A TREND MICRO BLOG

May 14

Apple Macs, no crashes or viruses?

Rik Ferguson

Filed under: Mac OS, Opinion, malware, vulnerability | RSS 2.0 | TB | Tags: , , , , , , | 19 Comments

rotten-apple-040108-lg

 

That is certainly the case if you believe Apple’s latest advertisement, available here and titled Elimination.

“I just need something that works without crashing, or viruses or a ton of headaches.”

 Apple’s ads have always been amusing, but this won’t be the first time that someone calls them out for also being misleading.

 

To say that there is no malware (or viruses) for the Apple platform is demonstrably untrue. In January of this year a pirated copy of iWork was made available as a Torrent, that copy of iWork was found to contain a trojan. Those affected systems were later found to have been recruited into a botnet that has already been used for DDoS and Spam runs.

 

By the same token, Mac OS and many applications on the Mac OS platform have recently been found vulnerable to some high profile exploits. This was most publicly evidenced by the Pwn2Own at CanSecWest both this year and last, but also includes such well used applications as Adobe Flash and Acrobat and Microsoft Office.

 

For many years now Mac users have believed themselves to be invulnerable to malware, and this is not the first time they have been encouraged by Apple in this belief. This complacency leaves many Mac users with the mistaken belief that either Macs are not vulnerable to malware, or that none exists for their platform or both, impacting their ability to make informed decisions when downloading or installing new software, opening attachments or visiting questionable sites.

 

Given the fact that today’s cybercrime motivation has shifted from a misplaced sense of “l33t h4×0r” pride to a sole focus on the business of generating cash, the threat to Mac users is definitely growing. Cybercrime and malware in today’s world is big business, and one that ever more closely resembles the world of legitimate business, including outsourcing, R&D budgets, Malware as a Service platforms, SLAs and even EULAs. In this shady world of business it would defintely be fair to say that as the Mac market share expands and the user base grows, so does its perceived “investment potential” to the cybercriminal.

 

It’s all about Return on Investment, and the fact that that user base is largely unprepared and the computers themselves largely unprotected can only increase the attractiveness. Apple should talk honestly and openly with their customers about the threat, giving them fair and balanced advice when it comes to protecting their investment, their identites and their cash.

 

As regards the other one, a Google search for “Mac OS crash” yields over 3 million results…

 

For the record, I’m a Mac user.


Bookmark
| More

This entry was posted on Thursday, 14. May 2009 and is filed under "Mac OS, Opinion, malware, vulnerability". You can follow any responses to this entry with RSS 2.0. You can leave a response here, or send a trackback from your own site.

19 Comments

  1. Monday, 18. May 2009 um 10:34 am

    [...] Támadják a Mac-ek vírusmentességéről szóló hiedelmet. [...]

  2. Sunday, 24. May 2009 um 3:57 am

    A trojan is NOT a virus. They are, and act — differently.

    Please provide a name for even one single Mac OS X virus that has been in the wild.

    I’ll wait.

    Be careful of accusing anyone else of being misleading. Not everyone is gullible enough to be mislead by AppleHater diversions.

  3. Monday, 25. May 2009 um 8:41 am

    Hi Counterpoint,

    I agree that to those “in the know” a virus is distinct from a trojan. In marketing speak though, “virus” means “malware”, this includes viruses, trojans, worms, spyware, etc. ad infinitum. I know the truth of this, I do many press interviews and am obliged to use the term “virus” as a catch-all becaue it is the only term familiar to most mainstream readers, whether I like it or not. I have no doubt that Apple marketing dept are fully aware of this too and were using the term in this way as well.

    The fact remains it is both irresponsible and misleading of Apple to advertise their OS as “not having any viruses or crashes”.

    Far from being an “AppleHater” I use a mini as a media centre, an Air as a browsing PC and a Mac Pro for music recording… It’s just that I am realistic enough not to be blinded by my hardware or OS preferences and have enough exposure to the world of malware to know the truth of the Apple “virus” reality.

  4. Wednesday, 27. May 2009 um 1:11 am

    Well then. The candle that I, and ‘those in the know’ hold to your feet — you being a journalist — is to EDUCATE.

    It IS absolutely detrimental to allow the ‘uneducated’ to use terms errroneously.

    It is important that ‘they’ learn — the hard way if necessary, (nothing like the pain of hubris to teach a lesson, huh?) — the distinctions in the term MALWARE vis-a-vis: viruses; trojans; worms; spyware; et al..?

    Blithely using the word “virus” as a catch-all to refer to any ONE specific MALWARE serves no-one. And, damages everyone. It is just as harmful to ALL as using the word ‘meat’. The term ‘meat’, could legally ‘mean’ — any soft tissue from ‘any’ animal. Beef is more SPECIFIC, no? As is, beef ground round, or beef sirloin.

    I think Apple’s ethical scoresheet, regarding THEIR responsiblity to inform possible customers of the dangers of VIRUSES/VIRII — has been substantiated with facts.

    Macs don’t get viruses. There is a four-letter reason for that.

    Root.

    ‘Root’ is handled very, very DIFFERENTLY on Mac OS X, than it is on EVERY modern version of Windows.

    This may seem like splitting hairs to windows cheerleaders, and it is something that seems to be conveniently forgotten or dismised by the likes of Enderle, Thurrot, Ou, et al.. But, honestly this is what protects Mac users from ‘viruses’. And, by viruses ‘I’ mean viruses, and NOT ‘malware’.

    Sure, Macs users ‘could’ get trojans. Why don’t the uneducated know why they could or couldn’t? Who educates them? A self-interested corporation? Or free-speech journalists?

    BTW, no disrespect intended, but there’s no need to PROVE your Mac owning credentials. I generally find that reciting hardware ownership — Mac or PC — unprovable, and completely unnecessary. Don’t you?

  5. Wednesday, 27. May 2009 um 2:12 am

    Oh. Anecdotally speaking, I’ve had one ‘Kernel Panic’ — about four years ago (on an eMac —changed the bad RAM, KPs stopped). If that’s what you ‘meant’, by “Mac’s crash”.

    And, since MacOSX 10.0 — I’ve NEVER heard of a single Mac OS X ‘virus’ in the wild — EVER. You need to frequent more Mac sites to get the DAILY ’scuttlebutt’.

    BTW, not once have there been wide reports of a — ’sort-of’, ‘maybe’, ‘kind-of’, ‘non-proof-of-concept’, malware software passed from one Mac NOT directly connected via an office INTRANET to another Mac that wasn’t within eight feet of another Mac.

    Trojans, maybe. MALWARE, not.

    MacOSX boots to Tier 2 permission. Windows boots to Tier 1.

    EVERYTHING that lands on a WindowsPC — HAS PERMISSION.

    That’s why Macs are safer.

    But, you knew that. ;-)

  6. Wednesday, 27. May 2009 um 1:21 pm

    To be fair to Rik, you spent a lot of time going over specifics and semantics and the need for being extremely precise where the use of “incorrect” terms are concerned, while

    a) repeatedly and incorrectly calling him a journalist, when to the best of my knowledge he is in fact a blogger, and everything here should be taken as his opinion rather than him having to aspire to some kind of journalistic ethic / style / code of conduct that the associated press adhere to – it’s some guy talking about stuff on his blog, dude – and

    b) berating him for using the catch-all of virus, when you could say Apple are doing exactly the same thing with their adverts.

    Why, for example, do they not mention the growing ranks of fake media codec trojans for the Mac OS X on their ads? Or that you can (and do) find Macs being used in Botnets?

    Oh right, it doesn’t look as good as “We stop everything, lol”. Catch-alls work both ways.

    And as someone who spends a long time talking to journalists myself, you can pretty much say what you want to them and be as precise as possible – but when you see the article appear the next day, I guarantee you 9 times out of 10 everything will be reduced to terms the general readership can understand whether you like it or not.

    I used to be extremely technical myself and fret over semantics, until I realised nobody understood what the Hell I was talking about.

    This is because they’d see the news article
    (where the attack being talked about would be called one thing), and then go to my blog and see a whole bunch of different things mentioned and wonder what on earth was going on, what I was talking about, how this “couldn’t be the same thing that was in the news”, and numerous statements about my mothers chastity.

    So of course, that had to go and now I simply ensure I call things on my blog what I *know* the mainstream (non technical) press will call it.

    Most people do this now, because there are only so many statements about your mother you can be bothered listening to. If you’d like to field those enquiries, I could probably hire you as my PA.

    Nowadays, I worry less over semantics and whether I should call someone a cracker instead of a hacker and more about shutting down the next scumbag while trying to warn as many people as possible that CLICKING BAD THINGS IS BAD.

    As long as they do that, I couldn’t care less about anything else. Let someone else worry about terms used on a blog, when in fact they should be going to the source of the main reason the blogs have to do this – the mainstream media.

    You know, those journalist ranks you seem to think Rik belongs to.

  7. Friday, 29. May 2009 um 3:30 am

    Paperghost — Microsoft Most Valuable Professional.

    You’ve added NOTHING to this discussion. Except a sad attempt at diversion. A sadder attempt to defend someone incapable of standing up to the challenge that he laid out. And, a pathetic red herring accusation of Apple.

    FWIW, aren’t ‘bloggers’ supposed to be REAL journalists. ‘Bloggers’ sure got their panties in a twist when a judge and many other ’so-called’ journalists said otherwise.

    You suggesting that bloggers are exempt from being factual is weak. Claiming to be just a blogger when incorrect, and a real journalist if you accidently are correct is, gutless.

    BTW, in those ‘You find it, you keep it’ Microsoft ads, when does Microsoft mention the trouble that their self-claimed 90% of computer users will have, with Windows-only ‘malware’: which includes viruses, trojans, worms, spyware, adware?

    Oh right, it wouldn’t look good trying to sell really cheap computers, with a load of expensive malware software.

    Again. What about ‘root’? Naming a single Mac OS X ‘virus’ in the wild? Permissions?

    Perhaps your next post can chastise me on my use of layman-confusing punctuation.

  8. Friday, 29. May 2009 um 4:20 am

    Dear Mr Point,

    I’m not “incapable of standing up” for anything. I simply don’t want to enter into any further conversation with you.

  9. Friday, 29. May 2009 um 5:27 am

    “Paperghost — Microsoft Most Valuable Professional.”

    Haha, well there’s a weaksauce opening – haven’t seen THAT done before. I guess by mentioning my MVP award you seem to suggest I’m a Microsoft cheerleader, when nothing could be further than the truth. I’ve slated Microsoft publicly many times, given them plenty of press black-eyes where their actions are concerned (go google Patchou and his ill fated MVP award) and quite happily tell anyone who will listen that Windows is a shambles and they should probably consider using a user friendly version of Linux or a Mac, as long as they’re aware that there are (comparatively) minor threats from infections there too – neither are some kind of magic bullet. I have no interest in promoting Windows as something fantastic, because it isn’t. Oh, I got my award for research done on a series of hijacks that affected Linux servers, it was technically nothing to do with Windows as such so please don’t wheel out the tired “mvp means he’s best friends with bill gates” ad hominems. Okay?

    “FWIW, aren’t ‘bloggers’ supposed to be REAL journalists. ‘Bloggers’ sure got their panties in a twist when a judge and many other ’so-called’ journalists said otherwise.”

    Are we? Who are these pantie-bunchers that now speak for everybody? If some random percentage of bloggers want to be classed as journalists, let them. It doesn’t make them so, nor do they suddenly somehow represent people who blog who are happy to be bloggers instead of journalists.

    Go apply for any journalism job and tell them you’re a blogger, see how far that gets you at interview stage (protip: nowhere).

    Amazingly, bloggers say things that you might disagree with, or think is wrong, or dash stuff off that probably shouldn’t have been. I do it all the time; the difference between myself and some guy writing for a newspaper is that I quite happily admit it openly to anyone that’ll listen, and am quite vocal about the fact that people *shouldn’t* go to a blog expecting it to agree with all of their pre-conceived notions of what will or won’t be on there. If you do, you’re doing it wrong.

    “You suggesting that bloggers are exempt from being factual is weak. Claiming to be just a blogger when incorrect, and a real journalist if you accidently are correct is, gutless.”

    mainstream media having to use generic terms to be able to explain often complicated security issues to the public at large is a fact of life. go do something about it then come back in a while and tell me how far you got (hint: the answer will be “nowhere”). I got bored of being yelled at by angry comic book guy years ago. Then again, if someones primary source of technical security information is blogs, then that’s rather foolish in any case.

    The blog represents an essential paring down (and in many cases, ignoring the semantic battles that people seem to get so over-excited about) of the whitepapers, technical papers, dry virus descriptions from databases and presentations that originate on the main company websites, conferences etc. If you approach a blog with the knowledge that 1) this is a guy putting out his personal and quite possibly random thoughts on something 2) it’s likely going to HAVE to strip out data / make it easier to understand for people who don’t necessarily spend their entire life talking about security 3) there is quite likely a “no holds barred” set of technical data with all the correct terminology you can think of on a site related to said blog, then there shouldn’t be a problem.

    Otherwise, approach it as if it’s supposed to be the “be all and end all” of everything and then get your own panties in a bunch. Which you are. Or set up your own blog, work with non technical people and enjoy the hassle of trying to reach out to as many people as possible with information that has the intention of being understood by EVERYBODY (most of whom couldn’t care less about splitting hairs over infection definition terms) while gelling with what the journalist (who can barely switch on a PC and spent the last five days trying to work out what a rootkit is) thinks so they can write about it the next day. Your position is so far removed from the reality of how security people work with non-technical press & journalists / the public at large it’s almost scary.

    “BTW, in those ‘You find it, you keep it’ Microsoft ads, when does Microsoft mention the trouble that their self-claimed 90% of computer users will have, with Windows-only ‘malware’: which includes viruses, trojans, worms, spyware, adware?”

    I haven’t seen the adverts you’re talking about, so I can’t comment on them. But as far as Windows goes, Live at Five: Windows is a shambles capable of being pwned by the most basic kind of spy/ad/malware imaginable. Well, I’m shocked. I don’t think there’s a person on the planet that doesn’t know Windows is an infection disaster; but as soon as someone says there’s even the slightest possibility of an Apple machine getting something on board that shouldn’t be, people start foaming at the mouth and jumping up and down and ranting and stuff. if it isn’t the file, it’s how the file operates. If it isn’t that, it’s classification or naming conventions. If it’s not that, it’s repeatedly banging on about (in their opinion) incorrect terms while repeatedly calling someone a journalist and wheeling out tired ad hominems because someone happens to be a microsoft MV – oh wait.

    “What about ‘root’? Naming a single Mac OS X ‘virus’ in the wild? Permissions?

    Perhaps your next post can chastise me on my use of layman-confusing punctuation.”

    Your punctuation is pretty good; your enthusiasm for the Caps lock needs a little work. If you tell mainstream media to stop using generic terms so lots of idiots don’t immediately jump onto peoples blogs and start yelling at them because the blog entry doesn’t resemble the press piece in any way, then go for it. Been there, done that, didn’t work.

    I can get you a free Microsoft mug if you want, though.

  10. Friday, 29. May 2009 um 7:02 am

    “Be careful of accusing anyone else of being misleading. Not everyone is gullible enough to be mislead by AppleHater diversions.”

    I can demonstratably show that Apple Macs crash. How is an advert claiming “no crashes” not misleading? I’d love to get my hands on some non crashing technology.

    “A trojan is NOT a virus. They are, and act — differently.”

    Where did mr ferguson actually say a trojan was a “virus” in his blog entry? His exact words were

    “To say that there is no malware (or viruses) for the Apple platform is demonstrably untrue…a pirated copy of iWork was made available as a Torrent, that copy of iWork was found to contain a trojan.”

    A trojan is malicious software, therefore it is malware, therefore what mr ferguson said is correct. There IS malware for apple macs, and there IS at least one virus in the form of OSX/Leap-A, which spread via IM worm behavior – a worm is a subclass of a virus, though no doubt you’ll fight that one tooth and nail. Know in advance that I don’t actually care if you do, it might save you some time and effort.

  11. Friday, 29. May 2009 um 8:00 am

    [...] Which he is. Cheap shots, contrived logic, ad hominem attacks and a complete lack of understanding with regards how writing a blog that serves the needs of those with a technical bent, computer savvy reporters, those who have no clue whatsoever about IT but want to stay safe and non technical journos who want to learn more about “the whole security thing” operates on a day to day basis can be yours for the taking here. [...]

  12. Friday, 29. May 2009 um 10:09 am

    @counterpoint:
    “Please provide a name for even one single Mac OS X virus that has been in the wild.”

    osx/leap-a – according to the sophos’ write-up (http://www.sophos.com/security/analyses/viruses-and-spyware/osxleapa.html) they’ve received a few reports of it from the wild. don’t be confused by the classification of it as a worm, malware classes aren’t mutually exclusive, it is also a virus (at the very least an overwriting infector).

    “Macs don’t get viruses. There is a four-letter reason for that.

    Root.”

    root didn’t stop professionally administered UNIX machines from getting infected by fred cohen’s experimental viruses when he was doing the original academic research into the subject of viruses. perhaps you don’t quite understand viruses as well as you think you do. perhaps you shouldn’t ASS-U-ME that infection requires access to objects the current user doesn’t have access to.

  13. Friday, 29. May 2009 um 12:37 pm

    Paperghost, that was a cheap shot. I’m sorry. I got pissed because I thought that ‘Paperghost’ was a sock puppet for Rik.

    To the others, I’ll take my Angry Apple Guy, caps-lovin’, contrived logic elsewhere. I’ll wait out in a bunker built by Sophos.

    No. I won’t. But, when an actual Mac virus is out there. Then, I’ll rationally respond to it. Not to the jacked-up hysteria promoted by WinCheeleaders trying to divert attention from the mess they deal with daily, or self-interested malware protection software developers who’d be better off making people happy with some decent games, instead of bottom feeding where there is no ‘crud’.

    BTW, most of the world DOES NOT know — what you know, Paperghost— that ‘Windows is a shambles, capable of being pwned by the most basic kind of spy/ad/malware imaginable.’ If they did, why would 89% of the world continue to use it?

    I can’t figure out why mainstream journalists [FWIW, I was being non-confrontational, when I called Rik that] need to dumb things down for the masses, yet bloggers who speak most directly to the tech inclined — do, aswell. You’d think that a ‘grassroots reporter’, would promote correct terms from the bottom up.

    BTW Sub_Wrath, Rik said in his initial response to me that he uses ‘virus’ to mean ‘malware’, because of the necessary ‘marketing speak’. You read that, right?

    Windows gets hammered by thousands of malware, daily. Yet, one proof-of-concept virus that gets passed from one Mac to anouter via Bluetooth in an office room, is somehow equal to the Windows mess out on the internet. Contrived logic, indeed.

    Oh well, coming here I’ve learned my lesson. My eyes have been opened ;-)

    Gentlemen.

  14. Monday, 1. June 2009 um 10:20 pm

    @counterpoint:
    “Yet, one proof-of-concept virus that gets passed from one Mac to anouter via Bluetooth in an office room, is somehow equal to the Windows mess out on the internet. Contrived logic, indeed.”

    you do realize, of course, that NO ONE has EVER said that the mac has as big a malware mess as the pc does.

    the mac has a much much MUCH smaller mess, but it has a mess none-the-less.

  15. Friday, 5. June 2009 um 2:41 am

    lolz @ the Apple Fanboy.

    Besides that fun, did anyone else catch the irony in that ad? The whole “many PCs vs. one Mac”. It’s all about market share, baby! Gains in market share by Apple drives up the “It’s all about Return on Investment” desirably to asshats. More market share for Apple = more motivation to haxor them.

    Of course I’m surely a “AppleHater” based on my acknowledgment of basic economic principals applied to the badware market.

  16. Tuesday, 24. November 2009 um 7:57 pm

    What can I say?
    To the Counterpoint:
    Read a bit… http://www.sophos.com/pressoffice/news/articles/2006/02/macosxleap.html

    and before starting writing… investigate…

    and regarding the Kernel Panic issue… well… you also don’t have the hundreds of thousand of different hardware device drivers to use the thousands of diffrent hadware devices and combinations possible… you’re pretty much stuck with what Apple sells…

  17. Tuesday, 12. January 2010 um 7:31 am

    ummmm okay look. I am a mac idiot. lolol when i was growing up i had mac, then when i got to highschool and yada yada yada i was introduced to pc, from there i never had access to another mac. All these years i loathed the issues i had with my pc, i even got pretty handy at light repairs. But this year i finally got a mac, i really like it, but i’m wondering what preventative measures i can take to protect my investment. Your all arguing about technical words, and even state that this should educate the consumer, but none of you have said one thing about what i can do to protect my mac from all the technical crap you claim can be damaging to my system…. Any suggestions, what type of antivirus do i need? do i even need it?

  18. Wednesday, 13. January 2010 um 4:14 pm

    @luv:
    suggestion #1 – run anti-malware software on your mac. what type? that depends entirely on what type you’re comfortable with using. what most people are familiar with is the known-malware scanner type of anti-malware product (which many people simply call “anti-virus”). it’s generally the simplest to use so that would be a good start.

    suggestion #2 – don’t think about your mac as being any different than the pc’s you’ve used in the past. all the same precautions you used to take with pc’s you should still take with your mac. mac’s streamline the process of running as a non-admin, but that’s a precaution people should have been taking with pc’s anyways so again, little difference there.

  19. Friday, 12. February 2010 um 8:50 pm

    [...] 4) ‘Apple Macs, no crashes or viruses?’ [...]

Leave a comment

XHTML allowed tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Spam protection

© Copyright 2010 Trend Micro Inc. All rights reserved.
Legal Notice. Disclaimer