2 Replies Latest reply: Apr 9, 2012 4:20 AM by MrHoffman
rajibkabir Level 1 Level 1



is mac attack by viruses?

iMac, Mac OS X (10.7.3)
  • Kenichi Watanabe Level 8 Level 8

    No "viruses."  But there are some "trojans" that try to trick the user into being installed.

  • MrHoffman Level 6 Level 6

    Yes, Mac OS X has, can and will be attacked by various sorts of malware.


    There are different sorts of malware around, including viruses, worms and trojans.  


    (To the technically inclined, these terms - virus, worm and trojan - describe different types of internal mechanisms used by the malware to gain access.  Many attacks have been blended in recent years, too.)


    Yes, there have been a few Mac viruses.  Yes, there will be more of these.  And in some environments, OS X boxes are common hosts for Windows viruses on their OS X storage services.  The OS X systems can transmit that malware but are otherwise immune to it themselves - most any random CIFS/SMB-providing storage server can host Windows-targeting malware.  (This is why OS X Server has had malware scanners for years.)


    There are other sorts of attacks, as well. 


    The most recent was a "drive-by" attack that used a visit to a web page with Safari to load and run some Java on the local system.  That code could then either prompt for the administrative password and gain full access or - due to the flaws in Java - to punch through and gain full system access for itself. 


    I'm using "malware" as a generic name for all of that dreck; for all types of attacks.


    The so-called Trojans are trivial to write, and unfortunately some folks are all too willing to offer the equivalent of their entire key ring and all their keys, their credit card numbers, and their personal information to the installing software - which is what the user is doing when you're entering your administrative password.


    For those bits of malware that are known, Apple has a built-in mechanism within OS X called XProtect.  This can identify and eradicate known malware, and the malware definitions are downloaded from Apple as updates are made.


    It's also unfortunately common to discover OS X boxes without good backups, and without offline backups.  This means that malware can wipe out your environment and potentially any connected backups that are accessible to it.  These backups are your path back, should your OS X system be compromised.


    Follow good practices, and base your practices on how much your data is worth to you.  Don't download junk from anywhere.  If you're offered a download or a link - via any mail message, whether it's apparently an AT&T Bill, a LinkedIn or Facebook invite, or otherwise - don't click on it.  Don't allow Java to run in your browser by default.  Don't allow any web pages to download any "player" tools of any type.  Use a tool to block Adobe Flash, or deinstall Flash entirely.  If you do have Java or Flash or other software installed, keep it current.  Passwords, of course.  Secure WiFi networks with long WPA2 keys.  Do not use WEP WiFi.  Keep your OS X installation current.  And keep good and frequent backups, and use multiple disks for your backups.


    If you are looking for details of the current malware that's been getting some "breathless" coverage in the press, there are various discussions of that posted around the net and the forums.  Here and here and here are some reasonable discussions and details, and steps to detect and remove the dreck.