9 Replies Latest reply: Aug 31, 2011 11:27 AM by joryjoryjory
Maronan Level 1 Level 1 (0 points)
Are there any viruses, trojans, or other malware which, upon infecting a Mac running Windows XP Home (unpatched, outdated antivirus) in Boot Camp, are able to damage the Mac OSX partition or anything else outside of the Windows section?

Basically, I've discovered that my Windows setup is b0rken and I need to wipe and reinstall it. Since the Boot Camp volume is formatted as FAT32 rather than NTFS, I can wipe it in Disk Utility and restore it from a disk image I made as a backup some time ago, while booted into Mac OSX.

Since I haven't told him I'll be wiping the Boot Camp partition anyway, my mate bet me a beer that I wouldn't install a particular piece of dodgy software. (It's semi-commercial; adware is likely, a heavily-virulent virus less so, but I'm being careful and assuming the worst.)

If I install dodgy software in Windows (and possibly get infected by a virus or rootkit; can't rule them out even if the possibilities are remote), will said infection cause any damage to my computer that will survive the zeroing of my Windows partition and complete reinstallation from a clean source?

Keep in mind that my Boot Camp setup is old enough that it does NOT have HFS+ drivers installed. Unless the virus brings its own, Windows XP is NOT capable of reading the Mac OSX partition or any of the files thereon.

Thanks for any help you can offer.
  • MStum Level 1 Level 1 (5 points)
    Since the hard drive itself is accessible, a Virus could alter/destroy the partition table, therefore wrecking the OS X partition with it.

    There is also the possibility of a Virus containing a HFS+ driver, but I'm pretty sure none of these exist.
  • The hatter Level 9 Level 9 (60,575 points)
    Best Windows program protection and free as well.

    http://www.microsoft.com/Security_Essentials/

    http://www.microsoft.com/security/portal/

    EFI and GPT are probably not on the radar so I doubt a bios or rootkit exists other than MBR.
  • Maronan Level 1 Level 1 (0 points)
    MStum wrote:
    Since the hard drive itself is accessible, a Virus could alter/destroy the partition table, therefore wrecking the OS X partition with it.

    There is also the possibility of a Virus containing a HFS+ driver, but I'm pretty sure none of these exist.


    If Macs represent too small a market share to be worth attacking, then I strongly doubt there would be any malware specifically to attack Macs running Windows. Especially now that HFS+ drivers are standard with any Boot Camp installation; this machine is old enough not to have them, but the newer ones do.

    If a virus manages to destroy the partition table, I can always restore from a backup; I'm sort of playing with fire here, so I'll back up everything. Should the partition table get destroyed, I'll restore from backup after my free beer.

    My main concern is whether a virus could read the Mac partition or copy something to it that would survive my nuking Boot Camp. Obviously, the latter would fall into the unlikely category of "malware built specifically to attack Macs running Windows in Boot Camp," but the latter not so much. Assuming the virus doesn't bring its own HFS+ drivers, is there any way it could read or modify the contents of the Mac partition short of destroying the partition table to make it unusable?
  • The hatter Level 9 Level 9 (60,575 points)
    "Virus" - there are way too many threads over in Using OS X forum - but if you look, one of the security patches in 10.6.6 was to address a man-in-the-middle exploit.

    So if you widen "virus" to be sql-injection, trojan, drive by downloads, or just crashing an application or whole OS, yes it can happen. Some exploits use web browser plug-ins too.

    And some rootkits can bury in the BIOS and make the motherboard infected to the point gov't departments had to destroy the machines.

    GPT and EFI though are probably outside those attacks.
  • Oblivion2500 Level 1 Level 1 (0 points)
    You should not be too afraid as long you do the following:

    1. download a free anti-virus program, I really recommend Avast and not AVG because it faster and have less false alarms.

    2. Don't download stuff from the internet in your windows partition. I mostly just go to my Mac OS and download everything I want and then go to boot camp and in windows, I go to the macintosh hdd and find the download folder and drag to desktop.

    and also I would download:
    CCleaner to keep your windows partition clean and fast, and a trial of TuneUp utilities just to fix all the problems including security problems windows already have in windows and then uninstall it.
  • Maronan Level 1 Level 1 (0 points)
    The hatter wrote:
    "Virus" - there are way too many threads over in Using OS X forum - but if you look, one of the security patches in 10.6.6 was to address a man-in-the-middle exploit.


    I'm using 10.5.8 on my Mac partition, but I don't see how an MITM attack allows anything to write itself to the Mac partition from within Windows and then execute once that partition is booted.

    So if you widen "virus" to be sql-injection, trojan, drive by downloads, or just crashing an application or whole OS, yes it can happen. Some exploits use web browser plug-ins too.


    I'm referring to any kind of malware, not just the strict definition of "virus." But my primary concern is whether anything (currently out in the wild) can execute itself while my computer is booted into Windows, write itself to the Mac partition, or to EFI, or to anything else, and remain functional when the computer is rebooted into Mac OSX and the Windows partition completely wiped.


    And some rootkits can bury in the BIOS and make the motherboard infected to the point gov't departments had to destroy the machines.

    GPT and EFI though are probably outside those attacks.


    If BIOS-infecting attacks can't infect EFI, then there's nothing to worry about. Macs have EFI. But that's an "if" I'm not sure of, which is why I'm asking.
  • Maronan Level 1 Level 1 (0 points)
    Oblivion2500 wrote:
    You should not be too afraid as long you do the following:

    1. download a free anti-virus program, I really recommend Avast and not AVG because it faster and have less false alarms.

    2. Don't download stuff from the internet in your windows partition. I mostly just go to my Mac OS and download everything I want and then go to boot camp and in windows, I go to the macintosh hdd and find the download folder and drag to desktop.

    and also I would download:
    CCleaner to keep your windows partition clean and fast, and a trial of TuneUp utilities just to fix all the problems including security problems windows already have in windows and then uninstall it.


    While that seems very good advice for using Windows in Boot Camp in general, I'm not sure how well it really applies in my situation.

    Specifically, I was planning to deliberately install dodgy software (which will probably have adware, might have spyware, and could have a virus or rootkit but that's less likely), and then reboot into OSX and wipe the Windows partition entirely. I'm not trying to avoid malware; I'm trying to make sure malware intentionally installed on my Windows partition can't infect my Mac partition or firmware or otherwise survive the complete nuking of my Windows partition and its contents.

    Because my mate bet me a beer that I wouldn't install it and Paying < Free Beer.
  • Maronan Level 1 Level 1 (0 points)
    The staff at the Genius Bar said that I could safely install malware in Windows without damaging my Mac partition. The malware was installed. The Windows partition was wiped. The beer wasn't very good but it was free.
  • joryjoryjory Level 1 Level 1 (0 points)

    sorry to bump this post, but can a "genius" from apple please verify this last post for us so that we know it is true and not someone trying to promote carefree security when using bootcamp. thanks