Malware on the Mac? Well, kinda

by Giles Turnbull

Reports over the weekend that a new malware application had been found on Mac computers caused quite a stir.

Subsequent investigation has shown that, in itself, the Opener script does not present too much danger to most Mac users. As Macintouch readers pointed out, the malicious hacker would have to have root access to your computer, or physical access to a disk it was connected to in order to get the thing installed.

That's not to say that we Mac users should resume our customary smug expressions and pretend there's nothing to worry about.

Modern Macs are designed for connectivity. The new iBooks are unwired for Airport as soon as you unpack the box; the presence of a network, and therefore access to the internet, is not questioned. And connected computers are exposed computers.

While Opener certainly could cause some pretty nasty damage to any disk it infected, it lacks the crucial element that makes a virus a virus: a means to propagate itself from one machine to the next.

Nonetheless, this could be an ideal opportunity to learn something useful from our Windows-using friends. The smart ones among them get hold of anti-virus software before they even connect their WinXP boxes to a phone socket. Is there any reason why Mac users shouldn't do the same?

It's funny. No matter how many lists of essential Mac OS X software you see, none of them ever seem include anti-virus applications. That says something -- partly about how safe this system has been to date, and partly about the smug complacency a lot of us could be reasonably accused of.

Yes, Mac OS X has built-in firewall software. Yes, no-one writes viruses for the Mac platform because there's just no (obvious) point. Why bother trying to infect such a tiny proportion of the global computer-using community? But despite it failing to qualify as a virus in the traditional sense, someone did make the effort to write Opener. And if one person thought it was worthwhile for their mysterious purposes, what's to say that someone else might not think it worthwhile doing something similar to you, and your computer?

If any of this makes you feel even a tiny bit uneasy, perhaps you'll consider downloading ClamXav, a GUI implementation of the Clam antivirus for Unix. Heck, if the scare about Opener is as low a threat as most people are now saying it is, you've nothing much to worry about. But it's free, and it's simple, so why not?

Should Mac users take more of an interest in security?


2004-10-25 15:29:07
Why not?
Because scanning for non existing viruses just costs cycles. And if there were a Mac OS X Virus/Trojan, Clam would probably not find them...

Plus, it is no use against Office... ;-)

2004-10-26 07:29:14
My confession
I am a Mac user and I have never used any kind of anti virus software, and I don't intend to ever user any kind of anti virus software. I have also never had any kind of problem with viruses, and I've been using Macs for over 10 years.

I could have used anti virus applications, of course. But frankly, the trouble of buying, installing and mainting these apps would obviously have been bigger than the destruction any virus has caused me. Which is none. I think this will be valid for some time to come: Anti virus applications cause more problems than they solve (I recently got a call from a switcher which went something like this: "Macs suck! I constantly get kernel panics!" "What? That can't be right. What did you do?" "Nothing!" "Come on. Did you install any kind of software?" "No, nothing! Just this anti virus app, but you need these, right?")

They're also useless, because most malware problems in the recent past have been due to worms outbreaks. These worms spread faster than the virus application providers can update their virus definitions. So when you actually need your anti virus app, i.e. when there's an outbreak, it won't protect you.

And they make the user act stupid. They make you think that you aren't vulnerable. After all, the anti virus app will protect you, right? No, it won't. It's better to use a correctly set up firewall, not share executables or Word files with other people (or at least not open Word files in Word, but in another application) and not execute mail attachments as long as you aren't sure what's actually inside them.

These things will actually protect you if (or when) there is an actual virus or worm outbreak on the Mac platform. Anti virus apps will just make you act reckless.

2004-10-26 16:20:54
Why not?
No use against Office? The majority of viruses clamav picks up are Office macro viruses! ....or maybe you're calling office a virus? I couldn't possibly comment on that! ;)

I'm actually the developer of clamXav, and believe me, as soon as a virus/trojan appears for OS X, I'll be supplying the virus signature to the clam virus database. If they don't accept it, I'll start maintaining my own database which WILL contain the signature.

While clamXav only started as a pet project, I'm really taking it seriously now - it's the only free, user friendly, virus scanner for Mac OS X and I'm determined to keep it current and useful.

Developer of clamXav