Where are the Mac viruses?

Quite often I hear the explanation that Macs don’t get infected by viruses, because Apple’s market share is so small, it wouldn’t be worth the time and effort write a proper Mac OS X virus. This implies that once Mac OS X has reached a critical market share level, there will be a sudden outbreak of hundreds of viruses. My simple question is this: how come there has (to my knowledge) been no actual Mac virus affecting Mac OS X while there have been a couple of viruses affecting Linux, despite its even smaller market share? Wikipedia lists the following Linux viruses:

  • Alaeda – Virus.Linux.Alaeda
  • Bad Bunny – Perl.Badbunny
  • Binom – Linux/Binom
  • Bliss
  • Brundle
  • Bukowski
  • Diesel – Virus.Linux.Diesel.962
  • Kagob a – Virus.Linux.Kagob.a
  • Kagob b – Virus.Linux.Kagob.b
  • MetaPHOR (also known as Simile)
  • Nuxbee – Virus.Linux.Nuxbee.1403
  • OSF.8759
  • Podloso – Linux.Podloso (The iPod virus)
  • Rike – Virus.Linux.Rike.1627
  • RST – Virus.Linux.RST.a
  • Satyr – Virus.Linux.Satyr.a
  • Staog
  • Vit – Virus.Linux.Vit.4096
  • Winter – Virus.Linux.Winter.341
  • Winux (also known as Lindose and PEElf)
  • Wit virus
  • ZipWorm – Virus.Linux.ZipWorm

Can someone, please, explain to me in a rational way how this list can be so long, despite Linux being such a terribly small platform? I suppose, as I do not know for certain myself, that most of these viruses are rather harmless, and that most wouldn’t work on modern Linux systems, as they probably explore vulnerabilities that have been patched in revisions of the OS. I also am aware of that there have been proof-of-concept viruses for Mac, that utilize vulnerabilities that later have been fixed. Some of the viruses in the list above may be similar proof-of-concept examples for Linux.

Personally, I think OSX and Linux match up quite well when it comes to virus security, and that this has nothing to do with the size of the platform, but everything to do with the UNIX/UNIX-like foundation underneath. In both cases, the worst threat is the users themselves, who often allow to run malicious code without knowing what they are doing. This is a big threat to any computer platform, regardless of the security measures taken by programmers. As long as the user can install new software, this will be a potential threat (even though sandboxing and securely signing applications can decrease the risk of malware infection).

That being said, Mac OS X is incredibly easy to hack once you have access to the computer. This is a problem, and Apple really should be busy fixing that. But please aim your guns at the right issues. Mac viruses is not a real threat for the moment, just as Linux viruses is not really a big threat to Ubuntu users. That a Mac can be hacked to gain root access in a minute – that is a problem, which have everything to do with OS architecture. However, making the Mac market share smaller will not solve this problem, nor will it get worse as the platform expands. If we’re in luck, though, Apple may acknowledge the problem as its user base grows, and address it before it gets too late.


4 responses to “Where are the Mac viruses?

  1. You shouldn’t forget that, although Linux has a small market share on the Desktop, it has a really large market share on Servers. So that gives some incentive for virus writes.

    But market share is only part of the story: it creates the incentive for attempting to write viruses, but whether they are effective depends on the security of the OS. In that respect both Linux and OS X have a good foundation.

  2. For desktop use, i think there is the main thing that you wrote, user awareness. Users are not aware which can be a potential virus threat and which is not. People run malicious codes just to get their job done. This is the problem in all the platforms. A guy downloads a pirated abc soft platinum gold plus edition and extracts it and executes the crack, when his antivirus detects it he shuts it down , and again installs it in the system. And then he tells everyone “i have no virus in my system” ask him why Ans: “the antivirus does not give any warning” . There are a lot people who do not update antiviruses, one cause is no internet connection, two they fear to update cause the unauthorized edition might be caught.
    People downloads files from torrents without any protection.
    In sensitive network computers admins often do not set the GRUB passoword and the superuser password can reset and disaster could be done.
    So most of the desktop users could be baited and a malicious code could be run easily in their computer.
    Often tech mags come with some virus prevention techniques, but they recommend so many tools to install over an year (all the issues) people get confused, or the system gets bloated and full of conflict.
    So, if you have the key of the box and you yourself give it to the thief , no security could help.

  3. First of all, it was never my intention to pick on Linux. If I were to choose one single OS, only based on security and reliability, and not features, applications or compatibility, I would obviously choose Linux. I also want to point out (which I didn’t in the article), that my main focus here has been on the normal desktop user. Speaking of servers would be, as Martijn points out, a completely different story. Martijn also points out that there is indeed some incentive to write Linux viruses, at least for the server market. While this make part of my argument weaker, the main point still stands, I think (which I think we agree on). Market share alone is not the key to Mac OS security, nor is it the key to Linux or Windows security.

    What has been referred to as the first Mac OS X “viruses” (in real life, not proof-of-concepts variants) were actually not real viruses, but trojans. As phoxis points out, the real security threat on most systems are not viruses, but the users themselves, downloading unprotected and unsecured files. Any system that has been set up in a sloppy way can get hacked, most often bad choices of passwords are the biggest problem. The design of both Windows and Mac OS X makes most people run their OS as root (or equivalent), which is of course also a huge problem.

    I usually recommend Mac users not to panic about viruses. As there is at the moment there is no real virus threat. Thus, instead of installing some useless anti-virus software, I recommend that they start with themselves and do not download unknown stuff, don’t set too-easy-to-break passwords etc. As phoxis says: “if you have the key of the box and you yourself give it to the thief , no security could help”.

    What bothers me is when (most often Windows users) warns Mac users that soon there will be Mac viruses, because Apple’s market share is growing. This, is still bullshit. More likely, virus makers will have a hard time when they have to re-write their malicious code for the more secure Mac, Linux and Windows 7 operating systems.

  4. Pingback: Where are the Mac viruses? « The Lacunae | Mac Affinity

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s