In my experience, any Mac user sophisticated enough to understand what an administrator login is, runs as a normal user.
OSX makes this quite easy - If I ever want to install or updated something in the Applications directory, it asks for the admin username and password. Waaay easier than the Windows User access Control.
Remove Mac Defender (Uninstall Guide)
Remove Mac Protector (Uninstall Guide)
Remove Mac Shield (Uninstall Guide)
Remove Mac Guard or MacGuard (Uninstall Guide)
You misunderstand the underlying cause, though. The main reason that you aren’t plagued by malware when you use minority operating systems has nothing to do with possibility, and everything to do with the motivations of malware author. Macs represent about 6.5% of the global market, in total. If you want to establish a bot-net, or target people’s personal information, you’re not going to start by identifying an exploit in a particular subset of that group using a particular flavour of OS.
If you focus on Lion, you’re now looking about 5% of that 6.5%., and by the time you get down to the level of 10.7.2, you’re looking at 10% of 5% of 6.5%, so you could expect your hack to affect fewer than one in 30,000 visitors to your website.
This is why you don’t see malware targeted at Macs in practice - it’s not because it’s not possible, it’s because there’s no percentage in it.
Every year, there are examples of how Macs are vulnerable to browser attacks from merely visiting a webpage, but they remain academic exercises.
If tomorrow the majority of internet users moved over to Mac or (Ubuntu, or whatever) they then the day after tomorrow there would be a sizeable market for anti-virus solutions for that platform.
You don’t need to be a “Windows fanboy” to point this out, it’s just common sense. (As a matter of fact I dual boot Windows/Linux and only use Windows when I’m planning on using specific applications, in part to take advantage of Linux’s “security through obscurity” for casual browsing - but I harbour no illusions that this is down to the Mint community being better at security than Microsoft and presenting no vulnerabilities - just no vulnerabilities that it’s worth anyone’s time to exploit.)
To be fair, that sounds very much like how it is running Windows 7 under a non-privileged account. I only see the admin password prompt when I install things, or do other admin-y things like looking at processes that don’t belong to me. That said, there are some aspects of the way Windows raises privileges that are not as good as Unix-like OSes.
Which is why I wonder why virus writers don’t target Mac more. I don’t believe a Mac is invulnerable. But many/most Windows PCs are armed to the gills with anti-virus protection and stuff like that (or perhaps I’m being too optimistic here with what PC users do–I’m just using my experience when I was a Windows user and fellow Windows users I know, although I’m sure it’s not a representative sample), while Mac users surf without a condom. Even though Mac has far less market share, wouldn’t virus writers love the opportunity to infect pretty much any system that comes in contact with their virus, in addition to the notoriety for being the guys that finally broke the tired boast that Macs don’t need virus protection? I mean, wouldn’t that stroke your ego as a virus writer more than releasing yet another PC virus? Why isn’t someone doing that? I’m not saying that in a snarky manner–I sincerely believe Macs are vulnerable. I just wonder why nobody has come along to claim that notoriety. I admit, I’d be the first to get that virus, as I’ve never bothered with safe surfing habits on my Mac. Every couple of years, I’ve run a virus scan, just to see, but nothing has ever come up.
I run as Administrator on my Mac, and it still asks me to enter my password (even though I already did that when I logged into the account) every time I try to install something.
Basic OS security will insure that you’re not going to be able to infect “pretty much any system” - a typical exploit will have a much narrower opportunity of infection. (My back-of-the-envelope above didn’t even fine it down to “What browser is being used?”)
Take away practical motivation ('cuz there’s diddly) and assume someone is just after “notoriety” - there’s still very little chance of making a splash because you just don’t have the density of vulnerable systems required for any sort of dramatic epidemic.
Yeah, that aspect of the argument has always seemed suspect to me. If the market is split 95% - 5% between two operating systems that are about equally vulnerable, then yes, hackers will attack the 95% system. But surely, that operating system will respond by becoming steadily more secure, until eventually the 5% system looks like a more lucrative target. Smaller prey, but easier to kill, as it were.
I guess the argument is that we haven’t reached that point. Maybe there’s an equilibrium where a rump of particularly innocent/complacent Windows users, say 20%, continue to provide paychecks for malware authors, which is still high enough to make OSX not worth bothering with. Meanwhile, the other 80% of Windows users go about their business unmolested. That would mean that Windows users do indeed have to be more careful. But not hugely more careful. They only have to be in the upper 80%. Basic common sense should do it.
That presumes the major reason for infecting systems is to make money from fraudulent antivirus software, or harvest credit cards. Another motivation for malware writers is creating a botnet to send out spam, or mount denial of service attacks on websites. In that case, sheer numbers of targets determines which OS to attack. The smaller target simply can’t produce the critical mass for an effective botnet.
Honestly the status of UAC on Win7 is a mess. I had a batch script that installs and configures our main CAD/CAE program at work that worked ok in Win XP (using the msiexec command), however in Win7 I have to turn down the UAC control lever down to the lowest setting (then I have to restart the system to take effect). Only after this will the script work. Right clicking the batch file and “Run this as Administrator” does not work. It fails with some cryptic error, unless the UAC is turned down.
Long story short, the administrator privilege escalation scheme in Windows is ill-designed and not even the baked-in utilities provided by MS work correctly. Comparing to the baked-in security protocols of Unix and Linux, Windows’ seems added on with a thumbtack. Sad.
Keep in mind that malware authors depend on their work being distributed before countermeasures are deployed (whether it’s a 3rd party anti-virus or an OS patch.)
You need to spread to systems with the same vulnerability. The “5% system” is never going to be useful for a virus or worm, because by the time you’re looking at the statistical significance of the actual, specific vulnerability, it becomes clear that there’s no point in investing time hitting up random IP ranges or raiding contact details or whatever in the hopes of spreading the infection, because it’s never going to get much past “Hey, I got one!” It’s like playing the cellular automata “Game of Life” but limiting yourself to placing cells at least three spaces apart - it’s never going to pay off.
I don’t buy that the number of Mac users today is too small to achieve the “critical mass” that you speak of. Given the rapid growth in computer usage, that would have meant that ten or so years ago there were too few Windows users for malware to be viable then. But it was. If it was viable on Windows then, it is viable on OSX now.
I’m probably being a bit slow here, but I’m afraid I don’t understand your point. Could you maybe rephrase it?
Would we call it macware??
Well, start with the vulnerability you intend to exploit. Like, say you observe that you can disguise a .vbs file with a phony .txt extension in certain flavours of Windows, when it’s received as an attachment in Outlook, and get code to execute that way. Hurrah! Now to spread your creation, you’re going to have the code send an e-mail with such a deceitful attachment (containing a copy of itself) to the first 100 e-mail addresses in the user’s Outlook contacts.
The worm will spread exponentially, assuming that a significant number of recipients at each hop is similarly vulnerable - but each attempt at replication is also an advertisement which will make the worm more vulnerable to countermeasures as virus definitions are updated and word of mouth spreads about the symptoms of infection. This is going to pay dividends if your target is “runs Windows XP vx.x AND uses Outlook versions X -through-Y AND gullible enough to open mystery attachment assumed to be from friend.” (Assuming that it’s still 2000 and XP is still a going concern - this describes the ILOVEYOU virus that enjoyed such wide distribution at that time.)
If you start by targeting an OS used by a 15% subset on a hardware platform that makes up 6% of the total market, and then use an exploit that applies to Entourage, you’re not going to get anywhere of it - because an insignificant number of your contacts are going to be similarly vulnerable - statistically, less than one of your contacts is likely to be a match.
If if you manage to get something that makes some sort of anemic process, the security community will have ample time to respond before it gets anywhere. This is why people don’t bother to try.
None of those are viruses, they’re malware masquerading as legit applications. All of them have to be explicitly installed by the user.
How quaint; the 1985 definition of a virus.
[QUOTE=Blakeyrat;14713674
The reason these holes aren’t being exploited is because the economic incentive to do so isn’t there-- building a botnet of a few million Macs isn’t worth it when it’s far more profitable to spent the same amount of time on your exploit and getting a botnet of a few billion Windows PCs.[/QUOTE]
now what a ridiculous assertion. There has never ever been any bot net numbering in the billions. The biggest ones out there are between 10 to 20 million. The most common ones are way smaller than that.
If you were writing a virus exploiting a particular vulnerability in the system, there is equal opportunity to find a similar sized populations of computers meeting the criteria to run your malicious code. Windows pcs also have great diversity in terms of hardware, meaning that certain components like drivers will vary a lot from model to model. That acts as a barrier to the billion sized botnet. Also consider that there are an even higher number of windows versions out there, and even more troubling, Windows users are known to be reticent of installing updates from Microsoft, so the billions of windows computers are subdivided into thousands of subvariations with different system software running on them
And still a useful one at that.
Only if you are still using floppy drives.