Viruses On Os X

Captain Code

Moderator
Staff member
Mod
I've noticed quite a few questions about people thinking that they might have a virus on OS X. Everyone should know that, so far, there are absolutely NO viruses for OS X. There are a few hundred for OS 9, but NONE for OS X.

Strange things occuring with applications are usually the fault of that application.

There are virus scanners for OS X such as Virex and Norton but they are only scanning for Windows viruses and the old OS 9 viruses, so there is not much use for them unless you want to take it upon yourself to protect PCs if you forward strange emails to people.
 
Agreed. I think it should also be mentioned that if you think you're experiencing some sort of "spyware" or virus activity to take a look at the environment you're operating in. If you're at work and are being "served" the internet through a Windows server (like a proxy server or similar computer-based router) then the problem more than likely is originating from the server, not your Macintosh.

Application crashes, like Captain Code said, are almost never linked to malicious spyware or virus activity, and there are lots of things (like bad RAM, hard drive problems, external peripherals, system haxies, and system add-ons) that would be more likely than a virus/spyware to be causing system instability.
 
There is a complete article about security on MacOS X in the March issue of MacWorld
http://www.macworld.com/2005/02/features/macsecurityhome/index.php

Statements:
1) Virus may also come on MacOS X, even if currently there is no known virus infection on our plateform. Therefore it is not a bad idea to have antivirus SW on your Mac with uptodate definitions.
2) If you use VPC you are vulnerable to Windows viruses.
3 _my statement_) There are other risks... the first one being the risk to lose your data due to hardware problems. Therefore it is a very good idea to backup your data on a regular basis.
 
chevy said:
2) If you use VPC you are vulnerable to Windows viruses.
...it should be noted that any Windows virii/spyware that you get in VirtualPC will be limited to the VirtualPC operating system, and cannot, in any way, damage or affect your Mac OS X system. At the worst, your Virtual OS will be kaput and will have to be deleted and re-installed, but OS X and your hardware will be absolutely fine.
 
ElDiabloConCaca said:
...it should be noted that any Windows virii/spyware that you get in VirtualPC will be limited to the VirtualPC operating system, and cannot, in any way, damage or affect your Mac OS X system. At the worst, your Virtual OS will be kaput and will have to be deleted and re-installed, but OS X and your hardware will be absolutely fine.

The virus can also attack any file that can be accessed from the VPC environment, and this can be your whole Mac if you open it to VPC. Of course the virus will not reproduce on MacOS, but it still can delete files.

Another "agonstic" virus type is made of the M$ Office macro viruses. These are based on Office and not on the underlying OS.
 
You can get the same Windows viruses in VPC but I'd consider that a really rare occurence. For the useage that VPC gets, there's a lot less risk of infection. You don't normally use it all day surfing the net, checking email etc. The usual usage pattern of VPC is to run some niche program for a few hours at a time.

So, the risk is really small.

You can spread the Word macro viruses, but I don't think they are actually harmful on the Mac. From what I've heard they don't usually do anything at all on the Mac.
 
I downloaded a small clip from a joke web site once, a friend put as a link in an email. I went to the site, pressed the url for the particular video, and Virex popped up, and said it has contained a virus, do you want to delete the file. It was a weird experience. I further investigated to find out it was a windows virus.
 
Captain Code said:
The usual usage pattern of VPC is to run some niche program for a few hours at a time.

So, the risk is really small.

You can spread the Word macro viruses, but I don't think they are actually harmful on the Mac. From what I've heard they don't usually do anything at all on the Mac.
I am not as sanguine as you about the scope of risk using VPC. Ifyou read email, download files, or cruise the internet in VPC your risk is exactly the same as it would be running a hardware PC. Once the copy of Windows in VPC is infected, the files on the Mac VPC has access to are vulnerable to damage any time VPC is running. That does not mean VPC can "infect" the Mac, but some of the more malicious virii that delete or trash files could potentially wreak havoc. So unless your use of VPC is very limited, it is probably best to have a Windows Anti-Virus program installed and running in VPC and unless VPC is sharing the Mac internet connection, you should have a Windows firewall running as well. (If you are sharing the Mac internet connection VPC takes control of the Mac's ipfw firewall.)

I have frequently seen claims of the possibility of damage from Word or Excel macro Virii, but I have never seen reports of any damage having actually happened. I have no explanation why, it is just an observation.
 
perfessor101 said:
I am not as sanguine as you about the scope of risk using VPC. Ifyou read email, download files, or cruise the internet in VPC your risk is exactly the same as it would be running a hardware PC.


Yes, but how many people actually do that. There's not really any reason to load VPC to check email or browse the internet. I'm just going on my usage, but I can't see that most people would use it for stuff you could use the Mac for at a greater speed.
 
For VPC to infect a Macintosh outside of the VPC Shared Folder, the virus would have to be specifically written to handle UNIX-style directories -- something that Windows virii are not written to do. The first time that virus tried to "backslash" its way into another directory, it would fail. The Macintosh, outside of the Shared Directory, is completely inaccessible to any Windows virus.
 
Captain Code said:
Yes, but how many people actually do that.
I was addressing the issue of vulnerability and Windows running on VPC is every bit as vulnerable as Windows running on Pentium hardware. To say otherwise is, to my way of thinking, inviting the uninformed to take unnecessary risk.
ElDialoConCaca said:
For VPC to infect a Macintosh outside of the VPC Shared Folder, the virus would have to be specifically written to handle UNIX-style directories
I haven't tried this lately so I don't know for certain this is still true in Windows 2000 and XP, but in Windows 98 and NT, when addressing a networked drive, Windows automatically translated a "\" to "/" for network compatibility purposes. Since VPC sees accessible volumes on the Mac as network drives and since Windows XP running on VPC can easily drill down through multiple layers of folders on accessible Mac volumes I have to believe that is still true. Therefore I have to believe slash vs. backslash would present no barrier at all.
 
Well, I tried doing some googling and some searching on Microsoft's site for an answer but came up with nothing definitive about this.

If we really wanna find out, I have a spare machine here with OS X 10.3.8 on it as well as VirtualPC 7 with Windows XP and 2000. I think I even have a licensed Windows Me disk around here somewhere. If we can dig up a Windows virus that is known to propagate and damage files across network shares, I'd be willing to be a guinea pig on finding out if it's possible or not... ;)

I still don't think a virus could propagate or do damage outside of the Shared Folder, simply because it does appear as a network share to the virtual OS, with all the restrictions of a network share. I don't think it's possible that a virus could even "look" outside of the Shared Folder, simply because VirtualPC is limited in that way -- you can't do an "ls" or a "dir" or change directories to anything outside of that Shared Folder -- it's like a dead-end road. It could circle and circle inside of the Shared Folder all it wants, but since the Shared Folder appears as the "root" directory to the virus and to VPC, there's no way to go "up" the hierarchy and "get out of" that Shared Folder. Sure, it could recursively go deeper, but that would only affect files and subfolders inside of the Shared Folder.
 
ElDiabloConCaca said:
For VPC to infect a Macintosh outside of the VPC Shared Folder, the virus would have to be specifically written to handle UNIX-style directories -- something that Windows virii are not written to do. The first time that virus tried to "backslash" its way into another directory, it would fail. The Macintosh, outside of the Shared Directory, is completely inaccessible to any Windows virus.

Not true. The Windows virus might attack a path with \ in it, but that's automatically parsed by VPC to /. So actually the virus running in VPC can attact all the files under the path shared to VPC. If you're dumb enough to let VPC access the root of your Mac OS X file system, the virus can, theoretically, delete any file VPC has the right to delete. While this is far less dangerous than a 'real' Mac OS X virus/rootkit combo, it's still a drag.

However, I don't think people are likely to share folders they don't really want to share.
 
chevy said:
There is a complete article about security on MacOS X in the March issue of MacWorld
http://www.macworld.com/2005/02/features/macsecurityhome/index.php

Good article.

I just wanted to add that indeed there are no viruses that can use any OS X vulnerabitity (at least non one that I have heard of), but there are trojan horses that are mainly Unix scripts and that affect the OS X. In fact one that pops in my mind is /MW2004 that comes as a soft called "Microsoft Word OS X Web install", and in fact deletes all the user's files. AND it is rather new May 2004. anyway virex finds it.

Intrestingly enough this trojan affects only OS X and not OS 9.

Probably there are more trojans out there as it is not so difficult writing one. So the best idea probably is to shield up anyway.
 
Captain Code said:
Yes, but how many people actually do that. There's not really any reason to load VPC to check email or browse the internet. I'm just going on my usage, but I can't see that most people would use it for stuff you could use the Mac for at a greater speed.
For years the only way for me to connect to work was though a Windows VPN. I used that through VPC, and reguarly surfed the web, etc.

...in fact that copy of VPC was completely trashed by Code Red. Luckily it's very easy to copy/restore VPC "images. So I was back up and running in 30 minutes.
 
ElDiabloConCaca said:
For VPC to infect a Macintosh outside of the VPC Shared Folder, the virus would have to be specifically written to handle UNIX-style directories -- something that Windows virii are not written to do. The first time that virus tried to "backslash" its way into another directory, it would fail. The Macintosh, outside of the Shared Directory, is completely inaccessible to any Windows virus.
WRONG!

Virtual PC takes care of this translation to make the mounted volume look like a normal Windows mapped drive.
 
I just use one of the free Windows security programs (can't remember which at the moment - probably Zone Alarm) to completely block access to and from the Internet for VPC. All my Internet surfing, downloading, emailing is done with OS X. Haven't had any problems yet.

I don't use VPC for anything except for fun (I'm fascinated by emulators), so I'm not going to buy an Internet security program to protect a virtual machine.

Also, I only share a single subfolder.

Doug
 
With all this talk of viruses I'm trying to look into a decent anti-virus scanner. Right now I'm using clamXav, last night it found 8 viruses in my home folder, obviously windows viruses. However just because there aren't any OS X viruses yet it could be possible to create one. What I'm looking for is a good virus scanner. What I would like is something that can scan the entire startup disk, one of clamav's downfalls is that it can't. Also I would prefer a cocoa app. If it could be free that would certainly help. What has everbody else had good luck with?
 
I run intego virusbarrier scans once a month when the new definitions are released, but i have yet to find one virus
 
Back
Top