>the widespread belief that they are virus-free, Macs aren't immune from invasive and dangerous malware.
This is an area where it's really hard to extrapolate from my personal experience to the entire population, but is this really an accurate statement of many people's beliefs?
I think what people actually think is that the chances are much lower of encountering malware in the wild on a Mac. In support of that, having an article this long on a single piece of malware that isn't particularly damaging, would indicate that it's not the normal state of affairs in Mac land.
I would similarly expect that the chances of drive-by malware on Linux are tiny, perhaps even less common than on a Mac, and thus it would be newsworthy if there were some widespread (in relative terms) Gnome malware, or similar.
It's one thing to think that it's uncommon, and another to think that it's impossible.
People think Macs are virus-free because Apple spent years telling them were. Example ad, with John Hodgman as the Windows guy with a virus. https://www.youtube.com/watch?v=M3Z386vXrt4
It's a combination of a few things: (1) why bother investing time and resources for a platform with around 10% of users and (2) OSX has had strong security mechanisms e.g Gatekeeper, XProtect, App Sandbox. Windows 10 is much better but unfortunately not everyone is on that OS yet.
Depending on whom you ask, having an antivirus may actually be more harmful than not, as it digs deep into the system potentially opening more holes, while not providing much protection due to the reliance on signatures. Heuristics is not yet there to be useful.
Another reason that there may be a perception that OSX is safer these days is that most users only buy software directly from Apple through the app store.
I would say it is accurate. I doubt most users really think it through, and Apple went out of their way to enforce the idea that Macs don't get viruses in their advertising campaigns around 2010 to 2012.
Most users just don't think about it much, and the only exposure they got was ads telling them the thing doesn't get viruses, which Apple finally stopped doing in 2012 after have a very uncomfortable year... https://www.wired.com/2012/06/mac_viruses/
If you're here talking on HN, then yes, you probably fall into the category of folks who properly understand that uncommon != impossible. I sincerely doubt the vast majority of users make that jump.
>It may have been technically accurate that Macs don’t get gummed up with PC viruses, but the implication that Apple is virus-free is certainly misleading.
But that "implication" is an assumed implication that I haven't seen play out in my non-tech friends. I always thought that stories like those were just drummed up by anti-virus vendors to make sure that people continue buying their wares.
Just because the people alerting you to something have a vested interest in you being alerted, that doesn't make them wrong. It's good to know the incentives behind actions, but that doesn't mean we shouldn't look at the facts in each case and come to an informed decision.
> Mac OS 7/8 etc had even lower market share than today's Macs have, and it had tons of viruses
That's not a valid comparison. When Mac OS 7/8 was mainstream, it was common to get software via a floppy disk that had already been in 10 other machines or from a fly-by-night BBS. Nowadays software distribution is far less peer-to-peer, and it's much more difficult for simple viruses to move from machine to machine.
> market share
If it's not market share, then what is it? The vast majority of malware attacks happen via social engineering, not zero day vulnerabilities, and the only requirements for that are a gullible user and a computer capable of running unsigned software.
Edit: Since I don't have access to a disposable Mac, just out of curiosity, what happens if you torrent something like "photoshop for mac full edition (cracked)" and try to install it? On a PC, assuming you make it through the hurricane of warnings Windows tries to throw in your way, this will almost certainly result in malware getting installed on your computer. What mechanism prevents this on a Mac?
>That's not a valid comparison. When Mac OS 7/8 was mainstream, it was common to get software via a floppy disk that had already been in 10 other machines or from a fly-by-night BBS. Nowadays software distribution is far less peer-to-peer, and it's much more difficult for simple viruses to move from machine to machine.
That doesn't make sense. The software that back in the day would be in a disk that had "already been in 10 other machines", can now come from a website that serves millions of machines with the same malware infected programs.
Read these words again. Regardless of whether there were tons of viruses on MacOS back in 1997, there's no way it's valid to hold up your thumb, squint, and say the current situation is better or worse. The malware on MacOS 8 was almost exclusively viruses made by hobbyists which self-propagated through channels that no longer exist. There were no command and control servers, strong encryption, muti-stage deployments over the web, etc. Modern malware is organized crime that relies primarily on people scamming other people, and requires a ton of back-end infrastructure and support.
In other words, it's harder and success depends on a whole different set of factors.
The person I was replying to was basically asserting that Apple fixed the virus problem that existed before OSX, and as a result malware cartels in 2017 aren't able to attack OSX. Would you believe it if they were saying polio vaccination campaigns in the 50's put a dent in drive-by shootings in the 90's?
Over the history of Malware I suspect the largest vector was simply machines connected to the internet. Going back to the OS 7/8 days is kind of irrelevant because worldwide computer adoption was so low. So, for the average person what they are going to remember is the unpatched exploits / zero day attacks simply because they affected vastly more people.
You can't get viruses on iOS unless you're jailbroken - Apple's walled garden pretty much guarantees that. Even jailbreaking is insanely difficult with the newest versions of iOS. There is no public jailbreak of the current version of iOS, or the version before that.
In addition, about 80% of iPhones in use are running the latest version of iOS. Apple can patch exploits and have the majority of iPhones secured in a short amount of time. iOS is unique in that respect, and that is just one mitigating factor that makes iOS malware very implausible.
That's just marketing hype mixed with a little bit of goalpost moving. "Has never been more secure than it is now" != secure.
> A while back Apple started pulling anti-virus apps from the app store presumably because they aren't needed.
I think you presume too much. An effective antivirus program cannot run in a sandbox that isolates it from other processes. If Apple pulled 3rd party antivirus apps, I bet it was because they could not both work as advertised and simultaneously obey the sandbox, not because they "aren't needed" (presumably because the platform is "secure").
As for your original statement:
>> You can't get viruses on iOS unless you're jailbroken - Apple's walled garden pretty much guarantees that.
So, in other words, iOS is insecure and vulnerable to malware.
Governments don't have special hacking powers, they mainly have money and manpower.
It's true, iOS might raise the bar a little bit compared to some other systems, but IMHO it's misleading and dangerous to claim that it's invulnerable.
The point is you're not going to get malware if you open the wrong email or go to the wrong site like you could on Windows. The organizations with enough resources to hack iOS devices aren't interested in sending mass emails to steal bank account details. The average iOS user who keeps their device up to date simply doesn't have to worry about malware and suggesting otherwise is misleading.
> The organizations with enough resources to hack iOS devices aren't interested in sending mass emails to steal bank account details. The average iOS user who keeps their device up to date simply doesn't have to worry about malware and suggesting otherwise is misleading.
Again, no. Here's another counterexample (which is recent and appears to have been active on the App Store for ~1yr):
"These malicious iOS apps provide a connection to a third party app store controlled by the author for user to download iOS apps or games. It encourages users to input their Apple IDs and passwords for more features, and provided these credentials will be uploaded to AceDeceiver’s C2 server after being encrypted."
That's not state actor stuff.
However, I shouldn't have to keep providing counterexamples to convince you of your absurd claims of practical invulnerability. Apple has not made any kind of security quantum leap: no one has. Apple's systems are vulnerable to the same types of flaws, by the same types of attackers, as any other system in wide use. The main difference is that Apple has restricted their platform to the extent they have an easier time implementing security best practices. iOS is still vulnerable to flaws Apple doesn't know about or hasn't patched, and those flaws can be exploited for as long as Apple remains unaware or fails to act. That's not fundamentally different position from Microsoft, Google, or any other similar company.
What you linked is basically an elaborate phishing scheme. The exploit allows the installation of non app store apps, but that doesn't mean the installed apps can escape the sandbox. The worst thing it can do is try to trick the user into entering passwords into the app's fields. As far as malware goes it's pretty benign.
The most wide spread malicious apps are generally apps that access private apis but manage to get through Apple's review process and onto the App Store. They can be far reaching but again they can't breach the sandbox which means the absolute worst thing they do is upload your email address to some server or try to trick you into giving away your password. I still stand by my assertion that the average user doesn't need to worry about malware on iOS.
> They can be far reaching but again they can't breach the sandbox
False, they can breach the sandbox. The sandbox is software and it has exploitable flaws until proven otherwise (which hasn't happened).
Look, like I said in another comment: you'd be fine if you restricted yourself to relative comparisons, but for some reason you have to go too far and make absolute statements of security, statements which can't possibly be true. iOS might be more secure than other OSes, but it's still insecure, and it's dangerous and misleading to say that any users don't need to exercise reasonable caution.
While that was an interesting article I didn't see it making any claims of having bypassed the sandbox, but "just" the DRM to allow install of pirated apps.
The heavy sandboxing of every app on iOS is fundamentally different from any desktop OS. Sandboxing of desktop apps is still very far from a complete implementation.
> The point is you're not going to get malware if you open the wrong email or go to the wrong site like you could on Windows.
So the point is that you aren't going to get malware on your small, entirely contrained and locked down portable computing device like you are on your larger, general purpose open computing device? Why even bother making that comparison?
OS X has plenty of vulnerabilities.[1] If you want to make a coherent argument, source your claims that modern windows only requires you visit a site or open an email, and we can look to see if Apple has had similar vulnerabilities in equivalent products.
I agree with your statement here but it should be noted that a lot of cyber security is the joke about running away from a bear. I don't have to outrun the bear, I just have to out run you.
Exactly. I wouldn't have a problem if people were saying "iOS is more secure than X" or "You should pick iOS because it's one of the most secure OSes, but you should still be careful." But nooo, the fanboys go too far and spew dangerous, misleading stuff like "it is secure" and "you don't have to be careful" and "it can't get malware."
Citation? AFAIK the iOS sandbox has not been broken on un-jailbroken iOS devices, so at worst you're getting a garbage app that doesn't do what it promises.
I've never seen nor heard of any actual malware outbreak from a non-jailbroken app.
Maybe I should have put malware in quotes. I was generally referring more to the privacy invading, battery sucking, ad displaying, etc behaviors of the vast majority of applications. Which per wikipedia (and traditional usage of the term) makes them malware.
Apple/etc seem to be suck in the mindset of the various antivirus products before the advent of adaware/etc. So the products aren't strictly virus/trojans/worms/etc but they definitely fit the definition of malware and the end results are potentially just as bad. I would actually prefer any number of virus's over the some of the shenanigans the facebook app has been accused of.
I know next to nothing about iOS, so: Why can't the (usually public) jailbrake-exploit or another, similar potent (and probably quite expensive) be launched from inside the app? Sure, it has to be hidden to get into the store, but that looks very easy compared to finding the actually jail break. One just has to hide a arbitrary code execution vuln in the code of the app somewhere.
If there was a jailbreak available, yes. But there hasn't been a publicly available untethered jailbreak since March of 2016, and there has never been an untethered jailbreak of iOS 10.
The only jailbreak for iOS 10 was semi-teathered and only made public after Apple had patched the vulnerabilities. In order for this to work as malware the user would have to open the malicious app every time their phone restarts. Not only that, every time the they open the app their phone would appear to be out of storage and then promptly crash to the boot screen. It would be a bit of a hard sell.
I switched to Macs back in 2007. I work in IT, have always been careful to install anti virus software on Windows machines and showed my family how to avoid click bait and dangerous downloads. Even so I frequently used to have to clean malware off my old Windows machines. We do have one windows laptop on Windows 7 which is lightly used and most recently it got infected with a Firefox toolbar extension thing a few years ago that took a week to get rid of completely.
I have never once since 2007 had to deal with a single piece of malware on any of our Macs. I know it exists, Handbrake downloads got infected a while back, but the difference is night and day. In my experience Mac OS is dramatically safer than even a fully up to date Windows machine with top tier virus protection software installed.
Maybe that's changed with recent versions of Windows. Cool. Actually the only thing that drives me potty about Macs is the keychain getting corrupted, drives me potty.
While there is of course no guarantee, most of the shitstained-OS-installations that were (or still are?) so common, with symptoms like non-functional systems, ads popping up, or having 90 toolbars are due to user actions. Sure, there are methods to deliver and elevate malware, but most of the 'problems' people experienced (before widespread banking malware) were practically "cosmetic" and "slowness" and almost always due to users randomly downloading and executing anything in their path.
With iOS, that pattern is a lot harder to abuse, and with enforced sandboxing, side-effects between programs (or, 'apps') are somewhat non-existent.
Most of the things that make non-Windows systems less infected seem to either be due to a better security design, less casual users or a drastically lower market share making it a smaller target with possible less effective organic spreading of malware. (or possibly a combination of the three)
You missed the hedge phrase—"pretty much". Obviously there isn't such a thing as a guarantee for security, but there are counterexamples for most OSs. Do you have one for the current iOS version? I haven't seen someone jailbreak their phone since iOS 5, I think, though people did do it since then.
What's the point of your critique when you can apply it to literally any piece of software? Even SEL4 relies on a correct processor, and yours has flaws.
With all the security hetze and Apple pushing iOS as mainstream OS, I still do not get why this security depends on software and not hardware. Make it impossible for apps to break out of its jail at a hardware level.
Nobody can guarantee their software is secure (secure software doesn't exist), but the cash value of a sandbox escape/jailbreak of iOS on the black market (or probably even through Apple's bug bounty) far exceeds the value that would be generated from some adware or cryptolocker scam all but guarantees that you won't see any widespread malware.
The same exploits that are used to jailbreak the device can be used for installing malware. There has been remotely exploitable bugs in iOS, for example in WebKit, but luckily there hasn't been people exploiting them. iOS is very safe but not perfect.
I would guess many 20-somethings have recommended a mac to their parents with this as one of the bullet points. At a time, it was more or less true - when dropping a virus on your windows PC was as easy as loading a malicious activex website, macs just didn't even have it. Not to say macs weren't vulnerable, but the attack surface was lower and the cost/benefit to people trying to bot-net your mom's Mac was higher than everyone's unpatched Compaq running Win98.
I'm a 50-something and my Mom with her Mac manages to get infected with browser-based malware. And she's pretty careful. But sometimes those "update" notifications look real to her.
I used to have to clear out malware remotely from one of my grandmother's computers about twice a year, for several years.. I was so happy when it finally died, bought her a chromebook, which she was very happy with.
Chromebooks are probably the single best option for a computer with a keyboard. I wish the chrometops were a bit more compelling, as I'd probably switch my other grandmother (ubuntu 16.04) over. She has one program she plays a lot (since 1996) which runs under WINE.
The flip side of that is supposedly tech literate IT managers who insist that my company implement "industry standard" virus detection software on a fleet of MacBook Pros. The stupid cuts both ways.
It's been a few years, but the "I'm a Mac and I'm a PC" ad series talked up virus immunity quite a bit. I suppose one could argue that "don't get malware" was narrowly accurate in the sense that it wasn't presently happening, but there was a strong suggestion of "can't get malware" too.
Well, to the person that knows better it means you can have a clean Mac by following basic download hygiene -- which is not possible in platforms with widespread viruses targetting vulnerabilities they can exploit automatically and which you can't protect from (except if you don't connect to the internet at all).
Right. The Mac Zealots will say "These aren't viruses! They're unwanted programs purposefully installed by the user who thought he was updating Acrobat." But it's like a 2nd amendment advocate trying to win an argument by pointing out that word "Assault Rifle" is meaningless. It may be true, but it's not a way to argue.
I'm pretty sure "assault rifle" [0] is a reasonably well-defined term and you mean "assault weapon" [1] in your post.
Pointing out that "assault weapon" is meaningless is trying to combat emotive, irrational legislation based on conflating "assault weapon" with "assault rifle" because most people don't understand the difference (and one of the terms was chosen to be intentionally confusing).
You completely misunderstand my point. I'm a card-carrying NRA member, but I wince when I hear someone notice that a anti-2nd-amendment zealot mixes up terms like "magazine" and "cartridge" and thinks "Aha! I've won this argument because you don't know what these basic terms mean." It really doesn't help convince people on the other side to consider another point of view.
I think you misunderstood mine: it's unlike the case of "virus" in the sense that it acquired a general meaning and then was retrofitted with a technical one to co-opt feelings for political goals.
It would be like if people had used "virus" as a generic without it ever having a technical definition (by analogy to infections), then Congress proposed to ban encryption to stop "viruses", because hey, lots of viruses use encryption.
Pointing out that co-opting from the informal "infectious software" to "software that uses encryption" is a meaningful point.
I think you're correct that the usage of virus for unwanted software is fine; I think you're wrong about the evolution of language there matching what happened with "assault weapon". Specifically, one change is going from the technical to the generic, while the other is going from the generic to technical.
I suspect if you went into 100 Apple stores, and asked 100 of the bubbly sales persons with their cute little Apple shirts if Macs can get viruses, you'd get 50%+ to say no.
Well, what is true is that it's extremely hard to execute arbitrary code without user knowledge on a Mac. Windows has thousands upon thousands of arbitrary code execution bugs where simply opening something like a pdf can allow an attacker to run arbitrary code as a privileged user. There are many defense mechanisms to this that are inherent to the design and implementation of Darwin/Mac OS.
Kinda unfair to not let me use the biggest example (DAC/user separation) just because there might be sensitive data with user permissions when we're talking about arbitrary code execution. Even still, such a concept makes privilege execution orders of magnitude harder on * nix systems.
POSIX philosophy also prevents the "keys to the kingdom" kind of exploits you can get in windows, many linux exploits are much harder to chain together simply due to this.
The * nix networking stack has always been much more mature and robust than the windows stack, although I'll admit that's not necessarily inherent to the design.
Sandboxing. All third party apps in the Mac app store, and many system apps. Safari, Mail, Messages, FaceTime, Calendar, Contacts, Photos, Notes, and Reminders are all sandboxed.
I also really like how Gatekeeper ( https://en.wikipedia.org/wiki/Gatekeeper_(macOS) ) works – it quarantines documents such as word files, so that on first open you get a dialog pointing out that it's been downloaded. This is great, because you see the dialog very infrequently. I actually pay attention to it when it comes up.
The operative form of this belief is, "you probably shouldn't buy and install a consumer antivirus product for your Mac like you would with a PC" which is probably still true.
I think it is a holdover from the early Mac days, where a large part of the base OS was in ROM.
Thus a simple reboot would clear out any infection.
That, and over time the lack of a general market presence, is likely what lead to the belief (never mind that Apple pushed the message with their I'm a Mac ads).
Someone correct me if I'm wrong but this seems to be talking about FruitFly 1 [1] and the article is about FruitFly 2 [2]. Been digging around and still can't find any description of how to tell if you're infected by the new one.
> ...despite the widespread belief that they are virus-free, Macs aren't immune from invasive and dangerous malware.
I keep hearing this, but I never see evidence of these people. Is there a widespread belief that there's a widespread belief that Macs are immune from malware, despite few people who actually think this?
Well, I'm sure such people exist, but there don't seem to be many, even on sites like macrumors and /r/apple where mostly non-technical people with magical feelings for Apple gather and comment.
I worked at a Geek Squad for two years, so definitely take my experience with a grain of salt, but at least in the world of big box retail chains, this was quoted so often by my customers and clients I lost count. Most of my clients that came in with an infection on their Mac (sometimes just a rogue browser extension, but often an honest bit of malware) were genuinely surprised, having purchased the Mac originally because it supposedly didn't have these "Windows" problems.
I suspect this is largely due in part to the types of clients that would actually purchase Geek Squad protection in the first place; my job duties had me working directly with "not computer people" folks most of the time. Still, the idea that Macs were immune to malware was pervasive; on several occasions, folks returned Windows machines they had just purchased (and managed to immediately infect) and picked up a Mac instead, thinking that this act alone would make them immune to their problems, or their kids online behavior, etc. Most folks were good sports about it though, realizing that they had been misled by advertising, and allowing me to explain good security habits to them during their visit.
I think the biggest thing that bothered me about the job, and the reason I eventually left for greener pastures (I presently work in Linux Administration) was the pervasive idea that you could fix computer problems by buying additional software. This is something retailers have latched on to, and it bugs me on a fundamental level. The only way to actually be more secure is to understand your tools, so that you can recognize when they are misbehaving.
I'd say macrumors and /r/apple are probably a better representation of the general public than other forms of contact you have with people. Realizing that viruses exist escapes some.
By now Windows also has a much stronger security model. So I'd say that the chances of anything happening would theoretically be about equal in Linux, Windows and Mac. But you'd have to take popularity into account, and since the Mac has become more popular, I'd guess they are a victim more often.
As long as Windows still tries to hide file extensions, the rest of its security barely matters. And in what way would its security model be better than MacOS or Linux? I'd say they are about the same nowadays.
Anecdotally, most non-technical Mac users seem to have better habits than Windows users. Updates get installed and shady software gets loaded up less frequently.
You need to remember that when those ads aired Windows still ran everything as root and had genuine "viruses", not trojans or other malware. But a virus as in the definition of the term. That Macs and Linux had a sane security model really did make them essentially "immune to viruses" in a very real way.
Today, a genuine virus is a rare thing, most malware are trojans. But back then viruses were the dominant form of malware. It's quite unfair to criticize people claiming Macs don't get "viruses" by changing the context on them to include all malware. That's not the claim people made.
Yes, but a decade or more ago. The security landscape and perceptions around it have changed.
Also, back then the difference between MacOS and Windows was pretty stark so this was a valid marketing point. Not that the ads didn't oversell it, of course.
Nothing on that site makes the claim that Apple software is immune from malware. They claim that it's "secure", but that's relative anyways. All of the real iOS malware I know of abuses either jailbroken devices or enterprise provisionings. The standard infection case of "ran something you shouldn't have" or drive by downloading is a lot harder to pull off there.
Does anyone know of a good way to check whether my Mac is infected with this (or any other) malware programs? I rarely, if ever, download unknown programs, and my OS is always up-to-date, but still...
If abakker's comment https://news.ycombinator.com/item?id=14840063 is the same issue, then it sounds like you just need to look for `~/.client` and `~/Library/LaunchAgents/com.client.client.plist`.
I think the main reason it was running under the radar is that the script itself did not contain an exploit that bypassed any security mechanisms. The only difference between a remote desktop app and a new command and control malware is the way it is installed.
It is not all that surprising to me that any targeted malware could operate unnoticed for years. The odds of discovery are directly proportional to the volume of distribution and inversely proportional to the importance of the targets. This malware apparently infected a small number of low profile targets.
It's not just perl; the screen capture code apparently references GWorlds, something I frankly have not seen since writing software in the 1990's for pre OS X APIs. It's so old that Googling for gworld hardly has any relevant results.
Most of the sample code for those APIs was deprecated by the mid 2000's
Unless the attacker had some unique reason for using that, which seems unlikely, that really does put the code at about 10 years old or so...
I like the concept but I don't like the fact that BlockBlock needs to install a kernel extension. It says it does this to minter process creation. Why can't it do it with dtrace?
Linux has a huge advantage in that it has a very wide array of variants, kernels, library configurations through many standard distros and further customizations. It makes it much harder to write distribute complex malware than a standardized OS like Windows.
You probably shouldn't install any antivirus on Windows either. They're so full of holes that they probably increase the likelyhood that you get a virus.
No. It's unusual. The most common case is Macs in corporate environments where "local anti-virus" is required across all desktop systems (with such policies typically originating in Windows-centric companies).
I was a Windows user for 10 years. Now a Mac user for 11 years. Haven't needed any sort of antivirus yet. Just thinking back to my time with Windows makes me chuckle, when I had an arsenal of virus scanners, startup disablers, and registry cleaners on hand.
> Taking control of a command and control server, however, had another unexpected outcome: Around 400 victims infected with FruitFly started connecting to it.
"Unexpected"? How? This would have been obvious to Wardle. Maybe the journalist added this to "inject some suspense"? Thanks but no thanks, I won't bother reading the rest of this article.
This is an area where it's really hard to extrapolate from my personal experience to the entire population, but is this really an accurate statement of many people's beliefs?
I think what people actually think is that the chances are much lower of encountering malware in the wild on a Mac. In support of that, having an article this long on a single piece of malware that isn't particularly damaging, would indicate that it's not the normal state of affairs in Mac land.
I would similarly expect that the chances of drive-by malware on Linux are tiny, perhaps even less common than on a Mac, and thus it would be newsworthy if there were some widespread (in relative terms) Gnome malware, or similar.
It's one thing to think that it's uncommon, and another to think that it's impossible.