Have an account? Log in to leave your comments!
journal: mac
Do We Really Need “Anti” Virus Software?
That is unless you count the latest and most deadly piece of malware on the Mac. A hideous evil thing that will scare you senseless.
Anti-Virus software. About 90% of computer users need it. It’s there to protect us from the evils of viruses, trojans, worms, spyware, key loggers etc. If you have a Windows PC it has become almost as essential a piece of kit as a web browser (though in the case of Windows it is generally down to the web browser that the need for anti-virus software is so great).
But what about other platforms. Well it’s safe to assume that on Linux there isn’t gonna be a huge amount of need for anti virus software. When an exploit is found it is likely to be patched very quickly and the sort of people who run Linux are likely to be the sort of people that know how to keep safe from these exploits. So all in all Linux is pretty much secure.
But then you have the Mac… We mac users are a proud, if somewhat stubborn, breed. We gloat about how there are no viruses for our system (and yes, while by general definition their are, by strict definition there aren’t) yet we are now under attack. Now instead of going into a Churchill inspired speech about how we’ll never surrender to the attackers I’m gonna look at whether the risk is big enough to warrant us all rushing out to buy anti-virus software.
There are 3 big anti-virus programs, Intego VirusBarrier, Norton Anti-Virus and Sophus Anti-Virus. Now Intego doesn’t seem to have anything wrong with it, besides the company that makes it going a bit over the top with the 3 latest exploits and trying to spew FUD. The other two though…
There are 6 well known proof of concepts for OS X that I can think of:
- LeapA/Oompa Lumpa - The trojan disguised as a jpeg
- Safari Shell Scripts - Where shell scripts can be run thanks to a flaw in LaunchServices
- Bluetooth Worm - The worm that spreads when it comes close to a mac with Bluetooth
- MP3’s with hidden contents - This is an old one where an executable was included in a file disguised as an MP3. This was slightly different to LeapA in that it did actually run as an MP3
- Widgets - This is where Widgets could be auto installed and run malicious code
- help:// URI exploit - This one was where the help view could be used to run malicious code downloaded when visiting a website
Of course there is also the one and only malicious piece of malware made for OS X. The Word 2004 Trojan. This file disguised itself as a Word 2004 “demo” on the Gnutella network and when downloaded and opened it deleted the users home folders. Now this would fall under the same group as LeapA and the MP3 exploits which haven’t to my knowledge been fixed. The Bluetooth Worm was fixed in June 2005, the Widgets exploit in 10.4.1, the help:// URI problem is a Panther security update and the Safari Shell Scrips exploit has been fixed temporarily by Unsanity while we wait for an official update.
So why did I start trailing off to talk about the known malware for OS X? Well I wanted to show you what was out there first, and as you can see there has only been one piece of malicious malware for OS X. That is unless you count the latest and most deadly piece of malware on the Mac. A hideous evil thing that will scare you senseless. The name of this malware?
Sophos Antivirus. Yes, the same Sophos Antivirus that is meant to get rid of viruses is in fact doing their job for them. Sophos released an update for a virus identity file that then saw many Office 2004 and Acrobat Reader files as infected. Now depending how their software was set up then Sophos Anti-Virus either locked them out of those files or deleted them. And what about Norton? Well Norton isn’t quite so bad but it isn’t so good either. A few weeks ago there was a security flaw found in Norton Anti-Virus that allowed people to gain access to a users computer.
So as you can see you have a choice between a “virus”, a gateway to hackers and an overreacting company (in all fairness all 3 overreacted) to protect you from what are little more than concepts. The only benefit I can see is if you send files to lots of PC users who may be affected by a virus. But other than that I don’t really see any need to hand over your well earned money just yet. And if it does come to it you can always try clamXav.
 |
21 | 1 | 5969 |
| comments | track | views |
thinkback
CORRECTION:
(though in the case of Windows it is generally down DUE to the web browser that the need for anti-virus software is so great).
Finally, a well-researched article on this subject. Now if only the big newspaper journalists were better at using Google!
the only benefit? there is no benefit period. not a single Anti-Virus software maker or it’s product prevented or could prevent these exploits before they happened…
as a matter of fact, i’ll go one step further, having Anti-Virus software on your Mac is about 1000 times more dangerous for your computer than the 3 exploits in question, nor any other future exploit.
the best and only thing Mac users need to do is:
1. simply not download something they are not expecting from ichat or email or anywhere.... don’t download something from the internet unless you know that site, (trusted site) and that the thing you are about to download has been on the trusted site for 5 days or so. (time for that trusted site to hose someone else first before you, and they take it down)
2. Mac users should back up their documents to a firewire drive once a week.
3. Mac users should back up their documents off site every 1 month… (this can be changed to once a day for those people who believe it necessary)
4. do not run your day to day business in Root mode, only as a user....
that is it for mac security period....
I think the #1 security measure that can prevent 90% of all malware that isn’t volutarily ran is to have a firewall. Windows became much more secure because the firewall was on by default starting with SP2.
| Feb. 23, 2006 | |
| Liam | 9:11 am |
Jon, I have to agree with the first 3 but the last one is slightly incorrect and even though I know what you mean, not always necessary.
Root mode in OS X should NEVER under any accounts be enabled. It is disabled by default and there is no good reason to change that, you can use sudo if you want root access temporarily. What you mean is running as an admin account. With OS X running as admin is fine as long as you are an experienced user and have back ups of your work just in case, though I do agree that in the case of most users they should use a standard user account
|
| Feb. 23, 2006 | |
| 9:24 am |
Liam, a fire wall doesn’t prevent trojans. It prevents the problems on Windows that would appear from just having your PC turned on and connected to the Internet.
Jon, good advice except I don’t think a Firewire drive is necessary. If you back up your User folder to another partition, that should work too.
I wish Apple would change OS X so that the extension doesn’t override the type. To me, this is stupid. The OS knows it’s a Terminal Document but doesn’t tell me unless I manually check with Get Info.
| Feb. 23, 2006 | ||
| 9:38 am |
But does these so called viruses actually work? Has there been any wide spread damage reported? Do the viruses spread themselves?
I’ve read how anti-virus software have given false warnings about viruses in Macs and moved perfectly safe files which were supposed to be there, e.g. Epson printer driver. So the AV software may destroy your Mac! (which I seriously doubt any virus can)
| Feb. 23, 2006 | |
| 10:25 am |
A simple AppleScript script can send an email to everyone in your Address Book.
| Feb. 23, 2006 | ||
| 10:29 am |
Is that a virus then? Can it autorun? Would you call a “rm -rf /” script a virus?
Isn’t it in fact needed to carefully define what a virus actually is? (since there seems to be confusion about it)
I think this is marketing of AV products. The AV company (or companies) hope to scare people using Macs to buy their software too.
I’ll not buy any AV software because they can destroy more than any theoretical virus (and have already).
|
| Feb. 23, 2006 | |
| 12:16 pm |
been surfing about Mac security lately, and I’m surprised I haven’t seen anyone mention enabling ‘Stealth Mode’ found in systems pref➟Sharing➟Firewall➟Advance➟Enable Stealth Mode????
Well, if we are going to call “I Love You” and “Melissa” viruses, an AppleScript script is a virus if it self propagates, and that’s what it can do.
You could create a script that does nasty things after it sends itself to everyone in your OS X Address Book with an email that says,
“Hey [your first name], this .JPEG of me is hilarious! Take care, [first name of someone who has you in their Address Book]”
OS X doesn’t have the ActiveX stuff, but the .VBS and macro viruses on Windows are easily duplicated on OS X, it seems.
| Feb. 23, 2006 | ||
| 12:26 pm |
Last time I looked it up is a virus something which can *infect*, i.e. it should be able to add code to executables and spread itself.
http://en.wikipedia.org/wiki/Computer_virus
Show me a piece of Mac OS X malware which can do all this.
|
| Feb. 23, 2006 | |
| 2:03 pm |
The latest Safari one does exactly that, doesn’t it? It infects applications so that they don’t run and it sends itself to iChat buddies.
All I’m saying, Mikael, is that I always thought OS X had no ability to propagate viruses. It definitely does have that ability built into the OS, much like VB.
| Feb. 24, 2006 | ||
| 9:47 am |
If you mean the shell scripts which should not be run by Safari then I can’t see how this can be anything like a virus because a virus can do a lot of nasty things but invisibly. OnyX has done a lot of nasty things with people’s computers for example but you don’t call OnyX a virus.
Besides, if it ever tries to touch anything which belongs to the system or any other user it will ask for permission first. It can’t do it with complete power like in the flawed Windows.
|
| Feb. 24, 2006 | |
| 11:57 pm |
Well, now we are arguing semantics. If you want to view something that is just like the “I love you” virus as a trojan or anything other than “virus”, that’s fine.
| Feb. 25, 2006 | ||
| 9:10 am |
17.
Tracked: Worm targets Mac OS X
Just after Apple admited there were viruses for Mac OS X, another virus appears and it infects your computer using an 8 month old Max OS bug.
Tracked on: The Staunton News Leader at 25-Feb-06 10:58 AM
Sophos sees OS X virus ghosts.
“First they ‘find’ a virus, then they start a FUD[fear, uncertainty and doubt] factory of misinformation, and finally they turn loose the REAL virus (called their anti-virus software) on the newly paranoid Mac users they stirred up,” a user wrote on the Macfixit Apple enthusiasts’ website.
|
| Feb. 25, 2006 | |
| 12:45 pm |
Oh, I agree. There is more hype than needed. But Windows fans would argue that many of the viruses announced on Windows are over-hyped too.
I’m not equating the two experiences, though. Windows has a lot more issues. All I’m saying is the underlying technology that would enable some of the same issues is in OS X and I didn’t think it did at all.
| Feb. 25, 2006 | ||
| 7:21 pm |
There are many reasons the malware is so big and Windows only.
ActiveX; It’s enough to visit a webpage to get infected in Windows. Impossible on a Mac.
Crappy use of permissions; If you do your daily chore as root (admin in Windows) then how can anyone complain when bad things happen? Mac users (and in fact most others) don’t have this problem.
The security holes reported are usually in Windows, and are easy to take advantage of too. It’s too complicated to fully automate the same things in other systems like Mac OS X. Good use permissions helps again.
So I bet these “proof of concept” viruses for Macs need more than a little help from the users, i.e. they can not be fully automated like in Windows.
|
| Feb. 28, 2006 | |
| 5:27 am |
If you have a Windows PC it has become almost as essential a piece of kit as a web browser (though in the case of Windows it is generally down to the web browser that the need for anti-virus software is so great).
Virsues and most other malware (on Windows) typically spread through email clients and services not through web browsers.[
quote]Root mode in OS X should NEVER under any accounts be enabled. It is disabled by default and there is no good reason to change that, you can use sudo if you want root access temporarily. What you mean is running as an admin account. With OS X running as admin is fine as long as you are an experienced user and have back ups of your work just in case, though I do agree that in the case of most users they should use a standard user account
I don’t know if this is true for Mac malware but Windows malware rarely needs admin or root.
Liam, a fire wall doesn’t prevent trojans. It prevents the problems on Windows that would appear from just having your PC turned on and connected to the Internet.
1. Those problems don’t exist for SP2.
2. Firewalls prevent worms, among other things.
3. Having a firewall makes nearly every computer safer… ask any linux/unix admin.
| Feb. 28, 2006 | ||
| 11:05 am |
I don’t know if this is true for Mac malware but Windows malware rarely needs admin or root.
In order to delete your home folder (music, preferences etc) then it just requires you to run the application. To delete applications from the main Applications folder requires an admin account logged in (same for the Library folder). To delete items from the System folder or from another users folder it requires you to enter an admin password.
|
| Feb. 28, 2006 | |
| 1:01 pm |
1.
Great article! I totaly agree with you.