Contest goal: To lay to rest, once and for all, the myths surrounding the lack of spreading computer virii on the Macintosh OS X operating system.
Today, DVForge, Inc. announced the Mac OS X Virus Prize 2005, where the company is openly challenging all of the computer coders of the world to go after the $25,000 cash prize that they are offering to the first person to successfully create and deploy an “in the wild” active virus for the Mac OS X operating system.
For the contest, a ‘virus’ is defined as executable code that attaches itself to a program or file so that it can spread from one computer to another, leaving infections as it travels between computers.
For the contest, an ‘in the wild’ virus is defined as one that is able to spread as a result of normal day-to-day usage onto two or more randomly selected computers that are connected only via the internet.
Are you a clever software geek, bored, looking for a challenge for your immense skills? Would you like world-reaching fame, and, a $25,000 cash prize? Well, here’s your chance for fame and fortune. All you have to do is put a virus into circulation that makes its way onto two totally unprotected Mac OS X computers we have running in Hendersonville, Tennessee. No trick, no hidden barriers… just two open internet connections to two non-firewalled, unmodified, bone-stock OS X 10.3 Panther systems, each tied directly to the ‘net by a T-1 line. According to the PC press, picking up this 25-grand should be child’s play.
“Symantec Corporation has recently released information to the press suggesting that they believe that the Mac OS X platform is at substantial risk to a new virus infection, and that the principal reason that OS X presently has zero in-the-wild virii is simply the lack of interest by virus coders, due to the platform’s comparatively small market share,” says DVForge CEO, Jack Campbell in the press release. “We recognize that assessment as complete nonsense, and, we have chosen to make a challenge that is interesting enough to grab the attention of any malicious coder… $25,000 worth of interesting. I happen to believe that Apple should be offering this prize. But, since they have not, I will. On behalf of knowledgeable Mac users everywhere, I am putting my money where my mouth is.”
We have designated two G5 Power Mac computer systems, each running an unmodified retail installation of OS X 10.3 Panther, each located in the Hendersonville, Tennessee area, but located approximately 3-miles away from each other in entirely different facilities. The only network connection between the two systems is the internet. Both Power Macs are on a minimum 8 to 12 hour per day, five to seven day per week usage, and run any number of popular Mac software applications. Each uses OS X mail.app as the email client, and Safari as the web browser, with neither machine or its LAN having a firewall in use. Each is connected to the internet through an unencrypted Airport network, to a full T-1 line.
Each day, we will scan both Power Macs for the presence of an OS X native executable virus, using a commercially available virus scanning utility. The day we locate a copy of the same virus running on both Power Macs, that virus is the winner of our contest.
To win the contest, the person coding the virus must submit an email notice to us with a transcript of at least 32 contiguous characters of code included in the virus, a brief description of the functionality and symptoms of the virus, and contact information for contest notification and payment of the $25,000 prize. The prize will be awarded to the person whose 32-character code sample, and functionality and symptoms description match the actual virus detected on the two contest Power Macs.
There has been much misinformation publicized recently about a supposed risk to the OS X operating system from virus attacks, with the ‘risk’ supposedly increasing as Mac computer sales are increasing. As a Mac dedicated business, and as a group of long-term Mac users, we know that these warnings are not true, and that there are a number of fundamental safeguards against virus attacks that keep the OS X operating system without its first in-the-wild virus. The ‘small number’ of Macs has nothing to do with the lack of virus incidents. It is the architecture of Apple’s operating system that protects its users from these bugs.
We are operating this contest until midnight July 31, 2005. Should the conditions for winning be met prior to that time, we will immediately award the $25,000 payment to the virus developer who succeeded in cracking the Mac’s inherent immunities.
Prize Doubled For Symantec
DVForge, Inc. has specifically invited the programming staff at Symantec Corporation to participate in their contest by creating and successfully delivering an executable virus to the two contest Power Macs. Should an employee or independent contractor of Symantec corporation win the contest, they will double the prize to $50,000 for that person.
Complete details on the DVForge Mac OS X Virus Prize 2005 contest can be found at http://www.dvforge.com/virus.shtml
Related MacDailyNews articles:
DVForge cancels Mac OS X Virus Prize Contest – March 26, 2005
Motley Fool writer: ‘I’d be surprised if Symantec ever sells a single product to a Mac user again’ – March 24, 2005
Symantec cries wolf with misplaced Mac OS X ‘security’ warning – March 23, 2005
Symantec’s Mac OS X claims dismissed as nonsense, FUD – March 22, 2005
Symantec warns about Mac OS X security threat – March 21, 2005
68,736 Microsoft Windows viruses vs. zero for Apple Mac’s OS X – March 12, 2005
Mac OS X has no viruses; what’s wrong with Windows? – February 11, 2004
awesome, i gotta get coding. although the more i think about it the more i realize that its gonna be really hard.
i think this is a great contest. its not going to hurt the general public using OS X, and it will finally put the “security through obscurity” myth to rest.
ill bet a dollar that the winner, if there is a winner is an old UNIX virus updated to do what needs to be done for this competition. small, quick, go through some old forgotten UNIX hole (yeah there still there, ya just gotta look in the right places).
if apple legal is smart they will let this go. i dont think they really give 2 shiats anyway.
With “friends” like this…
” width=”19″ height=”19″ alt=”tongue laugh” style=”border:0;” />
This has got me thinking: Mozilla offers a $500 bug bounty for security holes, why can’t Apple?
Conditions, obviously, are that the bug has to be given to Apple for evaluation, NOT BE RELEASED in the wild, not go public until Apple has a fix RELEASED, and, to make it look good, maybe involve an external auditor.
The person winning should be acknowledged publically, and for first submitter, be given at least $1000, maybe $5000. And the contest has run for a really long time – at least a year or two, ideally forever.
This way Apple gets product improvement at a modest price (compare that to a formal security audit’s cost in staffing expense). The downside is Microsoft could do the same thing, but it generally takes them 5 years to reverse engineer/steal/buy, and another 5 to do it properly.
The upside is that any legitimately curious guys targeting Apple would be redirected to get their publicity legally, and be compensated, i.e. effectively hired. By reducing the appeal of the illegal virus, all Mac users win. This also should have the effect of keeping the, so far, perfect score of 0 viruses released in the wild for OS X a bit longer.
(tangent: surely this perfect score is going to be compromised by people failing to upgrade, at some point, so we can’t get too cocky.)
executive summary, courtesy of MDN:
While no computer system is ever perfect, the number of exploits to date is instructive:
IntDows (windows) 68,736 viruses et. al. in the wild (they are in the wild, right MDN?)
OS X 0 (yes *** ZERO ***)
we have to keep HAMMERING PC people with this.
It really would have to be a “cash” payment, as the hacker slinks off into the night.
Sounds like great fun to me, and it can only be good press for osX. Even if someone manages to create a bug that will autoexecute on a mac, it is still 500,000 to one, windows over mac.
Not that it is hard to avoid viruses no matter what the platform.
You guys are all worrying over nothing! This contest will NOT be won and NO ONE will claim the $25K. They’re simply NOT GOING TO BE ABLE TO DO IT!!
I bet Apple will have an executive meeting sometime on Monday to think this through verrrrrrryyy carefully. Because their coders have to know that the odds are stacked SO LARGELY in Apple’s favor that this just might be a dream come true. Imagine, after this contest ends WITHOUT a winner, Apple gets all the benefit from the buzz in the press and on the bulletin boards — and STILL they won’t need to put their own reputation on the line by advertising the Mac’s inherent strength against virii.
I bet Apple let’s this contest ride!
cptnkirk, G Spank, You Punks,
I agree 100%.
What are we afraid of ?
When Symantec spreads FUD we all go nuts in the forums saying OS X is rock solid.
When a PC article mentions the security through obscurity myth, we all go crazy.
But when it comes to prove it, who really stand up for their ideas ?
Symantec illegitimately tries to TAKE MONEY FROM YOU for protection software you don’t need.
On the other hand, a guy GIVES AWAY a large amount of money if you can prove him wrong.
I see this as a chance to stop the false rumors that hurt our platform.
In the worst case, it is a challenge to Apple for making an even more secure OS.
What are we afraid of ?
Magic word: “Believe”.
There sure are a lot of bored Mac geeks on a Saturday morning.
Oh Ye of little faith….
I’m really surprised at the number of people here who have negative comments about this. I would think a true-blue Mac head would cherish the thought of a contest like this. I recall when a web site in Denmark (?) offered $10k to anyone who could deface a web page hosted on a Mac, I was elated, and 10 times over once the contest expired and the web site was untouched. I for one believe that their $25k (and the $50k) is, as someone said, as safe as if it were in Ft. Knox. And just because the one who offered it is known for publicity stunts, so what? Mac OSX could use a little publicity.
As someone I admire once said… “Bring it on”.
пустая головка
Which keys on your keyboard type letters like that ?
I’ll bet $5 that his $50,000 is going to be quite safe.
What happens if they actually succeed?
Will this be start of the new virus era for OS X?
Please read my l;etter to Mr Campbell Below:
I here MR Campbell has a competition to write a virus for Mac OSX.
May I suggest he looks carefully at the legal aspects of this.
If someone writes one can you be sued? It would seem that you can be locked up for inciting a riot… The incitier doesn’t actually do the rioting or do the damage but pays dearly for it in the court system.
Maybe you can have the same thing happen if you incite someone to damage other peoples computer systems through a virus… I would suggest you look closely at this as I will actively be emcouraging other systems users too with the possibility of doing this. Please contact your lawyers as I will be contacting mine first thing on Monday to discuss this.
Gaga,
If it is meant to happen, it will. Accept your destiny.
” width=”19″ height=”19″ alt=”LOL” style=”border:0;” />
Anyway, let’s not act like ostriches who hide their head in a hole to avoid the storm.
If there is a fault in OS X, it will be exploited one day or the other.
The sooner it is, the faster it will get fixed.
I took TheRealist’s advice and had another alcoholic beverage and went back to sleep thinking I would change my mind after I woke up… it didn’t help.
Link to crack a mac contest 1997
http://db.tidbits.com/getbits.acgi?tbart=02166
I find DVForge’s contest in extremely poor taste. To show my dissatisfaction, I vow NEVER to purchase any DVForge product and will promptly return or throw away any that are received as gifts. I sincerely hope others that feel likewise will do the same.
Contest is cancelled.
Really too bad in my opinion.
http://www.dvforge.com/virus.shtml
On the website:
“Liability Statement
We do not endorse the creation or distribution of computer viruses. U.S. and international law, as well as simple good judgment forbid the transmission of computer viruses.”
As I recall, a Swedish Mac dealer or VAR offered a $10,000 prize tothe first hacker who successfully cracked the Classic Mac OS at the time. No one got anywhere until some clever fellow found a hole in a web-related application and the developer of the application isued a patch about 3 weeks later.
Apple did not sic its legal beagles on the Swedes who set up this earlier contest, so why should they do so now?
At any rate, kudos to DVForge for calling Symantec’s bluff!
MW = required. As in proof of allegations of security vulnerabilities are required by the Mac community.
THE CONTEST IS CANCELLED.
Does anybody think, just because someone has offered $25,000 for this that there has never, or will never be , a jerk who can and will try to write a workable virus for OSX????????????????????
If you think that, then you obviously have no idea how many malicious sociopaths there are out there who will happily do it FOR NOTHING!
Does it put a “target” on the back of OSX? Maybe.
In the real world, it has always been there!
And always will be because evil SOB sociopaths have always existed in the world, and will always exist.
Can someone write a virus for OSX? You have to believe it is possible, but why has no one done it sucessfully? It will always come down to that question. Personally, I do not believe in magic although I believe in miracles. But miracles only come from the good, not the bad.
Dirty Harry(Clint Eastwood) said: Make My Day, Punk.
Was he bragging when he said it? Depends on your basic beliefs, but Babe Ruth said: it’s not bragging if you can do it.
The writers of OSX may have done it.
Time will tell, but I will bet on OSX over any existing alternative.
Thanks, Seahawk, as always ,you explain complicated things in understandable language. The threat that you pose to the dumbasses always brings them out of the holes. That is a good thing. You always benefit by knowing more about your opponent.
Why is it that a teenager who creates a virus for windows is tried and sent to jail, while anyone who writes a virus for OS X is rewarded? There is something very wrong with all of this. I’m very tired of hackers treating virus creation like an achievement. It wreaks havoc on people’s lives, and for what? People (like me!) who depend on their computers to make a living can’t afford a contest like this. This is a crime in progress and should be stopped by the law.
I like my OS X just the way it is: Secure and Obscure!
DVForge Inc.,
It was a great idea, and you guys are very brave, and great supporters of the Mac community.
I hope you find a way around another time.
Did you speak with Apple at all ? Or did they speak to you ?
DVForge rescended the contest! End of thread.
To the people who think they remember the web site challenges…
There were several such challenges. Some had the prize as free pizza. Some had the prize as high as $10,000 cash. Some had a challenge to change data in a data base. Some had a challenge of replacing the home page. Some had a challenge of changing anything on the web site.
Of all the challenges (pre-OS X) that were done concerning Mac based web sites only one had to give up the prize money: $10,000. The organization setting up the prize was in Sweden. The challenge was to change a web page on a server directly connected to the Internet. The ONLY thing you were not allowed to try was physically breaking into their company and physically touching the computer. All other attacks on the computer were explicitly allowed. The winner (IIRC) was from Australia. He got in and changed the web page (the actual challenge) by getting into the data base through a whole in a product called Lasso. He got his money. The company (Lasso’s developer) issued a fix for the whole within 24 hours of notification.
Thus the web site security on Macs has stood at ONE successful hacking versus thousands upon thousands of attempts.
I believe there will eventually be visruses, trojans and worms for OS X. It is only a matter of time.
However, it is inappropriate for anyone to set up a challenge like this to encourage and hurry the process along.
The point is this in talking with people who are bigotted against Macs sometimes the only thing that makes them pause is a very black and white response. They jump on even the slightest gray area as a weakness in the Mac.
So the concept goes like this…
Can any knowledgeable person honestly claim no Mac based web server has ever been hacked? No. (In the anti-Mac bigot’s mind one hacking allows for the possibility of millions of hackings in the future.)
Today, can any knowledgeable person honestly say there are no, in the wild, viruses, trojans or worms for Mac OS X? YES! (In the anti-Mac bigot’s mind this means it will definitely happen in the future. But in the discussion it must be left open that it may not happen for many years.)
To encourage the change of that purely back and white answer is not something I want to see soon. There are many times I have talked to people over the past couple years that the only time they pause in their diatribe against Macs is when I can honestly say “NO!” to that question. (Most of the people I talk to know I track this stuff rather closely and honestly state such things as the single web site hackings in Scandinavia.)
To have to change the answer to that question to “Yes.” someday will severely weaken the pro Mac argument. Even saying “But there was only one.” holds significantly less weight than a simple and succint, “NO. None. Not ever.” In the anti-Mac community’s minds one break in allows for the possibility of millions upon millions of break ins.