Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I'm genuinely curious... are there viruses that spread in OSX?

Not trojans or whatnot that require users to click on files they shouldn't, but rather actual viruses that make use of vulnerabilities in OSX to spread from computer to computer, either via Internet or thumb drives or something?

In other words, if I always follow responsible practices (never opening files from untrusted sources), has there been any threat up through now that could compromise my OSX installation?



I think the recent Flashback.K qualifies to some degree. All you had to do is visit an infected webpage and the Java applet would walk onto your system. It would immediately ask for admin privileges, but due to the huge Java hole it would have your user privs automatically.

Since OSX enabled Java by default, and since responsible practices were no defense, this compromised enough Macs that it was proportionally comparable to the Conficker infection on Windows.

http://www.f-secure.com/v-descs/trojan-downloader_osx_flashb...

http://en.wikipedia.org/wiki/Trojan_BackDoor.Flashback


And then Apple disabled Java, and Apple no longer ships Java. Java has been a huge security vulnerability for a while now...


It's still useful to have though, and Apple makes it really easy to install. GlimmerBlocker, Maple, Processing and a few game clients I use need it. It does seem that the default is that "Enable applet plug-in and Web Start applications" is off by default (in the Java Preferences app; there's no mention in System Preferences).


In general, however, if you know you need Java and how to install Java as a dependency then in all likelihood you're savvy enough to avoid being infected.


Apple still ships Java; it's just not installed by default. When you run a Java app without having Java installed, you get a prompt to automatically download and install Java.


I'm not aware of any "traditional viruses" as you describe.

I've cleaned IRC bots off of people's OS X installations. They had SSH turned on, with username/pw combos like "bob"/"bob", and public IP addresses.

But you really have to intentionally make multiple poor security choices for something like this happen.

There are also quite a few remote code execution attacks against OS X - you can find details of these in Apple's security bulletin list:

http://support.apple.com/kb/HT1222


While some high-profile Windows malware has spread using genuine exploits, it's been a long time since this was a serious problem. The vast majority of Windows malware/crapware have been and still are just trojans (sometimes through very obvious pop-up ads and such).


I believe that pwn2own has demonstrated that OSX and Safari are susceptible to drive by attacks; no download is necessary.


Yes and no, mostly "no".

There are functioning Microsoft Office trojans that can self-replicate through e-mail.

There was a largely harmless but extremely widespread trojan that did drive-by Java attacks on webpages.

Repeat the above for Flash vulnerabilities.

There was a largely harmless but extremely widespread trojan that masqueraded as a free antivirus package and guilt-tripped naive users into authenticating via Installer.app, the only programmatic way to get code onto a Mac.

Best practice in my reality:

- DO NOT INSTALL A VIDEO CODEC PACKAGE

- DO NOT RUN COPIED OR TORRENTED SOFTWARE

- Enable Firewall.

- Remove Adobe Acrobat Reader unless your PDF workflow absolutely requires it.

- Disable Java immediately. (uninstall it for extra credit)

- Make sure Flash is at the dead latest self-updating version and set to auto-update.

- Update all non-stock browsers to self-updating versions.

- Update Microsoft Office and allow it to check for updates weekly.

- Allow Software Update to do its thing weekly.


The recent major issue was a trojan that I didn't have.

>In other words, if I always follow responsible practices (never opening files from untrusted sources), has there been any threat up through now that could compromise my OSX installation?

I don't think so but I think you know that otherwise you would not be here. While this story has been posted recently, Apple has removed such articles on their site a few months ago.

The ID10T's, as some put it, should be on iOS. This is yet another reason why PCs should only be for professionals.


What about professional ID10Ts?


I won't speak of them. From what I've seen there are enough idiots in this world to go around.

The times that I've heard it was from waiting in line at Best Buy for repairs. Most people wouldn't get it because it is far different when spoken.


The real question to ask is not "Has there been?" but "Will there be?"

Given that Mac OSX is on the rise on the popularity scale I am almost dead positive we will see a lot of increase in malware for OSX, even remote attacks where the user will be infected even if he acts sensibly.

The risk of that happening to you though is fairly low. The risk of clicking something and then getting malware through that is way higher, from a risk point of view.


  > Given that Mac OSX is on the rise on the popularity scale 
  > I am almost dead positive we will see a lot of increase
  > in malware for OSX
This was repeated so many times, over so many years. Yet OS8-9 had more viruses in the wild despite much smaller market share.


But of course going forward the vast majority of Mac users are going to be getting their software through the Mac App Store, and not downloading random programs off the internet. That plus the default GateKeeper config (that prevents unsigned code from being installed) will dramatically reduce the risk of the average user getting hit by trojans on the Mac platform.


What are some recent examples of such Windows viruses even?

Most malware is spread by downloading fishy software or from browser/Flash/Java/PDF exploits.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: