How would you react to a wide-spread Mac OS X virus?

I wrote up a little OS X Virus Survival Guide- just in case. Good inspiration, this post!

http://www.eightysevenfour.com/?p=25

@Tomas Malley:

You beat me to it. This isn't a "hypothetical", it's just moot.

Sure, there are ways to take advantage of known vulnerabilities in services like SSH, etc., that can be enabled on OS X, but you'd almost have to be actively *trying* to become infected or pwned to configure a Mac that way. And even if you did, the virus would *still* need your password!

I can think of ways that a clever black-hat could try to trick an unsuspecting user into entering their password, but even then, as long as the user wasn't configured as admin (you *do* have a separate admin account, don't you?), they would only have access to user data, not system-level functions (which it would most likely need to propagate).

I think that, in a nutshell, is why we've only seen the occasional weak-ass Trojan Horse for OS X, and are unlikely to ever see any serious worms or viruses.

No virus outbreak would bother me unduly. All my clients run Sophos Anti-Virus with daily updates provided by a local server. Sophos routinely updates their virus defs within hours of any major outbreak, so I feel like we'd be well-protected.

Dave said: "but it would be hard to argue that a good portion of of the Mac user base doesn't care about the security of their chosen OS."


Side note: Just yesterday i had to remove Virus Busters adware from a freind's computer. He was told to install it from Myspace, and since it had Tom's picture on the page he thought it was okay. Long story short, it took me nearly 5 hours to fix as NONE of the typical anti-virus software worked. I was finally forced to trust an unknown app, that runs via command line, to remove it from explorer.exe. Has anyone else experienced this one? Why the hell couldn't the major players couldn't even find problem, much less fix it.? The good is he is now getting Mac.

When a bad Mac OS X virus arises, I'll be one of the ones saying "I told you so".

People are saying things like:

"I feel safe, because Mac OS X is Unix". OS X has elements of Unix, but it's heavily modified in ways it was never meant to go.

"OS X does not have legacy code in it". Well, it does. The Carbon APIs are from the OS 8 days, and these APIs get called within Cocoa apps. Many Cocoa functions are directly decended from NextStep.

"You need to give your password before a virus would work". Nope. Bugs ("features") have been discovered that allow applications to install and their scripts run as root, without you having to give confirmation. Folks, OS X is not Unix. Unix would never do something like this.

"At noon, I'd download the security update". Apple doesn't have a history of being very concerned about security. The bug I mentioned above has not been fixed. The privacy bug that lets complete strangers find out your name through your Airport card has not been fixed. 29 known kernel flaws have not been fixed.

Sure, if it's a really bad security flaw, Apple might get around to fixing it, but they'll wait until they have a collection of patches for other flaws before releasing the whole lot.

I'm very worried for people who run Mac OS X. If a bad virus got into the wild for OS X, I think that would shake a lot of people's confidence in the operating system. Diehards would just buy anti-virus software or download the ClamAV port.

I'm with Sam:
I would Never buy Norton (or any other commercial solution).
But also:
I would never brag about security in ads.
I would refrain from evangelizing to the prejudged.
I would speak highly of all nice/new aspects of Vista.
While respecting Linux.
And always looking up to the Open Source community.
I would Never buy Norton.
I would keep working peacefully, half way down the food chain.

My biggest gripe with the Windows platform is not the existence of viruses, but the programs which purport to protect you from them.

The industry leader, Symantec's Norton Security Suite, is quite possibly the single worst commercial program I have ever had the misfortune to install. First and foremost, it is a huge resource hog. Second, its UI seems designed to baffle, frustrate and patronise. Third, it is horrendously buggy - if there was ever a problem with my PC, 99% of the time, I could attribute it to Norton. That it actually does a decent job of shielding against viruses is more down to the massive restrictions it places on the user than any innovation on the part of the Symantec.

I'd like to think that when faced with a similar situation to their Windows brethren, the Mac software development community would be more capable of devising an efficient, user-friendly and robust program for securing the Mac. In short, virus protection that 'just works'.

Unfortunately, I'm not convinced that the threat of a major virus outbreak on the Mac is taken seriously enough for users to want to spend cash on antivirus solutions, and in turn for developers to spend the time developeing them.

Interesting question.

If we assume a sudden and massive Mac virus problem, then wouldn't Windows also be in the same boat? Then what would be the point of moving from one end of a sinking raft to the other? Either way you're getting wet. Then, it becomes a choice between the UI, software, and the necessities of a Mac. With that in mind, I'd stay with the Mac even after buying a copy of Norton System Defender Pro, Awesome Edition.

And, this completely ignores Linux which could be a safe harbor.

I wouldn't worry. I would wait until apple creates the patch. Basically because this would be something that happens infrequently...

Yes sadly while difficult it is entirely possible to write a virus for a Mac, without a password. Privilege escalation flaws, or flaws in applications that run with system privileges, would allow malware to infect an Apple, the same way it works on windows box. OS X has a better user model than Windows up to XP, but there can still be flaws and they can still be used to circumvent the security in place.

Personally I don't think Apple takes security seriously enough, and I fear this day is coming. Windows may have problems, but it's users have learned from them. They know about firewalls, they
understand they need to keep their AV up to date. Granted they learned these lessons reactively, but it doesn't seem Apple or it's users are being at all proactive about it.

I love my Apple, but its time we learn. Kudos to TUAW for asking this question, I hope we figure out an answer.