OSX Malware not taking off yet
Tuesday March 20, 2007 at 6:34 am CST
Posted by Marius van Oers
Today we know of over 236,000 malicious malware items. These are mostly meant for the MS-Windows environment. Only about 700 are meant for the various Unix/Linux distributions. Current known Mac OSX malware count is even less with 7, so pretty much non-existent at the moment. For older builds of the MacOS there are 69 known malicious items, with an additional 8 items for MacHC that used hypercard script extensions which had to be manually installed as an addon package.
Malware writers tend to write for systems that are the mostly widely used. With Microsoft Windows being dominant in the desktop market it is clear why the most malware is written for it. Also, prior to Vista, the various Windows versions were pretty much wide open, full access, making it relatively easy for malware to abuse.
The number of *nix malware might not be that big, but if we consider that a large number of E-mail and File servers actually run *nix versions, then the impact of successful *nix malware might be bigger then initially expected. The problem with *nix malware is that there are a lot of different flavors/distributions and kernel versions. ELF binary malware is highly susceptible to these variations and most times will fail to even run properly, resulting in segmentation faults etc. Many malware packages actually come with a set of scripts and have the viral source code in source files like .c embedded in the package and can perform local recompiles, with say gcc, as to enhance the chance of binaries running fine. Such packages are easy to spot but not so very successful when executed.
In fact there are open source implementations of .NET like the mono project. With that, the distribution/flavor/kernel version dependency is pretty much gone. But so far projects like mono have not integrated fully into popular distributions like Suse or Redhat. In fact there also exists support for the SunOS and Macintosh, so in the future this could be mis-used for malware.
Nowadays malware writers do not go for massive attacks but tend to focus on targeted attacks. This is more worrisome then the poor malicious demonstrators that the OSX threats of Leap and Macarena really represent. Nevertheless it is clear that OSX malware is not taking off yet. With an estimated OSX marketshare of about 5 % on the desktop systems one would expect to see more malware for OSX.
OSX is originally based on BSD. One shouldn’t run by default with root access so adding/modifying system binaries should, in theory, not be that easy to achieve. Nevertheless *nix rootkits do also exist, so a perfect guarantee can’t be given.
Also, on OSX systems, the source code is available for many components. This can make it easier for malware authors to write malicious code/exploits.
It’s hard to predict if the number of malware for OSX will remain very low or if it will increase significantly - so stay tuned!!
March 20th, 2007 at 9:08 am
What is the basis for your assertion that source code availability “can make it easier for malware authors to write malicious code/exploits” — is there any research or data anywhere which suggests this to be true? It is a reasonable hypothesis, but so is the contrapositive. Absent any research one way or the other, it’s rhetorically irresponsible to make a statement like that.
March 21st, 2007 at 7:05 am
Respect is the reason I believe. Those who use macs love them, not hate them. The New OS X is more elegant than ever before and as a long time mac user I would NEVER do anything to hurt the platform.
I also use Windows XP SP2 side by side and loathe everything about it. It is designed not for use but to manipulate it. The whole OS gets in the way before programs, irritates the dickens out of me, hours researching how to do some simple add on or driver, etc. It is insane. Plus at colleges or wearever the kids are taught to maipulate in order to understand them. My son, raised on MACS, became a network specialist and learned and showed my how to do so many BAD things. He even hacked the treachers computer that even the teacher could not figure out, got in trouble, but got his degree. People who use macs simply appreciate them, and since using macs since 1989 I have never came across anyone who ever wanted to hurt the platform, learn about yes, but not harm.
March 21st, 2007 at 7:08 am
You are being misquoted and/or misrepresented by VNUNET.COM which says of you, “The Mac OS X system is not inherently more secure than other operating systems, according to the researcher.”
I can find no such assertion in your article.
The misrepresentation can be found here:
http://www.vnunet.com/vnunet/news/2186013/dearth-mac-malware-continues
March 21st, 2007 at 10:44 am
First, thanks for the article. I’ve been trying to find statistics on how malware affects different operating systems. The numbers you referred to are just the type of information I’m looking for. Could you point me to your sources, as it would be greatly helpful to me.
Thanks!
March 21st, 2007 at 11:57 am
OS X fast virenfrei…
…
March 21st, 2007 at 4:45 pm
[…] Malwares, Sistemas Operacionais e outras avenças Interessantes os dados divulgados ontem, 20/03, pelo McAfee’s Avert Labs Blog. Vejam o que eles dizem: Today we know of over 236,000 malicious malware items. These are mostly meant for the MS-Windows environment. Only about 700 are meant for the various Unix/Linux distributions. Current known Mac OSX malware count is even less with 7, so pretty much non-existent at the moment. For older builds of the MacOS there are 69 known malicious items, with an additional 8 items for MacHC that used hypercard script extensions which had to be manually installed as an addon package. […]
March 21st, 2007 at 4:50 pm
[…] Interessantes os dados divulgados ontem, 20/03, pelo McAfee’s Avert Labs Blog. Vejam o que eles dizem: Today we know of over 236,000 malicious malware items. These are mostly meant for the MS-Windows environment. Only about 700 are meant for the various Unix/Linux distributions. Current known Mac OSX malware count is even less with 7, so pretty much non-existent at the moment. For older builds of the MacOS there are 69 known malicious items, with an additional 8 items for MacHC that used hypercard script extensions which had to be manually installed as an addon package. […]
March 21st, 2007 at 5:31 pm
Please list the “7 known malware apps” that affect Mac OS X - and which versions of Mac OS X are affected - and which Security Updates correct those Vulnerabilities or Exploits.
I know of at least 2 rootkits for Mac OS X - but they require access to root and a person needs to be physically at the machine to install. And there is one commercial app (Spector) for monitoring a machine - with permission.
So what are these others mentioned?
March 22nd, 2007 at 9:41 am
[…] “Os especialistas em segurança não estão certos sobre o porquê. Em artigo para o blog McAfee Avert Labs o pesquisador Marius van Oers diz que malware para Mac é ‘praticamente inexistente até o momento’”, relata Shaun Nichols para o vnunet.com. […]
March 22nd, 2007 at 11:31 am
[…] When it comes to security, you can’t beat Mac OS X, yet!! Yes rage on. This is what McAfee write in its latest report. Today, there’s 236,000 malicious malwares, mostly for Microsoft Windows environment. Only 700 hundreds written for UNIX/Linux. And even less than 7 for Mac OS X. […]
March 23rd, 2007 at 6:03 am
[…] Zahlen zur Sicherheit von Windows und MacOS Im Artikel OSX Malware not taking off yet auf dem McAfee Avert Labs Blog gibt’s ein paar interessante Vergleichszahlen zu Malware, Exploits etc. auf den verschiedenen Plattformen. […]
March 24th, 2007 at 10:00 am
I appreciate the one un-noticed fact of the mac world verses the pc world. It didn’t hit me until I read this article……when you do not have to worry about some malicious virus lurking in the background just waiting for you open your computer, then and only then can you just “jump in” and begin your task on the computer.
I never gave this a second thought. I have been using a Macintosh since 1985 and not once have I worried about, “is there a virus going to hit me today?” Not once! And I believe because of this my production on my Mac has definitely shot up.
When you can just boot up your computer and get to work on your project without the worry of a virus attacking you, it certainly says something about the OS coding of the Mac! Now this isn’t to say anything negative about the PC world. I just say that it’s too bad that people have to be so very concerned about ANOTHER patch; ANOTHER this, or ANOTHER that!
I feel that those who grow tired of attacking the PC computers will someday begin to try to foil the mac world. However, we need to understand that in the mean time Apple continues to stay ahead of these people with their security updates. And, by the time the attack begins, it’s going to that much harder to get into the OS of any of the Mac’s.
Richard Cornelius
March 25th, 2007 at 12:54 pm
[…] According to McAfee Avert Labs blog, from over 236,000 malicious malware items, most of them are meant for Microsoft Windows OS and only 700 for Unix/Linux. Mac OS X has not surprising number 7, which can be a proof that it is almost safe from any malware. […]
March 26th, 2007 at 7:53 am
It is interesting to note that while you hinted at it, you never actually came out and said it. One of the biggest, if not the biggest obstacles to malware on *nix and OS X is one of permissions.
You speak of packages coming with code that can recompile with gcc and go on to state that they usually fail. This begs the question of “Why?’. The answer is in permissions. If your permissions are set properly, and if you haven’t gone in and mucked about with them, then the default permissions are usually adequate, then the package probably can’t compile or install, because the user does not have permission to write to that particular directory.
This is just one small, brief and not very in depth example.
While I appreciate the fact that you are probably constrained by time, space etc. A follow up with the actual reasons why these malware packages for *nix (And yes, OS X belongs in that category, because it is based on the BSD Kernel) fail and/or are of such a low number, would be in order.
March 30th, 2007 at 10:07 am
[…] Marius van Oers, a virus research engineer at McAfee, posted a blog last week that showed there are more than 236,000 pieces of malware “in the wild.” The vast majority are aimed at the Windows environment. Only about 700 are meant for the various Unix/Linux distributions, van Oers wrote. How many are for the Mac OS X platform? Seven or less, he said, calling the threat “pretty much non-existent at the moment.” […]
July 5th, 2007 at 9:01 pm
[…] When it comes to security, you can’t beat Mac OS X, yet!! Yes rage on. This is what McAfee write in its latest report. Today, there’s 236,000 malicious malwares, mostly for Microsoft Windows environment. Only 700 hundreds written for UNIX/Linux. And even less than 7 for Mac OS X. […]
July 17th, 2008 at 7:51 am
It’s not just the popularity or lack of granular permissions of Windows that makes it a good target, it’s also that the sprawling interfaces into the OS expose a huge amount of surface area for attackers. For example, HTML+Time support in IE is a paper thin layer over COM interfaces to WMP. And there’s the general issue of Microsoft’s rock-bottom quality standards letting a lot of bugs get out into the wild.