Viruses on OS X

[perfessor101]

The usual usage pattern of VPC is to run some niche program for a few hours at a time.

So, the risk is really small.

You can spread the Word macro viruses, but I don't think they are actually harmful on the Mac. From what I've heard they don't usually do anything at all on the Mac.

I am not as sanguine as you about the scope of risk using VPC. Ifyou read email, download files, or cruise the internet in VPC your risk is exactly the same as it would be running a hardware PC. Once the copy of Windows in VPC is infected, the files on the Mac VPC has access to are vulnerable to damage any time VPC is running. That does not mean VPC can "infect" the Mac, but some of the more malicious virii that delete or trash files could potentially wreak havoc. So unless your use of VPC is very limited, it is probably best to have a Windows Anti-Virus program installed and running in VPC and unless VPC is sharing the Mac internet connection, you should have a Windows firewall running as well. (If you are sharing the Mac internet connection VPC takes control of the Mac's ipfw firewall.)

I have frequently seen claims of the possibility of damage from Word or Excel macro Virii, but I have never seen reports of any damage having actually happened. I have no explanation why, it is just an observation.

[Captain Code]

I am not as sanguine as you about the scope of risk using VPC. Ifyou read email, download files, or cruise the internet in VPC your risk is exactly the same as it would be running a hardware PC.

Yes, but how many people actually do that. There's not really any reason to load VPC to check email or browse the internet. I'm just going on my usage, but I can't see that most people would use it for stuff you could use the Mac for at a greater speed.

[ElDiabloConCaca]

For VPC to infect a Macintosh outside of the VPC Shared Folder, the virus would have to be specifically written to handle UNIX-style directories -- something that Windows virii are not written to do. The first time that virus tried to "backslash" its way into another directory, it would fail. The Macintosh, outside of the Shared Directory, is completely inaccessible to any Windows virus.

[perfessor101]

Yes, but how many people actually do that.

I was addressing the issue of vulnerability and Windows running on VPC is every bit as vulnerable as Windows running on Pentium hardware. To say otherwise is, to my way of thinking, inviting the uninformed to take unnecessary risk.

For VPC to infect a Macintosh outside of the VPC Shared Folder, the virus would have to be specifically written to handle UNIX-style directories

I haven't tried this lately so I don't know for certain this is still true in Windows 2000 and XP, but in Windows 98 and NT, when addressing a networked drive, Windows automatically translated a "\" to "/" for network compatibility purposes. Since VPC sees accessible volumes on the Mac as network drives and since Windows XP running on VPC can easily drill down through multiple layers of folders on accessible Mac volumes I have to believe that is still true. Therefore I have to believe slash vs. backslash would present no barrier at all.

[ElDiabloConCaca]

Well, I tried doing some googling and some searching on Microsoft's site for an answer but came up with nothing definitive about this.

If we really wanna find out, I have a spare machine here with OS X 10.3.8 on it as well as VirtualPC 7 with Windows XP and 2000. I think I even have a licensed Windows Me disk around here somewhere. If we can dig up a Windows virus that is known to propagate and damage files across network shares, I'd be willing to be a guinea pig on finding out if it's possible or not...

I still don't think a virus could propagate or do damage outside of the Shared Folder, simply because it does appear as a network share to the virtual OS, with all the restrictions of a network share. I don't think it's possible that a virus could even "look" outside of the Shared Folder, simply because VirtualPC is limited in that way -- you can't do an "ls" or a "dir" or change directories to anything outside of that Shared Folder -- it's like a dead-end road. It could circle and circle inside of the Shared Folder all it wants, but since the Shared Folder appears as the "root" directory to the virus and to VPC, there's no way to go "up" the hierarchy and "get out of" that Shared Folder. Sure, it could recursively go deeper, but that would only affect files and subfolders inside of the Shared Folder.

[fryke]

For VPC to infect a Macintosh outside of the VPC Shared Folder, the virus would have to be specifically written to handle UNIX-style directories -- something that Windows virii are not written to do. The first time that virus tried to "backslash" its way into another directory, it would fail. The Macintosh, outside of the Shared Directory, is completely inaccessible to any Windows virus.

Not true. The Windows virus might attack a path with \ in it, but that's automatically parsed by VPC to /. So actually the virus running in VPC can attact all the files under the path shared to VPC. If you're dumb enough to let VPC access the root of your Mac OS X file system, the virus can, theoretically, delete any file VPC has the right to delete. While this is far less dangerous than a 'real' Mac OS X virus/rootkit combo, it's still a drag.

However, I don't think people are likely to share folders they don't really want to share.

[macco]

There is a complete article about security on MacOS X in the March issue of MacWorld
http://www.macworld.com/2005/02/feat...home/index.php

Good article.

I just wanted to add that indeed there are no viruses that can use any OS X vulnerabitity (at least non one that I have heard of), but there are trojan horses that are mainly Unix scripts and that affect the OS X. In fact one that pops in my mind is /MW2004 that comes as a soft called "Microsoft Word OS X Web install", and in fact deletes all the user's files. AND it is rather new May 2004. anyway virex finds it.

Intrestingly enough this trojan affects only OS X and not OS 9.

Probably there are more trojans out there as it is not so difficult writing one. So the best idea probably is to shield up anyway.

[TommyWillB]

Yes, but how many people actually do that. There's not really any reason to load VPC to check email or browse the internet. I'm just going on my usage, but I can't see that most people would use it for stuff you could use the Mac for at a greater speed.

For years the only way for me to connect to work was though a Windows VPN. I used that through VPC, and reguarly surfed the web, etc.

...in fact that copy of VPC was completely trashed by Code Red. Luckily it's very easy to copy/restore VPC "images. So I was back up and running in 30 minutes.