So much for security via obscurity

Xisiqomelir · Post by **Xisiqomelir** » 2005-09-26 10:12pm

From MDN:

"Mac OS X machines are inherently safer than Windows boxes, regardless of market share or installed base. Although having a smaller user base certainly doesn't hurt, it doesn't appear to be the primary reason for the complete lack of Mac OS X viruses. For example, Apple's Mac OS X has suffered zero (0) virus cases in the over five years (September 13, 2000) since Mac OS X was released to the public. According to Apple, there are "close to 16 million Mac OS X users" in the world and there are still zero (0) viruses. For comparison, according to CNET, the Windows Vista Beta was released "to about 10,000 testers" at the time the first Windows Vista virus arrived. So much for security via obscurity."

Oops.

Post by **weemadando** » 2005-09-26 10:14pm

Doesn't this also have to do with Apple denying that aggressive/destructive programs that appear and attack OS X aren't in fact viruses?

Xisiqomelir · Post by **Xisiqomelir** » 2005-09-26 10:25pm

weemadando wrote:Doesn't this also have to do with Apple denying that aggressive/destructive programs that appear and attack OS X aren't in fact viruses?

Yup, trojans which require idiots to knowingly give sudo permissions don't count. Only hardworking hidden programs which fuck with things without assistance qualify as viruses.

Drooling Iguana · Post by **Drooling Iguana** » 2005-09-26 11:30pm

Technically, those aren't always viruses either. A virus is a block of code that attaches itself to a legitimate executable so that it will be run when the executable is run. Most "viruses" in circulation now are actually worms, which are discrete programs in their own right that attack computers independantly. In biological terms it would be more like a parasite than a virus.

Wild Karrde · Post by **Wild Karrde** » 2005-09-27 04:12pm

Clicky

I'm going to offer a bounty of $500 to the first person who can prove that a Mac running Mac OS X (version 10.0 or greater, and patched to the latest security level available at the time from Apple) was accidentally and detrimentally infected with a virus that exploited a flaw in the base Mac OS X installation (not, say, Microsoft Word) before September 20, 2005. The definition of "virus" will for this contest will be either a virus or worm as described by the wikipedia. The challenge ends at 23:59:00, October 16, 2005 (which happens to also be my birthday, and by the way I have a thing for nice shirts).

I will only offer this bounty once, and as you can see, the deadline for the viruses to have done their dirty work is in the past. So, if you're planning to write a new virus just to win the challenge, well... that won't work unless you also make a time machine. (Which, frankly, I'd be willing to fund for $500.) This is a research project, not a programming project: find one of us who has been infected at some time, and tell the world about it.

Praxis · Post by **Praxis** » 2005-09-27 06:15pm

Xisiqomelir wrote:
weemadando wrote:Doesn't this also have to do with Apple denying that aggressive/destructive programs that appear and attack OS X aren't in fact viruses?
Yup, trojans which require idiots to knowingly give sudo permissions don't count. Only hardworking hidden programs which fuck with things without assistance qualify as viruses.

Further, one of the only two trojans for Mac was a proof-of-concept created by the antivirus company Intego that was never released into the wild.

The other one, I don't believe it was released into the wild either but I may be wrong. You had to run it and install it like a program (typing in your username and password to authorize it) and it installed a keylogger.

That's the extent of Mac OS X and trojans.

VIRUSES on the other hand, by definition, have to be self replicating and exploit a vulnerability. Trojans are just programs that do bad things when you run them.