there wouldn't be lots of disk activity to tip off the user, if all the addresses were valid, there wouldn't be any bounces to tip off the user. Most Mac users have other Mac users, at least a few, in their address book. Attach the applescript to the outgoing email with the title "OS X Startup Optimizer script from OSXHints.com", and at least half your recipients would run it, even if they had to authenticate to do it. Okay, so there's an opportunity for a virus writer, but that's a social exploit, not an OS susceptibility.
Anyway, as I say, I think we agree very closely, I just like to make finer distinctions in the area of vulnerabilities, because I believe there are practical reasons to do so.
Thanks for your thoughts on this topic, it's been an interesting read.
I simply define susceptibility as being 'capability'. If we agree that only one virus is required to harm a system, then there is no need to differentiate between the number of existing viruses known for Windows versus the minimal exploits known for OSX.
Excluding user-initiated action from the definition of a virus is not practical. A user is always required to initiate a virus - - whether it is opening an email message, visiting a web page, or inserting a disk. The only true way to avoid viruses is to not turn on your computer. My TI-99/4A hasn't encountered a virus in 20 years.
I prefer OSX (and any *nix platform) because it gives the appearance of a more secure operating system based on the privileges that you mention. But we should always be weary of the next possible exploit.
- - picklefish - -
Why is everyone in this forum responding to me as picklefish?
Excluding user-initiated action from the definition of a virus is not practical. A user is always required to initiate a virus - - whether it is opening an email message, visiting a web page, or inserting a disk. The only true way to avoid viruses is to not turn on your computer. My TI-99/4A hasn't encountered a virus in 20 years.
I prefer OSX (and any *nix platform) because it gives the appearance of a more secure operating system based on the privileges that you mention. But we should always be weary of the next possible exploit.
- - picklefish - -
Why is everyone in this forum responding to me as picklefish?
- Status
Similar threads
- Locked
- Question