Are Macs susceptible to malware from merely visiting a website?

[sweeteviljesus]

Can a Mac get infected by merely going to a website, or is this a problem exclusive to some versions of IE?

Thanks,
Rob

[tellyworth]

That kind of exploit can occur on any platform. In practice it's relatively rare. But yes, it can happen.

All of the Mac malware I'm aware of has to be explicitly installed by the user. They usually masquerade as security or maintenance programs ("speed up your computer" and the like).

[beowulff]

In other words, no.

[andrewm]

In theory, yes. Such attacks have been demonstrated multiple times at the Pwn2Own competition. More practically jailbreakme.com has used PDF exploits to jailbreak iOS.

[beowulff]

In practice, no.

[Blakeyrat]

Quote:

Originally Posted by beowulff

In practice, no.

Do you work for Apple? The answer to the question, as asked, is "yes."

The unfortunate truth is that Apple's Safari has, all-told, as many or more exploits as any other company's browser, and Apple is particularly lackadaisical about patching them, which is why they usually lose Pwn2Own, and usually have more open exploits at any given time. (They're also pretty bad about patching exploits in related technology-- their version of the Java runtime, for example.)

The reason these holes aren't being exploited is because the economic incentive to do so isn't there-- building a botnet of a few million Macs isn't worth it when it's far more profitable to spent the same amount of time on your exploit and getting a botnet of a few billion Windows PCs.

[beowulff]

Quote:

Originally Posted by Blakeyrat

Do you work for Apple? The answer to the question, as asked, is "yes."

The unfortunate truth is that Apple's Safari has, all-told, as many or more exploits as any other company's browser, and Apple is particularly lackadaisical about patching them, which is why they usually lose Pwn2Own, and usually have more open exploits at any given time. (They're also pretty bad about patching exploits in related technology-- their version of the Java runtime, for example.)

The reason these holes aren't being exploited is because the economic incentive to do so isn't there-- building a botnet of a few million Macs isn't worth it when it's far more profitable to spent the same amount of time on your exploit and getting a botnet of a few billion Windows PCs.

No, I don’t work for Apple.
But, I hear the same, tired arguments all the time from Windows fanboys about how the Mac is “just as vulnerable” to malware as Windows.
And, it just isn’t true.
As far as I know, there are zero (non, nada, zilch) drive-by attacks that are capable of infecting an OS X system running the current version of system software (10.7.2).
This number may possibly increase to single digits if third-party software (Flash/Acrobat) is installed, but I believe that running the current versions of that software brings the number back to zero.

If you can show me a drive-by attack that exists in the wild, I will post a retraction.

[Blakeyrat]

Safari loses Pwn2Own first every single year. There are tons of exploits out there. Apple invariably takes months to patch those exploits, even after they are documented and demonstrated.

As I said above the reason (the ONLY reason) they're aren't exploited is because the financial incentive isn't there. You don't see them "in the wild" not because the guys writing exploits for botnets are incompetent (on the contrary-- they're bypassing far more secure browsers), but because they haven't bothered.

But that could change at any moment. Telling people they're completely safe because they use Apple products is dangerous and irresponsible.

[Arnold Winkelried]

To get back to the OP's question, it definitely is not restricted to a single browser (the OP asks about Internet Explorer). In theory, it can happen with any operating system and any browser. In practice, some pieces of software and some operating systems have more vulnerabilities or are the subject of more attacks (depending on who you speak to.)

For these types of debates (viruses on Mac vs. Windows), I like to use this metric to gauge the real-world probabilities: do a search on the threads in GQ discussing viruses, and count how many of the people who have a virus infect their machine have Windows vs. how many people are running Macintosh OS X. From my reading, all the questions I've seen on the board asking to get rid of a virus were from people who used the Windows operating system.

[Eyebrows 0f Doom]

Quote:

Originally Posted by Arnold Winkelried

For these types of debates (viruses on Mac vs. Windows), I like to use this metric to gauge the real-world probabilities: do a search on the threads in GQ discussing viruses, and count how many of the people who have a virus infect their machine have Windows vs. how many people are running Macintosh OS X. From my reading, all the questions I've seen on the board asking to get rid of a virus were from people who used the Windows operating system.

Many many many more people use Windows than Macs, so of course you're going to see more questions relating to Windows machines.

[MsWhatsit]

If you are asking if, theoretically, a Mac can get malware under certain circumstances, the answer is yes.

If you are asking if, practically speaking, you need to install antivirus software on your Mac, the answer is no.

[Arnold Winkelried]

Quote:

Originally Posted by Eyebrows 0f Doom

Many many many more people use Windows than Macs, so of course you're going to see more questions relating to Windows machines.

I can't remember a single question on the boards from someone who had a virus on a Macintosh. Have you ever seen one?

[Ximenean]

Quote:

Originally Posted by Arnold Winkelried

I can't remember a single question on the boards from someone who had a virus on a Macintosh. Have you ever seen one?

I think I can remember at least one. But yes, reports of Mac malware are certainly disproportionately low compared to Windows.

I think it's mainly because so many Windows users still run with administrator privileges (equivalent to root in Unix-like systems). Even with protective privilege-reducing mechanisms Microsoft has added to recent versions of Windows, I still don't think it's a good idea to do that. If Windows users all used non-privileged accounts that would dramatically reduce the effectiveness of malware.

[Turek]

Quote:

Originally Posted by Blakeyrat

Safari loses Pwn2Own first every single year. There are tons of exploits out there. Apple invariably takes months to patch those exploits, even after they are documented and demonstrated.

Plus, there are many browsers other than Safari that run on Macs.

[beowulff]

I still haven't seen anyone present evidence that a Mac can be infected by the conditions stated in the OP:

Quote:

Can a Mac get infected by merely going to a website

This means: no explicit downloading of files.

[andrewm]

Quote:

Originally Posted by beowulff

I still haven't seen anyone present evidence that a Mac can be infected by the conditions stated in the OP:

This means: no explicit downloading of files.

Jailbreakme.com definitely showed that this could be done. The authors designed the page to execute the attack only after user confirmation, but this is for user convenience only (so already-jail broken devices don't get re-jail broken, so users can read about it first, etc). There is no technical impediment to executing the attack as soon as the page loads. It just loaded a PDF in a hidden IFRAME.

[beowulff]

Quote:

Originally Posted by andrewm

Jailbreakme.com definitely showed that this could be done. The authors designed the page to execute the attack only after user confirmation, but this is for user convenience only (so already-jail broken devices don't get re-jail broken, so users can read about it first, etc). There is no technical impediment to executing the attack as soon as the page loads. It just loaded a PDF in a hidden IFRAME.

I've never heard of a jailbroken Mac.

[Fuzzy Dunlop]

Quote:

Originally Posted by Ximenean

I think I can remember at least one. But yes, reports of Mac malware are certainly disproportionately low compared to Windows.

A little under 10% of Web surfers in 2011 were Mac users, so in my reading forums it's vastly disproportionately low. Although that's just based on my anecdotal observations reading forums.

Quote:

Originally Posted by Ximenean

I think it's mainly because so many Windows users still run with administrator privileges (equivalent to root in Unix-like systems). Even with protective privilege-reducing mechanisms Microsoft has added to recent versions of Windows, I still don't think it's a good idea to do that. If Windows users all used non-privileged accounts that would dramatically reduce the effectiveness of malware.

In my experience, virtually all Mac users run as administrators. I ran a consumer networking company for 7 years, including our customer service operations, and with one of our products the default software we shipped with didn't work on limited accounts. Maybe 10 in 50,000 customers called up with a problem and we'd send them an alternative version that would work on non-admin accounts.

Frankly it was an embarrassing bug that we should have fixed but so few Mac users run non-admin accounts I never invested the development time.

Mac admin accounts don't actually run as administrators all the time, they work principally like UAC does on Vista, 2008 and 7.

[Ximenean]

Quote:

Originally Posted by Fuzzy Dunlop

In my experience, virtually all Mac users run as administrators.

That surprises me. According to Apple themselves, root is disabled in OSX by default (http://support.apple.com/kb/HT1528). Certainly, in other Unix-like OSes it is not usual to run as root all the time.
I'm not an OSX guy, but I see that there is an intermediate sort of account called an adminstrator user, not as powerful as its Windows namesake.

[Fuzzy Dunlop]

Quote:

Originally Posted by Ximenean

That surprises me. According to Apple themselves, root is disabled in OSX by default (http://support.apple.com/kb/HT1528). Certainly, in other Unix-like OSes it is not usual to run as root all the time.
I'm not an OSX guy, but I see that there is an intermediate sort of account called an adminstrator user, not as powerful as its Windows namesake.

It'd be more accurate to say that the OS X Admin account is equivalent in virtually every meaningful way to the Windows Admin account. In all my years of using OS X I've needed to use the actual root account twice. Once last year to fix a bug Apple introduced in SMB sharing and one other time I don't recall the details of.

And as I alluded to, we develop hardware drivers (kernel extensions in OS X terms) so if the Admin account were particularly limited I'd have noticed. You're right though it is not the same as root.

[BrotherCadfael]

Quote:

Originally Posted by Fuzzy Dunlop

In my experience, virtually all Mac users run as administrators.

In my experience, any Mac user sophisticated enough to understand what an administrator login is, runs as a normal user.

OSX makes this quite easy - If I ever want to install or updated something in the Applications directory, it asks for the admin username and password. Waaay easier than the Windows User access Control.

[Fear Itself]

Quote:

Originally Posted by Arnold Winkelried

I can't remember a single question on the boards from someone who had a virus on a Macintosh. Have you ever seen one?

Remove Mac Defender (Uninstall Guide)
Remove Mac Protector (Uninstall Guide)
Remove Mac Shield (Uninstall Guide)
Remove Mac Guard or MacGuard (Uninstall Guide)

[Larry Mudd]

Quote:

Originally Posted by beowulff

No, I don’t work for Apple.
But, I hear the same, tired arguments all the time from Windows fanboys about how the Mac is “just as vulnerable” to malware as Windows.
And, it just isn’t true.
As far as I know, there are zero (non, nada, zilch) drive-by attacks that are capable of infecting an OS X system running the current version of system software (10.7.2).

You misunderstand the underlying cause, though. The main reason that you aren't plagued by malware when you use minority operating systems has nothing to do with possibility, and everything to do with the motivations of malware author. Macs represent about 6.5% of the global market, in total. If you want to establish a bot-net, or target people's personal information, you're not going to start by identifying an exploit in a particular subset of that group using a particular flavour of OS.

If you focus on Lion, you're now looking about 5% of that 6.5%., and by the time you get down to the level of 10.7.2, you're looking at 10% of 5% of 6.5%, so you could expect your hack to affect fewer than one in 30,000 visitors to your website.

This is why you don't see malware targeted at Macs in practice - it's not because it's not possible, it's because there's no percentage in it.

Every year, there are examples of how Macs are vulnerable to browser attacks from merely visiting a webpage, but they remain academic exercises.

If tomorrow the majority of internet users moved over to Mac or (Ubuntu, or whatever) they then the day after tomorrow there would be a sizeable market for anti-virus solutions for that platform.

You don't need to be a "Windows fanboy" to point this out, it's just common sense. (As a matter of fact I dual boot Windows/Linux and only use Windows when I'm planning on using specific applications, in part to take advantage of Linux's "security through obscurity" for casual browsing - but I harbour no illusions that this is down to the Mint community being better at security than Microsoft and presenting no vulnerabilities - just no vulnerabilities that it's worth anyone's time to exploit.)

[Ximenean]

Quote:

Originally Posted by BrotherCadfael

OSX makes this quite easy - If I ever want to install or updated something in the Applications directory, it asks for the admin username and password. Waaay easier than the Windows User access Control.

To be fair, that sounds very much like how it is running Windows 7 under a non-privileged account. I only see the admin password prompt when I install things, or do other admin-y things like looking at processes that don't belong to me. That said, there are some aspects of the way Windows raises privileges that are not as good as Unix-like OSes.

[pulykamell]

Quote:

Originally Posted by Blakeyrat

Do you work for Apple? The answer to the question, as asked, is "yes."

The unfortunate truth is that Apple's Safari has, all-told, as many or more exploits as any other company's browser, and Apple is particularly lackadaisical about patching them, which is why they usually lose Pwn2Own, and usually have more open exploits at any given time. (They're also pretty bad about patching exploits in related technology-- their version of the Java runtime, for example.)

The reason these holes aren't being exploited is because the economic incentive to do so isn't there-- building a botnet of a few million Macs isn't worth it when it's far more profitable to spent the same amount of time on your exploit and getting a botnet of a few billion Windows PCs.

Which is why I wonder why virus writers don't target Mac more. I don't believe a Mac is invulnerable. But many/most Windows PCs are armed to the gills with anti-virus protection and stuff like that (or perhaps I'm being too optimistic here with what PC users do--I'm just using my experience when I was a Windows user and fellow Windows users I know, although I'm sure it's not a representative sample), while Mac users surf without a condom. Even though Mac has far less market share, wouldn't virus writers love the opportunity to infect pretty much any system that comes in contact with their virus, in addition to the notoriety for being the guys that finally broke the tired boast that Macs don't need virus protection? I mean, wouldn't that stroke your ego as a virus writer more than releasing yet another PC virus? Why isn't someone doing that? I'm not saying that in a snarky manner--I sincerely believe Macs are vulnerable. I just wonder why nobody has come along to claim that notoriety. I admit, I'd be the first to get that virus, as I've never bothered with safe surfing habits on my Mac. Every couple of years, I've run a virus scan, just to see, but nothing has ever come up.

[Mister Rik]

Quote:

Originally Posted by BrotherCadfael

In my experience, any Mac user sophisticated enough to understand what an administrator login is, runs as a normal user.

OSX makes this quite easy - If I ever want to install or updated something in the Applications directory, it asks for the admin username and password. Waaay easier than the Windows User access Control.

I run as Administrator on my Mac, and it still asks me to enter my password (even though I already did that when I logged into the account) every time I try to install something.

[Larry Mudd]

Quote:

Originally Posted by pulykamell

But many/most Windows PCs are armed to the gills with anti-virus protection and stuff like that [...] Even though Mac has far less market share, wouldn't virus writers love the opportunity to infect pretty much any system that comes in contact with their virus, in addition to the notoriety for being the guys that finally broke the tired boast that Macs don't need virus protection?

Basic OS security will insure that you're not going to be able to infect "pretty much any system" - a typical exploit will have a much narrower opportunity of infection. (My back-of-the-envelope above didn't even fine it down to "What browser is being used?")

Take away practical motivation ('cuz there's diddly) and assume someone is just after "notoriety" - there's still very little chance of making a splash because you just don't have the density of vulnerable systems required for any sort of dramatic epidemic.

[Ximenean]

Quote:

Originally Posted by pulykamell

I just wonder why nobody has come along to claim that notoriety. I admit, I'd be the first to get that virus, as I've never bothered with safe surfing habits on my Mac. Every couple of years, I've run a virus scan, just to see, but nothing has ever come up.

Yeah, that aspect of the argument has always seemed suspect to me. If the market is split 95% - 5% between two operating systems that are about equally vulnerable, then yes, hackers will attack the 95% system. But surely, that operating system will respond by becoming steadily more secure, until eventually the 5% system looks like a more lucrative target. Smaller prey, but easier to kill, as it were.

I guess the argument is that we haven't reached that point. Maybe there's an equilibrium where a rump of particularly innocent/complacent Windows users, say 20%, continue to provide paychecks for malware authors, which is still high enough to make OSX not worth bothering with. Meanwhile, the other 80% of Windows users go about their business unmolested. That would mean that Windows users do indeed have to be more careful. But not hugely more careful. They only have to be in the upper 80%. Basic common sense should do it.

[Fear Itself]

That presumes the major reason for infecting systems is to make money from fraudulent antivirus software, or harvest credit cards. Another motivation for malware writers is creating a botnet to send out spam, or mount denial of service attacks on websites. In that case, sheer numbers of targets determines which OS to attack. The smaller target simply can't produce the critical mass for an effective botnet.

[The Niply Elder]

Quote:

Originally Posted by Ximenean

To be fair, that sounds very much like how it is running Windows 7 under a non-privileged account. I only see the admin password prompt when I install things, or do other admin-y things like looking at processes that don't belong to me. That said, there are some aspects of the way Windows raises privileges that are not as good as Unix-like OSes.

Honestly the status of UAC on Win7 is a mess. I had a batch script that installs and configures our main CAD/CAE program at work that worked ok in Win XP (using the msiexec command), however in Win7 I have to turn down the UAC control lever down to the lowest setting (then I have to restart the system to take effect). Only after this will the script work. Right clicking the batch file and "Run this as Administrator" does not work. It fails with some cryptic error, unless the UAC is turned down.

Long story short, the administrator privilege escalation scheme in Windows is ill-designed and not even the baked-in utilities provided by MS work correctly. Comparing to the baked-in security protocols of Unix and Linux, Windows' seems added on with a thumbtack. Sad.

[Larry Mudd]

Quote:

Originally Posted by Ximenean

But surely, that operating system will respond by becoming steadily more secure, until eventually the 5% system looks like a more lucrative target.

Keep in mind that malware authors depend on their work being distributed before countermeasures are deployed (whether it's a 3rd party anti-virus or an OS patch.)

You need to spread to systems with the same vulnerability. The "5% system" is never going to be useful for a virus or worm, because by the time you're looking at the statistical significance of the actual, specific vulnerability, it becomes clear that there's no point in investing time hitting up random IP ranges or raiding contact details or whatever in the hopes of spreading the infection, because it's never going to get much past "Hey, I got one!" It's like playing the cellular automata "Game of Life" but limiting yourself to placing cells at least three spaces apart - it's never going to pay off.

[Ximenean]

Quote:

Originally Posted by Fear Itself

That presumes the major reason for infecting systems is to make money from fraudulent antivirus software, or harvest credit cards. Another motivation for malware writers is creating a botnet to send out spam, or mount denial of service attacks on websites. In that case, sheer numbers of targets determines which OS to attack. The smaller target simply can't produce the critical mass for an effective botnet.

I don't buy that the number of Mac users today is too small to achieve the "critical mass" that you speak of. Given the rapid growth in computer usage, that would have meant that ten or so years ago there were too few Windows users for malware to be viable then. But it was. If it was viable on Windows then, it is viable on OSX now.

[Ximenean]

Quote:

Originally Posted by Larry Mudd

The "5% system" is never going to be useful for a virus or worm, because by the time you're looking at the statistical significance of the actual, specific vulnerability, it becomes clear that there's no point in investing time hitting up random IP ranges or raiding contact details or whatever in the hopes of spreading the infection, because it's never going to get much past "Hey, I got one!

I'm probably being a bit slow here, but I'm afraid I don't understand your point. Could you maybe rephrase it?

[porqui]

Would we call it macware??

[Larry Mudd]

Quote:

Originally Posted by Ximenean

I'm probably being a bit slow here, but I'm afraid I don't understand your point. Could you maybe rephrase it?

Well, start with the vulnerability you intend to exploit. Like, say you observe that you can disguise a .vbs file with a phony .txt extension in certain flavours of Windows, when it's received as an attachment in Outlook, and get code to execute that way. Hurrah! Now to spread your creation, you're going to have the code send an e-mail with such a deceitful attachment (containing a copy of itself) to the first 100 e-mail addresses in the user's Outlook contacts.

The worm will spread exponentially, assuming that a significant number of recipients at each hop is similarly vulnerable - but each attempt at replication is also an advertisement which will make the worm more vulnerable to countermeasures as virus definitions are updated and word of mouth spreads about the symptoms of infection. This is going to pay dividends if your target is "runs Windows XP vx.x AND uses Outlook versions X -through-Y AND gullible enough to open mystery attachment assumed to be from friend." (Assuming that it's still 2000 and XP is still a going concern - this describes the ILOVEYOU virus that enjoyed such wide distribution at that time.)

If you start by targeting an OS used by a 15% subset on a hardware platform that makes up 6% of the total market, and then use an exploit that applies to Entourage, you're not going to get anywhere of it - because an insignificant number of your contacts are going to be similarly vulnerable - statistically, less than one of your contacts is likely to be a match.

If if you manage to get something that makes some sort of anemic process, the security community will have ample time to respond before it gets anywhere. This is why people don't bother to try.

[tellyworth]

None of those are viruses, they're malware masquerading as legit applications. All of them have to be explicitly installed by the user.

[Fear Itself]

Quote:

Originally Posted by tellyworth

None of those are viruses, they're malware masquerading as legit applications. All of them have to be explicitly installed by the user.

How quaint; the 1985 definition of a virus.

[The Niply Elder]

[quote=Blakeyrat;14713674

The reason these holes aren't being exploited is because the economic incentive to do so isn't there-- building a botnet of a few million Macs isn't worth it when it's far more profitable to spent the same amount of time on your exploit and getting a botnet of a few billion Windows PCs.[/QUOTE]

now what a ridiculous assertion. There has never ever been any bot net numbering in the billions. The biggest ones out there are between 10 to 20 million. The most common ones are way smaller than that.

If you were writing a virus exploiting a particular vulnerability in the system, there is equal opportunity to find a similar sized populations of computers meeting the criteria to run your malicious code. Windows pcs also have great diversity in terms of hardware, meaning that certain components like drivers will vary a lot from model to model. That acts as a barrier to the billion sized botnet. Also consider that there are an even higher number of windows versions out there, and even more troubling, Windows users are known to be reticent of installing updates from Microsoft, so the billions of windows computers are subdivided into thousands of subvariations with different system software running on them

[The Niply Elder]

Quote:

Originally Posted by Fear Itself

How quaint; the 1985 definition of a virus.

And still a useful one at that.

[Fear Itself]

Quote:

Originally Posted by The Niply Elder

And still a useful one at that.

Only if you are still using floppy drives.

[The Niply Elder]

Quote:

Originally Posted by Fear Itself

Only if you are still using floppy drives.

A computer virus hides itself within an apparently normal file, then exploiting a weak vulnerable section of the system. The correlation to real biological viruses is quite good. The succeptibility of a system to viruses gives you an idea of how robust it is. The easier it is to find system vulnerabilities, the more viruses that will exist.

This has nothing to do with floppy drives.

[Mister Rik]

Quote:

Originally Posted by The Niply Elder

and even more troubling, Windows users are known to be reticent of installing updates from Microsoft, so the billions of windows computers are subdivided into thousands of subvariations with different system software running on them

I was going to mention this. We Mac users tend to be all, "Hot damn! New version of OS X! Load 'er up!" as soon as Apple releases it. Whereas, from everything I've read, there are tons of Windows users who just continue using whatever version their computer came with and thus they don't benefit from the security improvements contained in subesquent version.

Somebody else mentioned the "what browser?" (and what e-mail client) issue as well. A malware author can, I think, be fairly confident that the huge majority of Windows users are going to be using IE and OE. I, and many of the Mac users I've talked to, use a huge variety of browsers/clients other than Safari and Apple Mail. So the percentage of (Mac OS X + Safari + Mail) users is even smaller than the percentage of just "Mac users".

[drachillix]

Quote:

Originally Posted by Mister Rik

I was going to mention this. We Mac users tend to be all, "Hot damn! New version of OS X! Load 'er up!" as soon as Apple releases it. Whereas, from everything I've read, there are tons of Windows users who just continue using whatever version their computer came with and thus they don't benefit from the security improvements contained in subesquent version.

One other thing the Apple side has going for it, it tends to have a fairly computer saavy user base. If you had the kind of installed base windows does, with a more typical idjits/to users ratio, you would see Mac's getting doors kicked in just as often.

[drachillix]

Quote:

Originally Posted by beowulff

I still haven't seen anyone present evidence that a Mac can be infected by the conditions stated in the OP:

Read the link to Pwn2own. That is exactly the criteria they are looking for, driveby exploits, click on a link to the site and BAM!

[beowulff]

Quote:

Originally Posted by drachillix

Read the link to Pwn2own. That is exactly the criteria they are looking for, driveby exploits, click on a link to the site and BAM!

Proof-of-concept does not a malware make.

[Napier]

Quote:

Originally Posted by Fear Itself

Remove Mac Defender (Uninstall Guide)
Remove Mac Protector (Uninstall Guide)
Remove Mac Shield (Uninstall Guide)
Remove Mac Guard or MacGuard (Uninstall Guide)

These aren't viruses, according to the descriptions at the linked sites. These are programs the user has to install. If the definition of "vulnerability" is that the computer can have software installed on it by the user, then Macs are vulnerable. But I think this is a ridiculously overly broad definition of "virus". Several of us propeller heads played with a floppy disk infected with Michaelangelo on a couple of non-networked PCs in the mid 80's and had fun watching it insert itself and watching an antivirus program detect and remove it. Then we scared our pants off by realizing we had infected a machine we did not think we were going to infect. We were NEVER installing software consciously. Even mid-80's viruses were far more insidious than the scam programs above, which are basically just programs that are difficult to uninstall.

When buying my first Mac a couple years ago I researched the virus issue carefully, and have dug back in a couple of times. The closest thing to a virus that I could find was something that could attack a session of Microsoft Windows running in a sandbox (which of course is always possible) and could leak out of the sandbox (which is a true security flaw in the Mac OS). As I understand, it did not act as a virus per se within Mac's OS, so it was not a Mac virus, just a security flaw.

[Fear Itself]

Quote:

Originally Posted by Napier

These aren't viruses, according to the descriptions at the linked sites. These are programs the user has to install.

By that definition, neither are the vast majority of malware infecting PCs today. I don't see how pedantry about the difference betweeen viruses, worms, malware and spyware contributes to the discussion about the relative security of PCs and Macs.

[Kenm]

Quote:

Originally Posted by Fear Itself

How quaint; the 1985 definition of a virus.

How quaint. Physicians still see differences between food poisoning and viruses.

[Fear Itself]

Quote:

Originally Posted by Kenm

How quaint. Physicians still see differences between food poisoning and viruses.

When your computer gets salmonella, I will concede.

[Kenm]

Quote:

Originally Posted by Fear Itself

When your computer gets salmonella, I will concede.

It can't, any more than it being a Mac, it can be infected by a computer virus.