Apple pushes anti-virus for Macs

[MJA]

http://news.bbc.co.uk/2/hi/technology/7760344.stm

One virus, known as AppleScript.THT, could take control of a Mac and grab screenshots or keystrokes.

[Dv8ted2]

Where are all the blowhards that swear Macs are bulletproof? I saw this coming for a long time.

[guns1inger]

All machines - Windows, Macs, Linux should have protection. Even if the likelihood of the base OS being infected is low, a good anti-virus product will check for virii that could infect other OSes. In a network environment you don't want windows virii or malware getting in by piggy-backing on a Mac or Linux box.

[Dv8ted2]

All machines - Windows, Macs, Linux should have protection. Even if the likelihood of the base OS being infected is low, a good anti-virus product will check for virii that could infect other OSes. In a network environment you don't want windows virii or malware getting in by piggy-backing on a Mac or Linux box.

I agree.

[rumplestiltskin]

Where are all the blowhards that swear Macs are bulletproof?...

I don't know. Haven't met any...and I've used a Mac for over 20 years. Yes, I use anti-virus software although it's mostly for cleaning out the infected attachments coming from Windows users so I don't accidentally forward something on to a client. But you know what they say: Trust everyone but cut the cards.

[londor]

Where are all the blowhards that swear Macs are bulletproof? I saw this coming for a long time.

Oops. :P

[pixel zombie]

yawn..it must be a slow news day for the BBC..another example of FUD

[Dv8ted2]

Where are all the blowhards that swear Macs are bulletproof? I saw this coming for a long time.

Oops. :P

That means nothing. Any unit is initially safe out of the box, but when you introduce risks, such as being connected to the net, then that eliminates the safe out of the box experience. Did you read the entire article? Apple is removing their liability. That is all that they are doing.

[londor]

That means nothing. Any unit is initially safe out of the box, but when you introduce risks, such as being connected to the net, then that eliminates the safe out of the box experience. Did you read the entire article? Apple is removing their liability. That is all that they are doing.

The Apple article that is mentioned by the BBC is several years old and it is by no means an admission on imminent threats to OSX. In 2002-2003 Apple used to bundle an AV with their Mac suite of internet services but they stopped doing it because running AV software on a Mac running OSX was as pointless back then and as it is today.

I switched to Mac in 2002 and since then I keep hearing from people like you that OSX viruses are just around the corner but as of today they have yet to materialise in the real world. So far I have enjoyed almost 7 years of complete peace of mind regarding virus, spyware, malware, etc. on my computers.

[Dv8ted2]

That means nothing. Any unit is initially safe out of the box, but when you introduce risks, such as being connected to the net, then that eliminates the safe out of the box experience. Did you read the entire article? Apple is removing their liability. That is all that they are doing.

The Apple article that is mentioned by the BBC is several years old and it is by no means an admission on imminent threats to OSX. In 2002-2003 Apple used to bundle an AV with their Mac suite of internet services but they stopped doing it because running AV software on a Mac running OSX was as pointless back then and as it is today.

I switched to Mac in 2002 and since then I keep hearing from people like you that OSX viruses are just around the corner but as of today they have yet to materialise in the real world. So far I have enjoyed almost 7 years of complete peace of mind regarding virus, spyware, malware, etc. on my computers.

http://www.securemac.com/

6.20.2008 News
Intego has posted an advisory titled OSX.Trojan.PokerStealer Trojan Horse to their website. The trojan horse is a script wrapped in an executable bundle. Once launched, the script will prompt the user for his password, and turn on SSH for outside attackers to gain access to the system.

6.19.2008 News
Security Alert: SecureMac has discovered multiple variants of a new Trojan horse in the wild that affects Mac OS X 10.4 and 10.5. AppleScript.THT Trojan Horse runs hidden on the system, and allows a malicious user complete remote access to the system, can transmit system and user passwords, and can avoid detection by opening ports in the firewall and turning off system logging. Additionally, the AppleScript.THT Trojan horse can log keystrokes, take pictures with the built-in Apple iSight camera, take screenshots, and turn on file sharing. The Trojan horse exploits a recently discovered vulnerability with the Apple Remote Desktop Agent, which allows it to run as root. Read more.

6.18.2008 News
Security Alert: Mac OS X root escalation exploit code in the wild.
Read more.

Macs are not invincible.

[londor]

Macs are not invincible.

Hahahaha. You know a Mac is a computer, don't you? So of course it can run a program that can steal all your info if you install it and give it admin privileges. What did you expect?

[lordsmurf]

Macs are not invincible.

Hahahaha. You know a Mac is a computer, don't you? So of course it can run a program that can steal all your info if you install it and give it admin privileges. What did you expect?

It's same with Windows. A virus does not "just get on" a computer, some dope has to install it, or have software set up so poorly that it allows silent auto-installs (the evil IE ActiveX BS from years ago, long ago fixed by MS).

[tomlee59]

Exactly right. The weak link in the chain isn't the silicon-based hardware, it's the carbon-based wetware.

[MacDSL]

Going on 25+ years using Apple Computers and been in a Support environment in one way or another for 15 of those years. Still have not ever been infected and always removed Antivirus Protection from my machine...

If that's not a definition of bulletproof, fine. But I don't know what the closest definition is....

[orsetto]

All machines - Windows, Macs, Linux should have protection. Even if the likelihood of the base OS being infected is low, a good anti-virus product will check for virii that could infect other OSes. In a network environment you don't want windows virii or malware getting in by piggy-backing on a Mac or Linux box.

That is the most concise, constructive comment anyone will ever post here on this topic . While Macs running OSX are mostly (not totally, mostly) virus-resistant on their own, they can passively spread viruses to users on other platforms. This is the nasty liitle point that Apple never mentions: while an individual Mac is for all practical purposes "bulletproof", when attached to the internet it is effectively "networked" to millions of other PCs of other operating systems. As a common courtesy, Macs should be filtering and removing viruses in the background, even if they themselves are usually unaffected by that virus. In the old days of OS9, when Macs were an island unto themselves, it didn't matter: aside from MS-Word-macro viruses, Macs could not foster infections to other platforms. In today's world of multi-platform interoperability, it matters.

The endless partisan bickering over this virus issue is really tedious and should have been retired years ago. ALL systems should be running some sort of protection shield, period. True, in a typical consumer setting OSX is more virus resistant than Windows, but that is simply a neutral fact: it doesn't really mean anything. The same could be said of secured Unix or Linux systems, Apple merely ships a Unix variation with most of the obvious security holes plugged. Most Mac users are not going to change those settings so they remain relatively more secure than Windows users, who by dint of popularity are bigger hacker targets and exposed to sneakier types of virus. A Mac user currently has to make a really obvious move to enable the typical OSX hack, while a Windows user can unwittingly enable some of the more subtle hacks targeted to that platform. As members here have stated repeatedly: its a numbers game, Windows is more exposed because there is more fame and money to be gained by targeting it. Vista was an attempt to beef up security in a typical consumer Windows setting, it is flawed but evolving- MS will see to that. None of us can afford to be smug: hackers are very clever and given enough incentive and a sliver of opportunity, nothing is invulnerable. Its a jungle out there.

[Nilfennasion]

Being a total noob to Mac usage and still unable to figure out how to do some of the most basic things, I am not going to comment on how bullet-proof or fault-prone the platform is. I do know that a lot less of my hardware is being wasted on code inefficiency than was the case with my Windows XP box, but it is not as if that is hard to achieve. If getting my dual-core 686 or whatever number Intel uses now to actually run like a dual-core 686 was my sole criteria for the purchase, I would have got myself a nice Linux box. Or maybe I would not have. I cannot say I am terribly thrilled with Linux.

I would, however, like to know what total and utter knob even began to suggest that the Mac OS is totally free of viral threats. Sure, maybe nobody is coding virii for the OSX platform now, but to claim the platform is totally unaffected by the threat is to misunderstand the nature of virus authors. Virus authors toil through code like it is a Stephen King novel or a Penthouse magazine, searching for faulty code that will allow them to pull malicious shit. The only reason Windoze has thousands of virus threats compared to OSX's couple of dozen is not because Windoze has a greater market share, as many people like to rationalise. It is because Windoze simply offers far more security holes, visual basic hooks, and other bits of bad code for these coders to play with. The AmigaOS was the same way until Commodore folded. The bootblock construction of AmigaOS floppies ensured that hundreds of virus authors looking for a security hole found one. The moral is very simple, really: if you do not want your computer to be infected with or vulnerable to viral threats, do not run code on it that offers security holes for the viral authors to exploit.

Antivirus software is really the computer equivalent of a car alarm or a car immobiliser (or tracking system). You put it on your computer so that in the event of your data becoming stolen/infected, you might actually be able to do something about it. Of course, when you keep running the viral scan and getting no positives, you end up paranoid that it is just failing to find problems, but that might just be me.

Edit: Oh yeah, and of course there are blowhards who insisted that Macs were bulletproof. No surprise there. Microsoft once had an ad campaign professing that one of their products (Windows XP, I think, but do not quote me) would make hackers and viral authors extinct like the dodo. You will not find the campaign very easily, however, because the powers that be found it violated a few truth in advertising regulations and thus it was withdrawn. Every product from the humble toaster to the insulin pump has fans with unrealistic expectations of what it can or cannot do.

I think there is a law among infotech PhD.s out there, something like a computer is only as secure as its user is informed and paranoid. Obviously, Mac users on the whole are not paranoid or informed enough.

[lordsmurf]

Running a lean Windows XP machine is as easy as removing or disabling unnecessary stuff that comes with the default install.

[edDV]

Mac just needed to cross 7% market share to be more of a target. Those iPhones should be a more juicy target.

[orsetto]

There was yet another news story today about FaceBook viruses: I take it those infect every platform, since they propagate thru the FaceBook interface instead of the OS? Another reason ALL users need to be cautious. Makes me glad I'm "out of touch" and don't use any social networking sites: one less trap to worry about.

[Flarch]

Bulletproof, no. But i stopped buying antivirus software years ago after years of nothing but false positives and have never been infected with anything. Every issue i've ever seen discussed or reported on Mac security websites has never actually amounted to anything in my real world either because it only affected systems in very specific circumstances lightyears from my configuration, or was fixed practically by the time it became known.

The closest i ever got was receiving a copy of MacAddict with an attached slip warning people the current issue's CD had some type of worm on it and not to take action x.

13 years without a blip on any of 4 Mac systems + a once in a blue moon issue big enough to make news doesn't make me anxious enough to buy a bunch of software.

[JohnnyMalaria]

In the 20+ years I've been using PCs (DOS and Windows), I haven't had a single virus...If you have a brain in your head, it's quite simple, really.

[edDV]

In the 20+ years I've been using PCs (DOS and Windows), I haven't had a single virus...If you have a brain in your head, it's quite simple, really.

I've had a few, mostly from imported disc media. The worse case was a data CD I was sent from Silicon Graphics, a UNIX house at the time. Turns out their internal UNIX network was infested with PC viruses.

[Cyrax9]

Where are all the blowhards that swear Macs are bulletproof? I saw this coming for a long time.

Macs are definitely NOT bullet-proof when it comes to virii, and I'm speaking as a Mac user. "Bullet-resistant" might be a better term to describe how Mac OS X functions. Bullet-proof would assume (fitting term) that Mac OS X is immune to any virii whatsoever and that's complete BS. In contrast bullet-resistance simply means that Macs are more resistant to virii and other malware, which is a fairly accurate statement, at least in the context of how many people set up their computers, which is to take them out of the box and connect them to the Internet. (Often without virus protection which is outright stupid in my opinion no matter what OS you're running.)

All machines - Windows, Macs, Linux should have protection. Even if the likelihood of the base OS being infected is low, a good anti-virus product will check for virii that could infect other OSes. In a network environment you don't want windows virii or malware getting in by piggy-backing on a Mac or Linux box.

guns1inger hit the nail on the head here. While a Mac might not load a good deal of the malware that's currently out there, it can easily pass said malware on to people running Windows--ditto for Linux machines which might never actually execute a particular piece of malware, but could pass it on to Windows machines which will execute said malware. Also, let's not forget that Many servers are run off of Mac OS X and Linux-based operating systems, and all it takes is one virus one of these servers to cause a major problem for many Windows users connected to said server. Anyone with a brain has some form of antivirus software on their computer, whether it's a Mac, a Linux Box, or a Windows machine.

Admittedly, I had to be "very creative" to actually get Mac OS X 10.5 to become infected with a virus, but it is definitely possible. And yes, I purposely had my machine infected so that I could test its security and subsequently patch any holes that I found; the virus was removed and once the security flaw was isolated and patched, it didn't get through a second time. However, there's a good chance that other security flaws exist.

I would, however, like to know what total and utter knob even began to suggest that the Mac OS is totally free of viral threats. Sure, maybe nobody is coding virii for the OSX platform now, but to claim the platform is totally unaffected by the threat is to misunderstand the nature of virus authors. Virus authors toil through code like it is a Stephen King novel or a Penthouse magazine, searching for faulty code that will allow them to pull malicious shit. The only reason Windoze has thousands of virus threats compared to OSX's couple of dozen is not because Windoze has a greater market share, as many people like to rationalise. It is because Windoze simply offers far more security holes, visual basic hooks, and other bits of bad code for these coders to play with. The AmigaOS was the same way until Commodore folded. The bootblock construction of AmigaOS floppies ensured that hundreds of virus authors looking for a security hole found one. The moral is very simple, really: if you do not want your computer to be infected with or vulnerable to viral threats, do not run code on it that offers security holes for the viral authors to exploit.

That's definitely a good question, Nilfennasion, and I've often wondered it myself. Anyone who thinks that their computer is "unhackable," is likely to wind up like the folks that thought the Titanic was "unsinkable:" drowning in a ocean of falsehood. Mac and Linux users who don't think their computers can become infected with malware are falling for the "it doesn't exist because I can't see it" fallacy, and my counterargument for these people is that the air that's keeping us alive isn't visible (usually) but we know that it exists, and viruses are the same way.

I have to respectfully disagree on what primarily makes virus authors code programs for Windows though. Virus authors don't code viruses primarily for Windows "because it's easier than coding viruses for Mac OS X/Linux," they code viruses for Windows because most of the corporate world runs on Windows and most malware writers, especially those living in countries with anti-capitalist sentiments, would rather target the OS that's become a major symbol of capitalism and will do the most possible harm to those of us living in a capitalist society. Basically if you're a virus writer given a choice between shutting down "Grandma's cookie shop" which runs Macs, "Joe's Diner" which runs linux, or a company like Wal-Mart which runs Windows, which would you choose? Most virus writers would choose to attack Windows because it's driving a major corporation. And when thousands of Wal-Marts nationwide are compromised by said virus, these people are happy because they've put a dent in a major operating system and at least one major company. While the ease of writing a virus for Windows may play a small factor in the reason Windows has many more viruses than Windows or Linux, it's not as much of a factor as what attacking Windows (and subsequently Microsoft) stands for.

In contrast, attacking Linux is doable, but completely unproductive for virus writers. It's even more of a niche OS than Mac OS X, and security by obscurity plays a major role in why hacking Linux is unproductive. Likewise, as you've noted, hacking Linux is difficult, and even if it is hacked, the open-source nature of the OS's code automatically makes it much easier to remove viruses much more quickly than on a Windows-based computer, or even a Mac running OS X. I'm making the distinction between the two because Linus Torvalds now runs Linux on a Mac.

Once major companies start to run Mac OS X regularly I'd be very, very, very worried about an increase in virii and other malware. Security by obscurity has generally kept the Mac safe in the past from some of the viruses that could have been written if it had the same market share as Windows does. Now that Macs can dual-boot Windows, they've lost a good deal of the aforementioned security by obscurity. Mac users really do need to be on their toes about viruses more than ever now, especially if they're running a dual-boot system. Likewise, as the number of people using the Mac increases, so does the desirability of Mac OS X as a target for malware writers.

Antivirus software is really the computer equivalent of a car alarm or a car immobiliser (or tracking system). You put it on your computer so that in the event of your data becoming stolen/infected, you might actually be able to do something about it. Of course, when you keep running the viral scan and getting no positives, you end up paranoid that it is just failing to find problems, but that might just be me.

I would only say "paranoid" if the computer itself is acting weird (which may or may not be caused by a virus,) and the antivirus scan keeps coming up negative. Granted, a little bit of paranoia is good if you think that there should be a virus and the scanner isn't detecting anything. Likewise, if it seems like I'm constantly finding viruses when I run a scan, then I think that the software (if it claims to detect and clean,) is doing a bad job of detecting viruses as they enter the system, because it's not notifying me that it's done so.

Mac just needed to cross 7% market share to be more of a target. Those iPhones should be a more juicy target.

Well said edDV. Granted the iPhone OS and Mac OS are slightly different, but similar enough to make a virus for one damage both. Likewise MobileMe and "cloud computing" are making malware that was once the realm of Windows machines a universal problem for all OSes. Apple's ability to "kill" any rogue iPhones might help here, but their abuse of this ability could easily be seen as poor security in general. I fully recommend anti-virus software to any and all of my friends who use Macs as well as PCs. Sure, there are fewer viruses, but fewer doesn't mean "none," and I'd be much more humiliated to be hit by one of roughly 12 known viruses than one of several million known viruses.

In the end, it doesn't matter what you're running: Use protection from malware!

Finally, as far as the article goes, the Apple link was definitely old. McAfee hasn't offered Virex (Mac OS X VirusScan) in years, and few people use their corporate suite because it only makes sense if you have multiple Macs. I've had bad luck with Norton on Windows and Mac OS X, and I'm currently running ClamXAV as my anti-virus software of choice, although I might grab the Intego VirusBarrier X5 & NetBarrier X5 bundle based on the Securemac.com recommendation. I tried MacScan and I love it; I'd definitely recommend it to anyone who needs a spyware detection program for their Mac.

[JohnnyMalaria]

which is a fairly accurate statement, at least in the context of how many people set up their computers, which is to take them out of the box and connect them to the Internet. (Often without virus protection which is outright stupid in my opinion no matter what OS you're running).

Sadly, if MS included virus protection out-of-the-box with Windows, they'd be sued for anti-trust/monopolistic activities.