Virus and Spyware on OS X

until recently, i found out that mac have more than one virus; and that it has spyware; and i begin to question mac security.

is there really a virus or a spyware that i need to worry about? should i installed an anti-virus software? should i be worried? where can i find this virus/trojan?

what happened if i download a windows virus/spyware? would it be located on the internet cache? or where i chose to download it. it would not reside or extract itself to a files/folder i don't know about right? would delete internet cache remove the windows spyware and viruses?

btw, for some reason i felt more secure in XP SP2, i rarely get virus... once a year maybe, i also rarely get spyware, 1 or 2 per month at the most, and i used the internet very frequently. i also used opera in windows and now mac.
the annoying things in XP is its registry.

update; after updating my macbook to OS X 10.4.8 it runs very cool! i was supprised at how cool it was for such a powerful machine, and no, it never become hot! my pda (hp ipaq 2750, intel 624mhz) runs waaay hotter than that! other than this security issue nagging on my mind, i love OS X, it is beautiful and very intuitive.

 

Don't worry. There are ZERO viruses/spyware in the wild for OS X. The stuff you saw was likely for OS 8/9 or a proof of concept, which is very different. There is also no way for Windows malware. First, OS X uses a completely different type of file to install programs. Also, they are different OS's that speak completely different languages.

Now, having said that, us mac users are probably a little over confident sometimes. I would still practice good internet habits and be sure you run as a limited user. DO NOT RUN AS ADMIN!!! HTH!

 

Nothing you should worry about. Just use the same precautions as you would in Windows: don't download things you don't trust, don't surf seedy sites and let them install plugins and such. The MOST important thing is to NEVER type your admin password in if you aren't expecting that dialog to pop up. That's usually a sign of some software trying to do something it shouldn't.

OSX is UNIX. Learn the UNIX. Love the UNIX (I'm a linux dork myself, but I've used OSX fairly extensively)

 

That is the big thing...... one of the more interesting "proof of concept" trojans out there was an app that would get downloaded, and when you clicked on it (thinking it was something else, or even thinking it was a document), it would prompt you for your administrator password.

Technically speaking someone could make an innocent-looking OS X app that someone might download to try out and not know what it was really doing when it asked them for their admin password.

One of the issues unfortunately with OS X security is that many users instinctively will type in their administrator password because it is used so commonly now (i.e. for any software installs, etc.), and they will just enter it when prompted to, even if they aren't sure why they're being asked for it.

So, even though there isn't anything significant out in the wild, it's always a good idea with any platform to stick to safe computing habits.

 

i think i'm gonna write to apple about this issue, and i will request that they give us some sort of anti-virus and anti-spyware utility (not sure they'll do that though, they don't even gave a defragmenter on early OS X. and remember there are no on-the-fly defragmenter on early year of OS X).

my thanks to the very promt reply, and please.. please keep more of 'em coming to make me confident using my mac, or not.. coz currently, i'm not planning to use my mac for my critical work or data (coz of the security scare).

 

If I recall correctly, one of the original freebies that you got when you signed up for .Mac was a copy of Virex and a year of definitions or something like that. But they don't offer that any more, presumably because of lack of interest and necessity.

I don't really think at this point there would be any sort of anti-virus or anti-spyware utility Apple could really even give you if you wanted it, really.

What did you mean that you aren't going to use your Mac because of the "security scare"? I am pretty sure you are pretty safe with any sensitive data, etc. on your Mac. There isn't a widespread security scare I've heard of, and again, as long as you don't do anything out of the ordinary (i.e. open up full access on all ports to your computer and change your root password to "hackmeplease"), I think you should be fine.

 

yeah i guess you're right, i cancel sending letter, although i wanna request something that would detect malware behaviour such as the "heuristic analysis" feature on most security software in windows

 

You have to understand that OS X is not Windows. It is a whole different world. Malware just does not exist on OS X at this point. There is no need for an anti-spyware or anti-virus. As for defragmenting, HFS+ does not severely fragment, and OS X does on-the fly defragmentation. So there is no reason to include a defragmentor, as it is not needed. What you seem to be missing is that OS X is a modern OS and Windows is not.

 

What security scare? There's no security scare with OS X.

 

ic, so are you refering to that, if there is indeed a malware, there is some sort of built-in prevention that mac os X has, is that correct? i'm guessing something like an admin password, like the time i install critcal (utilities and the sort) software. how bout spyware? is it the same also?

what is this OS X viruses i keep hearing about? home-made viruses, proof of concept virus. as u might know from a switcher. windows... well most good security software has some sort of "heuristic analysis" and it does a good job preventing/stopping unrecognise virus and spyware. i once get something like, "this program/file behave like a malware" so i delete it. and that is what i think mac OS X should have. Even though there is no signature, MAC OS X should recognize malicious software. so in the future if there is indeed a widespread epidemic, it will be easily contained... or is that feature already built-in?

so.. mac OS X has no spyware/virus and the like then. i need not worry about them?

 

ooops sorry, i guess "security scare" is a but much

 

Well, again, there's nothing out really "in the wild"..... that is, there have been people who have developed various trojan horses, etc. to demonstrate potential flaws in OS X that a virus writer could take advantage of.... but there's nothing really spreading around.

It doesn't mean you shouldn't worry, per se. There's always the possibility of something starting to go around (although the nature of OS X makes it harder for a virus or trojan to spread around as much), so you should use the same safe computing habits you use on Windows.... namely, be careful running any software you download (make sure you get software from a trusted source, etc).... if something asks you for your Administrator password and you can't figure out why (i.e. you aren't doing a software install), probably stop what you're doing. That kind of thing.

 

how about spyware?

oh wait, is that hard to do also on the mac because of that block in sharing port thing?

is there a spyware for mac?

 

As far as I'm aware, there isn't currently any spyware available for OS X. Most spyware is designed specifically to infect Windows systems, generally (either to be installed secretly when someone installs an app like a screensaver or game, or through an ActiveX control or something similar).

It's not to say that someone couldn't conceivably develop some sort of spyware for OS X, but it hasn't currently been an issue.

 

hmmm... ic... thanks zadillo that helps a lot, i'm more confident with my mac now.. though i somewhat still think it's best for me to use windows at this point and play around with mac first... though it is still very likely that i'm still gonna (if all goes well) get that qosmio. i am loving using OS X though, but i think i am just gonna use it as a "fun" product... we'll see

 

That's cool wobble; it's not like there's a rule that says you have to use it for everything. However, you may find that you enjoy working in it for all sorts of things, not just the "fun" stuff. Personally that's how I am, for the most part..... I prefer to do most of my word processing, etc. in OS X as well these days.

 

It would be even hard for spyware to even infect the system as well. So to give an understanding of how OS X is and works, read below.

Assuming you followed the Mac Guide sticky, you would have found a link to a thread in there recommending to create three accounts, One admin for admin use, another admin that you never use, which would only be used for diagnostics, and your own private standard account for everyday use.

Now if you setup your Mac following what the thread stated, and use your standard account, and lets say something tries to infect your OS X, if it's a smart infection it will try to infect your system but that will result in a password dialog coming up asking for your password, if you aren't trying to install something then you know something is up (this has been mentioned a few times already). Now if it was just some normal infection, it would only be able to infect your own home directory, nothing else as you don't have the powers to change other files. The admin account on the system has the power to change a lot of system settings, but thats it, I repeat ADMINS CAN ONLY CHANGE SYSTEM SETTINGS. Now you might wonder "yeah so?" well admins aren't full power then.

The root account, which comes disabled by default, is the only single account on the system that can change/delete/modify the ACTUAL crucial system files themselves. Having such a account disabled in the first place is basically a slap in the face for any viruses and such that try to infect, because if they can't infect those system files to create holes, etc. it's worthless. However they can still go after your admin account, and try and use its power to change system settings such as open a port, but it has one tough cookie to pass, and thats the administrator itself. Just don't be dumb, and follow what everyone else says.

Filesystem architecture.
HFS+ is just plain different, it indexes all the files and folders differently than any windows filesystem does, so basically even if you get a file thats a windows virus or trojan, it's just gonna sit there and look confused as it can't figure out your filesystem and how to use it to navigate. Now the author could program how (most probably don't even know how anyways), but even then it gets stopped again by the administrator password itself, and the root account is disabled, it just became a worthless file.

It's been reported by groups that anti-virus programs like nortons OS X virus scanner actually slows down the system and creates holes.

Anyways, no one here can tell me the only reason why OS X isn't 'targeted' is because it don't have a large market share, I do accept that can be part of the reason but not the entire reason like most windows folks like to say. OS X is built on unix which makes it leaps more secure than Windows, while thats not to say that its not possible to hack into OS X, its very hard to do especially since OS X comes out of the box with all its ports closed and ignoring any port communications that are initiated from the outside.

Apple is just smart on their side securing their OS, when they trashed OS 9 to start over on OS X, they made security a HUGE priority and they did a wonderful job on it. Unix is maintained by both businesses and individuals alike (depending on what unix it is) and having those individuals on the same side is important because they are the ones you want on your side.

Check out apples security updates on the apple website, you will see that numerous security exploits are mostly unix stuff under the hood, while a bit frightening at first, but then you realize that from the credits (yes Apple credits the people who report them) that they were all reported by universities, individuals and other large corporations. Those are three large groups helping Apple there, Windows mostly just has corporations and universities, but rarely the individuals help because a large portion of the individuals HATE windows.

Isn't there a rewards thing out there thats been out for a while claiming that anyone who makes a virus or something will win some big cash prize? Still haven't heard anything on anyone winning it.

I could go on and get on the history side of things, but in the end the ONLY security risk there is, is the human thats running the machine. So make good decisions.

 

Excellent points xbandaidx.

That always kind of bugs me when I hear someone say that the ONLY reason Windows has the virus problems it does is just because of popularity. I think this attitude is great from Microsoft's perspective, because it gets them off the hook. The reality is that a lot of the Windows problems are because of the fundamental design of Windows itself as well as various aspects of how software like Office and Internet Explorer were designed.

Popularity and user numbers certainly are a factor as well (if people weren't using the software, it wouldn't have so many people to spread to), but there is more to it.

For what it's worth, Microsoft generally seems to have taken responsibility for their previous security problems, and have made security a major focus of current software development. But I think some of Microsoft's defenders haven't gotten the message, and prefer to think that there was never anything wrong with the software itself, or that everything has the same problems.

 

wait wait wait... so are u saying that my current (admin) acount that comes default with OS X is not secure? i need to create another "less priviliged" account to secure my os?

errr.... just so u know, mac and xp crash about the same frequency...

 

Yes, sort of. If some malware were to come out, it would not be able to install itself while you are in a limited account. There have been rights escalation issues with admin accounts in OS X, they do not work in a limited account. This is true in Windows. Spyware/viruses cannot install if you are a limited user in Windows. Only problem is that most things don't run in limited user accounts on Windows. In OS X however, everything still works as it should.

The short of it is to make a new Admin account, and then downgrade your current account to limited.

**EDIT** This is true of ANY OS. EVERYONE should run as limited. Vista is supposed to make this actually work for Windows. That alone will greatly increase Windows security. But OS X, Linux, Windows, all should be used as a limited user, NOT admin or root.

 

Well it's still 'technically' secure, because you still need to enter in a password to make changes, but thats only if you remember to hit the lock icon to lock up again, now I'm not sure because I never checked, but I think if you leave the lock unlocked it stays unlocked. That is more towards like System preferences stuff, which isn't exactly a big deal of a target in the first place.

It's recommended by a lot of us here personally, I believe both Cashmonee and I STRONGLY advocate it all the time here and that all users should do it, not to mention the large MacWorld publication magazine also recommends doing this exact same thing. (create 3 accounts thing, more information on it under Mac OS X Security thread that is located in the sticky)

 

****.. thats annoying... very informative info though... thanks a lot. if u dont mind please share more info

 

Basically in a nutshell...

Go into system preferences, and then accounts. hit the lock icon to unlock and enter in your password. Make two accounts, call one diagnostic and give it admin privledges, now never use this account at all unless you are having some kind of problem on your standard account. How does this help well lets say some application is acting funny or something else, you can go into diagnostic and try doing the same thing, if it doesn't happen you can iron out that it's not a hardware issue, and its most likely a preference setting issue. Remember each user has their own preference settings.

Now create another account, but do not give it admin privledges, and name it whatever. Just use this for everyday use. Now you might wonder "what if I have to install applications, do I have to login to my admin account to do it?" the short answer is no. When you try dragging something to applications folder or whatever, it will ask you 'cancel', 'Authenicate' or 'Ok'. Just hit authenticate, and put in your admin password and that will install it.

When you are all done just hit the lock icon and your done. Now if you already have photos or whatever on your admin account, just move them to the shared folder located Macintosh HD > Users >Shared. After you do that make sure to do 'Get Info' on the files/folders and under permissions to allow other accounts to read and write to it, so you can copy from the shared folder to your new standard account folders stuff.

 

with windows vista fixing such issue.. i wonder if they also going to fix that on the 10.4 update or "leopard" upgrade.

 

A little vague, but fix what?

 

What issue are you talking about?

 

oops sorry to cause confusion...

ur talking about window's vista User Account protection thing right?

 

I'm still not sure why OS X doesnt' force you to create a non root account. Both Windows and OS X should force you to have a normal user account and then a root(admin) account just like in unix/linux. Really, it is just silly to run as root all the time. Even if it is more convenient.
Then again, not every linux distro does force you to create a normal user account.

 

except that you aren't running as root in os x, you just have admin previllages.

 

I think you misunderstood. OS X and Linux have it right. Windows does not. If you were to try to run XP as a limited user you would quickly find it an exercise in futility. Although they are getting better, many Windows programs require an Admin account just to run. Vista is supposed to change this and make it actually usable, like OS X and Linux. I always run limited in OS X.

 

They're usually the ones trying to emulate windows...