It is commonly claimed that Macs do not have to worry about getting viruses and spyware (most recently in the “I’m a Mac/I’m a PC” ads). Is this true, and if so, it is because the Mac OS is inherently more secure, or because there are simply more PCs around to infect and be infected?
It’s certainly true that vira which run under OSX are currently so rare as to be effectively nonexistant. But the reason (greater inherent security or fewer targets) is a matter of some debate. Most experts agree that OSX is at least somewhat more secure than Windows, but there’s really no way to know at present whether that’s enough to account for the difference in virus threat.
Also note that modern Macs can also run PC software, including Windows itself. If you do that, all bets are off: Anything that’s running Windows can also run Windows vira.
Vira?
There’s viruses and (the incorrect, although popular in Internet circles) virii. I’ve never heard vira.
Are viruses that big of a deal these days? I realize that there are viruses, but I can’t think of a time in the last 5 years when I’ve worried about them.
The Wikipedia entry on the plural of ‘virus’ is actually kind of interesting.
-FrL-
You know all that spam you get? Probably sent by botnets – people’s computers who are (unknown to them) controlled by viruses they didn’t worry about.
It’s a major problem. Viruses have moved from the “annoy the person who gets them” stage to the organized crime stage.
It is more Spyware than true viruses. And yes, a lot of dudes have their computers taken over and don’t even know it.
A big part of Windows’ reputation for being insceure is the culture of running Windows under a privileged account. Most Windows users run as an administrator, whereas in the Unix world, which includes OSX, it is not usual to run as root, helped by the fact the Unix provides good tools for when you do need to perform privileged operations. The tools provided by a vanilla installation of Windows are poor in comparison, and Windows doesn’t have a direct equivalent of the setuid mechanism for temporarily elevating privileges. There are of course third-party tools for Windows that provide these facilities, but you have to seek them out yourself.
If everybody in the Windows world ran under non-administrator accounts, it would be interesting to see how big a problem malware was then.
IAMNAE but I seem to remember that the file structure in the Mac OS was different to that of Windows. Something about a “resource fork” and (I think) an “application fork” (or something) which made viri more difficult to write and less effective.
Could be wrong though…
M
Under the HFS and HFS+ filing systems, files can have a resource fork and a data fork. This ability was much more significant in OS9 and earlier, but not much use is made of it in OSX, so I don’t think it can be responsible for whatever extra security OSX might provide.
I’m aware that the Romans did not pluralize “virus”. However, according to the Latin teachers I’ve asked, if they had, they would have used “vira”, since (despite the normally masculine -us) “virus” is a second-declension neuter noun. Coupled with the fact that the English plural “viruses” is cumbersome and awkward, I choose to use the more elegant “vira”.
Right. See the wiki linked to above.
-FrL-
This is a hijack-answer, having no bearing on viruses or susceptibility thereto.
I’d have to contradict anyone who says “not much use is made of” the separate forks under OS X. Many applications still contain a significant portion of their guts within the resource fork. Microsoft Excel, for one. Furthermore, when you double-click a document, the OS checks for creator code, and then filetype code, before looking at file extension to determine what app should open that file, i.e., they take priority over file extensions, and those codes are contained in the resource fork.
The resource fork may not be as important as it once was, but it is far from gone from the scene.
[/hijack]
To actually answer part of the original question:
a) Microsoft Word macro viruses can proliferate under MacOS X, because Word macros can execute under Word X. They do not, however, execute their destructive payload anywhere except Windows. Most Mac folks do not consider these to be Mac viruses, therefore. But Mac folks who don’t want to be Typhoid Marys need to take appropriate action to prevent Word macro viruses from spreading via their computer to Windows users.
b) There are no MacOS X-native viruses at large and in the wild. Until very recently you would not have needed those qualifiers, and many consider the existence of all of the OSX viruses that do exist (both of them) to be seriously stretching a point.
c) The MacOS is inherently a bit more secure than Windows, but not enough so to eliminate the possibility of a Mac virus. The MacOS is inarguably represented as a smaller installed base than Windows (~ 15%, give or take; considerably more than the marketshare because Macs stay in deployment longer, but still decisively a minority), but once again not to the point of having much explaining-power w/regards to the lack of Mac viruses. (MacOS 8.6 had a virus and it had less market share and installed base than OS X does today). In short, there’s no convincing explanation for the absence of MacOS X viruses. I would have expected a tiny few by now. And there’s absolutely no reason for Mac folks to assume they won’t have one to contend with tomorrow, for the above reasons.
d) There is no need or useful purpose to antivirus software on MacOS X. Today’s antivirus software won’t protect you against tomorrow’s viruses and there aren’t any viruses today. People who are in corporate environments where antivirus sw is mandated usually install ClamAV, which is free and widely regarded as nonproblematic (doesn’t interfere with the OS, tie up cycles or cause RAM leaks, generate spinning beach balls, corrupt things, etc etc). Such antivirus packages scan for and quarantine Windows viruses in the MacOS X environment.
e) Technically speaking, the PowerPC Macs that still run Classic sometimes can possibly, perhaps experience problems with the viruses to which MacOS 9 was subject. I say possibly & perhaps because the Mac computer virus was almost extinct in that environment even before OS X made its debut. The above-mentioned MacOS 8.6 buggie was the AutoStart Worm and an OS X machine would not be subject to its depredations even via the Classic environment (because OS X, not Classic env, mounts removable media). Most of what predates the AutoStart Worm goes all the way back to the 68K platform that predated PowerPC, and most of that all the way back to System 6 and earlier. System 6 was so different from MacOS 9 that many of those viruses aren’t viable. (A good portion of them won’t even work if you’ve got System 6’s MultiFinder running, they’re so old they predate multitasking!). Are there any at all that would run under the MacOS X Classic environment? I honestly don’t know. The funny thing is that they weren’t exactly lethal even in their heyday. They’d do things like throw a dialog message once a year that simply said “DON’T PANIC”. Or try to rename your bootup floppy disk to “Trent Saburo”. They were often more dangerous for their unintended side-effects than for the evils they did on purpose.
A Mac user with a PowerPC Mac + still sometimes running Classic who wishes to be safe from such antediluvian buggies can install the decade-old freeware Disinfectant.
In fact, the root (administrator) account is disabled by default under OS X (and now on many Unix-type operating systems), and whenever you need to perform some administrative action, like installing some system application or change systems settings it will prompt a sudo-authorized user who has the appropriate permissions for a password. On Windows, on the other hand, pretty much requires anyone installing software (or at least any apps which utilize the senseless System Registry) to have administrative access and can easily wreck havoc.
Running in *nix on the root account is regarded as being equivilent to skateboarding down the interstate. Most applications don’t require root access, though; they just install in a publically available /usr, /bin, or /lib directory (OS X uses the /Applications directory by default), and because of the default permissions scheme in Unix they only have access to the user’s stuff; the worst a virus installed can typically do is wipe out the user’s files.
This isn’t to say that Unix or OS X is immune from attack; indeed, Unix has been the target of many exploits over the years, particularly the ubiquitous and notorious sendmail service, which hijacked the service’s root-level capability to leverage root control over the system. However, OS X (or rather its underlying core, Apple’s DarwinOS) is based on an open source distribution (FreeBSD, an open source derivative from the original Berkeley Standard Distribution) which has been and continues to be thoroughly vetted by a large community of users and supported by large organizations like Google that depend on it to function robustly. In addition, FreeBSD/DarwinOS/OS X has benefitted from branch projects like OpenBSD which have focused on developing open source tools for security, like open source versions of SSH and SSL, as well as the PAM authentication framework. These tools have become so robust and reliable that they’ve been back-integrated into commerical Unixes and Linux.
Microsoft, on the other hand, has nothing like this; their primary security model is to attempt to conceal exploits until the world finds out about them, and then claim that it’s the user’s fault for not regularly cleaning the system. Their source code is closed, and third party security enhancements are not integrated into the operating system kernel or system utilities. Worse, Microsoft continues to follow a monolithic kernel architecture, where everything the operating system might need is loaded all at once. Not only does this sap out system resources (which make some types of exploits which rely on catching processes in a limbo state) but it also means any possible vulnerabilities are available all the time. Unix-type systems, on the other hand, tend to run services only as needed, and have continued to refine down what has to be loaded as the core kernel. OS X/Darwin actually uses the Mach microkernel which then loads other utilities or daemons as necessary, so even if one is exploitable, you’d have to catch it on.
It’s worth noting, too, than many so-called viruses, particularly those acquired by e-mail or from a document are actually “Trojan Horse” scripts that exploit the capabilities of the application which uses the file they’re embedded in. They don’t particularly care which operating system they’re running in, although it may be that Microsoft Word for Windows is more permissive than Microsoft Word for OS X; whether you regard this as a flaw in the application or a flaw in the underlying OS is your option, but it’s not a “computer (system) virus” per se.
In short, it’s possible for Mac OS X to have a system vulnerability that is exploitable by a virus, but as a result of their testing and the default security is has been in practice almost a non-issue.
Stranger
To actually answer part of the original question:
a) Microsoft Word macro viruses can proliferate under MacOS X, because Word macros can execute under Word X. They do not, however, execute their destructive payload anywhere except Windows. Most Mac folks do not consider these to be Mac viruses, therefore. But Mac folks who don’t want to be Typhoid Marys need to take appropriate action to prevent Word macro viruses from spreading via their computer to Windows users.
b) There are no MacOS X-native viruses at large and in the wild. Until very recently you would not have needed those qualifiers, and many consider the existence of all of the OSX viruses that do exist (both of them) to be seriously stretching a point.
c) The MacOS is inherently a bit more secure than Windows, but not enough so to eliminate the possibility of a Mac virus. The MacOS is inarguably represented as a smaller installed base than Windows (~ 15%, give or take; considerably more than the marketshare because Macs stay in deployment longer, but still decisively a minority), but once again not to the point of having much explaining-power w/regards to the lack of Mac viruses. (MacOS 8.6 had a virus and it had less market share and installed base than OS X does today). In short, there’s no convincing explanation for the absence of MacOS X viruses. I would have expected a tiny few by now. And there’s absolutely no reason for Mac folks to assume they won’t have one to contend with tomorrow, for the above reasons.
d) There is no need or useful purpose to antivirus software on MacOS X. Today’s antivirus software won’t protect you against tomorrow’s viruses and there aren’t any viruses today. People who are in corporate environments where antivirus sw is mandated usually install ClamAV, which is free and widely regarded as nonproblematic (doesn’t interfere with the OS, tie up cycles or cause RAM leaks, generate spinning beach balls, corrupt things, etc etc). Such antivirus packages scan for and quarantine Windows viruses in the MacOS X environment.
e) Technically speaking, the PowerPC Macs that still run Classic sometimes can possibly, perhaps experience problems with the viruses to which MacOS 9 was subject. I say possibly & perhaps because the Mac computer virus was almost extinct in that environment even before OS X made its debut. The above-mentioned MacOS 8.6 buggie was the AutoStart Worm and an OS X machine would not be subject to its depredations even via the Classic environment (because OS X, not Classic env, mounts removable media). Most of what predates the AutoStart Worm goes all the way back to the 68K platform that predated PowerPC, and most of that all the way back to System 6 and earlier. System 6 was so different from MacOS 9 that many of those viruses aren’t viable. (A good portion of them won’t even work if you’ve got System 6’s MultiFinder running, they’re so old they predate multitasking!). Are there any at all that would run under the MacOS X Classic environment? I honestly don’t know. The funny thing is that they weren’t exactly lethal even in their heyday. They’d do things like throw a dialog message once a year that simply said “DON’T PANIC”. Or try to rename your bootup floppy disk to “Trent Saburo”. They were often more dangerous for their unintended side-effects than for the evils they did on purpose.
A Mac user with a PowerPC Mac + still sometimes running Classic who wishes to be safe from such antediluvian buggies can install the decade-old freeware Disinfectant.
That’s why I added the qualifier “currently” to my response, though I should perhaps have been more explicit. It’s probably safe to assume that whatever it is currently protecting Macs from attack will continue to be the case for the near future, so it’s reasonable for Mac users to worry less about tomorrow’s virus than PC users should. But there’s no crystal-ball guarantee, so Mac users should definitely be aware that there might be a virus that strikes them tomorrow.
I’m sure not losing any sleep over it. I don’t even bother with the firewall. (Admittedly my IP is dynamically assigned in the only environment where I’m not already behind the corporate firewall)
Slight nitpick, in XP and other Windows OS’s you can right click on an icon and choose run as to run a program as administrator.
Slee
I know, but RunAs is limited. You can’t install something under your own profile with RunAs. I use a script called MakeMeAdmin instead. There’s also sudowin, an implementation of sudo for Windows.
Re the Windows registry, it’s not completely “senseless”. There are advantages to having configuration settings in a predesignated place. Corporate admin types love Group Policy, and that’s a lot easier to implement with a centralised registry rather than config files all over the place. I’m not saying that the Windows implementation of the idea is the best, though. I wish they had used text files rather than binaries, for a start.