SLUG Mailing List Archives
Re: [SLUG] ot: Mac OSX and virii in the open
- To: David <david@xxxxxxxxxxxxx>
- Subject: Re: [SLUG] ot: Mac OSX and virii in the open
- From: <r.polanskis@xxxxxxxxxx>
- Date: Tue, 7 Oct 2003 13:23:41 +1000 (EST)
- Cc: slug@xxxxxxxxxxx
- Cc: Voytek Eymont <voytek@xxxxxxxxxx>
- Reply-to: grove@xxxxxxxxxxx
On Tue, 7 Oct 2003, David wrote:
> I've been running MacOS 9* for may years and have yet to see a virus.
> Several of my macs are exposed to the 'net (ie.. 24/7 connections). I
> think it's a case of:
> * Nobody can be bothered to write a virus for a mac
> * Mac's mostly aren't listening anyway
> * Mac's don't have the usual vulnerabilities that Mr.Gates loves to build
> into Win***
> * Even if you are silly enough to use Outlook on a Mac, an .exe doesn't
> run, neither does a .scr etc (see above).
On MacOS9 and previous, the way the OS is patched and linked defeats
most viruses. At the hardware level, MacOS has lots of "inits" and drivers
that hook into the system to accomodate the various platform variants.
Each one of these is like a kernel module that actually changes the
OS in some way. It is very hard to write a virus developed on say,
a G3 running on OS 8.6 to run successfully on different OS and hardware
revs. I am not saying it is impossible, but it is much harder and
most virus coders can't be bothered as they do not have the experience
or temperament to do so. I have only once seen a MacOS virus in the
wild and it was pretty benign as it wasn't able to accomplish any of
the damage it was meant to do. When MacOS 6 was around, it was a lot
more simply structured and was easier to break.
> I've hardly used OSX, but it's Unix, so anything that can hit Unix can hit
> OSX. I've tried OSX just to check it out, and my recollection is that the
> standard install is fairly sane.
Most of the exploits of OSX are the same as for BSD/Linux/UNIX.
If it uses something of those ilk, like OpenSSL/SSH/Samba, there is
a good chance the exploit will arise there too.
I have only heard of one OSX specific vulnerability so far and it
was pretty stupid, as you need to be on the console to activate it
and it was patched with 10.2.6.
If you run MS Orifice, the VB script host that allows Macros to run is
vulnerable to the same exploits as on PC's, but I haven't seen anyone
do this yet. There used to be a Word Macro you could install that would
disable suspect code. It ran on both Macs & PC version of Office, but
I do not know where to get this now.
I love OSX BTW. I am even starting to like it more than Solaris,
although I wish I could have the 2 in combination!
Rachel Polanskis Systems Admin, University of Western Sydney
V1-37, Kingswood Campus (+61 2) 47 360 291 <r.polanskis@xxxxxxxxxx>
"They who would give up an essential liberty for temporary security,
deserve neither liberty or security" - Benjamin Franklin, 1759