xkcd

[blademan9999]

http://imageshack.us/photo/my-images/82 ... at825.png/
Macs can't get viruses, yeah right.
I had 41 threats and 18 errors!

[Lazar]

Well, that screenshot convinces me.

[Dream]

Man, I followed that link on my Mac and I got three viruses! Thank god though, that Macs can't get viruses, otherwise I might have to do something about that.

[Solt]

Of course they can get viruses and of course they can get hacked into. Anyone who believes otherwise kind of deserves what's coming. Many vulnerabilities are known and Apple has issued patches - something Microsoft has been doing for years now, making them way ahead of Mac OS in the security game.

No one serious believes in security through obscurity in this day and age. Your only advantage is that cross platform infection is very difficult so windows worms do not spread to macs and a mac-only worm would spread extremely slowly. But targeted intrusion? No problem. It's only a question of desire and market penetration now.

Besides given how plentiful bandwidth is these days I wouldn't be surprised to see combo mac-windows worms coming out.

Edit: ok, maybe that last statement is a bit irresponsible. There are still gazillions of windows PCs around the world compared to a handful of macs. I don't expect to start seeing mac worms unless someone gets convinced he can somehow infect all macs, and that that would result in more zombies than if he went only after windows machines with vulnerability x unpatched.

[kmatzen]

http://imageshack.us/photo/my-images/828/screenshot20110508at825.png/
Macs can't get viruses, yeah right.
I had 41 threats and 18 errors!

Cool story, bro.

[Endless Mike]

Thanks for this breaking news!

[Ashleylharnett]

It is astonishing how little protection, if any, most Mac users employ on their systems. It will come as a big shock to some when Macs start getting hit harder.

[Kromix]

Bump

Apple Macs hit by scareware attacks, About time

[Ankit1010]

http://imageshack.us/photo/my-images/828/screenshot20110508at825.png/
Macs can't get viruses, yeah right.
I had 41 threats and 18 errors!

Screw what the AV says, did your Mac malfunction at all, or perform any better after the scan? I doubt it. There is a possibility of spyware on the mac, but this is easy to avoid if you use the right browser and don't visit clearly malicious sites.

[ldb358]

http://imageshack.us/photo/my-images/828/screenshot20110508at825.png/
Macs can't get viruses, yeah right.
I had 41 threats and 18 errors!

Screw what the AV says, did your Mac malfunction at all, or perform any better after the scan? I doubt it. There is a possibility of spyware on the mac any computer, but this is easy to avoid if you use the right browser and don't visit clearly malicious sites.

sorry but i couldn't help it

[Meteorswarm]

http://imageshack.us/photo/my-images/828/screenshot20110508at825.png/
Macs can't get viruses, yeah right.
I had 41 threats and 18 errors!

Screw what the AV says, did your Mac malfunction at all, or perform any better after the scan? I doubt it. There is a possibility of spyware on the mac any computer, but this is easy to avoid if you use the right browser and don't visit clearly malicious sites.

sorry but i couldn't help it

Not true, a computer that has never been turned on cannot have spyware.

[ldb358]

http://imageshack.us/photo/my-images/828/screenshot20110508at825.png/
Macs can't get viruses, yeah right.
I had 41 threats and 18 errors!

Screw what the AV says, did your Mac malfunction at all, or perform any better after the scan? I doubt it. There is a possibility of spyware on the mac any computer, but this is easy to avoid if you use the right browser and don't visit clearly malicious sites.

sorry but i couldn't help it

Not true, a computer that has never been turned on cannot have spyware.

Touché

[Arkanis]

Actually...

http://en.wikipedia.org/wiki/Backdoor_%28computing%29#Reflections_on_Trusting_Trust

Something like this on almost any computer in the dev process would be quite a sight to see.

[Queen Serenity]

It is not that Macs can't get viruses, but that they have been so rare due to the "scarcity" of Mac users. The rarity of Mac viruses will cause them to be all the more effective when they occur more frequently.

[Kyubey]

Yeah - I am a mac user, and I use a free antivirus. It's just common sense.

[Story]

Besides given how plentiful bandwidth is these days I wouldn't be surprised to see combo mac-windows worms coming out.

Haven't there been cross platform viruses before?

[Harold]

Sophos here is creating the illusion of protection; I'm confident that every 'threat' in that screenshot was simply a positive hit on a windows payload. While I am aware of several vulnerabilities in the wild, the vast majority require authentication (ie malware), the few that don't aren't typically self replicating.

Besides given how plentiful bandwidth is these days I wouldn't be surprised to see combo mac-windows worms coming out.

Haven't there been cross platform viruses before?

I doubt it, most vulnerabilities are platform specific. Software from a vendor compiled for both operating systems generally won't both be vulnerable to the same exploit.

[Stotherd]

I remember reading a while back that a common botnet used a java exploit to run on any computer that used java, including Macs and Windows. A snapshot of the machines infected was taken, and around 20% were Macs, 80% Windows. Considering only 10-12% (the last time I checked) of computers are Macs, this suggests that OSX is actually more vulnerable to this bot net.

Without the article I can't prove this though.

[meliescomic]

The consensus I've heard is that Macs get viruses less frequently, but they're almost IMPOSSIBLE to get rid of when they do happen. Makes sense kinda, Macs are supposed to be user-friendly so they're hard to "crack open and fix" (so to speak).

[Easily]

I'm sadly unable to post links, but I read something interesting the other day.
Some guy named Charlie Miller has figured out a way to hack into apple laptops through the microcontroller that passes battery level and stuff to the operating system.
The problem here is that even if you do a full format of your macbook, you wont erase the memory of that microcontroller, so the next time you boot your OS after reinstalling, it would just upload the virus again.

Two quotes from the article:

Miller discovered the two passwords used to access and alter Apple batteries by pulling apart and analyzing a 2009 software update that Apple instituted to fix a problem with Macbook batteries. Using those keys, he was soon able to reverse engineer the chip’s firmware and cause it to give whatever readings he wanted to the operating system and charger, or even rewrite the firmware completely to do his bidding.

“You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery.” says Miller.

For people interested in reading the whole article, search on Forbes for:
Apple Laptops Vulnerable To Hack That Kills Or Corrupts Batteries - Andy Greenberg

[Iranon]

It's not just a matter of relative obscurity.

Current mac OSes are based on UNIX, which has been made for multi-user systems since 1970. Permissions ('who/what can do what with what') were central to it from the start.
Windows was meant for personal computers only, security has historically been lax and many programs required admin privileges to run properly. Things are improving, but Windows still has a long way to go here.

[cjmcjmcjmcjm]

It's not just a matter of relative obscurity.

Current mac OSes are based on UNIX, which has been made for multi-user systems since 1970. Permissions ('who/what can do what with what') were central to it from the start.
Windows was meant for personal computers only, security has historically been lax and many programs required admin privileges to run properly. Things are improving, but Windows still has a long way to go here.

There's nothing as annoying as programs that require admin privileges for stuff.

[J the Ninja]

Macs are supposed to be user-friendly so they're hard to "crack open and fix" (so to speak).

99% of these situations can be bypassed by a little thing called "Terminal.app" that lives in /Applications/Utilities

[Iranon]

You can only have one: automagical configuration that ensures everything works out of the box... or a clean, transparent system that only does what you tell it to do.

Apple opts for the former. They do it quite well, and this approach means newbies will break less in the first place... but it does make problems harder to fix.

[EvanED]

I think this needs to be somewhere on this forum, and this might be the best spot for it. So, uh, here goes:

[antoinelepenseur]

I actually started making virus' for Macs back in High School because people told me that they couldn't get them (which is really irritating). My first one worked by leveraging the Mel script engine from within Maya. I made a basic loop to open random app packages. The virus self replicated itself to the entire school network wherever there was a Mac. I'm not sure how far it got from there.

[The Great Hippo]

I actually started making virus' for Macs back in High School because people told me that they couldn't get them (which is really irritating). My first one worked by leveraging the Mel script engine from within Maya. I made a basic loop to open random app packages. The virus self replicated itself to the entire school network wherever there was a Mac. I'm not sure how far it got from there.

I hope you grew out of being a douchefuck.

[Anaphase]

Current mac OSes are based on UNIX, which has been made for multi-user systems since 1970. Permissions ('who/what can do what with what') were central to it from the start.
Windows was meant for personal computers only, security has historically been lax and many programs required admin privileges to run properly. Things are improving, but Windows still has a long way to go here.

This is very true, Apple's market share is no smaller now than it was in the pre-OS X era, but the MacOs world in those days was a cesspool of viruses, even worse than the DOS/Windows world, thanks to the classic MacOs's promiscuity (viruses could be spread simply by passing floppies between computers or mounting network volumes even without reading or executing any files), lack of memory protection, and nonexistent security model. Were Mac OS X the dominant OS, OS X viruses would probably be more numerous but still vastly less common than Windows viruses are.

[antoinelepenseur]

I actually started making virus' for Macs back in High School because people told me that they couldn't get them (which is really irritating). My first one worked by leveraging the Mel script engine from within Maya. I made a basic loop to open random app packages. The virus self replicated itself to the entire school network wherever there was a Mac. I'm not sure how far it got from there.

I hope you grew out of being a douchefuck.

It's not like I made it malicious (though I easily could have), it was a minor pestering. The only thing I was doing was proving a point i.e. that macs can get can virus', but people simply don't write them. I don't see why I feel the need to defend myself anyway, since the most intelligent thing you can muster up to say to me is "douchefuck".

[Sanjuricus]

If you put yourself in the position of someone who is about to commence writing a really nasty virus/malware for completely contemptible reasons, what do you think you would do?
a.) Write a virus for Macs that will only have the potential to get about 10% of PCs globally.
b.) Write a virus for WIndows that will only have the potential to get about 90% of PCs globally.

That is why Mac viruses have been so rare for so long. It does seem to be changing though because malware creators are cottoning on to the fact that most Mac users are Mac users because Mac OSX caters to the consumer...and generally speaking, the consumer is technically illiterate and in some cases, just plain dumb. This makes the PC-Illitarati particularly vulnerable to the "ZOMG you gotz millionz o viruses, quick download this package to get rid of them" type attacks (among others).

It may sound like I'm having a pop at Mac Users there...but I'm just being objective. Apple always has and probably always will focus on the private consumer rather than the business. Walled Gardens don't sit well with Corporate/Enterprise level business consumers.

Also: MacOS X is based on OpenBSD not Unix (even though OpenBSD is Unix like, AFAIK it is not Unix derived.)

[Meem1029]

Also, unless I'm mistaken Mac OSX has actually been certified as a UNIX system.

[Sanjuricus]

Also, unless I'm mistaken Mac OSX has actually been certified as a UNIX system.

http://arstechnica.com/apple/news/2007/08/mac-os-x-leopard-receives-unix-03-certification.ars States quite concisely that it has indeed been Unix certified (which does not make it a Unix OS per se, just confirms that it conforms to certain Unix standards) but that its roots are from BSD...which has the benefit of making us both correct!!! WOOOOO!!!!

[Meem1029]

Ah, interesting. For some reason I had thought that UNIX was just the certification and not an actual operating system. Which is odd since I knew very well that it indeed did exist as an os.

[Sanjuricus]

Ah, interesting. For some reason I had thought that UNIX was just the certification and not an actual operating system. Which is odd since I knew very well that it indeed did exist as an os.

Happens to us all at some point! LOL Just the other day I....erm...what was I talking about?...

[Anaphase]

a.) Write a virus for Macs that will only have the potential to get about 10% of PCs globally.
b.) Write a virus for WIndows that will only have the potential to get about 90% of PCs globally.

Ten years ago the figures would have been more like 7% and 93%. So why was the Classic MacOs virus situation so much worse?

Also: MacOS X is based on OpenBSD not Unix (even though OpenBSD is Unix like, AFAIK it is not Unix derived.)

You're mixing up BSD and Linux. Linux is the separately derived clone, BSD is one of the two main trunks of the UNIX family tree (System V is the other).

[Endless Mike]

Let's put it this way:

New OS X virus: all over the media, it's a big deal
New Windows virus: everyone shrugs and says "Oh, must be Tuesday" and updates their virus scanner.