The concensus seems to be that the Mac OS is not very susceptible to viruses – but not completely immune. In another threadStranger On A Train writes:
So while OS X isn’t immune, there are a lot of people working to make/keep it secure.
AHunter3 writes:
So while OS X may not be ‘infected’, it can be a ‘non-symptomatic vector’.
Apple seems to be gaining market share. I think Steve Jobs pissed off a lot of people by disabling hacked iPhones. I wonder how many of the hackers are angry enough to try to do something about it?
What is the liklihood that we will start seeing viruses that actually infect Macs (as opposed to making them ‘carriers’)? What about spyware? Should we start using anti-virus/anti-spyware on our Macs? If so, what product(s)?
I say: wait until there are actual Mac OS X viruses in the wild, then worry about it. People like to claim that there are no Mac viruses (or very few, anyway, inherited from it’s Unix heritage), because of the lack of popularity of the platform. That may be a contributing factor, but a ratio of 100,000,000+ PC viruses vs basically zero Mac OS ones has to have more than that going for it.
The non-Windows operating systems are more secure by design than Windows XP and it’s predecessors, and I suspect that it’s that design which is doing more for Mac security than and imbalance in popularity. People are ALWAYS mad at Apple, it’s about as polarizing a company as exists in such a benign, noncontroversial market. It hasn’t resulted in a slew of virus attacks, and it won’t this time, either.
The way antivirus programs work is by having a huge database of vira to compare everything to. When a new virus is discovered, the guys working at the antivirus company add that virus to a database, and send it out to their customers in the next update. Since there are currently no known Mac vira in the wild, a hypothetical Mac antivirus program would have an empty database, and therefore do nothing. There’s not really anything to do to prepare, until we know what exactly we’re facing.
One caveat here is Macs which are running Windows via Parallels or Bootcamp. Such a computer can run any Windows program, and that includes Windows vira. I don’t think that a Windows virus can hurt anything on the non-Windows partitions, but it can still do a number on whatever partition you have Windows installed on. If you’re running Windows on a Mac, therefore, you should get the same antivirus protection as any other Windows user.
That’s not all they do - many of them are able to detect viruses that aren’t in their database heuristically according to their behaviour - for example, anything trying to append itself to an executable file would be suspect.
There are people who believe as an article of faith that every piece of software is just as badly designed as every other piece of software. If they were talking about cars, they would say things like “Wait until the hybrids are in actual use. They’ll have the same gas mileage as an SUV.” Which points up the second part of these delightful people: They are functionally blind and refuse to see that most computers that really matter will never run the kind of crappy software viruses can target. They are blissfully unaware that the world runs on systems that don’t get infected, and a big part of that is fundamentally well-designed software.
Lacking any other way of dealing with these beautiful people, it’s best to ignore them and point out their logical fallacies without trying to engage them in argument. You’d have a better time arguing with an SUV.
I don’t know Mac OS X well enough to comment on specifics of its operation, so I’ll make general comments about how software can indeed be well-designed:
[ul]
[li]Don’t run random stuff. Email attachments are not programs. Word processor documents are not programs. At the very least, wait until the user makes a conscious effort to make them programs before attempting to run them.[/li][li]Don’t make the user run with full permissions. The OS’s job is to protect the user from himself. This means the programs the user runs shouldn’t have the ability to hose the system in the normal course of events. This is accomplished by monitoring the programs and killing them if they try to do bad things. There is no substitute for this. In fact, I’m going to repeat the basic point.[/li][li]Kill programs that try to do bad things. This is the only way to prevent viruses. If you write software and think anti-virus programs can actually stem the tide of viruses, you have four decades of basic OS design research to catch up on. (I suggest getting a job at IBM. They have great respect for technologies from the 1960s.)[/li][li]Keep the OS simple. The web browser is not part of the OS. The graphical system is not part of the OS. The less code you make part of the OS, the easier it is to get the OS right.[/li][li]Make things easy to fix. OK, end-users aren’t going to fix them. End-users tend to have geeky relatives hanging around to fix things for them, which means people who do understand computers in general but don’t have access to burn-before-reading NDA-sealed company-internal documents. Keeping those geeky relatives happy (by keeping as much as possible in plain text, for example) is important to keeping the end-users happy, as opposed to suffering dumbly like cattle in a rainstorm.[/li][/ul]Anti-viral products are a sham. They attempt to paper over badly-designed OSes by trying to match the program to a small database of patterns that might be associated with bad software. This would merely be a bad idea if viruses didn’t mutate and if nobody anywhere were writing new ones. Neither of those things are true. That makes it a horrendous idea.
I have a question. I skimmed over that page about Linux, and it makes much of the idea that a virus can’t do much damage in Linux because it’s only run by a regular user, and not root. I have a Mac, and I’m the only one who uses it, so I only ever made the one account. I’m listed as an administrator. Should I not be using it this way?
I’m not really clear on why as a regular user I couldn’t catch a virus and have it do damage. If I can install and delete programs, and create and delete files, I’d think a virus could damage or delete everyting except maybe the OS itself. That advantage only seems relevant to multi-user systems, where it ensures one person or his caught viruses can’t hurt other people’s things.
Modern viruses (or the broader set of malwares that includes viruses) typically don’t just vandalise your system - they try to do stuff like enabling the creator to steal your identity details and make money at your expense, or open your machine to vulnerabilities, enabling the virus creator to use it to attack web servers, or send spam emails, or some such.
So (OS issues aside) there are types of damage that a modern bit of malware can do that make it irrelevant whether you’re the only local user.
I don’t think so, but I don’t know if ‘administrator’ under Mac OS X is equivalent to ‘root’ under Linux or other Unix systems.
Not really. You protect your own data by making backups, and you make backups because consumer-grade hard drives fail with horrible regularity. Viruses don’t really enter into it: Consumer-grade hardware is absolute unutterable crap and trusting it implicitly with your data is like sticking a gun to your head. If a virus gets into your system, it’s like a hard drive failure in that you restore from the last backup and the problem goes away. (In fact, it’s better than a hard drive failure because you don’t have to buy new hardware.) The advantage of a good OS in this scenario is that the virus can’t keep reinfecting you and hiding itself in the OS between outbreaks, like a case of herpes.
You’re fine running only one account. You may be an administrator, but you’re not running as root. The root account is turned off by default in OS X. Notice that whenever you install a program or change certain system settings, you get asked for your password? If you were running as root, that wouldn’t happen. This is a Very Good Thing[sup]TM[/sup], because anyone trying to install a virus or trojan or change critical settings will also get asked.
