“In case you missed it, there’s a virus for the iPod. Yep, that’s right, your MP3 player is a veritable hotbed of virus activity — but only if you’re running the iPod Linux distribution, and only if you take great pains to make the virus function, since it doesn’t really work. We can argue about whether or not this code actually constitutes a virus, but that’s not the point I’m trying to make,” Paul Venezia writes for InfoWorld.
“The point here is that if it has a CPU, hackers will try to break it, and virus writers will try to write a virus for it. Given that there are probably only a few hundred — maybe a thousand — iPods running Linux out there, the fact that someone took the time to write this virus, or malicious code is an example of why Apple detractors clamoring that Macs aren’t a target due to the lower market share are all wet. I ranted on MOAB two weeks ago, pointing out that most of their bugs were either local exploits or issues within third-party applications, and there has never been a virus in the wild for OS X, much like there’s never been one for Linux. The difference isn’t market share, it’s the foundation of the operating systems,” Venezia writes. “Given that most virus authors and hackers are in it for the ego, don’t you think that there would be a huge incentive to be the first one to write a widespread OS X, Linux, or FreeBSD virus?”
Venezia writes, “If an OS is built on shaky ground, everything layered on top will suffer. This is the position that Microsoft is in now… Microsoft OSes began with no security. Windows 95 through ME had varying levels of front-end password-based security bolted on at some point, but it was hardly layered through the entire OS like UNIX. They weren’t multi-user environments so interprocess security wasn’t seen as an issue, and remote exploits were all over the place since they weren’t built for network use. The NT base of Windows 2000, XP, and now Vista provided a much better security model and had some multi-user roots, but had to carry the burden of compatibility with code written for the original, completely insecure Win95 base. Simply put, Microsoft had the chance to beat Apple to the punch and make a giant leap back in 1997 or so, killing off the existing Win32 platform in favor of an NT-based client and server that did not have to run legacy applications natively. They didn’t, and we are still paying the price for it today.”
Full article here.
[Thanks to MacDailyNews Reader “Gort” for the heads up.]
MacDailyNews Take: “Security via Obscurity” is a defense mechanism for the delusional. 22+ million Mac OS X installs is not “obscure” at all, but 6+ years of users surfing unimpeded certainly is “secure.” The only thing by which Mac users are really affected are large swaths of compromised Windows machines slowing down the ‘Net with spam and nefarious botnet traffic targeted at exploiting more insecure Windows boxes. Get a Mac.
Related articles:
Kaspersky Lab claims discovery of first Apple iPod virus (proof of concept, no real threat) – April 05, 2007
Apple’s Mac OS X is more secure than Microsoft’s Windows Vista – March 31, 2007
Security flaw puts puts Windows, including Vista, PCs at risk; malware already observed in the wild – March 30, 2007
Windows virus cripples Florida newspaper; Mac-based publishers unaffected – March 02, 2007
Insidious Windows virus threatens business networks worldwide; Macintosh unaffected – March 01, 2007
Windows ‘Storm Worm’ rages across globe; Apple Macintosh unaffected – January 19, 2007
Sony, Gracenote sound alarm over Microsoft flaw; Macintosh unaffected – September 19, 2006
PowerPoint zero-day attack compromises data in infected Windows PCs; Mac OS X unaffected – July 21, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Windows PC users infected with worm face loss of all Microsoft, Adobe files; Mac users unaffected – January 31, 2006
Microsoft Windows’ Zero-Day WMF flaw threats widespread; Macintosh unaffected – December 29, 2005
Microsoft Windows virus spreads rapidly; Apple Macintosh unaffected – November 28, 2005
Windows users fall victim to huge ID theft ring, 50 banks in danger; Apple Mac users unaffected – August 25, 2005
Quickly spreading Microsoft Windows worm affects CNN, ABC, NY Times; Apple Macintosh unaffected – August 16, 2005
‘Zotob’ worm rapidly infects Microsoft Windows; Macintosh unaffected – August 15, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
Microsoft warns of critical Windows flaws; unaffected Mac users just continue working – June 15, 2005
Michael Jackson suicide spam hides Windows virus; Macintosh unaffected – June 10, 2005
Windows Sober.p poised to attack this Monday; Macintosh unaffected – May 21, 2005
Microsoft Windows Sober.P worm shows ‘epidemic’ spread; Macintosh unaffected – May 03, 2005
Anzae/Inzae worm affects all Windows versions after 3.1; Macintosh unaffected – December 28, 2004
Windows Mydoom worm variant spreading in the wild; Macintosh unaffected – November 09, 2004
Windows XP worm speaks to users as it deletes their files; Macintosh unaffected – September 13, 2004
Millions of Windows PC’s hijacked by hackers, turned into zombies; Macintosh unaffected – September 08, 2004
Windows ‘Zindos’ virus spreads, attacks Microsoft.com; Macintosh unaffected – July 29, 2004
New Windows Bagle virus variants spread; Macintosh unaffected – July 16, 2004
Windows Lovegate worm variant renders computers useless; Macintosh unaffected – July 08, 2004
Windows Scob virus collects passwords, financial data; Macintosh unaffected – July 05, 2004
Windows ‘Scob’ virus designed to steal financial data, passwords; Macintosh unaffected – June 26, 2004
Windows users warned of infectious Web sites that take over computers; Mac users unaffected – June 25, 2004
Windows Korgo virus ‘aggressively stealing’ credit card numbers; Macintosh unaffected – June 04, 2004
Windows Wallon virus wipes out Microsoft Media Player on infected PCs; Macintosh unaffected – May 12, 2004
Windows Sasser worm mutates, knocks out banks, EC; Macintosh unaffected – May 04, 2004
Windows Sasser worm severely disrupts UK coastguard; Mac users remain unaffected – May 04, 2004
Windows Sasser net worm spreading rapidly; Macintosh unaffected – May 03, 2004
Sen. Edward Kennedy’s Apple Mac-based office totally unaffected by viruses – March 22, 2004
Five new Windows Bagle virus variants break nasty new ground; Macintosh unaffected – March 19, 2004
Windows worm, virus outbreaks intensify; Macintosh unaffected – March 03, 2004
Destructive MyDoom.F virus deletes Windows users’ files; Macintosh unaffected – March 01, 2004
Netsky-D Windows worm spreading; Macintosh unaffected – March 01, 2004
Windows users suffer five new Bagle worm variants; Macintosh unaffected – March 01, 2004
New MyDoom Windows worm deletes random files; Macintosh unaffected – February 25, 2004
Windows NetSky e-mail worm spreading; Macintosh unaffected – February 18, 2004
Windows virus ‘Bagle.B’ spreading; Macintosh unaffected – February 17, 2004
‘Doomjuice’ worm emerges, targets Microsoft; Macintosh unaffected – February 10, 2004
New version of Mydoom Windows virus appears, attacks Microsoft; Macintosh unaffected – January 28, 2004
Latest Windows virus ‘MyDoom’ sets new infection records worldwide; Macintosh unaffected – January 27, 2004
‘MyDoom’ Windows virus spreads rapidly; Macintosh unaffected – January 26, 2004
New Windows worm spreading ‘hard and fast’ worldwide; Macintosh unaffected – January 19, 2004
Florida students patch 360 PCs in marathon session due to Blaster virus; their Macs unaffected – October 01, 2003
Pennsylvania school district’s PCs infected with virus; their Macs unaffected – October 01, 2003
New ‘Swen worm’ masquerades as Windows Security Update; Macintosh unaffected – September 19, 2003
University of Illinois still patching all Windows machines; Macintosh unaffected – September 05, 2003
Montana school district’s Windows computers offline due to worm; Macintosh computers unaffected – September 03, 2003
A tale of two school systems: Windows schools crippled while Mac schools unaffected – August 21, 2003
SoBig virus variant rapidly inflecting Windows machines; Macintosh unaffected – August 19, 2003
Windows Blaster worm to attack Microsoft on Saturday; Macintosh unaffected – August 13, 2003
MBlast Worm spreads through flaw in Windows; Macintosh unaffected – August 11, 2003
Hackers hijack Windows PCs for porn serving; Macintosh unaffected – July 11, 2003
Palyh Worm strikes Windows users worldwide; Macintosh unaffected – May 19, 2003
Microsoft bug exposes millions to attack; Macintosh unaffected – November 20, 2002
Never used AV software, never will. Hopefully
” width=”19″ height=”19″ alt=”grin” style=”border:0;” />
People at first didn’t like how Apple switched to OS X and got rid of legacy compatibility, but now everyone knows it was a good move, and Apple’s stock just keeps going up.
Sad to say I believed in the obscurity myth. I switched, I woke up and smelt the coffee…..
Security through obscurity can account for there not being (hundreds of) thousands of exploits since many will be very similar to others but even if there was 1 widespread Mac virus the numbers just wouldn’t stack up. There is a vastly disproportionate number of security problems for OS X – because it is secure.
I can imagine some Windows-based hacker kid getting a Mac somehow to try and write the world’s first widespread Mac virus… two hours into it, he’d instead be goofing off in Photo Booth and showing his hacker friends Expose and the Genie effect. “Dude, and check out what happens when I hold Shift and click Minimize… Whooooa.”
Is it really true that OSX (MDN preaches this) and Linux have NO, ZERO, virus’ in the wild?
I have been well aware of OSX claiming this. But Linux? I thought Linux has had a few virus in its time.
You know…I tried getting a virus once for shits-n-giggles and could not do it.
Probably because I am not completely geek-savvy, but for a normal computer user trying to get a virus…OSX is STILL secure.
So, just why have IT departments gone with Windows?
Oh yeah, job security over computer security.
Wow, someone objective actually gets it right. It’s amazing how far a little research and intelligence can go. Enderle, Turdrott, Dvorak and many other so called “tech writers” could learn a few things from this guy.
I recently got my new “Vista Ready”, but running XP, Doze box at work. While it was being hooked up, I mentioned I used OS X at home. He said he wished our company would go to Apple in the next fiscal year. He just happens to be our IT department’s virus specialist/troubleshooter. Do you think there’s any connection?
have been well aware of OSX claiming this. But Linux? I thought Linux has had a few virus in its time.
I’m sure they do…. Everybody has a virus or 2 except OSX. And it never will have one.. Everything else is Junk… WOOOOO HOOOOO!!!
@Switched
Isn’t smelting something you do with liquid iron?
Never used AV software, never will. Hopefully?
Once or twice a year, I run scan my Mac with the free ClamXAV antivirus, just to make sure I’m not harboring anything that might hurt my Window using friends. Never a problem for me, but it is just being a good citizen.
Have to use a Windows laptop for a business trip. Connected to the hotel high-speed network two nights ago, used the latest Firefox, had all the latest Windows security updates (supposedly–‘doze update didn’t pick up anything), but it STILL managed to get hit with something.
Inexplicably the firewall was off, but this just goes to show that there’s still some rogue service that’s running by default.
Spent last night getting the latest virus updates and making sure it’s clean.
F^%$&^%*& Microsoft and *^!@(&^ Windows. Can’t wait to get back to a real computer and a real operating system at the end of the week…
MW: “tax” as in MS’ Swiss cheese of an OS is taxing my extremely generous patience.
“Security via obscurity” is a myth. Mac OS X is inherently more secure than Windows. But there is one more factor to consider. It’s security via Windows being such a pathetically easy target in comparison to Mac OS X (or Linux).
I’ve made the same point myself. Security through obscurity overlooks one thing: bragging rights. You can’t tell me that someone out there wouldn’t kill to become known as the first person to write a Mac virus. He’d be guaranteed virtual immortality as every Windows fanboy and Redmond dependent company would blog about it and tell everyone that they knew.
Not to mention, some of them would just love to knock all of us Mac users down on our smug asses.
Meanwhile, XP and even Vista are prone to attacks by….animated cursors???
MDNMW: help
M@c: “You know…I tried getting a virus once for shits-n-giggles and could not do it.”
I infected myself with Sevendust and the Autostart worm on purpose just to. . . well hell, I don’t know. Still no anti virus software was needed, just took the files and threw them in the trash.
A vastly disproportionate percentage of spam in my inbox is due to compromised Windows boxes. I’ve never “agreed” to a click-thru EULA with Microsoft… can I sue them for negligence? Probably not; I’m sure that MS has bribed Congresscritters to pass legislation sheilding them from such suits.
Is anyone aware of an ISP that forbids insecure OSes? I might need to switch…
Amazing that this needs to be repeated every six months. Here’s a challenge: Every time this gets listed in MDN, who is going to get the same story/link listed in the sources that feed money.cnn.com, finance.yahoo.com or – best of all- moneycentral.msn.com?
Huh?
“Attack of the Antimated Cursors”-George Romero, are you watching?
Is Apple’s Mac OS X inherently more secure than Microsoft’s Windows?
Yes, but for how long?
1: Unix folks are switching to Mac OS X, the exploit levels in Mac OS X have risen accordingly. Recently they have been increasing faster than Windows, it’s just Windows has more exposure so it gets more activity.
2: Bootcamp, Parallels, etc., are all introducing a vector for Windows malware to affect Mac OS X.
3: EFI There is absolutly no protection[i/] for this pre-boot, network capable firmware OS enviroment. It’s not controlled by Apple what-so-ever. Any references to EFI is sent to Intel and UEFI.
http://www.uefi.org/home
(Someone has been granted a US patent for the idea of EFI based anti-malware software.)
4: Application exploits are a whopping 95% of the total amount of exploits on both Windows and Mac OS X. Software developers are increasingly demanding a administrative password to install applications and “hooks” into Mac OS X which opens Mac OS X security like a can opener to a tin of tuna fish.
5: Out of the box Mac OS X is insecure from previous exploits much like Windows is. Unfortunatly one has to hook up insecurely to the internet to download the OS updates.
Because Windows has such popularity, it gets exploited before the OS has a chance to update.
Now what if Mac OS X and Windows market share were reversed?
That’s right folks, Mac OS X would be exploited before it had a chance to download the OS updates and be as insecure as Windows is today.
5bOut of the box Mac OS X has no outgoing Firewall security measure to contain a new exploit from reaching the internet.
The Mac OS X Metadata file exploit, which has been rated CRITICAL (still not fixed by Apple for a long time now), has the potential to reach out over the internet and download a more deadly version of malware and run it as a hidden process without your knowledge.
The main reason Microsoft is targeted IMHO is due to their arrogance (in regards to everything they do) in the computer market as well as being a corporate bully and a major threat to the computer industry at large in regards to openess of standards and multi-platform harmony. I think hackers and cracker alike want to see Microsoft have less of a negative influence/impact on the future of computing and will maintain a sort of freedom fighting stance until that day is realized.
The computing world was meant to be heterogeneuos and as long as a homogeneuos driven model by Microsoft remains strong, then all the above will follow suit.
choice in the market is good for everyone
” width=”19″ height=”19″ alt=”grin” style=”border:0;” />
To WiseGuy: shuuUT-Up…
@Azwa
to WiseGuy: shuuUT-Up…
I don’t agree with everything WiseGuy says, but he does make some good points.
@WiseGuy
software developers are increasingly demanding a administrative password to install applications and “hooks” into Mac OS X which opens Mac OS X security like a can opener to a tin of tuna fish.
For me, this is a strong disincentive to license said software.
@wiseguy
I guess you can never trust a guy who starts out by calling himself wise. For you to even put the word microsoft in the same sentence with. Mac OS X…..I couldn’t even do it. Apple is so far superior to the that other sucky operating system that has done nothing in the way of spawning innovation or WOW. The only thing that has ever been spawned out of Redmond is an industry devoted to try and straighten out the mess it created. I think we call it the anti-virus community. At least they were appropriately named. It just makes me glad that monkeyboy is an integral part of the day to day operations up there in Washington throwing chairs around. I hope they stick by him to the bitter end. At least they would get what they so richly deserve. Who knows though, even the slowest of men should start to figure out you can’t keep doing the same thing an expect different results. Why that’s the description of someone who is insane. Maybe thats their defense, The nuts are running the nuthouse! Keep following them wiseguy and remember one thing, its not what you don’t know that is bad, it’s what you think is so and isn’t that will get you in trouble.