DVForge’s Mac OS X Virus Prize 2005 contest had a goal: “To lay to rest, once and for all, the myths surrounding the lack of spreading computer virii on the Macintosh OS X operating system, by sponsoring a contest that challenges virus writers to actually prove that they can introduce a harmless virus into two modern OS X Macs.”
That was the goal of a contest announced recently by DVForge, but, due to a variety of influencing factors was cancelled shortly after having been announced.
DVForge has issued a statement about the contest’s cancellation:
“In response to the statements put forth this past week by Symantec Corporation suggesting that Mac users are at substantial risk to infections from viruses, our company crafted and announced a contest that would have paid a $25,000 prize for the successful creation of such a virus,” said Jack Campbell, DVForge, Inc. CEO. “During the first several hours after making the public announcement, I was contacted by a large number of Mac users and Mac software professionals who shared their thinking with me about the contest. A few of these people are extremely well-regarded experts in the field of Mac OS X security. So, I have taken their advice very seriously, and have made the difficult decision to cancel our contest. I have been convinced that the risk of a virus on the OS X platform is not zero, although it is remarkably close to zero. More importantly, I have been convinced that there may be legality issues stemming from such a contest, beyond those determined by our own legal counsel, prior to announcing the contest. So, despite my personal distaste for what some companies have done to take advantage of virus fears among the Mac community, and my own inclination to make a bold statement in response to those fears, I have no responsible choice but to retract the contest, effective immediately.”
DVForge’s contest page also conatins the text: “Liability Statement: We do not endorse the creation or distribution of computer viruses. U.S. and international law, as well as simple good judgment forbid the transmission of computer viruses.”
Former contest page here.
Related MacDailyNews articles:
Mac OS X Virus Prize 2005 offers $25,000 cash prize to person who can create first Mac OS X virus – March 26, 2005
http://adzoox.com/catchIV.html
The timeline for this outline starts in 1990:
* Jack Campbell sentenced to 2 years jail for theft of property – felony
* Released in 1992; Campbell sentenced to 2nd term in 1994 for Fraud, Bank Fraud, Scheme to Defraud in Money and State Tax Stamps.
* Released in late 1997 from Tennessee State prison w/ 3 years supervised release
* Campbell works for a company called EASI (Energy Automation Services Inc)
* Documentation on web exists that Campbell worked for EASI in 2001 (total time 4 years?)
* Resigned from position at EASI – accused of false statements to employees / mutinous actions
Anything that made by a person can be undone by a more cleaver one.
Mac os x is only another system that was programmed by loads of people, if some hackers in meadle east put there hands together then i am sure they will be able to hack, or create planty of viruses.
If you read some of the independant articles, they will tell you that there are faults with osx and that there are trojans around for it, i found one on mine.
So the day If that day does come when apple will have a significant market share will come expect more patches from apple.
The other thing, mdn blags how secure the os x is, so why does apple releases so many security patches?
“Artiom” states….
“Anything that made by a person can be undone by a more cleaver one.”
That may be true, but your own next statement explains why it does not apply to Mac OS X.
“Mac os x is only another system that was programmed by loads of people, if some hackers in meadle east put there hands together then i am sure they will be able to hack, or create planty of viruses.”
“Loads of people” is an understatement. Unlike the Microsoft programming factory, BSD UNIX is open source and has been in full public development by thousands of independent programmers for over a decade, making it evolve into an unusually strong and secure OS. Its development was NOT hampered by a single vision/goal of one person, it was not confined to set criteria, it was not crippled by budgets, and being that it is used by thousands of the largest corporations it HAS been the target of countless (unsuccessful) hacker attacks. The creation and development of UNIX is completely unlike Windows. and bares no similar potential for flaws.
“If you read some of the independant articles, they will tell you that there are faults with osx and that there are trojans around for it, i found one on mine.”
There are no self-replicating Trojans or any other malware fro Mac OS X. It is very easy to make a “Trojan” for Mac; just write a disk erasing script can call it a “disk optimizer”. People will download it and run it. You will get a few people before everyone finds out and you are arrested fro malicious damage. The DIFFERENCE is that NONE thusfar self-replicate. THAT IS THE KEY!!!
“So the day If that day does come when apple will have a significant market share will come expect more patches from apple.”
UNIX ALREADY HAS A LARGE MARKET SHARE!! UNIX is running a much larger and more critical systems than anyone would dare allow Windows to run on, and as such, UNIX is a huge target for hackers. It is this vital use of UNIX that has made it evolve into such a secure system.
“The other thing, mdn blags how secure the os x is, so why does apple releases so many security patches?”
Easy, Mac OS X is not perfect, but they repair weaknesses BEFORE they spring a leak, not afterwards after thousands of users have lost valuable data. If the weakness is within the open source code, Apple instantly and freely shares the with the rest of the community.
I am totally amazed at how anyone can say that Mac has problems and Windows has problems so they must be the same. A thorn in the finger is not the same as a bullet in the head. I love the fact that my Mac auto-updates its security about once a month BEFORE anything happens to my system, rather than having to run CPU starving malware protection programs AFTER the virus has been released to the public.
Todays helpful hint: If you examine the writer’s grammar, punctuation and especially their (lack of) use of capitalization, you can usually assess their age, maturity and intelligence. Just because their peers are fully accepting of their lazy, shite-like, writing style in a chatroom, they think the rest of the world doesn’t notice. And, the more they use it, the less they are aware of it. Idiots!!
Ill asume that you are russian pyctaja golovka.
I can see what you trying to say, but the only thing that will prove it is if more people are going to be interested in a mac.
One more thing, I’m sure that iTunes are part of the mac os x and it was shown how easily it is to hack it, so that they dont put the drm protection on the songs, wold it mean that it would be possible to the same thing for apple.
Aw ye since you know about mac a lt and you love it, do you know any descent programs for engineering on mac os x.
If mac mini does take off as the iPod will, im sure that there will be more faults found with apple, time will tell. I do hope that your reply to my first poste is correct, since the last thing you want is trojans and viruses lerking around apple.
Artiom, staying in school and doing your homework prevents you from looking like a total idiot. When you try to argue something (and want to sound like smart ass), spelling is very important. It validates you as being somewhat intelligent. One of the great things about the Mac is system wide spellcheck. Unfortunately, it does not check for grammar or the user being new to the english language and/or a moron.
Thanks for the chuckle.
Hey Al_Joe thx for the good advice,
I’ve lerned english in 6 years up to a standard of a normal english man, I’m not a school boy eather, after coming at the begining of year 8 to english school I’ve managed to come 1st by the amount of GCSE passes at the end of year 11 which are Cs and above, aw look and most of the people that I knew manages to fail it. Doesnt say a lot does it.
Now how about you going to russia for 6 years and doing the same there mate? Good luck and dont write shit about me not spelling right, I’d love to see you wright in second language.
ah..how the self righteous have fallen
carp, forgot the period on the end of my sentence. *.
Jack was hoping to cause problems for all our Mac OSX computers…
How about spreading the word to boycott all dvforge products.
See them here and avoid them:
http://www.dvforge.com/products.shtml
jack@dvforge.com
just remember one crucial thing: if it does not spread, it is NOT a virus, it is a JOKE.
You may write jokes for OS X. Less so viruses. A virus needs to:
SELF install
SELF replicate
SELF spread
WITHOUT user intervention.
AMAZINGLY easy to do on Windows.
AMAZINGLY difficult to do on BSD Unix
OS X is a BSD Unix incarnation.
AMIZINGLY difficult to do so on OS X.
If it does not spread it’s a joke, a prank, a trick. Nothing that could bring corporates to their knees, halt hospital networks, force nuclear plants to emergency shut downs, bank to loose all connections to their ATMs, networks going bananas.
There are IDIOTS running the above institutions on Windows, and there are viruses for Windows that do the above.
The more institutions will ditch Windows for OS X (or Linux) the LESS viruses worth of this name will be released because people will loose interest in Windows and could not write the same malicious code (able to cause the same disruption it happens on Windows) to affect other OSes.
Capish?
I am accused of being a serial con-artist.
Hmmm… some company history, circa 2002 – 2005:
Editors Choice Awards = 11
Product Of The Year Nominations = 3
Buyers Guide Recommendations = 15
MacWorld Expo Macsimum Awards = 1
4+ star (or other icon) reviews = 40+
Revenue growth = 1,800%+
Dealers = 1,700+
International distributors = 7
Cumulative customer base = 120,000+
Active ADC member = 3 years
Merchant account chargebacks = zero
BBB complaints = zero
Law suits = zero
Cease & desist letters = zero
Infringement notices = zero
Criminal charges = zero
Quite the con-artist, eh?
If anyone here wants the full scoop on why we did the virus contest, that info is here: http://www.dvforge.com/virus_2.shtml
Jack, I read your take on the link above. I am no quick to judge anyone but I agree with what you wrote on your site.
There are fundamental reasons why we do not see viruses spread like wildfire on Unix, even more so on BSD Unix.
Unfortunately to the vast majority of PC users this is like talking some rare dialect from Swiss Alps. They do to grasp the meaning.
To them a Windows virus is something common to all OSes and all platform, hence they buy the bullshit of *viruses target the most common platform*.
I launched the same contest here with my neighbor. I installed a Airport Express to extend my LAN and inadvertently left the network visible. His Windows *guru” – ROFLMAO – friend noticed that and commented that my PC was in danger of being hijacked – he did not know I was on OS X -. I told them “thanks for the warning but I am on OS X. I’ll leave the network visible 3 days pal. Get into my Macs and I’ll pay you a dinner at the best restaurant in town”. After 3 days I took my wife instead to dinner.
They are still speechless but a friend of them got now a new iMac and my neighbor asks me about what Mac he should get when his PC dies.
Cheers
I appreciate Jack’s attempt to bring the myth of ‘Security through obscurity’ to a head. Was it a questionable approach? Clearly (if reading the discussion threads are anything to go by). I do commend Jack, for putting money where the mouth is when it comes to Mac OS X. Regarding Jack’s business integrity, I will form my own opinions.
I would still like to see the challenge exist is some form or another. Perhaps the machines IP addresses are made available and the challenge altered to get a binary on one machine that can infect the other one at ip address x.y.z. No payment for anything that replicates beyond the two machines. I am personally sick of hearing the windows camp talk consistently about how Mac is only secure because hardly anyone is using it. I would love to find some ‘Safe’ way to put this myth to bed. Of course anything software based is potentially at risk and nothing is 100% secure. But I have a hunch that the machine would stand secure long enough to make a lasting point….
You can all sleep better at night knowing that nuclear power plants will NOT emergency trip or enter into an unsafe condition due to a Windows virus.
There isn’t a single nuclear regulatory body which would approve of it’s use in a primary protection or high integrety control system. Granted it may be used (but not likely) for the data and acquistion system (SCADA) to allow the control room staff to MONITOR operations, but failure of this system will not cause a reactor or turbine trip or result in unsafe operation. Most of these SCADA systems are based on some flavor of UNIX. The plant will continue to operate autonomously with a reduced monitoring capability using indicator lamps, facias, meters and hard plots until the SCADA system is restored.
Microsoft exempts themselves from all liability from failures of there software if it were to be used in a system where loss of life could occur. Hence no one in their right mind would use it in such applications.
Much two cleaver for me. I’ll try knot too wright too much shit about yuu…lol.
Вы можете пойти ссать по дереве.
Sizewell, I hope you are right bit *this* is still disturbing:
http://www.securityfocus.com/news/6767
How many others allow Windows to enter nuclear plants in ANY system for ANY purpose whatsoever?
From the incident:
“By 4:00 p.m., power plant workers noticed a slowdown on the plant network. At 4:50 p.m., the congestion created by the worm’s scanning crashed the plant’s computerized display panel, called the Safety Parameter Display System.
An SPDS monitors the most crucial safety indicators at a plant, like coolant systems, core temperature sensors, and external radiation sensors. Many of those continue to require careful monitoring even while a plant is offline, says one expert. An SPDS outage lasting eight hours or more requires that the NRC be notified. “
[…]
“Currently, U.S. nuclear plants generally have digital systems monitoring critical plant operations, but not controlling them, said the expert. But if an intruder could tamper with monitoring systems like Davis-Besse’s SPDS, which operators are accustomed to trusting, that could increase the risk of an accident. “
So, no one right in their mind would allow Microsoft Windows in nuclear plants? The world is full of fools.
The SPDS system is one of the MANY methods of MONITORING the safe operation of the plant and is probably the least trusted. Without a functioning SPDS system I can imagine that operators would have simply notified the on-site support engineer responsible to “fix” the problem as soon as he or she had finished their lunch or dinner. Nothing more than that until after 8 hours when they were required by regulation to “notify” the NRC so they could perform a follow-up investigation. This is why you’re able to read about it in a press that loves to exaggerate these so called “nuclear safety issues”.
Believe me, the operator’s pulse rate did not change 1 beat due to this “incident”. Now, a loss-of-coolant accident (LOCA) caused by a double-ended guillitone break in one of the cold legs…. that would get him to break out in a sweat.
“Moreover, the industry is moving in the direction of installing digital controls that would allow for remote operation of plant functions, perhaps within a few years, if the NRC approves it.” The key word is IF… will never happen in a MILLION years. The NRC is way too conservative and concered about safety to ever consider such foolishness.
“Jim Davis, director of operations at the Nuclear Energy Institute, an industry association, says those concerns are overblown.” Overblown? That’s an understatement.
Everyone can go back to sleep.
Sizewell: again I tend to believe you *must* be right. It is still puzzling to me though that ANY system running Windows for ANY reason would be allowed to be installed and used in a nuclear plant.
Although – as you say – one of the many methods why allowing it? Still a weak link, even if it has ten backups (running Windows?)
” width=”19″ height=”19″ alt=”wink” style=”border:0;” />
Just to be clear: am not paranoid about that but the idea of Windows running servers in nuclear facilities truly is weird. The US Army does not even use it anymore for their web servers. (Although the Navy was thinking – how went that part of the story?, btw – about using it in its nuclear vessels.
“but the idea of Windows running servers in nuclear facilities truly is weird”…
I’ll even take that one step further. I believe that using Windows for ANY application (even to balance a checkbook) is just plain weird.. but to each their own. Unfortunatly, I am forced to have it on my desktop at work. 🙁
From my recollection there was a navy nuclear powered vessel which used Windows for it’s navigation system which had to be towed to port due to a failure.
Sorry… to answer your question about why allowing it.
The simple answer is diversity (can’t get any more diverse than Windows
” width=”19″ height=”19″ alt=”wink” style=”border:0;” /> ).. using many different types of sensors for monitorinig, many different methods of presentation, etc. allow the operator to filter out “bad” data to failures. It’s all to avoid common mode failures. It’s one of the reasons why nuclear power never became the “cheap solution” which was once promised. So cheap ini fact that it couldn’t be metered.”
Sizewell, diversity is a way to make systems robust. Now, just by introducing Windows one would make the system weaker, not robust.
It a simple answer to a question that does not have Windows as a reasonable option.
You may have all those different types of sensors and many different methods of presentation without having Windows as part of the equation. Since when Windows is *necessary* to do that?
I work at a major research lab and although there are lots of Windows fans (and lots of PCs) no experiment software is run on Windows. It is all Unix and Linux and – since recently – OS X is making to the surface. Lots of diversity, no Windows.
No one ever suggested “hey, why not porting to Windows?”, even Windows die hard.
Still weird to me that someone right in his mind could rely on Windows to provide any service to a nuclear plant facility (or other mission critical system, like UK Coast Guard whose dispatch and alert system – if my recollection is correct – was brought down for hours by Sasser).
Seahawk/Sizewell:
Why isn’t the NRC all over these guys for compromising the safety of the plant by installing windows? They’re so conservative and all that, after all.
Surely a reasonable, neutral person would conclude that network connected windows is not appropriate for such a facility? Possibly professional misconduct, even.
And why aren’t lawyers all over this, additionally, especially if the NRC and other regulatory/supervisory bodies aren’t? And why aren’t lawyers all over Microsoft on behalf of other users in a class action?
The problem is not the CPU s made by Intel or AMD, it’s thesteaming pile of bloated , insecureware marketed by a company in Washington State.