Number of OS X Mac's Infected With Viruses These Days

[QwazyWabbit]

There are several reasons why viruses are not written more often for Macs.

1. Architecture. Many virus hackers don't own macs and the PPC is a foreign architecture to them. When you are trying a remote exploit you need access to the iron of a sample machine to code down to the registers in the CPU. This will probably change as more skiddies come to know the dualCore architecture.

2. Tools. Many of the tools needed for dealing with the code at a low level are either primitive or expensive when capable. You have to have good compilers and debuggers to get down into the core OS. This will change as more Linux tools are ported to OS/X.

3. Kits. Many of the viruses these days are modifications of kits. This has reduced the skill level of the typical virus author and the amount of work that needs to be done before a virus is deployed. As a result, the typical virus is just a derivative of previous works and they target the same architectures as the original. These are always PC targets. They typically use Linux/Windows to develop their tools and kits and use a cheap Windows target or targets to test them. A skiddie can usually own 6 or more cheap PC's for the price of a single Mac. This will change as iMacs get cheaper. A-V vendors inflate their virus lists by listing "variants" of a particular virus/worm. This is market driven. If you can say you have 26,000 viruses listed you look better compared to your competition who has only 22,000, even though many of those are only variants and there can be 30 or even 60 variants per virus class.

4. Economics. Kit users are usually attempting to profit from the exploits. This makes the popular platforms more likely targets for the simple reason that you have a higher leverage against a target that out-populates the alternative platforms by 10 or 50 to 1.

5. Along with profit motive, a typical skiddie is in it for the fame and glory. They keep trophies, often in the form of botnets of owned machines and are known to charge for the services of the botnets. The more bots you have, the more you can charge. If a skiddie can own 10,000 or 20,000 PC bots with little effort why should he work harder to own a mere 500 scattered Macs?

6. There are far more PC experienced security and IT professionals running around making a living on PC security remedies than there are Mac-related professionals. The result is an increased awareness of PC security and exploitation. It's just too easy to exploit the market by playing to the fear or insecurity of your clients. Furthermore, what better way to prove your "skill" and value than by finding viruses in your system and holding them up like a dead squirrel saying "I killed that varmint". You can't do that if you only see two per year as opposed to two per week.

OS/X 10.x is FreeBSD, a Unix derivative and a very old and venerated system. It is also NOT Linux and has several critical differences that make a Linux exploit not portable to a (Open)(Free)BSD system. The Unix pedigree systems have so many variants that often what works in one version won't work in the one just a few versions older or newer. This makes the target environment "sparce", infect one machine and that machine has to work longer and search wider to find a suitable host.

By the same token, the Morris worm, the first known worm and one of the most famous, exploited nothing but SUN workstations running BSD in 1988, see: http://www.elook.org/computing/rfc/rfc1135.html

I expect that as Macs become more popular the number of viruses targeting the platform and the rate of infection will rise. Any Mac computer running any version of Linux/Unix will be susceptible to the same kinds of attacks as any other Linux/Unix PC.

Religion aside, there is no reason for NOT running an up to date A-V product on a Mac. The number of Mac-targeted viruses is not zero and one would be foolish to think that because you don't look for them that they are not there. Remember, the claim should never be "there are no Mac viruses" but rather "there are no REPORTED Mac viruses".

Absence of evidence is not evidence of absence.

[{DOU}The Jargonaut]

Hmm unless its one of those viri that likes to run around the H.D deleting partitions or wiping the whole disk for that matter ??????
never fear i can get you legal free virus and firewall if you want them.

D.M.

Interesting. Tommy, what type of file system does OS-X use? I am willing to bet it is not fat and you can be sure it is not NTFS. If it uses some other type of FS, then a virus that is designed to delete partitions would not be able to delete the Apple partition, just the Windows.

[QwazyWabbit]

OS/X uses the UNIX file system, the same as all Unix derivatives like BSD, SUN/OS and Linux.

Partitions are all fundamentally the same, however, since the different OS must be able to detect each other's partitions. FAT and NTFS are file systems, not partitions, you partition a drive, you install file systems on partitions.

[GRouND ZeRo]

OS/X uses the UNIX file system, the same as all Unix derivatives like BSD, SUN/OS and Linux.

Partitions are all fundamentally the same, however, since the different OS must be able to detect each other's partitions. FAT and NTFS are file systems, not partitions, you partition a drive, you install file systems on partitions.

DAM and I thought that there were limitations on FAT Tables...

[QwazyWabbit]

http://news.yahoo.com/s/pcworld/2006041 ... rld/125348

Just when you thought it was safe to surf.

[Moon]

http://news.yahoo.com/s/pcworld/2006041 ... rld/125348

Just when you thought it was safe to surf.

nothing is perfect...