Apple malware: 6 years of crying wolf

“Three days after ZDNet ran a piece entitled ‘Coming Soon to a Mac Near You: Serious Malware,’ Daring Fireball’s John Gruber has posted, under the headline ‘Wolf!’ more than a dozen variations on the same theme,” Philip Elmer-DeWitt repots for Fortune.

“They date back to 2004 and all sound a familiar warning: Apple, having achieved critical mass in the market place, is about to get hit by the same waves of viruses, worms, trojans and other species of malware that plague the world of Microsoft Windows,” P.E.D. reports.

Read more in the full article here.

Gruber’s “Wolf!” article is here.

Related article:
Is Mac under a virus attack? No. – May 4, 2011

108 Comments

  1. I copped my one and only Mac virus in 1989 when I inserted a contaminated floppy disk into my Mac Plus. I think it was called WDEF32, or something like that. And a bloody nuisance it was too. I had to completely wipe and reinstall everything, taking care not to reinfect the hard drive from backup floppies.

    The lesson was learned, and can be modified for today’s world. As MDN continually reminds us, never install software from untrusted sources.

  2. I remember, way back in the late 1980’s, discovering viruses on floppy disks sent to our service bureau from designers. But I have no recollection of any major problems caused by the viruses we found. Since then, I’ve never seen one; and I see lots of Macs without virus protection that have never had a problem.

    Windows, however, has not been so kind. I encounter one or two Windows PC’s with malware and trojans every week. I’m cleaning a Windows 7 laptop right now.

  3. The last time I had a Mac virus was the late 90s, I was running OS9 and the troublemaker was the MS Office macro virus. Since moving to OSX, I have scanned my hard drives every few years for possible problems and always come up empty.

  4. Mac virus email:
    1. Delete all the files on you computer. 2. Send me you bank details. 3. Pass on email to everyone in your address book.

    We’re all doomed.

    Mark L

  5. They will be saying this crap for the next 10 years. I always like the excuse that it’s not worth it hacking a Mac with so few buying them. Which on the surface sounds like a possibility until you realize which would get you more notoriety? Being 1 out of 20,000 viruses for a week on Windows or being the first person to really take down Apple’s security claims.

    Also, do I want to steal from a bunch of people that can afford a $400 netbook or someone that owns 2 Macbook Pros and an iMac 27?

    1. Sorry gotwake, can’t resist this, not a poke at you, but your line about the excuse that not enough people are buying Macs sent me back to the 2nd paragraph of the MDN restate of the article.

      Like Gruber said, since 2004 (7 Years) the press has said Mac has finally reached a critical mass in the marketplace.

      You cannot have both critical mass, and security through obscurity.

  6. I’ve been saying this for a while now… There may very well NEVER be a virus released in the wild for OS X.

    There hasn’t been a single virus released in the wild for OS X. Not one. If someone claims there are viruses for OS X, ask them to NAME one. They can’t.

    There are trojans, but that’s something else entirely, but even with trojans, Apple has taken steps to provide security for users by launching the App Store. The trojans released for OS X have not received any real traction, and what little they did was through piracy channels. Gee, a 40MB version of the MS Office? Additionally, IT managers can protect users from trojans by not giving users admin privs.

    Viruses used to be plentiful on the Mac platform. They peaked towards the end of System 6. There were several anti-virus apps, including the wonderful Disinfectant, which was free and not intrusive at all.

    For all the security through obscurity folks:
    System 6 had far less market share than OS X today.
    System 6 had far less people connected and sharing files.
    System 6 was a known to be, much shorter lived OS.
    System 6 had no reputation, or reward for attacking.
    System 6 had no method by which to provide profit for attacker.

    System 7 came along, and Apple radically changed how many things worked, specifically with the desktop database and patching holes that could be used. As a result, few viruses from System 6 propagated on System 7 and those few that did were innocuous. Later System upgrades killed those few off.

    By the time Mac OS 9 came along, viruses on the Mac had popped up here and there, but now patches were being issued over the internet.

    When OS X came out, and became ready for prime time after a couple of years, one huge advantage was that it was virus free when Windows was suffering big time from attacks. My log files were getting swamped with zombie PC hits every day accounting for a majority of my traffic!

    Virus protection usually meant buying software, paying a yearly fee or dealing with the hassles of the free stuff available.

    Many doomsayers would comment that you NEEDED anti-virus software on OS X, because it’s not a matter of IF it’s a matter of WHEN.

    However, we’re in the 10th year of OS X. We haven’t seen one virus. This is a pretty long lifespan for an OS, and I’m not sure how much longer we can expect OS X as a platform after Lion. In other words, if a virus isn’t released relatively soon and late into the lifespan of OS X, we’re likely to never see a virus released for OS X.

    Here’s why this matters: Anti-virusing ain’t easy.

    It’s also not cheap. Early on, it was my recommendation to not buy anti-virus protection until a virus had been released, and then evaluate the risk, and see if software would even be necessary as opposed to being taken care of by an update from Apple. I received a ton of flack for that and was flamed like crazy

    However, think about the costs involved in always having anti-virus protection for these many years. Even if a virus does get released and you do end up needing to buy protection, you still would’ve save money by not having to have paying for protection every year.

    You also would’ve been less likely to have lost data/files. There have been numerous instances of known bugs in anti-virus apps on multiple platforms that resulted in crashing, deleted data/files, and tons of hassles in software installations, even including security patches!

    You also would’ve lost productivity with the system resource drain of anti-virus software and the hassle of having it run, be installed, be upgraded, and making sure your yearly subscription went through.

    1. I agree, well said.

      I vociferously quit my local Mac User Group when they took the broad stance of asserting AV software was a must for Mac Users and part of being a “good netizen”. Talk about bad advice! One visit to any AV maker’s troubleshooting forums shows thousands of Mac users suffering major problems … all for fear of non-existent viruses. As I said then, they might as well be trying to run anti-Unicorn software for all the good that would do.

      1. “good netizen” my shiny metal @$$ Damn windows users and IT nerds who are too cheap to buy a real computer and OS, and yet Mac users with their ’rounding error market share’ are expected to run AV software to keep the wintards safe from themselves. What a sad joke.

        No, I’m not angry upset or bitter about my workplace rules and regs, why do you ask? 😉

    2. “Viruses used to be plentiful on the Mac platform.”
      No. There were 42 documented *truly different* viruses on the Mac in the System 4.x through the OS 9.x days. Yes, some of those viruses had as many as a couple dozen or more variants. (Some people will look at those variants as new viruses, but I never have — even when talking about viruses on the DOS/Windows platforms.) However, I would NOT ever say they were “plentiful” on the Mac.

      “They peaked towards the end of System 6.”
      They actually peaked mid way through System 7.x. Yes, System 7 fixed some things, but it opened many new holes too. Writing a System 7 “Savvy” virus got you access to a lot more things than you had access to under System 6.x.

      “There were several anti-virus apps, including the wonderful Disinfectant, which was free and not intrusive at all.”
      SAM was great in it’s early days (as was SUM), but it wasn’t free. By the time it became NAV is was not worth even thinking about.

      “Many doomsayers would comment that you NEEDED anti-virus software on OS X, because it’s not a matter of IF it’s a matter of WHEN.”
      I still suggest AV software (as does Apple) for those who want the additional layer of confidence. If you don’t believe it’s a matter of WHEN a virus will be written for Mac OS X then you are delusional. It *will* happen. It might be a botched job. It might be truly benign. But it *will* happen. To try to even imply that it will *never* happen is just burying your head in the sand (or elsewhere the sun does not shine).

      Now since the probabily of YOU getting an extremely rare virus (when one eventually gets written) is extremely low, the value of paying for AV software for you is also extremely low. However, for some people, the risk of data loss or left of confidential information on their machines is HUGE. For those people, the value may be high enough to warrant paying yearly for comprehensive AV protection.

      It’s all a matter of how you personally want to play the odds. It’s just like a person getting life insurance. I knew a man who got life insurance for a huge sum. He was killed in a multi car accident that was NOT his fault. His family was financially comfortable from then on (about as much as when he was alive). The accident happened in a rural area and on a stretch of road where no accident had ever happened before. Conversely, I know another man who has NEVER bought life insurance, and he’s now in his 90s. Which man was smarter?

      It’s all a matter of playing the odds, and how comfortable you are with the risks.

      1. “Viruses used to be plentiful on the Mac platform.”
        Shadowself replied: “No. There were 42 documented *truly different* viruses on the Mac in the System 4.x through the OS 9.x days. Yes, some of those viruses had as many as a couple dozen or more variants. (Some people will look at those variants as new viruses, but I never have — even when talking about viruses on the DOS/Windows platforms.) However, I would NOT ever say they were “plentiful” on the Mac.”

        I used to manage one of the largest authorized Mac service centers in the country. By plentiful, I mean the number of viruses overall (including variants) and the number of Macs actually getting infections (the actual traction of the viruses). Plentiful is relative. It’s nowhere near Windows, but it’s very far from ZERO in ten years as well. Back during System 6, you could go to many different labs and computer centers and find viruses all over the place.

        “They peaked towards the end of System 6.”
        Shadowself replied: “They actually peaked mid way through System 7.x. Yes, System 7 fixed some things, but it opened many new holes too. Writing a System 7 “Savvy” virus got you access to a lot more things than you had access to under System 6.x.”

        I’m not sure where you’re getting your information from, but virus attacks were higher for System 6 than 7.

        “There were several anti-virus apps, including the wonderful Disinfectant, which was free and not intrusive at all.”
        Shadowself replied: “SAM was great in it’s early days (as was SUM), but it wasn’t free. By the time it became NAV is was not worth even thinking about.”

        It’s unclear here as to whether or not you think SAM was Disinfectant, but it was completely different software, and it was fairly cumbersome and problematic. It was pretty annoying having to do tech support for people experiencing incompatibilities with it, especially when Disinfectant was free and almost entirely problem free. I admit thought that SAM did have it’s place (mostly in labs).

        ““Many doomsayers would comment that you NEEDED anti-virus software on OS X, because it’s not a matter of IF it’s a matter of WHEN.”
        Shadowself replied: “I still suggest AV software (as does Apple) for those who want the additional layer of confidence. If you don’t believe it’s a matter of WHEN a virus will be written for Mac OS X then you are delusional. It *will* happen. It might be a botched job. It might be truly benign. But it *will* happen. To try to even imply that it will *never* happen is just burying your head in the sand (or elsewhere the sun does not shine).””

        This is where I totally disagree with you. Do you think OS X will live forever? How long will Apple release new versions of OS X? Another 100 years? Ok, that’s silly. Another 25? That’s still unrealistic. Maybe 10 years or less? That seems pretty reasonable. The fact that the next version is Lion AKA “The King of the Cats”, it’s not unreasonable to think this is the last version and we’ve only got a couple of years or so left.

        We’ve gone TEN years without a single virus. So depending on your estimate of how long OS X will live, we’re pretty close to seeing that we may very well make it to the end of the lifespan without a single virus.

        Saying it “WILL happen”, is just playing towards an irrational expectation that an OS must get a virus, without looking at the actual statistics involved here.

        Suggesting that users install AV software for “confidence” in regards to OS X is simply statistically wrong.

        USING OS X HISTORICAL DATA, OVER THE PAST 10 YEARS, ONE HAD A GREATER CHANCE OF LOSING DATA/FILES, EXPERIENCING CRASHES OR PROBLEMS WITH SOFTWARE INSTALLATION AND CONFLICTS THAN IF THEY DIDN’T INSTALL ANY AV SOFTWARE AT ALL.

        That above statement is 100% pure fact. So where does the “confidence” come from?

        Shadowself replied: “Now since the probabily of YOU getting an extremely rare virus (when one eventually gets written) is extremely low, the value of paying for AV software for you is also extremely low. However, for some people, the risk of data loss or left of confidential information on their machines is HUGE. For those people, the value may be high enough to warrant paying yearly for comprehensive AV protection.”

        It’s exactly because of the risk of loss that people shouldn’t use AV protection on the Mac. I can’t believe we’re still having this argument 10 years into OS X. Statistically, you’re wrong. More people over 10 years have incurred losses because of having AV software installed than not installed on OS X. You’d be better off paying the subscription fees for NOT having AV software installed. 10 years of data backs this up.

        Shadowself replied: “It’s all a matter of how you personally want to play the odds. It’s just like a person getting life insurance. ”

        No it’s not. The one thing we know about life is that we’re going to die. On the other hand 10 years without ANYONE getting a virus and not that much more to go. Also, life insurance doesn’t kill you wherein AV software has, over the course of 10 years, resulted in the very same results that it’s supposed to prevent, namely loss of data/files.

        Also, you can’t buy life insurance once you’re dead or even dying. IF a virus ever comes out for OS X, you can then at that point assess the risk and install AV software IF there is even a need for it based on spread or IF Apple doesn’t patch the OS.

        One other major difference is that life insurance policies spell out very clearly what they pay and under what circumstances they pay. Imagine an insurance policy that stated it would only pay if you could name the exact method of your death in advance. That’s what AV software does. It needs a list of definitions to defend against. So ironically, IF a virus ever comes out for OS X, the AV software won’t do any good until it’s been upgraded, which puts you in no better spot than if you just go ahead an install the software from scratch at that point in time anyway.

        Oh, and as far as Apple recommending AV software, you might note that they removed their recommendation in 2008:
        http://news.cnet.com/8301-13579_3-10111958-37.html

        1. QUICK! SOMEBODY TELL MDN THAT THERE IS A VIRUS ON ITS SITE. IT CREATES HUGE BLOCKS OF TYPE THAT START WITH MREDOFCOURSE AND THEN THE CAPS KEY ON YOUR KEYBOARD WILL STICK.
          Seriously, though, I can’t believe I just read all of that, Ed. And I may well have understood most of it. Damned interesting and well done. Not often I actually learn something useful on a post here.
          (Loved your show, except that I was only 5 when it first aired and I can’t remember much. Saw part of a rerun the other day. Amazing that the actor Alan Young is still around, 90-some years on…)

    3. 10 years, whatever.
      you can argue that osx isn’t macos of earlier, but nt has been around since ~1993. more than 10 years.
      almost all current version software runs on xp, and usually also on 2k.
      contrast that to running current software on 10.3

      someone here made a more pertinent comparison. uac vs entering admin & pass.
      uac is a clickable nag. admin & pass requires more effort (and ‘social authority’).

    1. The part that all the other people who promote OSX anti-virus software fail to realize (or fail to mention) is that even if you HAVE anti-virus software on you Mac it can only protect from KNOWN VIRUSES: computer viruses that the software is specifically created to detect and remove.

      Since there are no viruses for a OS X, those who write ‘virus protection’ software really have nothing to go on.

      Plus, in the extremely unlikely event that someone does write a self-replicating virus for OS X, current ‘virus protection’ software would have no defense against it.

      So, promoting ‘virus protection’ software on OS X, even just to “be safe” is silly and a waste of time, money and system resources.

      1. I applaud your logic. The doom mongers who say that you have to lard up your Mac with every variety of anti-virus software don’t understand the concept of designing anti-virus inoculations.

        You need to define an inoculation that defeats a known virus database. These would usually be patterned in the labs after Windows viruses which to all intents and purposes in a Mac would be the equivalent of drinking arsenic to solve a venereal disease problem, as they used to do until the discovery of penicillin.

  7. The day after Osama was killed malware was adapted and circulating aimed at windows users. The point is; Scammers go where the money is and where the greatest chance of success can be found and today that means Windows. As Apple’s fortunes rise they will be targeted more, and vulnerabilities may be found, but they will never be as bad as Windows simply because of precautions taken in the OS architecture and restrictions Apple places on third party hardware makers.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.