Two problems with this. First of all, the market share of Macs compared to PCs is completely irrelevant. Virus writers don’t care if you just bought a computer; they care about whether you have a computer. The relevant number here is actually installed base (that is, what proportion of computers in use are of a given type), not market share. And the installed base of Macs is about 10% (it’s higher than their market share because Mac users tend to go longer without replacing their computers).
Second, if I told any businessman that he could expand his base by 10% for relatively little effort, any one of them, in any line of business at all, would jump at the chance. Why should the virus-writers be any different? Sure, it makes sense to put more effort into grabbing the 90%, but it doesn’t make any sense to not put any effort towards that last 10 at all.
And the answer to the OP’s question is that, no, it’s not possible for a Mac to contract a virus merely by visiting a webpage, since no such webpage exists. Such a website surely could exist, but it doesn’t. And until such time as it does exist, the answer remains the same.
Actually the answer doesn’t change at all: yes they are susceptible as proven by Pwn2Own
It could not be anymore black and white than that, they are “susceptible”.
Furthermore, stating that such a website doesn’t exist is quite a claim given the number of sites and pages on the internet. How would you know for sure?
I don’t buy this argument. That’s assuming the only reason to write a virus is to make a profit. In fact, many of the first viruses were written for fun, for the challenge of it, or just to be colossal dicks. There are hackers out there for whom creating a Mac virus would be a major ego boost. Just the notion that Macs are hard to write viruses for should have alienated teenagers everywhere rolling up their sleeves and saying “Watch this”.
The day of random kid writing an effective virus to be a dick is over. Commercial AV apps are far too good to be kicked over by part time script kiddies with any kind of consistency.
A couple guys just spent a few weeks to hack a Mac in Pwn2Own.
In this post you are equating that to moving the empire state building with a truck.
Could you please explain why you think something that took a few man weeks to accomplish is as difficult and unlikely as moving the empire stat building with a truck? Your reasoning is not clear.
You guys are right. Through this rock-solid logic you have proven beyond a shadow of a doubt that MacOS is COMPLETELY IMPERVIOUS to viruses, and the only way to get a virus is to download an executable, install it, and give it administrative privileges intentionally.
Pwn2own means nothing, if anything Steve Jobs probably put it there just to test our faith
I’ve used Macs since 1989, had my own since 1991 and have been on the net since that time.
My machines have never fallen victim to any malware, let alone a virus, from System 6.0.8 to OS 10.7.2 (the most recent at this writing). Over that time, I’ve run every net connection from ZTerm to Netscape to IE, and Mozilla’s first offerings to Safari, Firefox, Thunderbird and Mail, without any useless anti-virus app chewing up the processing cycles.
The biggest pre-internet (hence floppy-distribution) virus threat was thanks to Microsoft Word (surprise, surprise) for Mac. They could screw up Word but they couldn’t affect the Mac OS or any other app in the machine, including other applications.
The safety-through-Mac-obscurity argument doesn’t hold water. Six hours after the first 10,000 downloads of Vista’s beta, warnings of viruses written exclusively for it were all over the web. Millions upon millions of net-connected Macs are too few to be bothered with, but a mere 10,000 Vista boxes aren’t?
But whether the safety-through-obscurity myth is believed or not makes no difference to the reality that since OS 10 was released more than a decade ago, there have been no Mac viruses. Trojans, requiring a user’s permission to load, are another matter. But on any computer platform, there can be no protection against stupid.
You were honestly lucky if you never had System 6 or System 7 get infected via floppy. Either that, or you never exchanged disks with anybody.
HyperCard was a big one too, when it shipped by default on Mac systems.
Your turn for a cite.
Except that the total of Vista boxes was expected to increase by leaps and bounds, where the total number of Mac boxes (at that time at least) was expected to stay level. As it turns out, Vista wasn’t as popular as everybody thought it was going to be, but at the time the beta came out, nobody knew that.
I’m not necessarily saying you’re wrong, I’m just saying your example doesn’t back-up your argument.
And yet, it’s possible for an OS X-running computer to get infected by a virus by simply opening a web page.
What’s the relevance of System 6 or 7 vira, anyway? Those were a completely, utterly, absolutely different operating system, from the ground up, from any modern Mac OS. All they prove is that virus writers will write viruses even for a minority OS, given the opportunity.
Unbiased estimates still put the installed base at ~5%, so that’s neither here nor there.
[quote]
Second, if I told any businessman that he could expand his base by 10% for relatively little effort, any one of them, in any line of business at all, would jump at the chance. Why should the virus-writers be any different?[ Sure, it makes sense to put more effort into grabbing the 90%, but it doesn’t make any sense to not put any effort towards that last 10 at all./quote]Because there is absolutely no analogy between something like app development and the propagation of a worm or virus. A worm or virus requires a relatively high percentage of similarly vulnerable machines per point-of-contact - by its nature it has to target the most common systems, because if it doesn’t, it’s going to be cleaned up before it manages to infect another system.
But it’s repeatedly demonstrated that it is possible.
Nobody is arguing that a current Mac user need worry about such things - this would clearly be contrary to common experience. Nevertheless, that does not change the fact that individual systems running minority operating systems (OSX or a flavour of Linux or whatever) are no less vulnerable than Windows systems. It is useful to understand why these vulnerabilities aren’t exploited, though - and that’s precisely because there* isn’t *enough density of vulnerable systems to exploit it in any meaningful way.
Yes, you can engineer a page that’ll get code to execute on a Mac. (Or Linux, or whatever.) But to what end? If you have a worm that depends on X exploit of the OS for privilege elevation and Y exploit of Z mail client for propagation, it’s a complete waste of time unless it can quickly spread to similarly vulnerable systems.
I enjoy the liberty of visiting even the dodgiest corners of the internet with my metaphorical pants down without worrying for a moment about malware - but I don’t delude myself that it’s because the basement nerds that make up the Ubuntu or Mint communities have produced an invulnerable OS. This confidence and security comes from not being an attractive target for this sort of attack - not that there’s anything wrong with that.
But it would be irresponsible to put about the idea that minority operating systems are intrinsically more secure. If they were, everyone could just switch platforms tomorrow and nobody would ever have to spend three frustrating hours disinfecting their mom’s or their brother-in-law’s poxy, malware-ridden laptop ever again. But the reality is that if everyone switched camps tomorrow, it would take about a month before things were exactly the same again.
Having been a hardcore Mac user since '92, in that time I’ve never encountered any sort of virus, malware, trojan, etc.
I take it for granted actually, at this point; it’s something I don’t even think about. But I can’t believe it’s impossible for a virus to proliferate across a slice of the modern MacOSX user base (iOS, even?).
Time will tell, and we may get caught with our pants down someday, but so far, the ride has been sweet.
Interesting argument. Not particularly convincing though.
a. Kids don’t write viruses any more because AV apps are too good.
b. Practically no one using a Mac uses AV software.
To me, this would imply that Macs would be an even more appealing target. Especially because the kinds of hackers who would revel in this challenge are not “script kiddies” who attempt to hack systems using a cookbook of known exploits, but people who actually are willing to do the heavy lifting of creating new ones.
We’re not talking about things that propagate from infected machines to other machines. We’re talking about things that propagate from a website to machines that visit that website. For such a route of infection, what you see is what you get on the userbase.
Sure. My point is that it’s possible to build a truck that could move the Empire State Building, but no such truck actually exists, and thus it’s reasonable to say that the Empire State Building can’t be moved by truck. By analogy, it’s possible to create a webpage that would infect a Mac, but no such webpage actually exists, and thus it’s reasonable to say that a Mac can’t be infected by a webpage. Where does the analogy break down?