Are virus attacks on home computers a thing of the past

Apple computers and tablets dont sell you anti virus software. The anecdotal incidences of home computers being wrecked by virus attacks is also diminishing. The press too are not making a meal of it. There is also lesser emails in my inbox selling me anti virus software.

So is virus attack on the wane?

Before this thread becomes too confused, maybe you could clarify what you mean:

The original definition of a computer virus was a piece of malware that infects a computer or network and then self-replicates and spreads from infected systems to other systems.

Most of the public now calls any malware, no matter how it operates, a “virus.” So if you download a bootleg mp3 and that mp3 wipes or encrypts your disk, but does not use your computer to spread itself to other computers, most people would still refer to that as a virus.

Are you using the technical definition of a virus or are you using the more widely understood definition of a virus?

The press doesn’t pay too much attention to malware because it’s nothing new and people don’t want to read about it. There have been millions of Windows viruses. Do you really want to read an article about how the 20,461,316th virus is now making its rounds?

If you read computer related articles a lot though, you’ll find that viruses/malware are reported quite often. The big things in articles these days are the two things that the OP specifically mentions, Apple and tablets. Both of these originally benefited from security through obscurity. Most of the viruses/malware out there were Windows based, because most computers were Windows based. If you are going to go through the bother of writing a virus, why would you take all of that effort to infect only a tiny number of machines? You wouldn’t. You’d target the most machines possible, so you’d target Windows.

This has given the impression, especially among Apple users, that their computers are immune to viruses. Hey, you got an Apple, you don’t need to worry about Viruses. That’s Windows stuff. That kind of attitude has left Apple computers and tablets of all brands very much unprepared and unable to handle virus and malware threats, and as a result, the big boom in viruses and malware these days is on Apple, tablets, and phones.

In the Windows world, viruses and malware are constantly being released, but they don’t tend to be as devastating as they used to be, probably due in large part to Windows getting more secure and Windows users getting a bit smarter about viruses and malware.

In the Apple world, in tablets, and in phones though, viruses and malware are definitely not waning. Quite the opposite. They are all very much on the rise.

I think that the teenagers sitting in their bedrooms creating malware that turns your screen into dripping blood or just wipes you files, is a thing of the past - been there done that? or maybe today’s kids aren’t up to it.

Commercial malware is ubiquitous. Using innocent computers to distribute spam; infection and blackmail; pop-up advertising. I read that many of them are working on ways to hack into people’s phones. Although I have very little knowledge of how it can be done, I can see that this might be more fruitful for the amature hacker.

Please ignore ALL of the following:

It’s just that Windows was, and still is, a badly made Operating System.

Apple and Android (<–Linux) are Unix based. Better designed, including security.

As for the “security through obscurity” argument, I can only say that it is ridiculous (probably a product of the Microsoft advertising machine)…
since most websites on the web are running on Unix based (most likely Linux) servers.
Google… Amazon… ebay…

Without being so glib about it, Unix based systems (like Linux, and Mac after OS-X) do have a major architectural difference that helps to make them more secure, even without obscurity. They are based on systems that were originally multi-user systems, so user account controls are built in at a very deep level. Windows PCs originated as single-user machines where it was assumed that all processes have permissions to all files and systems and security was tacked on later.

Security through obscurity certainly was part of the reason there aren’t more Mac and Linux viruses, and certainly MS marketing would have you believe that it is the only reason, but it is wrong to say that architecture has no impact at all.

Comparing professionally maintained server farms to home users is like comparing Nascar to a little kid banging into curbs in a barbie corvette.

Malware nowadays is not about showing off, its all about money.

-ad hits
-redirects/popups to sites claiming you need to buy products/services to resolve computer issues
-encrypting data and holding for ransom
-bundling a bunch of naggy “pay to use” programs. to otherwise legit freeware

Anyone working in home/small business support will tell you apple/android products are not immune to this because they either involve running a downloaded program that deploys the crapware in question or are exploiting user ignorance.

I wouldn’t say ignore it; Engineer Comp Geek is right that for decades, Apple and Linux systems were little more than computing curiosities, and that the home and business computing worlds were almost entirely Windows environments.

So most viruses were written accordingly. That doesn’t negate the fact that iOS, Linus and Android are all inherently more secure than Windows. But now, PCs aren’t really predominant anymore- things like smartphones and tablets have surpassed them among home users (and by extension, less savvy users). And Apple’s desktops and laptops have garnered more market share.

So the virus and malware authors have aimed away from Windows computers and toward the others. At the same time, Windows itself has become more secure, and the security tools have become much better as well.

So ultimately, from the perspective of a long-time Windows user, it does seem like malware and viruses have slacked off in the past several years.

As it turns out, Trend Micro has software for Macs. Now, why do you think they would do that?

And they’re not the only company.

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/apple-threat-landscape.pdf

So, here and there–would you like to apologize to the SD community for being wrong?

I largely agree with all of this. I would only quibble with the part about malware not being as devastating as in the past. In the past, malware was more likely to be noisy. It would jack up your machine, and you’d have little doubt that you were infected. More recently, malware has tended to be quiet. The emphasis shifted from bragging, vandalism, and pop-ups to financial fraud. So something like the Zeus family of malware tried to give the user no indication they were infected while the malware stole the user’s banking credentials. So the days of the splashy malware like Nimda and the Melissa virus waned.

In the past year or so, the emphasis has been shifting to ransomware, which encrypts your data and demands payment to provide the decryption key. So, the pendulum has swung back to “noisy”, obviously destructive malware. When you get Zeus, you may not know it. When you get Cryptolocker, you know it.

As far as the religious debate about which OS is more secure – security is in how you implement and use the tool. Apple/*Nix probably has some inherently better controls than many versions of Windows, but malware affecting all OSes is certainly possible and is present in the wild.

Cite: this is what I do for a living.

So, the words of the traders of fear are the proof that there really is something to be feared? :wink:

No system is immune. But breaking into a Linux or Apple system requires a lot of knowledge and effort.
Whereas with Microsoft…

I run a small offsite backup system as part of my shop… we are restoring 120gb of data hit by cryptlocker for a large property management firm as we speak.

Quibble, linux or MacOS. i have seen dozens of apple machines with virused windows installs and the customer is frothing pissed because they think by operating on hardware blessed by the sainted jobs somehow makes them immune.

I’m a software engineer and I agree with engineer_comp_geek. At this point Windows is likely the most secure user OS. It has to be because there are so many non-savvy Windows users.

I’d say you live in a lucky bubble. Viruses are worse now than before. I personally know people who lost money and even had identity thefts as the result of malware either stealing from them unknowingly or tricking them. Back in the day, the worst effect of a virus was having to spend time fixing your computer. These days your problems can go well past your computer itself.

Actual viruses (self-spreading malware) are pretty rare these days because a virus doesn’t need to spread from your system (and that behavior can make them more visible) but the general malware that people often call computer viruses are worse than ever.

You may see fewer ads about antivirus programs because that software is more integrated into modern operating systems. Most people don’t go out and but something anymore. That doesn’t mean the software isn’t needed though, it’s as important as ever.

It is very difficult to conceive of (let alone implement) an operating system architecture that could prevent you from downloading, authenticating your intention to (and authority to) install, and then installing a piece of software that then proceeds to do things that are not of your choosing to your operating system environment, without at the same time interfering with your ability to do somewhat similar things deliberately and on purpose for whatever reasons you might have for doing them.

Note, please, that antivirus software that is written to recognize actual known exploits does not constitute an exception to this. Antivirus software is the bucket you stick under the leak in your leaky roof; it is not protection against leaks in your roof.
With that much said, Apple’s MacOS is not invulnerable; holes in its security model have at times been pointed out—real holes that could result in real viruses. BUT the fact remains that as far as actual real-life exploits that are genuinely out there, those are all of the sort that require you to authenticate and install them, thinking that you’re installing legitimate software.

That’s not a virus.

Not even by the expanded definition within which we include in “virus” the kind of malware that doesn’t directly propagate itself infectiously to other computers in order to spread itself around.

Since (as I’ve said) MacOS is not intrinsically invulnerable, the fact that there are no Mac viruses may be considered to just be an accident of good fortune. But that doesn’t make it not a fact.

Macs don’t ship with antivirus software because the people who write antivirus software don’t have crystal balls with which to look into the future and discern what future Mac viruses you should be protected from. And there are no Mac viruses to protect you from today.

Yes, there are antivirus products designed to run on the MacOS. They look for WINDOWS viruses and quarantine them and thereby protect your Windows-using colleages from the possibility of you being Typhoid Mary and passing them along in an email attachment or something.

You don’t need them for your own protection though unless you’re running a Windows environment on your Mac.

… and playing by those rules, windows is just as good, as the VAST majority of windows infections are downloaded and installed by the user.

That kind of pedantery quickly approaches outright lying in your marketing. In medicine it would kinda be like guarenteeing I wont get sick, and refusing to treat me for AIDS/HIV because i should choose my sex partners more carefully.

IT people get the subtleties, the general public does not and promoting “virus resistance” is a really assholish kind of misleading marketing.

Agreed. I do incident response and computer forensic investigations in my job. We deal with malware events all day. And we don’t even really care about the distinction between virus, Trojan, worm, etc. If I had to take a test on it, I’d get the answers right. No one cares. Plus a lot of malware exhibits characteristics of more than one of the traditional categories. We just call it all malware. (Sometimes we draw a distinction between malware and adware just to note the lower impact of adware, but even that is often a pedantic distinction we don’t care about.)

Anyway, there is less malware out there for MacOS. And, much of it does require the user to take action to execute (as does much Windows malware). However, there have been some cases of OSX malware delivered via drive-by download, such as Flashback a few years ago. Security researchers reported an increase in Mac malware in 2015 (still not nearly as mich as Windows, and much of it is still crude, but it is increasingly out there), and one particularly interesting sample of Mac malware analyzed by a researcher suggests that the infamous “Hacking Team” in Italy is back in action and producing Mac malware.

I actually did not know that.

To listen to my Windows-using friends, just leaving your computer running will get it infected—stuff that’s “out there” will “find you” and install stuff. And you cannot safely just go to web sites you don’t know to be trustworthy — those web sites will INSTALL stuff on your computer. Especially porn sites and warez sites, yeesh are you stoopid? Going to one of those sites is like diving into Diseases R Us with no condom. Or so they led me to believe.

So that’s basically not true? That for the most part you get Windows malware by thinking you’re installing legit software and providing an administrative pw that lets it install itself? Same as on MacOS?

If that’s true of Windows I withdraw my above opinion as irrelevant to the discussion.

Meanwhile, re: this Italian hacking team, that sucks.

Depends partly on the Windows version and how you’ve set it up. Many versions of Windows run by home users won’t prompt you for an admin password to install software. Others will. In the corporate setting, you may or may not be prompted (or even allowed) to install things depending of the build and your user rights. But then a lot of malware doesn’t need a full install. It runs as a standalone executable so you won’t get prompted to install in any case. Also complicating the answer is that a lot of malware exploits vulnerabilities in applications other than the OS. So, for example, you might get a malicious PDF file that exploits a vulnerability in Adobe reader to drop malware on your machine that runs without requiring an install. In a case like that, Windows is the scene of the crime but not really the cause.

There is a fair amount of malware you can get just by visiting malicious sites. The malware might exploit flaws in the browser, but more commonly in Java or Flash. Porn sites are a good way to get that kind of malware, but it can also be delivered by malicious ads dropped on legitimate sites. OSX isn’t inherently immune to those kinds of threats (see Flashback), but if you’re a bad guy trying to sling malware that way, you’re going to aim for the widest distribution, which generally means Windows.

So… I would say that most Windows malware requires the user to take action like opening a document or running an executable. Most of the time, that will not prompt the user for confirmation, as it’s not installing anything. It is possible to get malware just by visiting malicious sites, and Windows probably is more affected by that than Mac (for probably multiple reasons).