A computer virus hides itself within an apparently normal file, then exploiting a weak vulnerable section of the system. The correlation to real biological viruses is quite good. The succeptibility of a system to viruses gives you an idea of how robust it is. The easier it is to find system vulnerabilities, the more viruses that will exist.
This has nothing to do with floppy drives.
I was going to mention this. We Mac users tend to be all, “Hot damn! New version of OS X! Load 'er up!” as soon as Apple releases it. Whereas, from everything I’ve read, there are tons of Windows users who just continue using whatever version their computer came with and thus they don’t benefit from the security improvements contained in subesquent version.
Somebody else mentioned the “what browser?” (and what e-mail client) issue as well. A malware author can, I think, be fairly confident that the huge majority of Windows users are going to be using IE and OE. I, and many of the Mac users I’ve talked to, use a huge variety of browsers/clients other than Safari and Apple Mail. So the percentage of (Mac OS X + Safari + Mail) users is even smaller than the percentage of just “Mac users”.
One other thing the Apple side has going for it, it tends to have a fairly computer saavy user base. If you had the kind of installed base windows does, with a more typical idjits/to users ratio, you would see Mac’s getting doors kicked in just as often.
Read the link to Pwn2own. That is exactly the criteria they are looking for, driveby exploits, click on a link to the site and BAM!
Proof-of-concept does not a malware make.
These aren’t viruses, according to the descriptions at the linked sites. These are programs the user has to install. If the definition of “vulnerability” is that the computer can have software installed on it by the user, then Macs are vulnerable. But I think this is a ridiculously overly broad definition of “virus”. Several of us propeller heads played with a floppy disk infected with Michaelangelo on a couple of non-networked PCs in the mid 80’s and had fun watching it insert itself and watching an antivirus program detect and remove it. Then we scared our pants off by realizing we had infected a machine we did not think we were going to infect. We were NEVER installing software consciously. Even mid-80’s viruses were far more insidious than the scam programs above, which are basically just programs that are difficult to uninstall.
When buying my first Mac a couple years ago I researched the virus issue carefully, and have dug back in a couple of times. The closest thing to a virus that I could find was something that could attack a session of Microsoft Windows running in a sandbox (which of course is always possible) and could leak out of the sandbox (which is a true security flaw in the Mac OS). As I understand, it did not act as a virus per se within Mac’s OS, so it was not a Mac virus, just a security flaw.
By that definition, neither are the vast majority of malware infecting PCs today. I don’t see how pedantry about the difference betweeen viruses, worms, malware and spyware contributes to the discussion about the relative security of PCs and Macs.
How quaint. Physicians still see differences between food poisoning and viruses.
When your computer gets salmonella, I will concede.
It can’t, any more than it being a Mac, it can be infected by a computer virus.
It’s valid to talk about both malware in a general sense and specific capabilities.
If (hypothetically) malware is able to execute arbitrary code on one platform, and not able to on another platform, that’s an important distinction that will influence the types of precautions required.
Pedantry? Pedantry??
People who want to be safer with their computers should take one approach to dealing with viruses, and another approach to dealing with malware the user would have to install. A good approach to dealing with viruses would be to buy a Mac, because Macs are relatively more secure against viruses. Very much so, as far as I can tell. A good approach to dealing with malware the user would have to install could include learning more about recognizing malware for what it is.
Does this help explain the contribution to the discussion?
Wow this thread is still going.
Two quick comments:
@The Niply Elder: I was using hyperbole; I didn’t literally mean you could infect billions of PCs.
@everyone: It’s obvious that arguing with beowulff is useless, he’s not going to change his mind regardless of how much factual information he’s presented with.
The point many of us are trying to make is its security through obscurity. Just like a disease, if it can only infect or be transmitted by 10% of the population, its not going to spread, even if it does, it will be very slow to do so.
Viruses as we see them today are a criminal enterprise. They attack the broadest base to get the greatest possible effect for the least work.
As far as user installed files… many of my customers get the virus by downloading what they think is a tuneup utility.
Just like we have all seen beautifully done paypal phishing emails there are some very well done ads/sites handing out malware. I as a computer tech have seen twice now a fake “antivirus app” that the interface was damn near identical to AVG, like took me a few seconds of “something dont quite look right” to know it wasnt. IF I had been clicking along like I often do, I would probably have fallen for it to.
Also, trying to split hairs about what is a virus, malware, spyware, rootkit, trojan, is irrelevant to anyone outside the AV software business. Its all bad stuff that does bad things. There are only a handful of people on this board that would know the difference between a rootkit and a rutabaga if it was in their computer.
No, that’s not true.
But so far, no one has presented any credible evidence.
Believe me, I have worked in this field for a long time. I do embedded controller design, and I’m far from clueless when it comes to computer systems.
I have supported Macs as a side business since 1985, so I dare say that I am much more conversant with the risks than most people.
The problem with all of the arguments presented so far is they conflate theoretical vulnerabilities with real-world risk. That’s like saying that the Pope is just as likely to get AIDS as a male hooker. After all, they both have the same ability to get infected, right?
OS X is far from an impregnable fortress, but right now, the chance of someone getting malware installed by visiting a website is zero. This may change in the future, but currently, I would never recommend my clients install anti-virus software, since that is a cure that much worse than the disease.
Then you remember the era when practically EVERY Mac-formatted 3.5" floppy disk had at least one virus on it. (Of course that was back before the mafia took over, so the virus dynamics were different then.)
But that’s what the original question was. “Is it possible?” The answer is, “yes. Yes it is possible.” End of story.
You seem to simultaneously be aware that Macs can get infected by visiting a webpage, yet wanting to answer “no” to the question… which is mind-bending to me, and I honestly don’t understand where you’re coming from.
That BS.
It’s “possible” that I could become President. Will it ever happen? No.
I find it irresponsible (and disingenuous) to try to put OS X systems into the same risk category as Windows machines. The risk level is simply not comparable.
If you are going to insist on saying that it’s “possible”, at the very least you should add that the current threat level is zero or close to it.
I suspect that the OP was looking for a real-world threat assessment, not some pedantic argument of the security merits of the various OSs.
While security through obscurity is clearly a significant factor, it doesn’t eliminate the possibility that one platform can be substantially more secure than another (note I said possibility).
I’ve worked on software from different companies and different individuals and it’s not all the same. Some companies put out well designed and well written software and some companies are the polar opposite, and some companies have both good and bad.
Based on Pwn2Own, it’s clear the answer to the OP is: yes, they are susceptible
But the bigger question of whether Mac is overall “more secure” than Windows probably requires some good definitions in advance and more data from the experts.
I think the only way to get beowulff to post anything other than fanboy nonsense would be to look up some recently published Macsploits, write a virus that takes over his web browser, and use it to post a rational message in his name for him
Same goes for basically all the Mac super-proponents here…
Then again, I guess it’s just human nature not to believe that something bad can happen until it does. I used to work at Microsoft, and I was incredulous when my personal computer running Windows 7 in a non-privileged account got infected by horrible malware. (I was trawling the seedy depths of the internet for a DRM-free version of an ebook I purchased). I mentioned it to some of my coworkers (not on the Windows 7 team), and they straight up refused to believe that it was possible, haha.
OP, as someone else stated, the final, most trustworthy word on the subject is:
Really? If you could find it, I would love to see it.
Those are not people posting on the boards saying they got a virus, those are instructions on how to remove malware if you did get it. I could find thousands of posts like that for a Windows machine.
I’ve had different Macintoshes for about 25 years now. I used to go to Apple club meetings. There were plenty of clueless users at the Apple club, and never once did I hear anyone ask about help getting rid of a virus. (Some people “thought” they had a virus, but it was always a setting that needed to be changed in the control panel or something like that.) The son of one of my friends has worked at the genius bar at an Apple store for a couple of years now. I asked him this week-end and he said he has never had anyone come in with a virus.
Like I said before, I agree that it’s theoretically possible. But in practice, I have never seen it happen. Whereas, at the SDMB (I use this as a reference because we all post here), I have seen many posts asking about how to get rid of a Windows virus, and some of thoses posts come from people who are pretty knowledgeable about computers.