Wednesday, May 17, 2006

Macs and security

The Mac and self-replicating viruses: still none in the wild.
Just over one-year ago, my company, DVForge, announced a $25,000 prize for the first virus developer who could infect two Powermac G5 computers located in our office, both with plain-Jane installations of OS X, by propagating that new virus over the internet. In the onslaught of correspondence that quickly then began streaming into our office we found enough wisdom to convince us to cancel that contest, due almost completely to potential risks to legal liabilities. But, the flare was shot into the sky, and the challenge received a huge degree of worldwide press attention, in both Apple press and mainstream press outlets. Presumedly, any virus coders who had not previously eyed the Apple platform would have seen some of this press exposure, and would have been enticed by the challenge, regardless of the retraction of the cash prize.

Well, more than a year has passed. And, surprisingly (or not, to some of us), there is still not one self-replicating virus in the wild that attacks the Mac OS X operating system. That's right, folks... not one. Not the first. Ever. Never. Zero.

Against this reality -- zero actual propagating OS X viruses in the wild -- there has been a groundswell of press attention offered recently to the notion that, somehow, Mac OS X is "nearly" as vulnerable to such afflictions as is Windows XP. In fact, this idea has become the darling for seemingly every writing hack in the industry to use as a stepping off point for whatever brand of yellow journalism they wish to pen.

When I announced the OS X Virus Contest, OS X had been on the market for four years, with still not one single in the wild virus. Now, it has been more than five years. And, guess what?... still not one in the wild virus!

Don't get me wrong: Macs are in no way invulnerable. There have been a couple of proofs of concept (although they had tell-tale signs for those looking, e.g. one that looked and played as an MP3 file, but showed as Type: Application in the file list) and there's also been damage to a couple of machines from Secure Shell scripts (you'd have to be really stupid to open one of those and authorise as Administrator) but, as yet, there are no self-replicating viruses.

Naturally, this is because Apple has a smaller customer base, and so fewer people try to write malicious content but, also, Apple tends to issue patches for security holes quite quickly. And, with Open Source Darwin core in the public domain, Apple has tapped into the vast base of UNIX/LINUX programmers who have been contributing to the security efforts (Apple certainly used to pay a bounty for anyone who informed them of security holes), and Mac OS X is more stable and secure than most systems out there.

There was another security update released a couple of days ago, by the way. Check your Software Update panel for details if you haven't already.

UPDATE: Via Gary Marshall, the world's finest virus. WARNING: does not affect Macs...
Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have discovered a worm that attempts to send a photograph of an owl to attached network printers.

The W32/Hoots-A worm is written in Visual Basic and spreads via network shares. Once it has infected a computer it attempts to send a graphical image of an owl with the legend "O RLY?" to a number of predefined print queues.
...

"Why the author should want to print out pictures of an owl is, of course, anybody's guess," continued Cluley.

Click here to see the funniest owl picture that has ever been...

1 comment:

kurt wismer said...

Macs and security
"There have been a couple of proofs of concept (although they had tell-tale signs for those looking, e.g. one that looked and played as an MP3 file, but showed as Type: Application in the file list) and there's also been damage to a couple of machines from Secure Shell scripts (you'd have to be really stupid to open one of those and authorise as Administrator) but, as yet, there are no self-replicating viruses."

you should maybe have read the comments to the post you're reblogging about... there are self-replicating viruses - self-replication is a necessary criteria to be able to call something a virus so the things being called viruses are self-replicating (there's a huge difference between self-replicating and self-spreading and self-spreading is rather rare in viruses, more common in worms)... and osx/leap.a (an overwriting virus and instant messaging worm) was/is in the wild...

Moonbat still loony

It's always delightful to dip into George Moonbat's nutty articles ... We cannot rely on market forces and corporate goodwill to de...