September 26, 2005

Mac OS X Viruses: Put Up or Shut Up (part 1)

All, right, I'm sick of people reporting that Mac OS X is 'mostly' virus-free. It is, as far has been proven, ENTIRELY virus-free. Macs are not magical, and one day there will be virus that infects them. However, I don't think it's happened yet, and I think it's time we, the Mac community, started saying, "No, we don't have any viruses."

Seriously, if a reporter asked you, "Hey, do you have herpes?" and you replied, "Nope, I've been tested, no herpes, never," and then they wrote an article with the headline, "Bob Smith: Mostly Herpes-Free," you would, no doubt, flip (assuming your name was Bob Smith). You'd probably sue, even. But we put up with this crap every day, mainly because it's nigh-impossible to prove the negative. We'd need to inspect every hard drive of every Mac owner in the world. So we settle with "mostly virus-free" even though, compared to Windows, we're Mother Theresa and they're Pamela Anderson.

Let me be clear: not having had a virus is NOT the same as being immune to viruses. I think part of the reason almost nobody has been willing to stand up on this crusade has been that we get shouted down with cries of, "Well, no OS is perfect; Mac OS X will get its virus!" And I have no doubt we will. But Windows gets a virus every freaking week, and we've never had ONE. I think that's also relevant. Much more so than "Well, someday you won't be so perfect!" (Again, imagine you're about to share a fork with someone who you find out has rabies, scabies, rashes, a cold, the flu, lice, and scurvy, and that person says, "Well, everybody is susceptible to the same diseases." Yes, true, however, you'd still probably prefer to share with someone healthy at this moment.)

I'll admit, this crusade didn't start with me. It started on MacSlash where the news editor has TIRELESSLY pointed out every time some journalist or company implies that we're infectious.

And, I'll admit, others have come up with the idea of offering a bounty for Mac OS X viruses before, but I think those plans failed due to the way the challenge was structured. I don't want to incite someone to create the first Mac OS X virus.

So, here's my plan. I'm not putting it into effect yet, but I'm soliciting comments, and if nobody can prove it's a bone-headed idea, I'll go ahead with it.

I'm going to offer a bounty of $500 to the first person who can prove that a Mac running Mac OS X (version 10.0 or greater, and patched to the latest security level available at the time from Apple) was accidentally and detrimentally infected with a virus that exploited a flaw in the base Mac OS X installation (not, say, Microsoft Word) before September 20, 2005. The definition of "virus" will for this contest will be either a virus or worm as described by the wikipedia. The challenge ends at 23:59:00, October 16, 2005 (which happens to also be my birthday, and by the way I have a thing for nice shirts).

I will only offer this bounty once, and as you can see, the deadline for the viruses to have done their dirty work is in the past. So, if you're planning to write a new virus just to win the challenge, well... that won't work unless you also make a time machine. (Which, frankly, I'd be willing to fund for $500.) This is a research project, not a programming project: find one of us who has been infected at some time, and tell the world about it.

And, if you can't, then we should declare ourselves "virus-free," and write letters-to-the-editor anytime someone compares us with Christina Aguilera. Because we don't roll that way.

Labels:

187 Comments:

Blogger jfdkasjfdkls;a said...

All you need as a non-disclosed remote root vulnerability to create a worm. It's even easier to create a virus as you can exploit local privilege escalation for file-based infection. The malware portion of the code is pretty straight-forward from OS to OS. What I think you're really going to offer a bounty for is the disclosure of a vulnerability that Apple is unaware of. Many people would question this side-channel as unethical full-disclosure wrapped nicely with a malware ribbon on top.

September 26, 2005 5:21 PM

 
Anonymous Anonymous said...

Quickly changes the definition on Wikipedia to be "a program that runs on your computer.".. Clicks build.

Walah! A virus, by the definition of Wikipedia, done!

September 26, 2005 5:24 PM

 
Anonymous Blake Seely said...

I think the point is that Wil's not offering $$ for a vulnerability. He wants to see proof that a vulnerability was exploited (to-date, not in the future) with a virus.

September 26, 2005 5:25 PM

 
Anonymous Anonymous said...

Mac virus alert - users' details at risk
A rarity, it has some Apple buffs worried

By Munir Kotadia

Published: Monday 25 October 2004

A new script-based virus that spies on Apple Mac users was discovered over the weekend. The malware, which has been dubbed ‘Opener’ by Mac user-groups, disables Mac OS X’s built-in firewall, steals personal information and can destroy data.
Security experts say these traits are common among the thousands of viruses targeting Microsoft’s ubiquitous Windows operating system but are virtually unheard of amongst the Apple Macintosh community.
Paul Ducklin, Sophos’ head of technology in the Asia Pacific, said the virus, which Sophos calls Renepo, is designed to infect any Mac OS X drives connected to the infected system and it leaves affected computers vulnerable to further hacker attack.
Ducklin said Opener disables Mac OS X's built in firewall, creates a back door so the malware author can control the computer remotely, locates any passwords stored on the hard drive and downloads a password cracker called JohnTheRipper.
According to Ducklin, Opener tries to spread by copying itself to any drive that is mounted to the infected computer. This could be a local drive, part of a local network or a remote computer.
Most worryingly, according to Ducklin, this could be the start of a spate of viruses that uses Mac OS X’s scripting features against its users.
"The existence of Unix shells - such as Bash for which this virus is written - and the presence of powerful networking commands opens up the game a little bit for Mac users. It is no longer necessary to know about Mac file formats or executables you can write your malware in script and if you really wanted to you could probably write a portable virus that would run on many flavours of Unix [and Mac]," said Ducklin.
Chris Waldrip, president of the US-based Atlanta Macintosh Users Group, posted a detailed description of Opener on the MacInTouch website.
According to Waldrip, who admits the virus has him "a bit spooked", Opener seems to have started out with a "legitimate purpose" but has now been developed into a replicating piece of malware.
"I'm not sure how this could be guarded against," he said.
Mikko Hyppönen, director of antivirus research at F-Secure, said that viruses targeting the Macintosh system virtually disappeared in the late 1980s.
"Things have been really quiet on Macintosh-front, virus-wise. Back in the late 1980s, viruses used to be a much bigger problem on Macs than on PCs. We here at F-Secure used to have an antivirus product for Mac but discontinued it after the macro viruses died out," said Hyppönen.
Symantec said users of Norton AntiVirus for Mac OS X were protected as long as they had updated their signatures over the weekend. A spokesperson for the company said the relevant signature files had been available since Friday evening.
Munir Kotadia writes for ZDNet Australia.

September 26, 2005 5:27 PM

 
Blogger Wil Shipley said...

Mark, seriously: READ THE LARGE PRINT.

The virus has to have EXISTED, and INFECTED a computer maliciously, BEFORE SIX DAYS AGO. Thus, it can't be something someone just whipped up, and it can't be a conceptual "way to write a virus."

YOU HAVE TO PROVE THAT SOMEONE ACTUALLY SUFFERED FROM A REAL, LIVE VIRUS THAT ALREADY EXISTED! NOT PROVE THAT VIRUSES CAN BE WRITTEN! WE ALL KNOW THIS!

THE WHOLE POST WAS ABOUT THIS! FOR CRYING OUT LOUD, DON'T ADD TO THE THE DAMN COMMENTS UNLESS YOU ARE GOING TO EVEN READ THE FREAKING POST!

There have been many, many vulnerabilities documented in Mac OS X. This is NOT NEWS. CERN has a ton of them. It's a damn Open Source system -- the vulnerabilities are right there for you to read about! My point is, these have never been exploited in a live virus, released in the wild, that harmed people.

September 26, 2005 5:32 PM

 
Blogger jfdkasjfdkls;a said...

I'm sure you can also have a lot of fun with MethodSwizzling here. Don't forget about Malicious Bundles On Mac OS X (currently down, google cached here: http://tinyurl.com/7d4r3)
If anyone wants the attachments I can probably dig them up. All that's left is finding an infection vector.

September 26, 2005 5:33 PM

 
Blogger jfdkasjfdkls;a said...

Sorry Wil, the glory of RSS is skim-reading, which is also the bane of RSS. I retract my arguments.

September 26, 2005 5:36 PM

 
Blogger Wil Shipley said...

Opener: From the article on MacInTouch: "It does not look like something that can be maliciously installed, since the shell script can't be installed by just any user on a machine." You have to have installed it yourself. It was malware, but not a virus. Notably, the article quotes a guy at a virus-protection firm (Paul Ducklin ) saying how worried he is about this possible virus, which nobody is listed as having suffered from.

September 26, 2005 5:41 PM

 
Anonymous pixelfairy said...

does social engineering count?

outside of that, this issue is confused. MS has a really bad history with viruses etc, only partially caused by thier popularity. theres also alot of legacy and bad design in windows which doesnt exist on osx.

apple got to see the mistakes and start over. patching os x is thus easier for apple than the complex maze that ms has to deal with (which is why they tend to have patches that break things, where such is rare in the unixes)

there is one glaring "flaw" in the os x model. a user can install an app (in /Apps) and write over it, meaning malicious code can too. not just an admin user, a normal user. some apps only run if you have write access to the bundle, which sucks but i dont think thats apples fault.

anyway, i dont think most users would make themselves an admin account just to install apps.

a password less fast user switch (a la linux/bsd) would make it easier (and hopefully more likely) that users do this (without having short passwords)

in then end users do need to be educated but to a point, the system is still more complex than it needs to be, which is why more education than there should need to be is nessescary. (the only alternative is a managed system, but even the best intentioned can and will make mistakes too)
the mac needs the least amount of education for a system thats still managed by the user (except maybe linspire, havent tried it)

September 26, 2005 5:48 PM

 
Anonymous Uli Kusterer said...

What about Word Macro Viruses? Don't tell me MS fixed those? Surely among the millions of Word viruses, there must be one that works on OS X?

September 26, 2005 6:02 PM

 
Blogger Wil Shipley said...

RSS: I should warn you not to drop out of school or cut off your knees, as well.

Word Macros: Yah, I think I mentioned that in the text of my article, actually.

September 26, 2005 6:09 PM

 
Anonymous ssp said...

Wil, while I think it's potentially an interesting challenge you're putting up, I also think that your initial point is flawed.

As you say, 'as far [as?] has been proven' Mac OS X has been virus free. But this case, which involves millions of distinct computers and possibly a similarly large numbers of possible vulnerabilities, is very different from the example you give with herpes where there is a single body, a single well-defined illness and apparently a test giving a clear result with no herpes for Bob Smith.

Of course reading about Mac OS X being 'mostly virus free' is absurd but that probably has more to do with the highly skilled tech writers you are reading than with Mac OS. They may just want to cover their asses and don't dare to say 'virus free' when they can't prove it. But instead of saying there are 'no known viruses so far' they go for the 'mostly virus free' line which sounds stupid.

Personally, I think it's a bad idea to write about Mac OS X being 'virus free' because it may give people a false feeling of security and make them careless because regardless of what you're actually saying they'll read it as 'immune to viruses' anyway.

So in a way I hope that you succeed with your search for a virus because that'll render these discussions obsolete.

(I also don't understand why you want to exclude Word viruses. From a user's point of view of the damage that can be done it's fairly irrelevant by which environment the virus is executed. If a Word virus can steal or destroy my data and spread itself to my friends and colleagues, it's just as bad as a virus that hooks itself right into the OS).

September 26, 2005 6:11 PM

 
Blogger jfdkasjfdkls;a said...

I re-read the article... "was accidentally and detrimentally infected" -- is clicking OK on a dialog an accident like tripping over your feet and falling down. Stupid maybe, but surely not on-purpose.

I lack the understanding of discounting trojan horses when depending on the definition you read (yea, wil, wikipedia, i know, it's covered in "use of the word virus", which you can sum as a press-ism, because after all that's what you're focused on no?) I know a grip of press that consider most of malware a virus -- does it matter? Yeah if you're trying to convince press and not geeks. To the non-tech it looks like you're reaching when you have to over explain a definition to make such a declaration of such magnitude.

All this code is derived work, the only difference is what the infection vector is. If you're going to address this point in a contest maybe "must have an auto-infection vector" or words that answer the related comments. Nevertheless ssp is right about how press will construe it, people are a large weakness and if you can get them to open something up and it auto-infects from there, this is just as relevant when declaring an OS non-viral. I think it's safe to say some OS's are more viral then others due to the implementation of privilege layering.

It's also hard to prove this with log and timestamp doctoring... prove that your submission was valid that is. I suppose someone might spend some time in vi for $500. At the end of the day how are you going to put constraints on the contest masking the spoofs?

At the end of the contest run, (assuming noone proves it) does this mean it's not there? I'm sure there's a host of nefarious types that would love a bold statement like that flipped in the favor of blackhats. Press will be press, but does this mean the technical crowd has to make unscientifically sound arguments to beseat the mis-information?

Not trying to sound discouraging nor am I offended by your attacks (i've worked with deraadt, i've seen worse), but I'm trying to grasp the exercise with an open mind and the credibility of sinking to the level of press and making bold statements to balnce the scale.

September 26, 2005 6:53 PM

 
Anonymous Anonymous said...

yea your not that smart obviously macs do get viruses and btw MAC OS X is more bugged out the then windows and its also has some serious security flaws.

also MACs are slow

i have a 1.5ghz 512mb celeron laptop it plays games faster and better then that G4 2ghz 512mb ram.


TCX.Worm.JBS was a virus on a MAC so...where are u looking at your info MAC only areas damn

dont comment on my type just read what i said

September 26, 2005 7:01 PM

 
Anonymous Anonymous said...

here is a link to my above comment

http://beta.news.com.com/Apple+plugs+critical+holes+in+OS+X/2100-1002_3-5879187.html

September 26, 2005 7:03 PM

 
Anonymous Anonymous said...

You guys are blowing my mind. Did ANYONE read the article?

He's asking if anyone has ever seen a real, live virus infect a human body. He's not asking if anyone has ever seen a "virus in the lab". He's not asking if someone has ever written a paper for a medical journal describing a theoretical infection vector. He's not asking if anyone has ever had a vaccination or booster shot. He's not asking if anyone has ever been hit with a hammer or fallen down a set of stairs.

We're not taking about root kits or theoretical exploits. He's asking of anyone ever caught some wierd ass virus and got sick or died. And the answer is NO. Period.

No virus. Ever. Simple.

Repeat after me. NO VIRUS. Got it?

If you can prove the contrary, he's offering $500. But that's like trying to prove that the sun didn't come up one day (without resorting to a trick at the polls, or some silly argument like "I couldn't see the sun because of the ashes/clouds in the air"). He's not saying that the sun will never blow up or fade away (it will), he's just saying that it hasn't yet.

But hell, if you're not going to read the article, you're probably not going to read this post. :)

PS, WTF is TCX.Worm.JBS? Google pulls up nothing ...

September 26, 2005 7:30 PM

 
Anonymous Squozen said...

And here's what mentioned RIGHT IN THE FREAKING ARTICLE YOU POSTED:

Symantec and the French Security Incident Response Team both said the vulnerabilities are serious and that the need to patch them is urgent. However, no exploits for them have been reported, Symantec noted in an alert sent to members of its DeepSight service Frida

Let me repeat that for you. NO EXPLOITS REPORTED.

All operating systems have vulnerabilities. You've proved nothing except that Apple patches better than Microsoft. You might also want to read about the actual vulnerabilities themselves.

September 26, 2005 7:33 PM

 
Blogger Tom said...

It's not very responsible to advocate virus writing. It's comparable to writing viruses yourself.

September 26, 2005 7:35 PM

 
Anonymous Anonymous said...

isn't this "test" to see if it has happened yet? does that really mean that an exploit can't be found and aboused by malware writers. all this tests proves is that no one has exploited any vunerablity yet. i can prove no one has been to mars does that mean no one will ever get there?
if you want a OS that can't have any malware you can write an OS that doesn't do anything and that you can't interact with it. as soon as you add people to a computer anything can and will happen. virii by definition are spread because of action of the user so if you are allowed to run things you always have a chance to screw things up.

September 26, 2005 7:53 PM

 
Anonymous brian said...

It's not responsible to post comments without reading the article either!

What's entertaining is reading the article and then reading the idiotic comments!

September 26, 2005 8:04 PM

 
Anonymous Anonymous said...

Don't you think the rules to this are a bit strict?

It can't be with any program that doesn't come with the os - yet if the os lets the program with a virus run it's a flaw with the os as well no (a stretch admittedly - but you're trying to claim "osx is virus free" but leaving out the "if you dont use any programs on it" part...

second fault: only viruses from the past? well super duper, but if someone writes a virus today you'll no longer be able to claim osx is virus free so again your contest doesn't really relate to the claim youre trying to prove

and lastly (and most inept), you're saying the virus has to work even after the system being fully patched - but then you say it has to be a virus in the past... well if there was a virus in the past dont you think it would have been patched and therefore not work anymore? again a double standard... alright maybe you could claim just the patches available at the time of the infection (a little more sane) - but then i doubt youre looking at windows and only counting viruses that haven't been patched...

September 26, 2005 8:17 PM

 
Anonymous ManicDVLN said...

HEY BUDDY, GUESS WHAT, MAC MARKETSHARE IN THE COMPUTER INDUSTRY IS A MISERABLE 2-3% AND PROBABLY THEIR IS STILL SUBSTANTIAL AMOUNT OF MACS THAT ARE STILL ON OS9.

WHO MAKES VIRUSES? WHY DO THEY MAKE VIRUSES? FIND THE ANSWER, AND YOU WILL UNDERSTAND WHY THERE ARE NO OSX VIRUSES.

NO ONE GIVES A SHIT ABOUT OSX. HAVE YOU SEEN ANY BEOS VIRUSES? NO, DOES THAT MEAN THE OS WAS SECURE? NO

WINDOWS HAS THE MOST VIRUSES BECAUSE 90% OF THE MARKET USES IT. ESPECIALLY THE BUSINESS SECTOR. BUSINESS!!!!! NOT SOME LITTLE GRAPHICS DESIGNER THAT IS TRYING TO IMPRESS HIS FRIENDS CAUSE HE GOT A MAC.

NOW TELL ME, IS IT WORTH MAKING A VIRUS FOR A OS THAT THE ENTIRE WORLD MAJORITY DOESN'T EVEN USE? DUMB ASS.

September 26, 2005 8:18 PM

 
Anonymous Anonymous said...

Sounds like a good idea for a bounty! I'm tired of arguing with clueless Windows users who think all computers, including Macs, get viruses.

Paul

September 26, 2005 8:24 PM

 
Anonymous Anonymous said...

Just install Virtual PC & Windows XP.

You have installed a big virus....

September 26, 2005 8:34 PM

 
Anonymous Matt said...

I'd like to offer my support to Wil and his quest. The challenge is very well structured and the only people to have issues with it either cannot comprehend simple concepts or cannot swith off caps lock. In reality these people probably don't have alot to contribute, so the remainder of us can get on with the challenge with the guidlines that have been clearly set out by Wil.

Thanks for the challenge Wil.

September 26, 2005 9:01 PM

 
Anonymous Anonymous said...

My Mac got a infected by a worm once. But it was an old 8100/110 running MkLinux. I deliberately left it running a known-insecure FTP daemon to see how long it would take to get cracked, it only took 18 hours.
But this was back around 1996, before OS X was even in beta. Does that count? I haven't had a virus since that time.

September 26, 2005 9:12 PM

 
Anonymous Greg Titus said...

ManicDVLN says a bunch of stuff about marketshare. But the important sentence is just: "FIND THE ANSWER, AND YOU WILL UNDERSTAND WHY THERE ARE NO OSX VIRUSES."

So there are no viruses. Does it really matter why? Does it really matter whether OS X is theoretically more secure against malware when the reality is that There Are No Viruses.

That's the whole point. There Are No Viruses.

September 26, 2005 9:23 PM

 
Anonymous ManicDVLN said...

I'll make an analogy about this stupid rant.

Canada has not encountered any islamic terrorism. Does that mean Canada is secure from terrorism? Does it mean Canada is more secure than USA to fight against terrorism? No, why? Because no terrorist feels that Canada is important enough to engage in a terrorist act in accordance to their malicious pursuits.

When OSX get's 90% of the computer marketshare, then we'll see how "secure" OSX is. Don't even bother responding me that exploits and security issues are not virus related. In the end, what's the debate here? Trying to prove that OSX is more secure than other OSes. That's the intention of your stupid mac fanatism. An OS that you can reset administrator password with the freakin installation CD.

No OS is secure, if there is the will there is a way. It's simply based on time and effort. This is same stupidn debate in browsers. IE is least secure because most people use it. Now that firefox has become has stole a significant amount of marketshare, firefox security issues started to mount.

September 26, 2005 9:41 PM

 
Anonymous Anonymous said...

10000000+ Kudos to you man, I totally agree. And guess what! My birthday is the 16th too!! :D Sounds like a good plan. i saw this story on digg and someone did not state the story correctly, they are saying you are offering a bounty for someone to WRITE a virus. Good idea though!

September 26, 2005 9:42 PM

 
Blogger Giant Robot said...

Wow this post has really pulled in some real winners.

The "most used" diatribe about Macs and viruses is ridiculous. Apache is far more popular HTTP server than IIS yet IIS has the lionshare of documented exploits. Popularity doesn't make Windows or IE insecure, bad decisions do.

IE was designed to use the Windows system-level scripting host to handle JavaScript and VBScript in web pages. This gives web page scripts local access to someone's computer through ActiveX/VB controls. This might have made sense to someone that thought it was cool to allow web pages to embed ActiveX objects but it has proved to be an enormous security risk. That has nothing to do with IE being popular, it was a bad idea that couldn't be undone because too many vendors had taken advantage of that functionality in their software. Ever wonder why companies providing web apps only support IE on Windows? It's usually because they use a sick combination of ActiveX and VBScript for their front end.

This is one of many exploits Windows has that simply do not exist on Linux, MacOS X, or any other operating systems. They're exploits that can't really exist on these other platforms to boot. Firefox and Safari don't give JavaScript access to anything outside of the web browser. A rogue JavaScript can't open someone's CD tray or download and execute a trojan or virus. This isn't to say Linux or OSX is invulnerable to malicious software, it is just that you're not going to browse to a website and end up with a keylogger installed.

Wil I think your challenge is a really good one. You've stirred up a nest of idiots but I don't think that detracts from the goal of your challenge. I too get tired of seeing "mostly virus free" in stories about Macs. I think we ought to hold journalists a little more accountable, especially when they're writing stories about Macs and security.

September 26, 2005 10:21 PM

 
Blogger thomas Aylott said...

This isn't 1995 anymore.
It just ain't hip to be a 1337 hax0r virus dood no more.
All the people smart enough to exploit crazy UNIX level shiznat are busy making 200k a year to bother messing with it.

Most of the 'viruses' on the PC are just crazy ways of stealing your money. That's why they target the easy and prolific prey. It's just too easy.
The return on investment in time and effort just isn't worth it. They have a sustainable business model, why rock the boat?

Then there's the script kiddies that download some random script off the 'net, change some of the code & send it to all of their idiot friends.

The only people who actually have a clue have no incentive to create viruses.

It's all about the Benjamin's baby.

September 26, 2005 11:07 PM

 
Blogger jfdkasjfdkls;a said...

Giant robot: No but a rogue JavaScript can result in cookie theft, that's why some hate JavaScript. There are countless (probably the most abused BUGTRAQ reporting) examples of Cross-Site Scripting (XSS) vulnerabilities. In general, Web App technologies are probably not the best segway from the nasties of ActiveX.

September 26, 2005 11:14 PM

 
Blogger jfdkasjfdkls;a said...

thomas Aylott: The world does not solely consist of fat pimple faced teens bored with an assembly book, or 12 year olds churning out copycat worms... nor does it consist of a corporate world of IPOers fat and happy and retired from the former. There are undisclosed individuals that test the waters on a routine basis (both organized crime and intelligence organizations alike). Only the network noisy ankle-biters make news.

September 26, 2005 11:21 PM

 
Blogger poetsch.org said...

When even the poorest wannabe-viruses for OSX that actually are no viruses get enormous public attention and are cited everywhere, then the "Mac-Marketshare-is-too-small" argument is flawed. There is almost no way to get as much public exposure out of writing one of the hundreds of Windows viruses compared to writing the first real OSX virus. There has to be some other reason that it hasn't happened yet.

September 26, 2005 11:52 PM

 
Anonymous Anonymous said...

as ManicDVLN proves he is not a mac user nor a fan, what the point here is whether or not u like OSX. It is did u, can u, find a virus?? Huh can you? Yeah all us hardcore mac users know that we are a 4-6% owner share no one is going to take the time to hammer out a virus. You make fun of FIREFOX for getting flaws once their user market share gets up there but how long did it take for them to issue a patch compared to Windows, I can't wait of OSX86 and see what happens then we will really see how it all goes down.

September 27, 2005 12:39 AM

 
Blogger jfdkasjfdkls;a said...

Gernot:

I strongly agree with this logic.

How many OSX Server boxes run in the enterprise compared to MS Windows, Solaris and other flavors of *nix. There have been worms for both Linux and Solaris (Lion and 7350worm (which was not very public but exploited a solaris/sparc dtspcd vuln)). The Lion worm obviously took advantage of DNS issues, but there is no technical barrier between these same classes of malware from using OSX as a target with a different vuln. In fact there are no W^X, gcc-propolice, (insert stack and heap protection here) technologies. Many of these worms ride on disclosed but unpatched vulnerabilities (whether legacy os release or software updates hasn't fired off yet or enabled). People with undisclosed vulns and proof of concept test code are either working with Apple (hopefully) or are holding onto it with the intent of using it for their own reasons (nefarious). Over the better part of decade doing day job pentesting I've come across ZERO OSX targets. This does not bode well for interest levels of bothering with mass infection code when I can roll considerably less code to exploit a release build OSX box from information gleaned from exploring bugs in OSX seed notes, or Friday's bug of the day posts where people air their Radar reports. Certainly is less telling then version control commit logs identifying attack vectors from reverse engineering patches to infect the masses.

Market share does have a lot to do with it when it comes to writing this code for leak-and-shock value. If your end result is to watch systems fall down (as most are) -- the more the better. In fact part of the "fun" is watching it spread and many have poorly coded PRNGs for picking nettuples to infect. What good is it if you can't spread it because the OSX install base looks like an archipelagoes?

My belief stands that an OSX virus is definitely plausible (technically arguments are sound, it's just another bsd-derived unix-like os under the hood right?) Worms for Linux and Solaris -- to say no OSX would certainly need to be proven, because it doesn't measure up with any common sense. You're not proving an os is virus-safe, you're proving the target is not interesting. Mac OS X doesn't have security countermeasures for these types of infection vectors. Encrypted swap might look cool because it masks your passphrases, but it also does a great job in protecting malware with custom loaders to stay memory resident from being forensically examined.

September 27, 2005 12:52 AM

 
Anonymous Anonymous said...

In response to ManicDVLN and a few others. Various departments in the FBI and CIA have openly admitted to using OS/X machines. So think about who is part of that 4% market share, does it make a more interesting target yet?

September 27, 2005 5:16 AM

 
Anonymous Anonymous said...

Wow, I never could have imagined there were so many retarded people in this world... then I read the comments.

Instead of a $500 prize... how about hooking some of the people that have commented here a copy of Hooked on Phonics?

September 27, 2005 6:09 AM

 
Anonymous LD said...

*yawn*

September 27, 2005 6:49 AM

 
Anonymous Jim Renaud said...

I'm suprised there hasn't been a script kiddie so pissed off at a Mac fanatic that they haven't at least tried to make a virus for the Mac. However, that would require a $500 investment to get a Mac Mini and then learn about a totally new OS.

Maybe this will be easier for people when the Mac goes Intel and their is a crack for cats to install OS X on their Dell's.

I use a Powerbook as my main machine, but I also have a Dell Latitude as well. I can honestly I never had a virus issue on Win Xp, but I'm a geek and don't run EXE attachments like my mother-in-law (don't get me started on that tangent). My point is that I don't use Apple products because they are virus free. I use them for literally 1,000 other reasons. Virus-free is just another bullet point into a list of why Mac fans are fanatical.

September 27, 2005 7:02 AM

 
Blogger Ian Betteridge said...

"The "most used" diatribe about Macs and viruses is ridiculous. Apache is far more popular HTTP server than IIS yet IIS has the lionshare of documented exploits."

Actually, not true. According to Secunia, IIS 6 had two security advisories between 2003-2005, while Apache 2 had 25 and Apache 1.3 had 15.

September 27, 2005 7:03 AM

 
Anonymous Anonymous said...

"I'll make an analogy about this stupid rant."

OMG. We've got Steve Ballmer posting here now. RTFA (read the f***ing article). Islamic Terrorism in Canada has nothing to do with the matter. And "security by obscurity" myths about OS X, so beloved by Windows shills, would be beside the point even if they were true. The point of the article was that there are no viruses on OS X. The article was not a rant and it was not stupid. It was a challenge to point to what is frequently referred to but never known to exist.

As the man said: put up or shut up.

September 27, 2005 7:07 AM

 
Anonymous Anonymous said...

You people need to realize that OSX Tiger is based on Unix, *nix systems have been proven by far to have the best security in ANY OS. I have a windows PC, a mac and a linux box, guess what, my windows PC is down right now and the compatibility in my windows PC is CRAP! The fact is any OS built ontop of a *nix system will leave any windows system in the dust.
How else do you explain why hotmail and msn were running off of unix servers for so many years? Because they knew their own server are terrible! And as far as writing a virus for the OSX? Sure its possible, but if your good with unix you can keep it out, or at worst, it'll just infect that specific user's directory, leaving the system files uninfected. Too bad bill gates uses is customers as beta clients as well, there are STILL massive security updates arriving for XP and now he wants to release vista?

September 27, 2005 7:09 AM

 
Anonymous Anonymous said...

There's a widespread fallacy that the only motivation for writing exploits is widespread infection, notoriety, etc.

That may have been true in the past, but a lot of the bad actors on the modern scene are in it for the money. To them, a vulnerable system is a tool, and even if they find a vector to get control of 'only' a percent of computers connected to the Internet, that's still very interesting because it gives them the potential to own thousands of systems.

Most of the script-kiddie types who go looking for vulnerable systems *don't even know what OS the system they're connecting to is running*.

The 'Mac is safe because of its 3% market share' argument doesn't hold water.

Someone earlier noted that folks like the CIA use Mac OS X machines. I would note that having spoken to those users, they are under no illusion that Mac OS X is free of malware or threats, only that it is better defended. And in the end, that's good enough.

Wil, I think you're barking up the wrong tree. Mac OS X is mostly virus free, but it's not perfectly secure. That said, I strongly prefer it to Windows when it comes to security.

September 27, 2005 7:14 AM

 
Anonymous Anonymous said...

Until MAC's have a decent part of the computing marketshare, this will prove nothing. It's the law of large numbers. This has really no scientific basis whatsoever.

September 27, 2005 7:46 AM

 
Anonymous Chris Forsythe said...

Wil,

Does it need to be enabled by default in the base system, or can it be something like smbd or apache that is enabled by a checkbox that any user can check?

Chris

September 27, 2005 8:04 AM

 
Blogger Chilton said...

Wil, good job on this bounty.

There were Mac viruses in Apple's history, long before OSX. For that matter, there were Mac viruses back when Apple owned a far smaller portion of the marketshare, even when developer resources were more scarce. Things are an order of magnitude better today.

The fact that OSX is on more systems today, and that the basic skills needed to write a virus are taught in schools, shows that there is more at work here than mere obscurity.

Wil will keep his money. No Mac viruses exist, at this time, for the Mac. None have existed for OSX thus far. And as usual, the PC lovers will claim that the whole contest was rigged.

September 27, 2005 8:05 AM

 
Blogger Embro said...

I think you need to be a little more aware of your effect on the computing world Wil. Your challenge has been misinterpreted and posted on digg.com.

Write a virus for OSX and earn $500
submitted by mdweezer 14 hours 55 minutes ago (via http://wilshipley.com/blog/200...)

Wil Shipley, independent Apple software developer, has offered a $500 bounty for anyone who can exploit a base OSX install with the latest security patches. It's time to put up or shut up.


Im afraid that we are now going to get some real viruses appear for os X as your misinterpreted challenge circulates.

Think before you post!

September 27, 2005 8:19 AM

 
Blogger Idium said...

ok....

the simple fact is he is trying 2 prove that No CURRENT virus is capable of infecting a Fully patched OSX machine and NOT claiming that is future virus proof.

so this is a reserch into the current state of current OSX patch vunrerableity.

September 27, 2005 8:25 AM

 
Blogger Chilton said...

It really doesn't matter if this has been misinterpreted or not. I seriously doubt anyone will be able to create a true 'Virus' for the Mac, and if they could, it would be far better done in public than in private.

Keep in mind that virus authoring was all the rage back at the MacHack conferences of the early 90's. But it was done in a closed environment, and led to the immediate creation of some of the first anti-virus software. Back in those days, Apple didn't aggressively hunt down exploits and patch them. They're doing a pretty good job of that now.

A virus that comes as a result of this contest will be a very short lived virus. So even if one does appear, which I seriously doubt, its impact will likely be minimal.

September 27, 2005 8:39 AM

 
Blogger Robert said...

Campbell tried this earlier and got slammed for his "contest". Now this "don't step outside the circle" approach proves very interesting.

Maybe some anti-obfuscation can be laid down for clarification of the "rules"; Macs are not Mac OS X. And which version of Mac OS X is the contest corraling around? I assume Mac OS X Tiger and not earlier versions. And I am also assuming that folks are keeping up-to-date with the security updates from Apple to avoid exploits. Which caveats are being used in this "contest"? And why eliminate app-based vulnerabilities and exploits?

Whether diseases are air-borne or transmitted from physical contact or through food or drink, they still get into the body and there are few antibodies needed with a Mac that uses the most recent version of Mac OS X and Security Updates. Wait, the Security Updates innoculate Mac OS X anbd ARE the anti-bodies!


Can Macs get malware? Yes. Virtual PC 7 opens up the Mac to all the Windows malware. Can that be curtailed? Yes, if we go out and use the beta version of Microsoft's latest anti-malware app code-named Atlanta. That too will probably get sunk as another "lost-city" for XP Pro and Vista users (or as the MCSEs call them "Lusers").

Can Macs get macro viruses with Microsoft apps? Yes, but the macro function can be turned off.

Are there Trojans that can exploit Macs? Yes, but Appple sent out Security updates for Mac OS X Tiger and earlier versions of the Mac OS X.

Are there Worms that can exploit Macs? Not outside the Lab.

Are there keyloggers for the Mac? Yes, but Allume's apps work to flag about 11 of those.

Yesterday I cleaned out two more Email malware that landed on my iMac G5 and ClamXav quarantined them. (I also use Virex.) One was a trojan attempt and the other was a virus attemt that got through Mail.app and attached itself to outgoing Email. Both "Infect" non-Mac systems and I constantly get .zip files from other Emailers that are Email-born illnesses - and "affect only Windows machines".

I run VPC7 with XP Pro on my Mac. I play Russian Roullette every time I turn VPC7 on. I'm constantly hounded and SPAMmed by Microsoft to buy anti-malware protection for my version of XP Pro.

I can "tell" when my system has something weird going on because my Router will fail to communicate and I have to reconfigure it after shutting down for a while. I go back to my Mac and run the anti-malware software and discover that some Email malware attachment is "live" and I have to kill it. But it "doesn't infect Mac OS X Tiger".

Am I impacted anyway? Yes.

Is my machine a Zombie? No.
Has my system been compromised and "owned"? As far as I know, no. I review lots of "early release" and Beta software and my system goes down sometimes and I "get" to do a clean install about once a year(between Mac OS X upgrades).

Is there spyware for the Mac? Yes. We reviewed a commercial package (Spector) in macCompanion a while ago.

Nuff for now...

September 27, 2005 8:39 AM

 
Blogger Dak said...

I have said this before to my friends, the day a true, damaging, OS X virus or worm comes into existence, it will be all over CNN, C|Net and SlashDot's web pages. It will be a media frenzy because it'll be such a monumental moment. Windows gets new viruses and worms DAILY, not just every week.

I know I won't be getting the $500 from Wil. Not a single person I know running Mac OS X has ever been affected by a virus or worm.

September 27, 2005 8:46 AM

 
Anonymous John C. Welch said...

Wil,

Technically, since it replicates itself to network shares and thereby doing so, other systems, Opener is a really weak worm, that takes advantage of the rather large security hole for /Library/StartupItems that existed prior to Tiger.

However, if you note, the traditional virus (i.e. infects the system first without any action on the part of the user) is going away. ALmost every viral outbreak on the WIndows side, (with a handful of exceptions) are all started by Macro Virii. User gets a file, user runs a file, user's machine is infected. The "reach out an anonymously touch someone with no action whatsoever on their part" virus has always been a rarity. It's just too easy to get the user to do your work for you.

I'm kind of on the fence about the whole bounty thing, since, as it already has, tends to degenerate into a semantics argument, and while generating a lot of noise, doesn't do much for signal.

john

September 27, 2005 8:46 AM

 
Blogger vortech said...

OK, so after all of that nonsense above, here's the real problem:
Writers are saying nearly virus free because they are trained to think that absolute statements are lawsuit bait. Write all the letters you want, if legal tells them to hedge, they will hedge and you spent time trying to prove a negative and not achieving your real goal.

September 27, 2005 8:56 AM

 
Anonymous Freddy said...

I found a virus on my NASA Mac laptop 2 years ago. It's called Microsoft Office. I've tried to destroy it but it keeps reproducing itself and causing all kinds of weird things to happen on my Mac. Any advice?

September 27, 2005 9:13 AM

 
Anonymous Anonymous said...

The moment I see somebody portraying “Mac” as an acronym is the moment I stop reading their post; from there, I can logically conclude they have no fucking clue what they're talking about.

September 27, 2005 9:13 AM

 
Anonymous Anonymous said...

The main reason why Mac OS X has not ever got a virus, is because nobody can be fucked to write a virus, for something that takes up 1% of the market, or whatever it is.

You will see root kits on Linux more so, because its Open Source...Mac OS X might be based on Unix, but as far as im aware, you cant just go to there site and say "Hey, wheres your source code" and make a root kit.

The only thing I can see Mac getting a virus, is a root kit, and if you were root kitted, you would be hard pushed to tell. So, you might not know that you actually have a virus, or a trojan horse, because its buried into your system, so that you cant actually see it.

If I were an evil guy, i would want to write a virus for Windows, where you get 95% of the market share, instead of like the other 5% of the market....

The only reason why Windows beat the shit out of mac to the computer market, was because every time you wanted to upgrade, you didnt have to buy an entire system. You could just buy the disk.

Also, Windows is a shit lot easier to use than Mac! That is why, you Mac-ers (nothing against you, or the Mac in anyway) Got your ass kicked!

You WILL get a virus, when your market share goes up....and when someone makes that one little discovery which unlocks a load of methods into which virus makers can write a virus, then...You will be pissed off.

September 27, 2005 9:28 AM

 
Anonymous Anonymous said...

Mac Virus doesn't list any viruses for Mac OS X. Enough Said.

September 27, 2005 9:32 AM

 
Anonymous Anonymous said...

"Also, Windows is a shit lot easier to use than Mac! That is why, you Mac-ers (nothing against you, or the Mac in anyway) Got your ass kicked!"

This, ladies and gentlemen, single handedly points out the general ignorance of the Windows community. Thank you, and good night!

September 27, 2005 9:37 AM

 
Blogger CG5Addict said...

Anonymous said...
"Until MAC's have a decent part of the computing marketshare, this will prove nothing. It's the law of large numbers. This has really no scientific basis whatsoever."
Maybe you should read all the posts before writing this, here's a quote that answers this:
Gernot said...
When even the poorest wannabe-viruses for OSX that actually are no viruses get enormous public attention and are cited everywhere, then the "Mac-Marketshare-is-too-small" argument is flawed. There is almost no way to get as much public exposure out of writing one of the hundreds of Windows viruses compared to writing the first real OSX virus. There has to be some other reason that it hasn't happened yet.

September 27, 2005 9:39 AM

 
Anonymous Anonymous said...

there is one glaring "flaw" in the os x model. a user can install an app (in /Apps) and write over it, meaning malicious code can too. not just an admin user, a normal user. some apps only run if you have write access to the bundle, which sucks but i dont think thats apples fault.

/Applications is owned by root. Unless you have an admin priviledge, you can't install or modify an app in /Applications. Unless you are running your everyday tasks as an admin (IMHO, that's pretty stupid), you won't have problems with this. Another way to create a vulnerability is to install an app in a user directory then use sudo mv [file] /Applications, thus placing a normal-user-owned files in root-owned directory. However, any Unix user who knows how to use sudo should be smart enough to do "sudo chown -r [directory]" to change the owner.

Regarding bundles requiring writing access, that's not really an OS X's problem. There are plenty of places an app can write support files: ~/Library or ~/Library/Preferences or ~/Library/Application Support. This is not an exercise to find out vulnerability based on users' ignorance nor developers' idiocy. If a bundle requires writing access and there is no way to inform the developer of this stupidity, simply install the app in a user directory.

Any vulnerability can exist if an admin is stupid enough to install malwares/very badly written apps or screw up security settings. That's why this is about a virus that exists and exploits the vulnerability of OS X and its default applications. You can't use your admin priviledge and install Microsoft Virus 5.3 or Microsoft SecurityHoles 3.2 in /Applications and claim an OS X virus or a virus exploiting Microsoft SecutiryHoles is found.

September 27, 2005 10:04 AM

 
Anonymous Nathan said...

I found this. There are some flaws, but I think it is the best were gonna find.

This was a normal email worm written in applescript. There were a few reported infections. This happened in 2001, so OS X may or may not have been the culprit.

http://securityresponse.symantec.com/avcenter/venc/data/mac.simpsons@mm.html

There is also this virus below, but I cannot confirm any infection definitely.

http://securityresponse.symantec.com/avcenter/venc/data/sh.renepo.b.html

If someone finds this infection by google or something after reading my comment, I want half ;)

September 27, 2005 10:05 AM

 
Anonymous Nathan said...

No I found it. Here is a man who was infected by opener.

http://www.macintouch.com/opener02.html

Send me an email @ myobie 'at' gmail `dot` com and let me know if I made it or not.

September 27, 2005 10:08 AM

 
Blogger TDShadow said...

The Mac OS X Virus is in the same category with Flying Cars, Time Machines, and Cloning a Dinosaur. It's nothing but a lot of talk about what is theoretically possible clouding the issue that NONE OF THESE THINGS EXIST TODAY.

Smug comments of "how easy it would be to do" followed up by a lot of inaction.

September 27, 2005 10:13 AM

 
Anonymous Anonymous said...

i have a 1.5ghz 512mb celeron laptop it plays games faster and better then that G4 2ghz 512mb ram.

Haha. What a troll! First of all, it's Mac (short for Macintosh) not MAC (Machine Address Code). Any computer literate knows this.

Second of all, if you've got a 2GHz G4 Mac, I'd like to see it. Here are the top speed of G4 PPC in Apple's hardware
eMac: 1.42GHz PowerPC G4
iBook:1.42GHz PowerPC G4
Mac mini: 1.42GHz PowerPC G4
Powerbook: 1.67GHz PowerPC G4

Note that the fastest G4 is 1.67GHz. The rest of the hardware (iMac, PowerMac, Xserve) use G5 chip.

Third of all, your link refers to vulnerabilities that can potentially be used to create malwares, not exploits of the said vulnerabilities. Big difference. And they are already patched.

Lastly, what the hell is TCX.Worm.JBS? Google returned not a single link. Some virus, eh?

September 27, 2005 10:31 AM

 
Anonymous Ian said...

Mark is the only person who'se made any meaningful comments. And in the end, he's the only person who is right.

In fact, OS X has less protection against malware and exploits than other modern Unices. It has no memory address space randomization, no execution protection bit in memory, below average logging and reporting, and a relatively permissive local security model. As such, easy to find exploits such as buffer overflow errors could easily take advantage of OS X vulnerabilities without the complexities of working around OpenBSD style protection schemes.

OS X is secure from network exploits largely because it ships with services disabled. Indeed, Apple has been ridiculously slow to patch known vulnerabilities in the OSS components of OS X. e.g. Kerberos. I am not sure I would put OS X on a public network with any services running and relying solely upon Software Update for patching.

The OS X community has been lucky insofar as most shareware and major applications have come from honest and trustworthy sources. It's only a matter of time that, as the Mac ecosystem becomes larger, people begin packaging malware and viruses with "Gator Wallet" type applications, relying on the user himself to execute the payload, without any need for an exploit at all.

September 27, 2005 11:09 AM

 
Anonymous mugwump said...

So is that "opener" worm the only winner here for past OS X viruses? It's simply a shell script that is run when the user clicks on it. The user would have to repeatedly approve of such installations. I would argue that one person trying out a worm is not a successful virus attack.

Here's the worm description:
http://vil.nai.com/vil/content/v_129163.htm

September 27, 2005 11:34 AM

 
Anonymous mugwump said...

ian -- the only question here is whether Mac OS X has had any virus exploits. That is the only meaningful comment to this blog.

Journalists write in every article that "macs have fewer viruses than Windows."

I believe that Wil is trying to get proof that Macs, so far, have had NO viruses at all. That any article about security should state very clearly that Mac have no security issues problems thus far.

September 27, 2005 11:43 AM

 
Anonymous Anonymous said...

First, I just want to say people are way too loose with the term "Mac Virus".

Mac's are not virus free. There were quite a few on earlier versions of the Mac OS.

So get this straight. Mac's are not virus free. That is a false statement. (More so because of Classic). It's been argued that the first intentional virus was actually on a Mac as well.

Now, if you say OS X is virus free, you may be correct if you are playing with symantics. My opinion is, if it gets in because of MS Word, or Apache, or Limewire, it's still a virus. And people should still be worried about them. Now, not later.

Oh, and I'll have to check what it actually caught in the logs, but I did noticed that the virus checker on my server did find 5 files in it's check of last week's backup. Does that qualify for the bounty?

Anyway, my issue is this, people claiming "Mac's are virus free" and then complain about other reporting being misleading are nothing but hypocrites. "Mac's are virus free" is false, unless someone wants to go back and disprove all those init viruses of the past.

September 27, 2005 12:02 PM

 
Anonymous Anonymous said...

You are an idiot. Is there one between now and that date in october? maybe not, but there have been in the past, and if you gave someone the oppurtunity to write one to actaully make this a contest, there definetly woudl be. Instead you pulled an "I'm better than you!", saying OS X never had a virus, giving a small window to prove that there can be one, not letting anyone have time to write one. This is like those 'puzzle' games that serve no purpose but to boost the creator's self esteem.

September 27, 2005 12:56 PM

 
Anonymous Anonymous said...

^^^^^ So very, very dumb.

September 27, 2005 1:31 PM

 
Anonymous Anonymous said...

The problem is that most viruses are written by pissed off college kids. Pissed off college kids don't buy macs, they can't afford to. When the entire installed userbase of a computer is rich gay coffee loving men with no children, you can't really expect too much childish malware.

September 27, 2005 1:52 PM

 
Anonymous Anonymous said...

Under these conditions (no user-interaction and on a completely up-to-date system), Windows is completely virus-free as well. What a silly challenge.

September 27, 2005 1:55 PM

 
Blogger Steven Fisher said...

Not sure I understand this. Mac OS 9 is included with Mac OS X, and there are still viruses that run under Mac OS 9. So there are still viruses that run under Mac OS X.

Granted, I haven't seen any of them lately, but aside from the desktop DB viruses (broken with System 7) they are still potent.

I believe nVir was a non-desktop virus, but I'm a bit rusty. It's been a while.

September 27, 2005 4:09 PM

 
Anonymous Anonymous said...

Well... I haven't actually seen a virus on MacOSX but... I've ran linux a couple years ago and I tried running wine in order to get a windows application working under linux. Somehow... wine got infected with the klez virus, which made me send mails through wine through linux. sounds weird huh?

but if that happend on linux, which doesn't have any viruses (or about 4 viruses that no one catches), it can happen on mac, as it is derived from unix, or at least thats my opinion, feel free to comment.

September 27, 2005 5:03 PM

 
Blogger Chilton said...

Steven,

I have a CD with every major Mac virus ever written on it. I used to be fascinated by the programming concepts behind viruses, and used a 'virus' to help one of my employers build an autonomous network repair tool for some of its clients' networks.

Most of those viruses reproduce properly in anything past OS8.5, and none of them work in Classic. Maybe you have seen or heard of some that I haven't, but I've always felt the days of decent Virus writing on the Mac ended in the mid-90's. Actually, it seemed to happen when OpenTransport came around, but I could be wrong ;-)

Anonymous, you coward, I had a Mac in high school, and that was way the hell back when they were expensive. I had a Mac in college, too. My school had Macs. And now they're dirt cheap compared to systems back then.

Previous anonymous, how can you type, when you obviously can't read?

Even more previous anonymous, if I told you that 99% of all PC games on the market right now DO NOT RUN in Windows, you'd think that statement was stupid, right? Well I'm including Windows 3.1 in there. Mac users no longer consider OS9 to be 'the Mac OS'. It's sad, but true. OSX is the MacOS.

The bounty is not for a Classic MacOS virus. It's for a virus, already written, for any version of OSX.

Regarding the Simpsons' 'virus', "You must have system 9.0 or 9.1 to watch the hilarious episodes"

September 27, 2005 5:05 PM

 
Blogger Johnathan said...

Someone said they suffered from a"... virus attemt that got through Mail.app and attached itself to outgoing Email."

I would *love* to know, how, on OS X, with Mail.app, that a virus can "get through" and then attach itself to outgoing email. If that is happening, it is the first I've heard of it.

While I do think Apple ought to be more concerned and take more action on security issues, my main question about OS X virus possibilities is this:
Show Me The Vector!
- How can you infect OS X with anything serious without a lot of manual user intervention? Granted, OS X is probably vulnerable to lots of social-engineering type of hacks, where bad code came along with (or pretended to be) supposedly a good, desirable app, but I think you could walk away from an OS X machine with any email client running that runs natively without emulation and leave it all day, and send emails with every single virus known to man - and the machine wouldn't get "owned" or otherwise compromised.
Furthermore, I think it would be perfectly safe to view all those emails. Because even if any of them contained actual Mac-compatible code that attempted to execute, users would have to take manual steps to execute such code, and during its execution, at least some OS X email clients would warn (for example) that a script was attempting a mass emailing.

September 27, 2005 5:57 PM

 
Anonymous Jay Tuley said...

All, right, I'm sick of people reporting that Mac OS X is 'mostly' virus-free. It is, as far has been proven, ENTIRELY virus-free.

Because Mac OS X being virus free is a theory, it continues to be tested as new evidence is discovered. The theory is not a fact. Gaps in the theory exist for which there is no evidence. A theory is defined as a well-tested explanation that unifies a broad range of observations.

Intelligent design is an explanation of the origin of life that differs from the Mac OS X Being Virus Free Theory. The reference book, 'Of Pandas and People,' is available for students who might be interested in gaining an understanding of what intelligent design actually involves.

September 27, 2005 5:59 PM

 
Blogger Victor said...

"When the entire installed userbase of a computer is rich gay coffee loving men with no children"

Tim Berners-Lee, inventor of the web and the executive director of W3C, uses MacOS X. He's married and has kids, and he is financially middle-class. Dunno if he likes coffee. So the "entire installed userbase" claim above is false, and it reveals a great deal about the ignorance, mean spirit, and dishonesty of the person who wrote it.

September 27, 2005 6:04 PM

 
Anonymous Anonymous said...

That comment was in no way mean spirited. I meant no slight by it, although your homophobia may cause you to take it in a negative way.

September 27, 2005 6:27 PM

 
Anonymous Anonymous said...

This is part of the Windowscentric 12 Step Program:

There. are. no. Mac. viruses. that. affect. modern. Macs. (Word Macro viruses possibly excepted)

Sorry, don't argue with that unless you can show proof. Don't say Opener. Don't say Fox News told me so. Don't say that your firewall log told you so. Don't mention Apache as an OS X virus conduit. Don't mention Apple's 1% market share (it's actually 1.5%) Because if you do you're showing your ignorance. Pure and simple.

Of course, for a certain percentage of the population (like 5% which is vastly larger than the 0.00000000000000001 % marketshare of Macs) those are fighting words. Don't confuse them with the facts.

So it's a losing proposition. ;)

Here are some more:

The sky is blue.
Humans evolved.
Harry Potter is an excellent book for kids and adults alike.
Chiropractic has benefits.
Small government is best. Look at Congress!
Cutting taxes without cutting runaway spending is fiscally incompetent.

ex2bot

P.S. Typed on an overpriced, underpowered G5. Certified virus and spyware free (mostly)
Certified antivirus and anti-spyware software free too

September 27, 2005 8:30 PM

 
Blogger Jack Campbell said...

Though I publicly cancelled my $20,000 Mac OS X prize, I have privately maintained it as an open offer through teh Apple Developer network. Consequently, I have ongoing dialog witih hundreds of the top software people in the world this year on this issue. Here is the current summary of the knowledge gained:

1. There have been zero in-the-wild viruses for OS X. Period. Not "a few." Not "some." Zero.

2. A bone stock retail OS X machine ships in an OS configuration that is impervious to receipt of a viral application load from a network connection. "Impervious" translates to "it is impossible." Impossible means what it means... It cannot be done. No matter how smart you are, how good looking, how many little voodoo dolls you make and stick pins in, or how intellectual your hypothetical argument might be... it cannot be done. Period. Zero possibility. Not "near zero."... zero.

I've been snidely attacked, laughed ta, insulted, and demeaned by every two-bit hack on the planet this year, each pompously telling me how easy an OS X virus is to create and launch. But, NOBODY has shown me one, and NOBODY has stepped up to claim the $20,000.

You can play with semantics and shift the point of the claim around all you want... as I am certain people will now do in response to this post. The bottom line is simply that a current Mac, as sold to the general public, comes out of the box 100% impervious to network distributed viruses.

September 27, 2005 8:39 PM

 
Anonymous Anonymous said...

lame.

September 27, 2005 8:49 PM

 
Blogger Victor said...

"That comment was in no way mean spirited. I meant no slight by it, although your homophobia may cause you to take it in a negative way"

Your lie is as obvious as your inability to grok the concept of "There are no viruses for Mac OS X."

September 27, 2005 9:47 PM

 
Blogger Victor said...

Jack Campbell said: "A bone stock retail OS X machine ships in an OS configuration that is impervious to receipt of a viral application load from a network connection. "Impervious" translates to "it is impossible."

Disclaimer: I'm an MCP with a Microsoft Business Partner, and I help defend Windows 2000/XP/2003 networks against malware. In my travels I've come across Mac OS X networks that have NO antivirus protection, yet they remain completely free of virus infestations. As John Gruber pointed out on DrunkenBlog, we can argue about why this is the case, but there's no denying the simple fact that there are NO viruses for Mac OS X. None. Anyone who can prove that one exists, go ahead and please do so. That was the point of Wil's original post. All of the trolls and flame-baiters are ignoring it.

September 27, 2005 10:07 PM

 
Blogger Victor said...

"Mac OS 9 is included with Mac OS X"

Um, not anymore. Just last week I configured a new PowerMac G5 for a client, and it did not have Classic installed. So, unless there is a virus that can infect Mac OS X, none of the pre-OS X viruses pose any threat to machines that do not have the Classic environment.

September 27, 2005 10:19 PM

 
Anonymous Thomas Heaton said...

Wil, let me say that I am truly sorry to see that there are a whole host of people who cannot do something as simple as reading. Your post was clear and complete, so I'm baffled as to why you continue to get comments regarding market-share and plausibility. I'm also surprised to see questions about Macro-viruses and pre-OSX vulnerabilities.

Since you've stated you are only soliciting comments to see if this is a "bone-headed idea", I say go with it. I think it's a great idea, but I fear you may want to reconsider, if only because I know I don't have the time to read the comments from 1000+ trolls who can't read an entire post before interjecting their uninformed views.

Might I suggest bullet-points? We are a PowerPoint culture after all; make it easier on the masses.

Ok, I'm not usually this jaded, but I blame that on the comments. Good luck with your proposition.

-Tom

September 27, 2005 11:27 PM

 
Blogger Wil Shipley said...

Ok, I really didn't want to start a general Mac vs. Windows flame war. Because, honestly, it's been done to death, and, frankly, people who are going to listen already like the Mac, and people who aren't are entrenched and aren't going to listen to arguments, no matter how compelling.

It's like arguing with someone who voted for W:

1"Look, ok, see, he ordered thousands of our boys to die over there when he spent his entire time during Guard duty high..."
"He's a patriot! How dare you attack America!"

September 28, 2005 12:12 AM

 
Anonymous Anonymous said...

I think you have your answer. Don't bother. The best we can hope for from the windows world is that OS X is virtually virus free. Accept that and don't sweat the small stuff. If you put up a billion dollars and nobody came up with any evidence some yahoo would say it was because the one virus out there is making the author 2 billion dollars or if that agreed that you found no viruses they would say that one was probably written last week and it is no longer true.

But just to make the case one more time. Today I can run my Mac without any virus protection (and have for abut a decade) and not worry about ever being infected. On the other hand, I had to connect my windows laptop to the internet from outside the firewall (to allow for VPN access to a client). Never surfed the web or read an email and my virus program quarantined 2 viruses in the first 2 hours I was connected. So say what you want abut what could or may happen. I've been virus free for a decade and see no reason that will change any time soon.

September 28, 2005 12:33 AM

 
Blogger Victor said...

Wil had written: "people who are going to listen already like the Mac, and people who aren't are entrenched and aren't going to listen to arguments, no matter how compelling"

All the blather about market share is a clever dodge; MacOS X market share may be small, but its share of viruses is what? ZERO. This doesn't mean Mac OS X is invulnerable (it isn't). It just means: there are NO viruses for Mac OS X. Why? We can waste countless keystrokes _arguing_ why, but the fact remains.

There's another term for 'entrenched' -- in denial.

September 28, 2005 1:42 AM

 
Blogger artMonster said...

As of 2:28 in the damn morning, there are no Mac OS X viruses. But Wil, this post sure opened a big can of worms...

September 28, 2005 2:30 AM

 
Anonymous Anonymous said...

"Why? We can waste countless keystrokes _arguing_ why, but the fact remains."

Knowing why this is the case would be extremely important, considering the recent success Macs have been seeing. If there's one thing you _do not want to do_ wrt security, it's rest on your laurels. Sure, Mac users are pretty much in no danger of ever being infected today, but this may change and the smug attitude that is being reinforced with posts and comments like these could eventually end up as hubris. Better safe than sorry.

September 28, 2005 10:14 AM

 
Blogger Victor said...

Anonymous asked: "Knowing why this is the case would be extremely important, considering the recent success Macs have been seeing. If there's one thing you _do not want to do_ wrt security, it's rest on your laurels."

Here's a partial answer -- right now I'm waiting for Spybot and Symantec AV Corporate 9 to finish re-scanning an XP box that has Trojan.Fantibag.A and Tooso.Q -- so I have time to type this on an iBook G4 that I routinely plug into compromised Windows networks because the Mac can't get infected, and then I RDP into the servers...

- out of the box, MacOS X services are turned OFF, just like with Windows 2003 Server
- the root user (equivalent to Windows local Admin) is disabled, by default
- the bundled web browser, Safari, is not as tightly bound into the OS as WinIE is, so a vulnerability in Safari (and WebKit, its rendering engine) does not expose the OS as much (which is why Firefox is also a safer choice on Windows, if you keep it updated -- there are lots of unpatched vulnerabilities in WinIE6, go see the Secunia website)
- I could go on, but bottom line, out of the box, the Mac is more resistant (though not invulnerable) to remote malware exploits than a Windows PC -- but don't take my word for it, read Bruce Schneier, CTO of Counterpane Internet Security and inventor of the Blowfish encryption algorithm, who wrote:

http://www.schneier.com/blog/archives/2004/12/index.html
"If possible, don't use Microsoft Windows. Buy a Macintosh or use Linux."

September 28, 2005 11:49 AM

 
Anonymous Anonymous said...

OK, let me explains to the person how you can write an application that can send itself using Mail.app.

1. Create a Mail.app plug-in bundle
2. Replace or subclass some Message.framework APIs.
3. You're done, you have access to the whole Mail application and you are able to attach yourself to any outgoing e-mail.

And by the way, since it's loaded every time you launch Mail.app, it can send e-mail whenever it wants to when Mail.app is running.

But since we are launched by Mail.app, why not just exploit the flaw in previous iSync versions and gain root privileges with the buffer flow exploit and then create accounts, enable file sharing, etc...

September 28, 2005 12:08 PM

 
Anonymous Anonymous said...

I'm going to write a virus for the mac so that no one can argue this again :)

September 28, 2005 12:11 PM

 
Anonymous Anonymous said...

"I'm going to write a virus for the mac so that no one can argue this again :)"

And when we find out who you are, scumbag, we will kill you and all members of your immediate family to wipe out your portion of the human genome.

September 28, 2005 12:37 PM

 
Anonymous Anonymous said...

Anonymous ranted: "let me explains to the person how you can write an application that can send itself using Mail.app"

And how do you plan to get your nice Mail.app plug-in installed on a Mac through a remote exploit that needs no local user intervention?

September 28, 2005 12:41 PM

 
Anonymous Anonymous said...

Anonymous had threatened:

"And when we find out who you are, scumbag, we will kill you and all members of your immediate family to wipe out your portion of the human genome."

I guess that means you can't use System Restore? :-D

September 28, 2005 12:45 PM

 
Anonymous Anonymous said...

"And how do you plan to get your nice Mail.app plug-in installed on a Mac through a remote exploit that needs no local user intervention?"

Why would you need to do that? Social engineering is the most popular vector in the Windows world. All the recent (i.e. within the last few years) e-mail worms used it.

In any case, a "remote exploit that needs no local user intervention" for Windows wouldn't be classified as a virus/worm according to Wil Shipley. Since all of them have involved flaws that were already patched when the exploit was released.

September 28, 2005 12:54 PM

 
Anonymous Martin van Spanje said...

I think this is great:

1) keeps Windows zealots off the streets 'cos they're busy typing in ALL CAPS that Macs have a tiny market share.

2) keeps Mac zealots alert and on focus about the virus subject and hopefully they'll stay alert for a while with less false sense of security

3) if someone indeed finds a real exploit and proves it we can all go on with our lives

4) if no-one seems to be able to find an exploit we can also all go on with our lives

I'd be happy to donate an additional $50 to increase the prize money by 10%.

Martin

September 28, 2005 1:08 PM

 
Anonymous Jeremy said...

I think everyone needs to get a grip. Im not trying to be mean and biased to the windows users but THERE ARE NO (AS OF THE MOMENT I AM TYPING THIS) MAC VIRUSES JERKS! Im not trying to hurt anyones feelings but how else can you dumb it down? Yes, there are theories and yes you can theoretically make one but this has filtered around for how long? And how many have been made? Don't give me crap about Opener. If you look, it involves a heck of a lot of user intervention. Don't give me this market-share-is-to-small crap either. Contrary to popular belief, developers keep a good look at each platform (it doesn't mean they develop on it. It just means they pay attention to new features etc.). So if a guy (Wil) was offering 20,000 dollars if they made a mac virus do you think they would try to? (Not a rhetorical question). This arguement is not really about mac having no viruses its about windows users trying to defend their mother ship. So please, take a hike if you want to talk about this. Have fun with the contest and please dont argue a fact.

September 28, 2005 1:40 PM

 
Anonymous Anonymous said...

"This arguement is not really about mac having no viruses its about windows users trying to defend their mother ship."

Ah, but you fail to realize that given Wil Shipley's definitions, Windows is virus-free too. So Windows users need not defend a thing.

September 28, 2005 2:32 PM

 
Anonymous Anonymous said...

Another philosophical genius offered: "Ah, but you fail to realize that given Wil Shipley's definitions, Windows is virus-free too. So Windows users need not defend a thing."

Ah, but you fail to grok that according to Symantec et al there are tens of thousands of viruses for Windows, but despite the existence of malware such as Opener for MacOS X, there are NO news reports of Mac OS X being infected. The statement "Windows is virus-free" does not, in the real world, have any credibility. However, the statement "There are no viruses for MacOS X" is, at this writing, TRUE, by any comparable definition. By Ed Fredkin's definition of information (a difference that makes a difference), empirically, even if a virus for MacOS X exists, the fact that it has not infected anyone, it may as well not exist, since the virus has failed to achieve its objective (infect hosts).

September 28, 2005 5:12 PM

 
Anonymous Anonymous said...

windows users still fails to grasp the idea that a virus free OS exists out there. instead, they will gladly swallow the crap bill gates sells them. so give up, leave them alone with their infested machines.

September 28, 2005 7:37 PM

 
Blogger Victor said...

Another anonymous genius claimed: "Social engineering is the most popular vector in the Windows world. All the recent (i.e. within the last few years) e-mail worms used it."

Regardless, I finally managed to nuke Tooso.Q from the WinXP SP2 box I referred to in an earlier post, along with Trojan.Fantibag.A and assorted spyware (Hotbar, Wild Tangent, etc.) and I also scrubbed the Registry clean. This PC was protected by Symantec AV Corporate 9 Server, it sits behind a Cisco PIX501, and four out of six instances of the Trojans were in quarantine, but two managed to evade Symantec's traps. Tooso.Q was discovered Sep 20. Moral of the story: even without social engineering, Windows is vulnerable due to the simple fact that there's new malware being made _all_ the time. Security through obscurity doesn't work -- the Witty worm proved that you can take out a small target population in <45 minutes (12,000+ hosts infected worldwide, the sum total of vulnerable machines, since they all ran a specific version of Black Ice Defender on Windows). So why isn't there similar malware for Mac OS X? We _still_ don't know. We know that OS X is NOT invulnerable, yet somehow, it has managed to remain uninfected despite being on the market for the last four years, with a userbase in the millions.

OTOH, what's the most likely explanation for the proliferation of Windows malware? Insecure design and overall ubiquity? Security doesn't make _any_ money for Microsoft unless its customers demand more secure products. In other words, given the current state of things, Windows zealots are part of the security problem, not part of the solution. Ask yourselves why you're still defending the mediocre, insecure products of a twice-convicted predatory monopolist. Or are you going to ignore that, too?

September 29, 2005 12:23 AM

 
Anonymous Anonymous said...

This is practically an invitation to write a virus for Mac OS X and spread it in order to earn easy 500 bucks. Can't you spend your money on something more useful?

September 29, 2005 2:07 AM

 
Anonymous Anonymous said...

Some cognitively impaired lout wrote: "This is practically an invitation to write a virus for Mac OS X and spread it in order to earn easy 500 bucks. Can't you spend your money on something more useful?"

If you had read (and understood) Wil's original post, you'd know that a virus written after Sep 20, 2005 doesn't qualify for the $500 bounty. IOW, he's not interested in new viruses, he wants to prove that, prior to Sep 20, there were NO viruses for MacOS X. Got that? Or does someone have to spend the $500 to buy a really big hammer and then pound it into your freaking thick skull?

September 29, 2005 2:35 AM

 
Blogger Victor said...

Let's tone down the vitriol, shall we? Can new viruses be written to compromise Mac OS X? Obviously. But the historical reality is that, over the last 4 years that OS X has been commercially available, no successful virus has been developed for it, where success is measured by the independently confirmed ability to infect a MacOS X system. As someone who has to deal with Windows malware on a regular basis in my work, I regard the Mac's zero infection rate on OS X with more than passing interest.

September 29, 2005 2:44 AM

 
Anonymous Anonymous said...

Do you know MacSerialJunkie?

On the private cracks section there's a warning of a virus/worm spreading on a cracked version of ArchiCAD 9.

The first post is stamped on Fri Oct 29, 2004.

Another point of discord, Opener in the last version (in the wild, AFAIK) replaces random startup items with his code. In the early versions it was a worm, now it's a virus.

Points of presence may be found on support logs: Apple Care and so on...

When a password has been found on a remote machine by the brute force process, it installs his code by sshing various commands on the remote host.

SSH is not activated on all MacOS X machines, but... who knows?

Last point: Mail malicious bundle was created before your check point and it was designed to send a /tmp/xxx/virus file to all your friends each time mail.app receives your mail.

Just google for it.

September 29, 2005 8:41 AM

 
Anonymous Anonymous said...

Mailer In The Wild...

http://rixstep.com/1/20050519,01.html

Wed, 18 May 2005 17:10:49 -0700

September 29, 2005 8:49 AM

 
Anonymous Anonymous said...

"The statement "Windows is virus-free" does not, in the real world, have any credibility."

And considering Windows is "virus-free" according to Shipley's challenge, what does that say about the challenge? You only got half of my point.

September 29, 2005 9:49 AM

 
Anonymous Anonymous said...

"Regardless, I finally managed to nuke Tooso.Q from the WinXP SP2 box I referred to in an earlier post, along with Trojan.Fantibag.A and assorted spyware (Hotbar, Wild Tangent, etc.) and I also scrubbed the Registry clean."

Those are trojans and by definition would require social engineering. Just because Symantec missed them doesn't mean much; it's impossible for any anti-virus software to detect the entire set of malware out there. Which is why anti-virus software is a poor solution; it's only reactive (instead of preventive) and not 100% reliable. Not to mention most of the popular kinds are worse than malware when it comes to hampering performance of your machine.

"Moral of the story: even without social engineering, Windows is vulnerable due to the simple fact that there's new malware being made _all_ the time."

That statement doesn't even make sense. Most new malware being made out there rely on social engineering to proliferate.

"Security doesn't make _any_ money for Microsoft unless its customers demand more secure products."
The press (and their customers) have ripped Microsoft to shreds about it, even over issues that are beyond Microsoft's control (such as SoBig). Microsoft has responded in a number of ways:

1) Gradually bringing Windows to a state that OS X comes in by default. Note that it would be detrimental to their customers to do this immediately, backwards compatibility is high on the priority list.

2) Completely revamping their development process to ensure that security is in every single facet. Programmers and testers are required to take security training and read "Writing Secure Code". Code reviews are required to check in code. Security code reviews are done a number of times during the lifecycle. Testers must write tests that completely cover all possibilities of input. Etc.

"In other words, given the current state of things, Windows zealots are part of the security problem, not part of the solution."
Non-sequitur.

"Ask yourselves why you're still defending the mediocre, insecure products of a twice-convicted predatory monopolist."
Because from my not so expert opinion, security is an issue with the entire industry and only a few companies have bothered to do anything about it (Microsoft being one of them). Consider the recent Dashboard debacle with the release of Tiger (or you might've not heard about it). I have wonder what Apple's review process is to allow an insecure feature _by design_ be released.

My point isn't to defend Microsoft. My point is to investigate the reasons why the security issue is as it is today. All the Mac users who feel a simple switch to OS X will solve security issues are actually the ones making it worse because many of today's security issues aren't because of some inherent flaw in only Windows.

September 29, 2005 10:00 AM

 
Anonymous Anonymous said...

"As someone who has to deal with Windows malware on a regular basis in my work, I regard the Mac's zero infection rate on OS X with more than passing interest."

The pertinent question is do you use your computer in such a way as to expect that this will always remain true? And not just you, but any person who uses the Mac?

Because in the Windows world, people do behave like that. They think that any old random executable on the internet won't hurt them. They think that executable really will give them naked pictures of Anna Kournikva.

By advocating a switch to Macs without advocating a switch in behavior, you're only delaying the problem.

September 29, 2005 10:15 AM

 
Anonymous Anonymous said...

To add to my point, by making a post like this trying to prove that OS X viruses don't exist or that you find solace in such a fact, you're only sowing this attitude that OS X is invulnerable . And that is a dangerous thing to have: hubris.

September 29, 2005 10:18 AM

 
Anonymous Anonymous said...

"If you had read (and understood) Wil's original post, you'd know that a virus written after Sep 20, 2005 doesn't qualify for the $500 bounty. IOW, he's not interested in new viruses, he wants to prove that, prior to Sep 20, there were NO viruses for MacOS X. Got that? Or does someone have to spend the $500 to buy a really big hammer and then pound it into your freaking thick skull?"

Who the heck really cares about the challenge or its rules? The poster makes a very good point; Shipley is basically inviting black-hatters to pay more attention to the platform. Macintosh users, especially those who use theirs in ignorant bliss, are not in any way better off because of this.

September 29, 2005 10:20 AM

 
Anonymous David McManis said...

What kind of proof would you like? How about a screenshot? What is your email address? I am a mac tech for a college and have seen a few viruses. I have seen several viruses on macs before september 20th and can still recreate the problem. The list of viruses includes mhtmlRedir.Exploit, Bloodhound.Exploit.6 and one other. If you would like to recreate the problem on your machines, I can send you the link to a website that will infect your machine. I just need to know an email address to send screenshots to or what information you need.

September 29, 2005 10:51 AM

 
Blogger Marcus S. Zarra said...

The list of viruses includes mhtmlRedir.Exploit, Bloodhound.Exploit.6 and one other

Both of the viruses you listed are Windows only. You do realize he is talking about an existing OS X virus right? Please explain how an internet explorer virus can infect an OS X machine?

September 29, 2005 11:13 AM

 
Anonymous David McManis said...

You are right they are classified as windows only viruses, however they effect java and java is an application on os x. It will infect Safari. If you don't believe me go to www.crackz.ws and search the the e section. Your machine will download a file called 1.html. It will also infect your machine with these files. This website is notorious for viruses and many users are infected by such websites. If you do this, don't blame me when you get a virus. The good news is the new version of Norton's detects and removes the virus.

P.S. Yes, I understand he is talking about OS X. As I said I can send screenshots to prove what I said. What about this $500 that is spoken of?

September 29, 2005 12:18 PM

 
Blogger Marcus S. Zarra said...

Java running on Internet Explorer on a windows machine is 180 degrees from Java running on any other operating system and other browser. Microsoft's JVM has security flaws in it (big fucking surprise that is), Internet Explorer uses Microsoft's JVM. Therefore the exploit is possible. Although I cannot test if this site actually uses that exploit personally.

I did look at the source code for that site and did not see a reference to a Java applet. Perhaps you are thinking of Javascript? Javascript has flaws in it due to Microsoft's implementation of it in Internet Explorer. Again, not cross platform, cannot affect other operating systems or other browsers.

BTW, here is a screenshot of me on your virus infected site. Note, no files on the desktop, no infection of my machine.

I call shenanigans as expected. Show us all your screenshots. Your signature and timestamps will prove they are yours and we can take a look for ourselves.

September 29, 2005 1:27 PM

 
Anonymous David McManis said...

Sure thing shenanigans. My mac is at work and I have just gotten off. I will post them first thing in the morning on my website. You can check timestamp and anything else you like. If you would like me to post anything else with that let me know. I will also include in the screenshot the norton message saying it is infected.

Have a great night,
shenanigans

September 29, 2005 1:54 PM

 
Anonymous Anonymous said...

"Microsoft's JVM has security flaws in it (big fucking surprise that is),"
So does Sun's, it's just that Microsoft stopped developing their VM because Sun sued them.

"Internet Explorer uses Microsoft's JVM."
On XP SP2 it does not, and Microsoft strongly recommends users not use it. IE can be configured to use any VM.

September 29, 2005 2:02 PM

 
Blogger Marcus S. Zarra said...

So does Sun's, it's just that Microsoft stopped developing their VM because Sun sued them.

I would debate that it has far fewer vulnerabilities but it is irrelevant in this discussion since Sun's JVM is not used on OS X. Apple wrote their own.

On XP SP2 it does not, and Microsoft strongly recommends users not use it. IE can be configured to use any VM.

This I was not aware of since my experience with windows is old. However this does not prevent those pre SP2 machines from having this issue. Again irrelevant in this discussion since Microsoft's JVM is not on OS X. But thank you for updating my knowledge on that point.

September 29, 2005 2:13 PM

 
Anonymous Anonymous said...

"I would debate that it has far fewer vulnerabilities but it is irrelevant in this discussion since Sun's JVM is not used on OS X. Apple wrote their own."
You'd be right if you mean Sun's current JVM has far less known vulnerabilities than Microsoft's. But that's not a surprise, since Microsoft hasn't touched their VM for almost half a decade.

Also, I'd be really surprised if Apple wrote their own VM considering the upgrade path for JVM on OS X is very similar with Sun's JVM. In any case, the JVM on OS X has had a few security updates (I haven't seen the details, though, to determine the danger of those flaws).

"This I was not aware of since my experience with windows is old. However this does not prevent those pre SP2 machines from having this issue. Again irrelevant in this discussion since Microsoft's JVM is not on OS X. But thank you for updating my knowledge on that point."

Even pre-SP2 machines should have received a patch which turns off Microsoft's JVM. Now if you're saying there are those who haven't applied that patch yet, well, there's really little Microsoft can do about it.

As for you as an OS X user, how do you feel about Apple releasing patches for OSS pieces 6-12 months after the patch was originally written by the original vendor? Is it really ok for an OS X user to be blissfully unaware about this under the assumption that OS X's current lack of exploits will always be true?

September 29, 2005 2:24 PM

 
Blogger Marcus S. Zarra said...

Also, I'd be really surprised if Apple wrote their own VM considering the upgrade path for JVM on OS X is very similar with Sun's JVM. In any case, the JVM on OS X has had a few security updates (I haven't seen the details, though, to determine the danger of those flaws).

Might want to research that one if you do not believe me. There have been no exploits of any vulnerabilities of the JVM that is on OS X. If there had, we would have heard of them. There is a big difference between a potential vulnerability that is patched and an exploited one.

Even pre-SP2 machines should have received a patch which turns off Microsoft's JVM. Now if you're saying there are those who haven't applied that patch yet, well, there's really little Microsoft can do about it.

As I said it is moot since this discussion is not about Microsoft.

As for you as an OS X user, how do you feel about Apple releasing patches for OSS pieces 6-12 months after the patch was originally written by the original vendor? Is it really ok for an OS X user to be blissfully unaware about this under the assumption that OS X's current lack of exploits will always be true?

I have not had an issue with Apple's release schedule as of yet. My machines have never been exploited or broken into. If there was a piece of OSS that had a vulnerability that impacted me directly I would build it myself and deploy it on my machines until such time as Apple patched it officially. However, since there are no open points on a default install of an OS X client machine, there really isn't a vector of attack to worry about.

In the end, I don't worry about attacks or release schedules on my OS X machines. If some event in the future changes events then my position would naturally change. But right now, today, there are no viruses, there are no worms and I do not worry about them. I leave the worrying to users of other operating systems.

September 29, 2005 2:39 PM

 
Anonymous Anonymous said...

Might want to research that one if you do not believe me. There have been no exploits of any vulnerabilities of the JVM that is on OS X.

Never said there have been.

There is a big difference between a potential vulnerability that is patched and an exploited one.

Not as big as you think. All it requires is motivation for someone to write exploit code. And we're not talking about "potential" vulnerabilities, we're talking about known flaws in the software. OS X has its fair share of known, documented flaws that remain unpatched for months, even sometimes a year. That no one exploits them would not be enough to make me comfortable.

My machines have never been exploited or broken into.

Neither have any of my Windows machines, ever. I don't run anti-virus/spyware software either. But I'm not talking about just me or you, I'm talking about the computer using group as a whole.

If there was a piece of OSS that had a vulnerability that impacted me directly I would build it myself and deploy it on my machines until such time as Apple patched it officially.

That does not sound like a practical solution.

However, since there are no open points on a default install of an OS X client machine, there really isn't a vector of attack to worry about.

I'm not sure what you mean by "points", but I'll assume you meant ports. I don't worry about those either since I keep my systems up to date, but open ports are not the most popular vector attackers use. Social engineering is.

In the end, I don't worry about attacks or release schedules on my OS X machines. If some event in the future changes events then my position would naturally change.

I made an earlier point that it's important to know what event you're looking for. What event did you have in mind? If you're waiting for the news of an outbreak, by then it could potentially be too late.

But right now, today, there are no viruses, there are no worms and I do not worry about them. I leave the worrying to users of other operating systems.
I do not worry about them either, but I do worry about others. I truly hope for your sake that your computing behavior does not in any way rely on OS X not having any worms or viruses. By this, I mean putting too much trust on random executables found on the internet or being lax in keeping your machine updated.

September 29, 2005 3:03 PM

 
Blogger Victor said...

Someone wrote: "All the Mac users who feel a simple switch to OS X will solve security issues are actually the ones making it worse because many of today's security issues aren't because of some inherent flaw in only Windows."

No OS is invulnerable. But if you read Bruce Schneier's blog (see my earlier post), you'd have to ask why the inventor of the Blowfish algorithm recommends that users switch to MacOS X or Linux. Seriously. Read it. He also talks about behavioural approaches to security.

September 29, 2005 3:12 PM

 
Anonymous Anonymous said...

Yes, I'd have to ask why, since he didn't even expound on that point. But I can probably guess: there's far less exploits on the two alternatives, so using them would an adequate temporary solution. However, switching is costly and he does give two very good pieces of advice that can be had for cheap: keep your machine updated and be paranoid about websites and e-mail attachments. Those two things alone would have mitigated every single piece of malware that has been released for Windows.

His final sentence is correct:
"That's basically it. Really, it's not that hard. The hardest part is developing an intuition about e-mail and Web sites. But that just takes experience."

That sort of advice should be followed by users of any OS.

September 29, 2005 3:31 PM

 
Anonymous lysdexia said...

Apple is -> Apple are
less exploits -> fewer exploits
Learn how to use semicolons too.

>bone stock retail OS X machine ships in an OS configuration that is impervious to receipt of a viral application load from a network connection. "Impervious" translates to "it is impossible." Impossible means what it means... It cannot be done. No matter how smart you are, how good looking, how many little voodoo dolls you make and stick pins in, or how intellectual your hypothetical argument might be... it cannot be done. Period. Zero possibility. Not "near zero."... zero.<

(Nothing is impossible.) Then hack the Apple Software Update patches.

September 29, 2005 7:42 PM

 
Blogger spotthemouse said...

Why would you do that? Why do anything to make it fiscally or otherwise advantageous for anyone to create a mac virus. You must be one of those people who sticks there hands in the campfire to see if its hot.

September 29, 2005 9:20 PM

 
Anonymous Anonymous said...

Could Wil say if he has already lost $500 or not?

There are rumors he has...

September 29, 2005 11:51 PM

 
Blogger Marcus S. Zarra said...

I doubt he has had to pay any money.

1. The winner would most certainly announce it as a "see I told you!".

2. I am sure Wil would post about it. He does not strike me as the type that would keep it quiet.

September 30, 2005 6:06 AM

 
Blogger Victor said...

Anonymous wrote (about Bruce Schneier's endorsement of MacOS X and Linux over Windows): "Yes, I'd have to ask why, since he didn't even expound on that point. But I can probably guess: there's far less exploits on the two alternatives, so using them would an adequate temporary solution."

You are correct.

Paul Murphy wrote:
http://blogs.zdnet.com/Murphy/index.php?p=431

I reviewed, a few years ago now, over a thousand computer security vulnerability records from the nist catalogue. What I found was that almost all of the attacks went through two steps:

- a weakness is found in software; and,

- that weakness is exploited in the hardware

The typical x86 exploit, for example, finds a way to cause a buffer overflow, and then uses the overflow to get the CPU to execute code it shouldn't. It seems pretty clear from the record that people have been a lot more successful at part one of this with Windows systems than with Linux or other Unix systems. However, if an exploitable software problem is found, the exploit itself is no more difficult to write for Linux on x86 than for Windows on x86 because such exploits are hardware, not OS, dependent.
Those hardware weaknesses do not, however, exist in the same way or to the same effect in non Intel chipsets like those of the G5, the UltraSPARC, Cell, or Xenon. As a result finding a part two method on these CPU sets is at least as difficult, if not significantly more so, than part one. That's why there have been hundreds of widely publicized Solaris and MacOS X vulnerabilities for which there are no actual exploits and therefore no victims.

September 30, 2005 7:52 AM

 
Blogger Victor said...

Anonymous said: "And considering Windows is "virus-free" according to Shipley's challenge"

No, it is not, unless you live in a parallel universe.

September 30, 2005 7:55 AM

 
Blogger Victor said...

Anonymous wrote: "I truly hope for your sake that your computing behavior does not in any way rely on OS X not having any worms or viruses. By this, I mean putting too much trust on random executables found on the internet or being lax in keeping your machine updated."

People who d/l executables from untrusted sources are asking for trouble, regardless of what OS they use. And people who don't keep their OS patched are leaving the field open to attack.

September 30, 2005 8:21 AM

 
Anonymous lysdexia said...

>anonymous said...
The problem is that most viruses are written by pissed off college kids. Pissed off college kids don't buy macs, they can't afford to. When the entire installed userbase of a computer is rich gay coffee loving men with no children, you can't really expect too much childish malware.<

The men who name their Macs after anhistorical people tend to use female names. Yours (weenie) can't be more gay.

>spotthemouse said...
Why would you do that? Why do anything to make it fiscally or otherwise advantageous for anyone to create a mac virus. You must be one of those people who sticks there hands in the campfire to see if its hot.<

If you weren't too fucking retarded to not know what "there" or "its" meant, or not bother to quote the message, I wouldn't think that these questions were made knowing the context of my suggestion.

October 01, 2005 2:59 AM

 
Anonymous Pat said...

I'd like to make a point

Apple's marketshare is 2-3%, but in reality- THAT DOESN'T MATTER

Apple has 20% user base meaning 20% of all people USE APPLE COMPUTERS AND THEIR MAC OS. Obviously people buy PCs and through them away because they are CRAP.

October 01, 2005 7:32 AM

 
Anonymous Anonymous said...

I'm not sure you understand this 20% number.

First, it's wrong. Apple user base is 20,000,000 more or less.

Second, the whole Personal Computer market is way bigger than 100,000,000. Apple sells something like 4,000,000 computers a year. And it only represents 3 percent of the market. Last time I checked this means that there are something like 132,000,000 computers sold per year. So even with the best will and taking into account all the computers that are bought to replace old ones, it will be quite difficult to state that Apple owns 20% of the installed base.

Third, if someone is still owning _and_ using an old Mac machine (e.g: Performa, PowerMac 6100, etc...), I would not count it as a user, but as a zombie. From a marketing point of view, this guy is just as good as dead.

October 02, 2005 12:19 AM

 
Anonymous lysdexia said...

3.9%

October 02, 2005 10:40 AM

 
Anonymous sambeau said...

Does classic count? ;-)

October 03, 2005 5:29 AM

 
Anonymous Anonymous said...

so, will, who received the bounty?

October 05, 2005 6:52 AM

 
Anonymous Anonymous said...

To the fellow who claimed that all recent Windows viruses are social engineering viruses: assuming that XP is roughly equivalent, as far as modernity of the platform, to OS X, that's false on its face. MS Blaster was discovered on August 11, 2003, and it is a pure worm - it infects machines without any user intervention whatsoever. Mind you, it didn't infect machines patched to the then-current patch level.

October 18, 2005 4:48 PM

 
Anonymous Anonymous said...

Nice nice. A lot of useful here. good work
Thanks for all.

online

October 21, 2005 1:59 PM

 
Blogger Fernando Lucas said...

The article is very well written, it explains a lot about viruses, macs and stuff, and it is an interesting read for anyone thinking of buying a mac, scared with all those confusing informations.

But anyway, I decided to add this comment based on the level of rudeness showcased by Mr. Will Shipley on a few comments. That was ridiculous. It's'not just cause you have a top-selling awarded software that you should act like that around... How's Mike at Apple, anyway?

October 23, 2005 2:54 PM

 
Anonymous Anonymous said...

Do you think that comments are useful? Commentators give us illusion of conversation... Nevermind...
Good job done.

October 27, 2005 12:26 PM

 
Anonymous Anonymous said...

Thank you. Good job done. A lot of interesting information here.
online

November 17, 2005 12:46 PM

 
Anonymous Anonymous said...

Hi, I came to this "late", yet, in scrolling through and reading, I may have missed it though, no mention of my pet anti-theory of "bragging rights". The MS/dos/WIN vs. Mac OS 68k/ppc/X.x's hollar/shout/yell has been going on since my first boot up of my 128 ...

"Bragging Rights" ie. "Hey, guys, look what I did ... yadda, yadda, yadda." When I was much younger {much younger}, bragging rights were who had the fastest or quickest car, who got laid ( or didn't, hehehe ) by Betty Jo Bialoski, etc., etc.

The world of those who propagate malware has people with reputations and what not. They've never met each other, but they know of each other. Just look at last Spring with that flurry of stuff going after the MS WIN machines. those guys were sending out stuff to take out not just the commercial protection applications, but, also the other guys stuff. [ real concise tech talk, BWTF, it works ].

Market share, heck, my local 7/11 does not have as much money as my local bank ... people don't rob banks as often as 7/11's. How come, 'cause it's easier to do ... but, I digress.

Bragging Rights ... 1st to fly the Atlantic, Walk on the Moon, biggest fish, longest Hole-in-One, (for us fellows ...) the Master Johnson, on and on. We humans are a group that craves recognition from our peers. And I suspect in the malware world, the OS X virus would get attaboys and nods from their peers.

X has been out into v. 4 ...

Oh, well, back to my nap ...

Jim in Kalama, WA

November 17, 2005 10:49 PM

 
Anonymous Anonymous said...

http://securityresponse.symantec.com/avcenter/venc/data/sh.renepo.b.html

Not a massive virus but look at the payload! e.g.

Releases confidential info: Logs keystrokes and steals passwords.
Compromises security settings:

Allows unauthorized remote access

Deletes some UNIX commands and modifies preferences for other additional commands.

Launches a keystroke-mapping application (if installed) called Krec, to record the keyboard entry of passwords

Not big in the wild, but still no Mac Utopia.

November 21, 2005 5:34 AM

 
Blogger DUCK said...

The concept of this little challenge is actually quite intriguing; it is a way too request proof of infection without encouraging virus production.
What is somewhat silly is that it has to be aimed at osX itself. I understand the "no MS Word macro-viruses" but an attack that exploits iTunes music sharing could be absolutely devastating (Just imagine one that bought you a copy of every Whitney Houston song in the itunes store) other potentially crippling attacks would include damaging safari and ie (whoops, novice user, you can't get online for fixes). Really any app, including those of MS Office, can pretty much destroy everything; you just have to tell it to save over every file it can. I admit I don't know much about developing the actual methods of attacking osX; my point is that infection through any widespread or "killer app" is just as bad as the OS itself. Merely using Firefox on an XP machine stops a lot of virus avenues.

Anyway, I agree that market share is Apple's real saving grace, but that looks like its come to an end. You see, I doubt many virus producers are running a legit copy of Windows; if you're going to commit a Fedral crime, why bother paying for legal copies of the means? Now that osx86 is available, you may see more viruses developed, as Macs are now just as "free" as Windows machines. The only hole I can see in this is my other theory; MS viruses come from extremist anti MS programmers, who are unintrested in attacking unix. osX does do one very nice thing though; it proves the AV companies aren't the source of viruses. (there'd be loads of viruses if they were: goodbye conspiracy theory)

-QUARK

December 08, 2005 10:57 AM

 
Anonymous Anonymous said...

Our network is infected by virus originating on Mac OS X machines all the time. The presence of a virus on a computer means it's infected. The method of spreading can just as easily be a human being copying a ile to the network or emailing it to a client. That and any programmer who can think beyond three degrees of separation knows that it's easy to write a multi-stage piggy back routine in order to sucessfully infect a mac with a virus that can take the machine down by having it implement itself in stages when there is an expected password prompt. Especially if they passed it to a network that has a login script the Mac uses.

December 24, 2005 12:10 AM

 
Blogger Wil Shipley said...

I'm sure there are plenty of "viruses" for the Mac if you define "virus" to be "trojan horse," which I don't.

I would, in fact, say "trojan horse" if that's what I were to talk about.

December 24, 2005 3:31 AM

 
Anonymous Joe Key said...

OS X is a virus. Must destroy!!!

January 06, 2006 5:38 AM

 
Anonymous Anonymous said...

STILL no OS X virus? Shocking! You'd think Bill Gates would pay for one by now! Oh well, in 2015 when my Mac dies from some amazing virus, I'll say "WOW! All those Windows users were right!" Until then, I'll keep doing GRAPHICS on my Mac, keep drinking coffee, and keep laughing while you keep trying to get all that spyware off your Windows machine.

NO VIRUS HAS HURT OS X... live with it.

January 12, 2006 2:47 AM

 
Anonymous Anonymous said...

Man you guys are stupid.....

January 18, 2006 11:28 AM

 
Anonymous Anonymous said...

I have reason to suspect I had one, once. It kept taking over my browser, it would take over my mouse, and get this, it would not allow me to run any virus software.

Restart did not fix it, a cold start did not fix it.

I don't recall exactly how I found out where it was, but it would not allow me to get on the net and closed my airport every time I tried to open it.

Long story short, I ran terminal and flushed all caches and all of everything, one at a time, several times each. After I reached one specific script, and ran that, it stopped, and now I run with the switches off, no automatic anything... no share, nothing. Went back to the site I suspected I got the bug, and played for awhile, downloading and all the such, with no adverse reactions since.

There was more, I just don't recall all the details.

January 24, 2006 6:33 PM

 
Anonymous Anonymous said...

This comment has been removed by a blog administrator.

January 28, 2006 1:57 PM

 
Anonymous Anonymous said...

All these posts ... no one has succeeded in claiming the $500. Two years ago I "locked down" my XP machine -- nothing so radical so as to substantially alter my "computing experience." No malware, worms, spyware, virus's, etc. since then.

February 13, 2006 10:35 AM

 
Anonymous Anonymous said...

All this complaining(b1287ing) about not having a virus and all I want is a truly free fix for my crappy windows system with the one hundred thousand new ways to make my computer journey a living hell. AntB420@hotmail

April 18, 2006 1:13 AM

 
Anonymous Anonymous said...

I had to clean a clients Dual-G5 last year because of a virus he had on there. Malicious - it ruined his mail.app as well as a few other things. Had to reinstall a bit of software. Don't recall what the virus files were all called, but were running "beyond" the background that the OSX allows you to see, had to su-root to see it running.

Is this a Win vs Mac thing? Because I've not been infected in >15 years of Windoze machines... I understand their problems, believe me - I've had to scrub clean dozens of clients computers in the past several years. But I *AM* sick of reading that Macs are virus free.There's are (in addition to viruses) script-kiddie trojans abound for the OS X system.

April 18, 2006 1:52 PM

 
Anonymous Anonymous said...

Here is an article directly from MacUser. It says that there are more than 60 known virusses on Macs and one was the 78th most common.

http://www.macuser.co.uk/macuser/news/44258/mac-virus-is-number-78-in-most-common-chart.html

April 23, 2006 7:34 AM

 
Anonymous Anonymous said...

dude...just go by a MAC...they are much better..stop being a little bitch and admit, WINDOWS suck...

May 22, 2006 2:22 PM

 
Anonymous Anonymous said...

I will grant that to my knowledge there have been no OS X viruses. I also understand, as the original author pointed out, that this does not mean that OS X is secure... it just means that it is not safe.

To give you an analogy:

Man A: Has sex with 1 million women and contracts 3 viruses.

Man B: Has sex with 200 women and gets no viruses.

You can not say Man B actually has a more robust immune system just that he was exposed less. His risk was lower.

I prefer using PCs... but I crave being able to tinker, play games, and program.

If I just wanted to get email, look at porn, and look at pretty icons I would get a Mac.

August 09, 2006 11:46 AM

 
Blogger Wil Shipley said...

I prefer using PCs... but I crave being able to tinker, play games, and program.

If I just wanted to get email, look at porn, and look at pretty icons I would get a Mac.


Yah, nice troll. Macs are a superset of PCs, genius.

August 09, 2006 12:38 PM

 
Anonymous Anonymous said...

Leap-A, the first virus entirely for Mac.

If you know spanish go to:
http://www.clarin.com/diario/2006/02/16/um/m-01143127.htm

August 11, 2006 6:14 PM

 
Anonymous Anonymous said...

Why write a well executed virus for a OS with low result potential and towards a computing entity that has a good standing within the computing field (nobody flames Mac's as wanting world domination or tearing the free software movement up in the early years). Windows isn't more popular than any other OS, it just has larger market share due to OEM contracting and Apple's early take on 3rd party cloners and its own production numbers/place in the business world.

The people who hate Windows and/or have an agenda create viruses and worms on the platform that gives them one or more success levels (creation of new virus/mass deployment/high returns if a trojan, vombie maker or data thief/bragging rights within the community of virus makers and crackers (except script kiddies). Apache is in good community standing and a backbone that if hurt would hamper not help them. It would be more politically motivated to take down Apache, if vulnerabilities existed to do so. IIS is more fodder from the target company. IMO, a big reason for the lack of and the lack of attempts to create viruses for the Mac, despite the holy war Windows and Mac users put each other through while the real world burns.

September 08, 2006 4:47 AM

 
Anonymous Anonymous said...

What's this about Mac not wanting world domination? I'm sure they'd gladly take it. Just look at ipod.

September 09, 2006 8:57 PM

 
Anonymous IT professional, BTW said...

Source: http://www.securemac.com/

2.16.2006 News
Mac OS X Virus Alert - Sophos Anti Virus has found the first 'real virus' for Mac OS X known as OSX/Leap-A or OSX/Oompa-A. The OSX/Leap worm or trojan is spread via instant messenger forwarding itself as a file named 'latestpics.tgz'. When launched the worm attempts to spread via iChat sending itself to the users buddy list. The application will also try to infect the recently used applications.

---- [end source]

The reason for the wording "Mostly virus free" is both legal CYA and manipulation towards a more desirable public reaction. If they claimed "entirely virus free" a class action lawsuit from the first round of virus-infected mac users would succeed. I have always gotten a sour reaction to their "virus free" ads because it leads customers into the false sense of security which your yourself have. Lots of push and pull between advertising people and legal people at Apple leads to "Mostly virus free".

The effect of this claim on the Mac public will probably be apparent soon. Mac users have come to believe that they do not need any antivirus because they don't think there are any viruses. Remember that OS-X is still very new in architecture and in release date, so virus writers A: have not had much time to write, B: know they have less impact if they do write, C: have more resources already in place to help them write for Windows. When someone does decide it would be fun to write for OS-X (and with people peacocking all over the place about how immune they are, this will be soon) it will take the Mac community off guard and unprotected, and the impact will likely be severe.

Incidentally this also means the most ideal way to write a virus for OS-X would be to write a STEALTHY one that the user doesn't notice easily, so you can get maximum penetration to do what you want.

September 27, 2006 10:21 AM

 
Anonymous Anonymous said...

Viruses, since before the release of OS X, have been largely for commercial gain, NOT for bragging rights. Where would you invest your time for greatest return?

Apple owners definitely have a napoleon complex. Look at all the Apple owner remarks thus far, based entirely on "Look at me ma, I'm _____" (a) virus free, (b) handsome, (c) cooler, (d) fill in the blank.

Totally ridiculous. Although Apple people think of themselves as the creatives, they must not forget to congratulate themselves for being excellent consumers and followers as well. They consume and create within the frame of technology they're given. Sort of like a high-tech Pottery Barn/Volkswagen/Starbucks following. That of course with the exception of people who program Macs, who are taking advantage of these "users," and I do mean in the addicted sense.

September 29, 2006 12:52 PM

 
Blogger Wil Shipley said...

I'd respond to your flame bait, but I'm too cool and handsome to talk to you.

September 29, 2006 2:02 PM

 
Anonymous Anonymous said...

Well, Wil Shipley, you didn't check (a), so you can't be an Apple user.

Thanks for that. It's comforting to know there are other non-fruit (b)s and (c)s out there.

But seriously, I'll distill my post as thus: the world needs poetry, but buying it doesn't make you a poet. When it comes to art, there is no guilt by association. Macs are beautiful industrial design. They're obviously functional, too. But why all the exhibitionism?

I bought two 30" Cinemas because they look darn good and they're highly functional. They're attached to my Windows x64 ugly box with side panels missing and a fan taped to the RAID. I used Macs all my life until I got serious about being able to control my work environment. I do art direction, Flash animation and Java rendering apps for a living. I have an SGI O2 and BeBOX on another desk in my office, cuz they remind me of a more innocent time, when .edus and options were handed out like candy.

All this crap about viruses is because people are ignorant of their vulnerability. Given that people are ignorant, and that modern Macs have effectively no viruses, I would love to see Apple's marketshare absorb the 75% knucklehead Windows users. They probably wouldn't know the difference, and we'd wipe out the vast majority of zombie spambots.

September 29, 2006 9:41 PM

 
Anonymous Anonymous said...

why cant we all get along? I mean Win & OS X users are having the best time ever:

- apple is growing
- windows is more secure
- they both work together

I mean I use both OS´s and I hate to be part of the stereotypical Apple user (designer, creative, cool), which for me means only ignorant computer user.
I wish apple users wouldn´t brag so much because when the time comes: the higher the climb, the harder the fall. Imagine how will we feel when suddenly every Apple computer shuts down simultaneously, and news just start pouring of an undisclosed stealthed virus that was waiting just for the right moment... that will hurt everyone, and I don´t mean Apple or Win users... I mean everyone. The bad guy here isn´t Apple or Windows.

I for one own 2 apple laptops, 1 pc desktop but guess what: I respect both Gates & Jobs, they changed my world. Good job Apple & Microsoft, keep it up.

October 21, 2006 8:18 AM

 
Anonymous Anonymous said...

Well, somebody has managed to write malware that does work on Mac OS X. The number is miniscule, but expect it to grow.

Worse, there's also an article where a hacker managed to break into a Mac Mini with OS X in a challenge to prove or disprove its security. Six hours after the challenge was posted, it was over. This hacker managed to gain control over OS X in a claimed time of 20-30 minutes along with claims from this hacker that there are numerous exploitable vulnerabilities that are not published nor patched.

Google it.

I like Mac, but I don't like Apple's misrepresentation of their OS as being invulnerable; ANY computer system cannot be made invulnerable to invasion as it is an engineering impossibility. ANY system, no matter how well designed, will have a vulnerability to it that can be exploited by someone who has the ingenuity and imagination to figure out how to break into such a system; the only variable is "when."

The other fact that Apple is making boastful claims as to the security of Mac OS X could incite further attempts (read: challenging) to show Apple just how wrong they are. And, this will get worse as marketshare grows to the point where there's further incentive to hackers and whatnot to breach computers with OS X.

Whether or not it's a serious problem now is irrelevant. The fact that someone has tried successfully is important, which means that it can be done and there are many more talented hackers who know how to break in and do things you'd never knew possible and only when it's too late. All that's left is incentive, which will grow when the Mac marketshare goes up. - Reinhart

October 23, 2006 11:25 AM

 
Anonymous Anonymous said...

Macarena virus: Apple users PWNED ahah

I have Put Up, Now YOU Shut up. This, my friends, is only the beggining, so get ready.

November 07, 2006 6:33 PM

 
Blogger Wil Shipley said...

I have Put Up, Now YOU Shut up. This, my friends, is only the beggining, so get ready.

Macarena is not a virus. It's not in the wild, nor does it qualify for a virus by any definition. Calling it a virus is like calling the words "rm -rf ~" a virus. Yes, if you're dumb enough to type them into a shell, you could so some damage.

Stabbing yourself with a knife also does damage. That doesn't make knives viruses.

This is the beggining, huh? Why is it stupid people never run a spell-checker? Is this like you wearing helmets and special reflective clothes, so we can all recognize you and ignore your opinions?

November 07, 2006 6:56 PM

 
Anonymous Anonymous said...

Mac's don't have any Virus as they only have a small market share. Bol&^%@S. Vista had less than 10k copies and it got it's 1st virus.

November 13, 2006 12:31 PM

 
Anonymous Anonymous said...

http://www.viruslist.com/en/viruses/encyclopedia?virusid=126704

http://www.viruslist.com/en/viruses/encyclopedia?virusid=113270

http://www.viruslist.com/en/viruses/encyclopedia?virusid=112895

http://www.viruslist.com/en/viruses/encyclopedia?virusid=91171

http://www.viruslist.com/en/viruses/encyclopedia?virusid=112727

http://www.viruslist.com/en/viruses/encyclopedia?virusid=112726

http://www.viruslist.com/en/viruses/encyclopedia?virusid=112789

November 13, 2006 7:05 PM

 
Anonymous WestOfCA said...

Recently I got a Mac (my first) and have been scouring the Net, trying to get an accurate fix on the existing level of virus/mal-ware threat.

Thus--I found this thread, and all the posts written in response to your original post (as well as the posts written in reply to, in turn, those posts).

I just finished reading the comments in this thread. I managed to read at least a portion of and usually the entirety of every one).

What an experience!

Once I started reading, I couldn't stop. Yes, I don't have a lot going on this afternoon.

Quite entertaining--and mildly educational too.

And more than a year after the initial post, the thread is still going.

Thanks Wil. I had fun. I enjoyed your comments also, of course.

I hope you bought at least ONE nice shirt, with the 500 bucks. Did you buy another one, this year--or maybe a decent tie or two?

I'll stop by another day (I have your blog bookmarked), to read more of your blog entries--and of course to check out the responses.

Yours truly,
from across the pond (the Pacific, not the Atlantic).

WestOfCA, aka " Walter."

November 25, 2006 11:01 PM

 
Anonymous Anonymous said...

I've seen one comment that starts to get to the point when it mentions 'bragging rights'.

I do hereby, on behalf of the entire computer using community, give you (and every other member of the media) FULL permissions to state as a matter of fact
"MAC OSX has 0 confirmed viruses to date".

I'm happy to believe that MAC OSX is completely virus free.

PLEASE feel free to say it all you want, you don't need to hold a 'contest/challenge' for the permission to state a fact.

But please don't get upset when over 90% of the people who use computers don't care!

It's like a BMW owner telling me their car is better. Well duh, I know your Mac is 'better' than all my windows machines, but your fabulous computer is yours, it doesn't really matter to my day to day computing or the issues I face because I'm not in your little niche.

OSX is virus free! woooo hoooo no cow has ever actually jumped over the moon. who cares?

November 30, 2006 11:30 AM

 
Anonymous Anonymous said...

I fail to see how your original post makes any sense as I find it entirely hypocritical and egotistical. You first say, and I quote “I'm sick of people reporting that Mac OS X is 'mostly' virus-free. It is, as far has been proven, ENTIRELY virus-free”. This statement that Mac OS X has been proven entirely virus-free is a blatant lie! There are many confirmed cases of a Mac OS X having received a virus. Secondly you rave on with tireless hypothetical situations about a sick person or some load of rubbish well here’s one for you, if there are two people who are both identical in every way except for the fact that ones less healthy than the other, Sure enough the less healthy one gets sick and the healthier one is fine, except for the odd cold. Now what does this hypothetical prove? NOTHING! Of course the less healthy one was going to get sick! Just because Mac is no where near as popular as Windows doesn’t mean it’s “immune to viruses” or even “mostly virus-free” for that matter. I’m sorry but I find this whole post indicative and pointless. So all I have left to say to you “Wil Shipley” is, get of your high horse, take off your crown and wake up and smell the roses sunshine! Get a life! Get a job! And for God’s sake get a Windows!

December 21, 2006 4:46 AM

 
Anonymous Anonymous said...

I fail to see how your original post makes any sense as I find it entirely hypocritical and egotistical. You first say, and I quote “I'm sick of people reporting that Mac OS X is 'mostly' virus-free. It is, as far has been proven, ENTIRELY virus-free”. This statement that Mac OS X has been proven entirely virus-free is a blatant lie! There are many confirmed cases of a Mac OS X having received a virus. Secondly you rave on with tireless hypothetical situations about a sick person or some load of rubbish well here’s one for you, if there are two people who are both identical in every way except for the fact that ones less healthy than the other, Sure enough the less healthy one gets sick and the healthier one is fine, except for the odd cold. Now what does this hypothetical prove? NOTHING! Of course the less healthy one was going to get sick! Just because Mac is no where near as popular as Windows doesn’t mean it’s “immune to viruses” or even “mostly virus-free” for that matter. I’m sorry but I find this whole post indicative and pointless. So all I have left to say to you “Wil Shipley” is, get of your high horse, take off your crown and wake up and smell the roses sunshine! Get a life! Get a job! And for God’s sake get a Windows!

December 21, 2006 4:47 AM

 
Blogger Wil Shipley said...

get of your high horse, take off your crown and wake up and smell the roses sunshine! Get a life! Get a job!

I think you missed some cliches. Here: "Get off my lawn!" "Get outta town!" "Get set, go!" "Get Met, it pays!"

December 21, 2006 4:55 AM

 
Anonymous Anonymous said...

I think I might have a virus on my OSX. iChat doesn't work.

March 16, 2007 9:37 PM

 
Blogger terraform said...

It's interesting how I've been using Mac OSX for over 7 years now on various Mac computers and haven't had one virus and my roommate of four months has resorted to smashing his Windows machine to bits due to raving infestations of various sorts...the Apple computing world's good and I can continue making bookoo bucks designing, computing, conducting business, etc. YeeHaw!!

May 30, 2007 8:24 PM

 
Blogger Wil Shipley said...

Good point, but I'm pretty sure that's not how you spell beaucoup.

May 31, 2007 12:33 AM

 
Anonymous Anonymous said...

http://www.sophos.com/pressoffice/news/articles/2006/02/macosxleap.html

this was after you posted your message.

July 05, 2007 10:07 PM

 
Anonymous Anonymous said...

I completely agree with terraform. I've been running Mac for four years and have yet to have my first virus.

While trying to keep my father from throwing his Windows out the window.

January 29, 2008 1:11 AM

 
Anonymous Anonymous said...

It is very fascinating to see how little people actually read this article. The level of uninformed nonsense in these comments is astonishing.

Well, I'm just going to do some work on my never once infected Apple Macintosh computer running OSX.

Senseless really, since I'm doomed anyway. My hard-drive will probably explode in the next minute because of a virus. Goodbye cruel world.

March 10, 2008 4:31 AM

 
Blogger Sharlene said...

Years after your deadline has passed, and people still post about "viruses" as if your initial post was wrong - interesting.

While negative logic is harder to prove correct, it's not difficult to contradict; and with the way news passes along the internet, there's even less excuse as to why 1 reputable example for your time window (rather than after) can't be found whether or not there's a prize. It should be easy to contradict.

To all the people who want to call any little bad thing that happens to a computer a virus, there's a delicious quote from Symantec:

Just how bad is the misuse of the term virus?... “It's worse than calling all facial tissue ‘Kleenex’. It's almost like calling all paper products ‘Kleenex’.”

October 24, 2008 1:20 AM

 

Post a Comment

<< Home