MacMatters

MacMatters

I run (in my copious free time) a page called Mac Virus that I inherited from Susan Lesch, who ran it as a comprehensive Mac antivirus resource. (That page has nothing to do with the later pages at macvirus.org or macvirus.net, by the way, which also refer to themselves as Mac Virus, and recently experienced infestation problems

I run (in my copious free time) a page called Mac Virus that I inherited from Susan Lesch, who ran it as a comprehensive Mac antivirus resource. (That page has nothing to do with the later pages at macvirus.org or macvirus.net, by the way, which also refer to themselves as Mac Virus, and recently experienced infestation problems

I run (in my copious free time) a page called Mac Virus that I inherited from Susan Lesch, who ran it as a comprehensive Mac antivirus resource. (That page has nothing to do with the later pages at macvirus.org or macvirus.net, by the way, which also refer to themselves as Mac Virus, and recently experienced infestation problems with fake codecs.)

I’ve never really had the time to keep Mac Virus current to the standard that Susan did, updating it on a pretty much daily basis, but I try to keep at least half an eye on the Mac malware scene and try to help out with Mac-related queries when I receive them. This week, I had one of those “So what Mac malware is there really?” enquiries. This really ought to be an FAQ at Mac Virus, I guess, but until it is (and because there are readers of this blog who are interested in Mac issues), here’s a quick summary of my response. Even at the risk of an avalanche of rabid Mac zealots telling me that I don’t know what I’m talking about.

There are quite a few older malicious programs that are specific to the Mac, though hardly any of them are likely to have any effect on a modern system (especially an Intel-driven system, where the Classic/pre OS X environment is no longer supported), and I haven’t seen any of them reported in years. (Is anyone still using HyperCard?!)

Then there are some proof of concept viruses for OS X, but they don’t pose much of an immediate threat. (Of course, replicative malware is a shrinking proportion of current malware even on Windows platforms.)

There are other malware-related threats that you should be aware of, if not panicked by. (We’re not talking huge numbers to date.) For instance, Trojans like the DNSchanger fake codecs mentioned earlier, the occasional rootkit, rogue anti-malware programs… Some of these are affecting

And there are the cross-platform issues: macro viruses aren’t a very big deal now, but they haven’t altogether disappeared, and there are other  issues with MS Office document vulnerabilities, though the exploits have been almost invariably Windows-specific till now. Also, VBA  is absent from the latest Office for Mac, though  it will be back in the next version, apparently.

In fact, there is a persistent risk of Windows-specific or cross-platform malware spreading by way of Windows non-users. It was actually an instance of that – the macro epidemic of the mid-1990s – that dragged me into the Mac anti-malware arena in the first place.

I would advocate that Mac users in a corporate environment should be using protected machines, irrespective of the perceived risk from Mac-specific threats. I would never discourage the use of commercial anti-malware by home users (there is some free AV for Macs, but none that offers comprehensive protection). Macs aren’t at anything like the same level of direct risk from malware that Windows is, and may never be. That said, we do see the bad guys getting interested in mining sparser seams of potential victims as Windows users become more security-conscious. Some, including me, believe that the risk level is increasing, but slowly. We may not yet be at the point where anti-malware protection is essential even for people who use Macs at home and who don’t take foolish risks. But never say never.

As it happens, Apple have just released a comprehensive – well, large, anyway – document [link removed, since document has been removed from the Apple site – DH, 2017] on securing Leopard.  Being an Apple document, it includes a brief mention of viruses (summary: use antivirus, practice safe hex) but makes no mention of the wider range of malware that might concern you more. Ah well… I do happen to know that “OS X Exploits and Defense” (published recently by Syngress) includes more information on malware, because I wrote those two chapters. ;-) Contrary to the impression you may get from some book sites, though, I didn’t write or tech-edit the whole book (the confusion arises because I had to withdraw from editing due to imminent surgery), and I haven’t found time to read the rest of the book yet. When I do, I’ll give you the benefit of my prejudices.

David Harley
Research Author
ESET LLC

Discussion