# Macs are Virus-proof?



## leep (May 21, 2008)

Hi! I'm thinking of purchasing a macbook as a replacement for my virus-eaten Dell notebook. A close friend informed me about the macs' resistance to virus's. Is this a fact, or is he just trying to persuade me into getting a mac? Also, what sorts of problems do mac-users face with their computers (if any)?


----------



## Guest (May 21, 2008)

Macs are not virus proof at all, there is potential for viruses and there's nothing about Mac OSX that prevents viruses from happening ... but that said there hasn't been a single OSX virus found in the wild yet.

As for problems with Mac computers, there are some, nothing is perfect, but I can guarantee you that the general user experience will be MUCH better than with your virus ridden Dell


----------



## SoyMac (Apr 16, 2005)

Macs are not necesarily virus-_proof_, but they are certainly virus-_resistant_.

The Apple OS, as of OS X, is built upon a very sturdy and quite secure UNIX core. (others here will explain this much better than I)
- While this does not make a Macintosh computer absolutely immune to some potential virus in the future, as mguertin said, there are no viruses for the Mac at this time, and there has not been a single virus since OS X was introduced 6 or 7 years ago. 

Almost no-one who owns a Mac has anti-virus software installed.

*If *a virus is _ever _released for the Apple platform, you will hear about it _fast _on discussion boards such as this one.  

There have been contests, challenges, and even bribes offered to create a virus for Mac OS X, and no-one has yet succeeded.

Something that concerns me about your post, however, is that you say you suspect your friends are just trying to _persuade _you to get a Mac. I would suggest that if you actually _need _convincing, you may not be ready for a Mac at this time. 
When the time is right, you'll _know_.


----------



## eMacMan (Nov 27, 2006)

SoyMac said:


> Something that concerns me about your post, however, is that you say you suspect your friends are just trying to _persuade _you to get a Mac. I would suggest that if you actually _need _convincing, you may not be ready for a Mac at this time.
> When the time is right, you'll _know_.


Oh so true. It is entirely possible "leep" actually enjoys beating his head against brick walls or perhaps he prefers dying of thirst whilst staring at an oasis. 

When I bought my first computer 13+ years ago. a good friend who had made his living with computers even when programming was done with punch cards, gave me this advice: "If you want to learn how to solve computer problems get a PC, If you want to learn how to use a computer get a Mac." 

It was great advice then and it still is!


----------



## shikotee (Jun 1, 2005)

My understanding is that Mac's aren't virus proof.

The reality is that for a long time, the various Mac OS's have only had a very small portion of market share in the computer world, and for that reason, little effort and resources have been used to specifically target them. The various Microsoft OS's on the other hand are pretty much everywhere, which is why virus writers use them as the primary target - this produces the highest probability of successfully infecting.


----------



## fjnmusic (Oct 29, 2006)

Re-read Soymac's post. They are very different operating systems. All PC's are still built on an underlying MS-DOS base. That would be the problem. Surely you don't really think market share is the only thing preventing someone from coming up with a Mac virus? I would think there would be teams at MicroSoft devoted to just this task. Fact is, at this time, viruses are not a concern for Mac owners. But they are for PC owners. Nuff said.


----------



## GratuitousApplesauce (Jan 29, 2004)

shikotee said:


> My understanding is that Mac's aren't virus proof.
> 
> The reality is that for a long time, the various Mac OS's have only had a very small portion of market share in the computer world, and for that reason, little effort and resources have been used to specifically target them. The various Microsoft OS's on the other hand are pretty much everywhere, which is why virus writers use them as the primary target - this produces the highest probability of successfully infecting.


That argument has long been known as the OS X "security through obscurity" myth. It basically assumes that since it's so easy for malware authors to compromise Windows, all other OSes would be as easy to compromise and are only relatively free of problems because they don't have Window's huge user-base. While it may be comforting for Windows users to console themselves with this theory it's been well de-bunked by Mac writers on the web. None better than this one: Daring Fireball: Broken Windows. The article is a few years old but probably still quite relevant.

No one thinks OS X is virus-proof, but there are many good reasons to think that if OS X had the market share of Windows, it still wouldn't be plagued with the same amount of malware problems.


----------



## chas_m (Dec 2, 2007)

mguertin said:


> Macs are not virus proof at all, there is potential for viruses and there's nothing about Mac OSX that prevents viruses from happening


This is the single most wrong thing ever said on this forum. It is completely untrue and inaccurate on so many levels I must restrain myself from name-calling.

There is PLENTY about Mac OS X that prevents viruses from happening. It's not just magic fairies or dumb luck that has kept Mac OS X virus free for almost a decade.

The truth of the matter is that there is VERY LITTLE potential for viruses and a LOT about Mac OS X (mostly "better designed with security in mind from the ground up") that will keep it that way.

What you probably meant to say is that Mac OS X is one of, if not THE, most secure internet-aware operating systems ever devised, but that doesn't mean it's perfect, nor does it mean that it's completely impervious to ANY kind of attack.

Because that statement would be accurate.


----------



## SINC (Feb 16, 2001)

chas_m said:


> This is the single most wrong thing ever said on this forum. It is completely untrue and inaccurate on so many levels I must restrain myself from name-calling.


There are plenty of inaccuracies floating around the forum, including your erroneous statement, "This is the single most wrong thing ever said on this forum".

Nothing is "said" on the forum. All of it is written


----------



## RunTheWorldOnMac (Apr 23, 2006)

SoyMac said:


> Something that concerns me about your post, however, is that you say you suspect your friends are just trying to _persuade _you to get a Mac. I would suggest that if you actually _need _convincing, you may not be ready for a Mac at this time.
> When the time is right, you'll _know_.


Something concerns me about your post  ; the time is always right to go to a Mac; perhaps the full benefit may not appear clear before purchase but when it comes to this "shoot first, ask questions later"...you'll be glad you did! When you pull it out of the box, you'll know why you swtiched!


----------



## kps (May 4, 2003)

There are exactly two viruses for the Mac, anything by Symantec and MS-Office. 

Just kidding.

*chas_m*, there is nothing *mguertin* wrote that isn't factual or that required "restraint from name calling". You're in Canada now, relax, calm down...serenity dude...serenity.


----------



## jeepguy (Apr 4, 2008)

RunTheWorldOnMac said:


> Something concerns me about your post  ; the time is always right to go to a Mac; perhaps the full benefit may not appear clear before purchase but when it comes to this "shoot first, ask questions later"...you'll be glad you did! *When you pull it out of the box, you'll know why you swtiched!*


I have to agree with this. Also windoze has more holes than the Titanic, they must have 30 to 40 security patches per year, that has to tell you something.

once you go Mac you never go back


----------



## StageDive (Feb 8, 2008)

jeepguy said:


> once you go Mac you never go back


Ok, now it's my turn to jump in and say that this statement is one of the most wrong i've heard-excuse me, read,on this forum.


----------



## screature (May 14, 2007)

StageDive said:


> Ok, now it's my turn to jump in and say that this statement is one of the most wrong i've heard-excuse me, read,on this forum.


Uhmmm, why exactly.....


----------



## EvanPitts (Mar 9, 2007)

With reference with the OP. I will not get into all of the possible methods by which a Windoze box can be infested with viruses, trojans and malware, it would take a multi volume book. 

OSX is not magically immune to viruses, and in fact, viruses have been written, though they do not propagate well. In comparison to the thousands of machines, perhaps millions, that can be ruined with a released Windoze virus - the Mac dopes not offer the thrill. But why is OSX so "immune"? It comes down to one thing - executable code can not be run under OSX without the appropriate access, passwords and installation routine. This is different from Windoze, which as an OS is entirely dependent upon arbitrary access. The only practical means are through various flaws that would allow an outside user some kind of super user access - these kinds of bugs have been exploited ever since the overy of the GnuEmacs flaw many years ago. And it is obvious that there have been exploits - since Apple has regular Sucurity Updates. However, unless some kind of malicious code could take over all aspects of a machine, virus propagation would be difficult - more difficult because unlike the relative homogenity of the Windoze platform (with most users running XP SP2, a monolithic kernel), Mac users at any given time are running a wider variety of systems, with various sysytem updates installed. Perhaps the other difficulty in writting a virus for OSX is the complexity of writing code that can attach itself to the kernel versus the ease of writing a TSR for Windoze. An OSX virus would be a complex beast, and would have to overcome a large number of security hurdles - whereas a Windoze virus may be nothing more than a Word macro, a kiddie script, or a bad interrupt call, or something else basic.

Why the lengthy explaination? Because in recent months, a number of troublesome developements have shows their hand in the realm of malware. These are not viruses - but programs that are downloaded from certain web sites. The three I have seen had the .app extension (WindmillData.app, AutomaticInfant.app, Slodjj99.app) - but unlike Windoze that would automatically run an .exe or .com file - OSX does not grant the appropriate execute flag. But a user that was perhaps a newbie, might actually grant it the flag to see what the program does.

So in a nutshell - though OSX is perhaps quite immune to viruses, it is not entirely immune to malware - and so long as a user you can keep from running those applications of dubious origin - you will not encounter any problems. If you connect to Windoze boxes on a regular basis, you should occassionally run a virus scanner like ClamXAV - not to protect the Mac, but to keep from spooling out viruses and trojans to Windoze machines. Since Macs are prone to virus infection, they are excellent machines for feeding viruses to other Windoze boxes. There would be no need for paranoia - occassional scans are adequate, and there is no need to have anti-virus scanning running all of the time...

OSX is also immune to spybots, again, because OSX does not allow for arbitrary code execution. But to enhance your internet surfing experience, I would recommend Firefox addons like AdBlock, FlashBlock, StopAutoplay, FlagFox...

Selecting a Mac should not be about paranoia about viruses - but about the fact that unlike a Windoze box, one can start using OSX and do something useful within an hour, whether it is handling photographs, music, setting up an address book, contact calendars, or whatever. Software installations are similarily simple. No fooling with Registries, or DLL files, or needing crazy driver updates. Many programs require you to pul lan icon out of a Disk Image and drop it into Applications; others require you to double click on a package... This boggles the mind of many Windoze users - since they are used to three day long installations of the OS, and even further time invested in setting up all of the virus scanners, and downloading a multitude of WUPdates, and fooling with the Registry - just to have the mispleasure of having to use an entirely dain bramaged version of DOS.

Your friend is not feeding you a line - once you cross over from the dark side - you will wonder why the Evil Empire manages to sell even one copy of M$ Fi$ta...


----------



## StageDive (Feb 8, 2008)

I know of several people that have lived with a mac for a few years, gotten fed up, and gone back to Windoze, or more commonly, migrate to Linux.

There have been several posters on ehMac that have done so, as well.


----------



## Adrian. (Nov 28, 2007)

I surf the net completely devoid of preoccupation with the possibility of viruses. I have had viruses attack my computer. I just get a few .exe files on my desktop and I just trash them.

At this point in time there is one known virus for Macs that circulates through iChat. I do not know much about it as I do not use iChat.

At this point in time we can firmly say that Macs are virus free. Macs are an inumerable amount of times more user friendly than Windows boxes are. Macs simply work better for the common user.

Indeed there are many structural reasons why Macs are far more secure than Windows computers. UNIX is twice as old as ms dos is, has much more development behind it and Mac OS has been rebuilt from the ground up a few times. As for Vista, put it this way, it isn't as new as it appears. 

Nonetheless, the fact that Macs comprise such a small percentage of the computer world has a lot to do with why Macs do not suffer from viruses. If enough programmers sat down and started writing malicious code for OSX they could break through it. It is quite the paradox, the more people switch to Mac for its reputation of being devoid of viruses actually increases its feasibility for malicious programmers.


----------



## shikotee (Jun 1, 2005)

GratuitousApplesauce said:


> No one thinks OS X is virus-proof, but there are many good reasons to think that if OS X had the market share of Windows, it still wouldn't be plagued with the same amount of malware problems.


Agreed! By no means did I wish to suggest that large market share was "the only" reason why Windows machines are targets. Clearly, OS X is a much better and more secure system via its inherent design - obviously superior to any of the pre or post DOS based crap. 

Nevertheless - I stand by what I originally wrote. Macs were not a target because they were barely a blip on the radar (in comparison to domination of Windows based machines), combined with the fact that it would be a tougher nut to crack. 

I don't know how things stand now, but a few years ago, Mac's were less than 5% (possibly even less than 2%) of computers used on this planet. Rest assured, if this was higher, more time and energy would have been devoted towards penetration!

Remember - a computers security highly depends on what the end user is doing with it!!

PS - Enjoyed the article!


----------



## shikotee (Jun 1, 2005)

EvanPitts said:


> OSX does not grant the appropriate execute flag. But a user that was perhaps a newbie, might actually grant it the flag to see what the program does.


Just wanted to say - Great overall explanation of things - well put!


----------



## SoyMac (Apr 16, 2005)

Adrian. said:


> ...At this point in time there is one known virus for Macs that circulates through iChat...


This worm, known as OSX/Leap-A (which now leads me to suspect the OP's {leep's} motives!  ) is a Trojan horse, *not a virus*.

This is not a virus,...This is a "trojan", short for "trojan horse"

-I'd really be tempted to call this thing a non-event; it's poorly written, can't spread beyond your local network, is unlikely to infect anything on most machines, and needs user interaction to do anything at all--

and my favourite...
Sophos trumpets so-called Mac vulnerabilities in attempt to sell so-called security software

Still not one, single virus for Apple OS X.


----------



## EvanPitts (Mar 9, 2007)

I do not think the "population" of computers is really the reason why Windoze machines are exploited.

If someone really wanted to perform an act of mass damage, they would put great effort into a UNIX virus, simply because they could take down pretty much the entire Internet with one fell swoop. I have known people in the past that wrote viruses or other malicious code for some pretty oddball, uncommon machines - like the Corewar exploit on the CRAY. The dude spend a great deal of time writing malware for a machine that has a world population of perhaps two dozen...

Most skilled programmers are spending their time working and earning money. That leaves the amateurs, mostly teenage kids. So if one was a teenage kid, would they spend a huge amount of time trying to learn how an intricate system like UNIX or OSX operates, and spending months figuring out how to exploit it? Or would they just cobble up some code, perhaps altering or making some minor changes, to programs that infest the already infirm Windoze platform? Figuring that ruining a Windoze system can be as simple as enticing a stack overflow, a pointer crash, or even a cheap Word macro written with Notepad. While an OSX hack would require fairly intimate knowledge of the structure of the MACH kernel, and good skill at operating the appropriate compilers. Windoze is hacked not only because many computers run it - but that it is entirely so easy to hack in a short period of time. A Windoze virus is the cheapest thrill in the quickest time for a person so inclined to write a virus.

Newer Intel based Macs will not be so affected by challenges to OSX, though new users who are not familiar with OSX may end up being affected by some of the malware that is now appearing by wanting to run those things that are alien, like some of these .app files that are creeping onto systems (though they do not run, a newbie may be tempted to grant the eXexute flag, just to see what it is. Doing that can give superuser access to malware. This is the most common exploit in the various hacking contests).

Intel based Macs however, will be affected on the Windoze side - and that can lead to OSX being inadvertently trashed with some Windoze malware decides to rewrite the drive... One may not need to be paranoid - but they should be aware of the situation that they are in, and take precautions.

But compared to a Dell running Fi$ta - a Mac basically will give no problems of the sort - even if one is wont of finding and running a Mac virus/malware because they are still fairly rare.


----------



## chas_m (Dec 2, 2007)

SoyMac said:


> Still not one, single virus for Apple OS X.


----------



## G-Mo (Sep 26, 2007)

fjnmusic said:


> Re-read Soymac's post. They are very different operating systems. *All PC's are still built on an underlying MS-DOS base.* That would be the problem. Surely you don't really think market share is the only thing preventing someone from coming up with a Mac virus? I would think there would be teams at MicroSoft devoted to just this task. Fact is, at this time, viruses are not a concern for Mac owners. But they are for PC owners. Nuff said.


While slightly off topic, I would like to take a moment to correct some misinformation reported earlier in the thread... The last version of Windows to run on the MS-DOS base was the mostly un-used Windows Millennium Edition (Me) which was essentially Windows 98 but adopted some aspects of Windows 2000. The NT family of Windows systems are not based on DOS at all, but provide a command-line interface similar to MS-DOS's character-mode interface... This includes Windows NT 3.x, NT 4, 2000, XP, 2003, Vista and 2008... While NT was original devised and Microsofts "business" operating system, they final merged the home market into the NT kernel with XP.


----------



## HowEver (Jan 11, 2005)

There are no Mac viruses. If someone can prove otherwise, no doubt they'll post it. They haven't. They won't.

The situation may change, of course; but saying that something that has never happened is 'likely' to happen is just silly.

Now as for this:



chas_m said:


> This is the single most wrong thing ever said on this forum. It is completely untrue and inaccurate on so many levels I must restrain myself from name-calling.


Thanks for your restraint, but it seems unlikely that you've read every post on this forum. I'm pretty sure that not everybody here has read all of their _own_ posts on ehMac...


----------



## eMacMan (Nov 27, 2006)

There are a couple of things a new user can do to increase security.

The admin profile should have a password. Pre Leopard, FireWall should be on. SSH and ARD access should be disabled. The latter two are confirmed via SystemPreferences>Sharing. 

The admin profile should be reserved for admin tasks. Running updates, installing new software. When setting up the computer create a non-admin profile and use this as your normal user profile. If you need to download an application such as Flash or RealPlayer or VLC navigate to the developers site and download directly, do not click on download links for this kind of application.


----------



## jeepguy (Apr 4, 2008)

StageDive said:


> I know of several people that have lived with a mac for a few years, gotten fed up, and gone back to Windoze, or more commonly, migrate to Linux.
> 
> There have been several posters on ehMac that have done so, as well.


Most of us have tried other computers, I come from a Unix background (25years Sun, Apollo, Silicon Graphics ), and yes I have a windows machine, 2 in fact. I too abandoned Mac as well but, since OSX I'm back and I love it. I've never liked windows but it was a unnecessary evil for me. I'm a certified unix admin (HP-UX and SUN).

My comment was only meant in jest


----------



## Guest (May 21, 2008)

chas_m said:


> This is the single most wrong thing ever said on this forum. It is completely untrue and inaccurate on so many levels I must restrain myself from name-calling.
> 
> There is PLENTY about Mac OS X that prevents viruses from happening. It's not just magic fairies or dumb luck that has kept Mac OS X virus free for almost a decade.
> 
> ...


Chas, Chas, Chas *shakes head*  

There is honestly NOTHING about OSX that makes it special in this department. There is as much potential here as any other *nix/BSD based operating system, in fact there is probably MORE potential for viruses and trojans in OSX than most other BSD based systems as it has much more public exposure than most BSDs, at least to the "end-user" market.

Please back up your words and show me some proof of your statement: "There is PLENTY about Mac OS X that prevents viruses from happening" .. I'd like to know what you are talking about here.

As a matter of fact, I daresay that there are some huge issues with the way that OSX does certain things (like hiding package contents) that make it a very appealing target. I won't get into details, but there are very _very_ easy ways of injecting files that end-users will never even know are there.

While Apple does do a good job of keeping up on security patches for the most part that is sadly the _only_ thing that might qualify your above statement, there is absolutely nothing that is unique to OSX that prevents viruses from happening. The proof is in the pudding, please show us some links to backup your bold statements or admit that you're stuck in Steve Jobs reality distortion field ...


----------



## ahMEmon (Sep 27, 2005)

mguertin said:


> Please back up your words and show me some proof of your statement: "There is PLENTY about Mac OS X that prevents viruses from happening" .. I'd like to know what you are talking about here...


Have you ever even USED OSX? Have you ever tried installing an application, or making changes to your system without being asked for your password? Better yet, even if you download an app on a disk image, do you know what happens the first time you try to run it?

While I'm sure there is the possibility of someone creating a virus for the mac, the fact is that installation and running an application for the first time REQUIRES USER INVERVENTION by either asking for your password OR NOTIFYING YOU OF THE SOURCE OF THE APPLICATION and asks if you are sure you want to run it.

Unlike Windows users, OSX users have to be extremely stupid to infect their systems (what's this? www.virusriddenpornsite.com requires a plugin to view it's content? I have to put in my password to install the plugin? ok then!), unlike Windows users, where infection in the form of viruses, adware and spyware can come from many sources and install itself without EVER alerting the user. I do know that Vista addresses most of these concerns but the fact is that malware can still find itself on a Windows machine withou any form of intervention.

I suggest you go find a Mac and use one BEFORE you say such silly things.


----------



## jfpoole (Sep 26, 2002)

ahMEmon said:


> Have you ever even USED OSX? Have you ever tried installing an application, or making changes to your system without being asked for your password? Better yet, even if you download an app on a disk image, do you know what happens the first time you try to run it?


If you're logged in as an administrator on Mac OS X (which I'd imagine most users are) you can make a lot of changes to the system without providing a username or password (like adding or modifying applications in /Applications).


----------



## ahMEmon (Sep 27, 2005)

jfpoole said:


> If you're logged in as an administrator on Mac OS X (which I'd imagine most users are) you can make a lot of changes to the system without providing a username or password (like adding or modifying applications in /Applications).


Really? I'm logged in as admin on the 3 macs that I use (home, work and my oldest daughter's) and still need to enter a password to install apps and make changes to the system.

And all this time I though only the ROOT user (which you have to turn on in the first place) had such total control over your system....

Maybe it's just me then....


----------



## MacDoc (Nov 3, 2001)

> Have you ever even USED OSX? Have you ever tried installing an application, or making changes to your system without being asked for your password? Better yet, even if you download an app on a disk image, do you know what happens the first time you try to run it?
> 
> While I'm sure there is the possibility of someone creating a virus for the mac, the fact is that installation and running an application for the first time REQUIRES USER INVERVENTION by either asking for your password OR NOTIFYING YOU OF THE SOURCE OF THE APPLICATION and asks if you are sure you want to run it.
> 
> ...


Pardon me but M Guertin is one of the most knowledge Mac people around.

I concur entirely with his viewpoint BUT currently there is little or no risk for the average user and no need for anti-virus software.

I suggest you find out who you are dealing with before you look so foolish in public.


----------



## Kosh (May 27, 2002)

The other thing you might want to think about leep, is do you have the time to switch over to MacOS X, it seems that some Windows users get quite frustrated when they first start working on a Mac, as some things are done differently on a Mac. Hey, I still get frustrated sometimes too, in Windows, trying to do some non-basic tasks. After all they are two different operating systems. There are some things that you will have to learn to do in MacOS X. This forum is usually quite helpful in helping you through those first learning pains.


----------



## jfpoole (Sep 26, 2002)

ahMEmon said:


> Really? I'm logged in as admin on the 3 macs that I use (home, work and my oldest daughter's) and still need to enter a password to install apps and make changes to the system.


Try deleting an application from your /Applications folder. You'll notice that you're not prompted for a username and password.

Heck, most of the time applications prompt for a username and password it's in situations where you don't actually need the username and password (since the user you're running as has sufficient permissions). They're just there on the off-chance you don't have sufficient permissions since it's easier to always ask for permission instead of trying the operation, finding out you don't have permission, then asking for permission.


----------



## Macfury (Feb 3, 2006)

The last time I experienced a virus on a Macintosh was the WDEF Virus--circa 1992. Once in 16 years, and it was only idenitifed on a floppy. It didn't make it to my system.


----------



## leep (May 21, 2008)

Well, thanks for the helpful replies. I'm a bit confused over the big debate on the subject, but judging from the comments of the majority, it seems to me that it's time to get a mac (to save myself from further "beating my head off a brick wall" as "eMacMan" states). I personally think the macbook pro is a bit too costly, so I'll be getting the basic white macbook to start with and to see if I can adapt to the mac environment (though I've heard good things about its' user-friendliness). Just a question before I make my purchase though, is the extended warranty (applecare?) worth getting? Has anyone ever actually used it?


----------



## eMacMan (Nov 27, 2006)

leep said:


> Well, thanks for the helpful replies. I'm a bit confused over the big debate on the subject, but judging from the comments of the majority, it seems to me that it's time to get a mac (to save myself from further "beating my head off a brick wall" as "eMacMan" states). I personally think the macbook pro is a bit too costly, so I'll be getting the basic white macbook to start with and to see if I can adapt to the mac environment (though I've heard good things about its' user-friendliness). Just a question before I make my purchase though, is the extended warranty (applecare?) worth getting? Has anyone ever actually used it?


I would say it is worth buying AppleCare with any laptop. Truth is they suffer a lot more abuse than desktops even when used by people who try to treat them kindly. If $s are an issue you can wait until the regular warranty is almost ready to expire, as you can buy AppleCare any time with in the first year.

Welcome to the light. Enjoy.


----------



## CubaMark (Feb 16, 2001)

leep, the extended warranty is definitely worth buying, particularly for laptops. Note that the warranty doesn't cover anything user-caused (i.e., you drop it), but laptops are put under more stress than desktops.

Note that you don't have to buy the warranty up front: you have one year of coverage with your purchase. You can buy the extra 2 years at any time *before* your 1-year anniversary date.

In my case, it has been worth every penny: I picked up a 1st-generation MacBook. Within eight months, the right-front edge of the palmrest area (to the right of the trackpad above the sleep indicator light) cracked, necessitating a replacement of that part of the case (they swap out the keyboard & everything). Lo and behold - here we are, eight months after that, and it's cracked again - so I'll be taking it in for another swap when I get back to Canada. I also had a 1st-generation battery fail.

And in keeping with the original intent of this thread... I *do* have an anti-virus program installed: the fabulous, free, ClamXav. But it's not "resident" - i.e., not always-on. From time to time I run a scan just for the heck of it, to see if I've received any MS-Word files or email attachments with Windows viruses attached, and partly to remind myself of why I bought a Mac. 

M


----------



## guytoronto (Jun 25, 2005)

mguertin said:


> Chas, Chas, Chas *shakes head*


Yes, give your head a shake, 'cause you need it.



> There is honestly NOTHING about OSX that makes it special in this department


Yes there is. Ignorance doesn't change that fact. Just because you don't know or understand the reasons the Mac OS isn't virus ridden like PCs, doesn't mean reasons don't exist.



> There is as much potential here as any other *nix/BSD based operating system, in fact there is probably MORE potential for viruses and trojans in OSX than most other BSD based systems as it has much more public exposure than most BSDs, at least to the "end-user" market.


Potential means nothing.



> Please back up your words and show me some proof of your statement: "There is PLENTY about Mac OS X that prevents viruses from happening" .. I'd like to know what you are talking about here.


Why should he back up his words? Why not back up yours by showing us ALL the viruses that exist for the Mac. And don't pull that "People don't develop viruses for Mac because it's such a small market share" crap. OS 9 had an even smaller market share, and there were lots of viruses for Mac OS 9.



> As a matter of fact, I daresay that there are some huge issues with the way that OSX does certain things (like hiding package contents) that make it a very appealing target. I won't get into details, but there are very _very_ easy ways of injecting files that end-users will never even know are there.


There is a difference between viruses and trojans. A HUGE difference. Trojans depend on stupidity (and there is no software cure for that).



> While Apple does do a good job of keeping up on security patches for the most part that is sadly the _only_ thing that might qualify your above statement, there is absolutely nothing that is unique to OSX that prevents viruses from happening.


You keep going around in this circle. You don't know what you are talking about.



> The proof is in the pudding, please show us some links to backup your bold statements or admit that you're stuck in Steve Jobs reality distortion field.


The proof is in the pudding? What proof? You've offered none! You make bold claims with no supporting evidence.

You want evidence that the Mac OS is special in regards to blocking viruses? THERE ARE NO VIRUSES FOR THE MAC! That is your proof. No pudding for you. Try humble pie.


----------



## ahMEmon (Sep 27, 2005)

MacDoc said:


> Pardon me but M Guertin is one of the most knowledge Mac people around.
> 
> I concur entirely with his viewpoint BUT currently there is little or no risk for the average user and no need for anti-virus software.
> 
> I suggest you find out who you are dealing with before you look so foolish in public.



Kewl. Then I guess my 16 years of using, abusing, reusing and losing Macs count for nothing then. Since I have very limited Unix knowledge I may not know the intricate details of the inner workings of OSX, so I may not know or even truly understand WHY there are no viruses for the mac, but as guytoronto said, OS9 had a much smaller marketshare than OSX, but still had at least 60 viruses, yet OSX STILL has none. With that said, I still do understand that there is no such thing as bulletproof software, but something in OSX is keeping virus writers at bay. Care to explain what that is?

As for him being "one of the most knowledge Mac people around (sic)" why doesn't he back up his claims with some sort of proof then? 

And I don't give a rodent's behind for "who I am dealing with." If I need to be schooled, then school me but take your condescending attitude elsewhere!


----------



## MacDoc (Nov 3, 2001)

Black swans anyone 

Steve's distortion field alive and well and illuminated.

read what Mark said



> There is as much potential here *as any other *nix/BSD based operating system*


You seen a virus on your phone system lately??

••

16 years??!!!!....since you are unaware of Unix underpinnings you are unable to comment knowledgeably.

I have 23 years in the Mac biz and Mark is far more savvy on these issues than I or any of my staff.
The very fact that you refer to OS9 and X in the same breath shows your lack of understanding.


----------



## ahMEmon (Sep 27, 2005)

MacDoc said:


> The very fact that you refer to OS9 and X in the same breath shows your lack of understanding.


That was in reference to marketshare in case people mention that the Mac market is too small for virus writers to care about. I do know the difference between the two, thankyouverymuch.

If you actually spend some time explaining what you KNOW AS FACT then maybe this thread would actually go somewhere...


----------



## shikotee (Jun 1, 2005)

Woah......

Down Simba! Things have gotten heated in here!

Bottom line is that Macs can get messed up (by other things than a virus), depending on the configuration and intelligence of the user. Not sure how things are now, but Mac anti virus programs seemed to cause more harm than good. Feels good to be able to walk around with the sword unsheathed, and not have to wear a rubber!


----------



## MacDoc (Nov 3, 2001)

:clap:

Like not backing up


----------



## Guest (May 22, 2008)

ahMEmon said:


> Have you ever even USED OSX? Have you ever tried installing an application, or making changes to your system without being asked for your password? Better yet, even if you download an app on a disk image, do you know what happens the first time you try to run it?
> 
> While I'm sure there is the possibility of someone creating a virus for the mac, the fact is that installation and running an application for the first time REQUIRES USER INVERVENTION by either asking for your password OR NOTIFYING YOU OF THE SOURCE OF THE APPLICATION and asks if you are sure you want to run it.
> 
> ...


LOL ... yes I can certainly say that I have used a mac before  You are not always prompted for a username and password ... if you don't believe me try this. Login to OSX with an admin account. Download an app on a dmg, drag that app to your applications folder. Does it prompt you for a password? Nope.

Now we can take it one step further. Find an application you installed that you _did_ have to enter a username/password to install (most anything that installed from a .pkg format) that uses the sparkle framework (the self-updating thing that says "There's an update to this app, would you like to install it?" ... download and let it install the update. When it gets to the end and says "Install and relaunch" click the button .. does it prompt you for a password? In almost all cases, nope. In fact unless it's adding a file that didn't exist previously it has full permissions to do what it wants.

Without going further into things and really letting the cat out of the bag for some of the really bad things that OSX allows to happen I would have to say that my point is proven.


----------



## Guest (May 22, 2008)

Thanks for the kind words MacDoc. 

guytoronto: Re-read the stuff I posted before flying off the deep end. If either you or Chas can demonstrate to me one thing that makes macs LESS susceptible to viruses and trojans than any other Unix system I will gladly retract my statements. Also I didn't say that there were Mac viruses out there, I said that Apple doesn't do anything special to make OSX impervious to viruses. They can happen, and eventually they likely will  As for a trojan vs. a virus the biggest difference between the two is that a virus can self-replicate -- but they could carry pretty much the exact same payload if they wanted to. Lastly I daresay that OSX is _less_ secure when it comes to their packaging system that most other *nix/BSD based Oses. Most others have some sort of package verification process inline be it GPG signatures, MD5 checksums, or whatever. Apple has nothing, nadda. If a package has been tampered with after the original packager created it there is no way of knowing. This alone is a _huge_ _huge_ oversight on Apple's part, and that's just the tip of the iceberg.

To the original poster, sorry this stuff all got so far off-topic, that was not my intention, I just wanted to point out that to date there are no viruses to worry about, but it is not because OSX is magical or is ultra-bullet proof or virus-proof as some people will adamantly tell you. It's mostly because a) Apple stays on top of security updates so there are less holes for the bad guys to poke their fingers in, and b) it's not an appealing target when windows is out there with so many holes and such a huge installed base, after all these folks want mass infection so that they can build their botnets, or whatever.


----------



## SoyMac (Apr 16, 2005)

mguertin said:


> ... The proof is in the pudding...


*Exactly*, and that is why I _don't_ worry about potential viruses for Macs. The proof (_and_ the pudding ...mmmmm, pudding!...) is that after 6 years and some months, there are still no viruses for Apple OS X. I don't see how that can be construed as proof that OS X is ripe for virus writers.

And from what I have researched, much of the Mac security _is_ in the UNIX foundation...

"“Unix [which underlies Mac OS X] and Linux ARE more secure,” wrote one reader. “They have been developed, open-source style, by people who know exactly what they are doing. Unix and Linux have had at least 10 years of battling hackers to better themselves. This leads to an extremely secure environment.”
Please see:
" ...Many of you also pointed out simple design decisions that make Mac OS X and Linux much more secure than Windows XP. For example:
1. Windows comes with five of its ports open; Mac OS X comes with all of them shut and locked. (Ports are back-door channels to the Internet: one for instant-messaging, one for Windows XP’s remote-control feature, and so on.) These ports are precisely what permitted viruses like Blaster to infiltrate millions of PC’s. Microsoft says that it won’t have an opportunity to close these ports until the next version of Windows, which is a couple of years away. ... "

And this nugget ...
"In the source code, (of the attempted virus)... there is a comment where the author says 'so many problems for so little code'," .... "So it does look as though virus writers, fortunately, still have a way to go before they are able to write Mac viruses with the proficiency and fluidity that they can for Windows." (Understatement?!  )
Please see: Mac virus author admits coding difficulties



mguertin said:


> ... Apple doesn't do anything special to make OSX impervious to viruses...


Yes, they did. They built it on UNIX.


----------



## Guest (May 22, 2008)

> I don't see how that can be construed as proof that OS X is ripe for virus writers


Why is everyone putting words in my mouth (onto my fingers? hehe) ... I never said or even meant to imply such a thing. I was merely trying to demonstrate that it's *possible*, and that OSX is not impervious to such attacks.



> They have been developed, open-source style, by people who know exactly what they are doing


This is something that's very important to take into consideration here. Yes there are a LOT of people worldwide auditing the code used for a lot of the lower levels of the operating system. This is a big plus for OSX. On the same note having open-source code can be a big minus when someone with the knowhow decides they want to use it for nefarious purposes because of the same reason, they have full access to all the source code and can dissect it. In the windows world this is not possible. It is much easier to find a potential security issue when you have access to the source code!

Now lastly, I will again point out that my "proof is in the pudding" statement was to Chas to show us an example of what Apple has done differently in OSX that makes it more impervious, or even more resistant to viruses and trojans than other *nix based systems.



> Yes, they did. They built it on UNIX.


UNIX is most certainly not impervious to viruses. Neither is BSD (and OSX is based on FreeBSD) ... why does everyone then think that OSX is impervious??

Here's some interesting reading for the naysayers:

Linux/Unix viruses demand special attention: Insight - ZDNet Australia

Lastly I'll make one more observation for the people that still refuse to believe that OSX could be exploited in such a way ... if OSX is impervious then why does Apple bother to push us all these security updates ?? beejacon


----------



## jfpoole (Sep 26, 2002)

SoyMac said:


> The proof (_and_ the pudding ...mmmmm, pudding!...) is that after 6 years and some months, there are still no viruses for Apple OS X.


A lack of malware (like viruses and trojans) doesn't mean a lack of vulnerabilities. Solaris, for example, has hundreds of published vulnerabilities and no malware. 

Heck, if you look at Mac OS X's security model, you don't need a vulnerability in the operating system, you just need a vulnerability in one of the applications a user is running. There are a number of published Safari vulnerabilities that, if a user visits a particular web page, allow attackers to execute code on the user's machine and thus take control of the victim's machine. Nothing in Mac OS X stops the attacker from doing this. 

So, really, the lack of malware for Mac OS X has nothing to do with the "built on Unix" pixie dust many people think it does.


----------



## chas_m (Dec 2, 2007)

mguertin said:


> The proof is in the pudding


Yes, indeed. The proof IS in the pudding.

PCs=276,000 viruses per year
Macs = 0

That's the pudding, exactly as GT said. The burden of proof is ON YOU to prove you CAN WRITE a virus for the Mac as easily as a Windows PC.

Go on. I dare you.



> admit that you're stuck in Steve Jobs reality distortion field ...


I would admit this, but you've got your head so far up Ballmer's a$$ I doubt you would hear me.


----------



## MacDoc (Nov 3, 2001)

Chas with due respect, STOP PUTTING WORDS IN HIS MOUTH



> That's the pudding, exactly as GT said. The burden of proof is ON YOU to prove you CAN WRITE a virus for the Mac _*as easily as a Windows PC*_.


He said any other *UNIX system.*

Mark is far more knowledgeable about this than you know or he can say publicly.

Perhaps offering some proof some of you CAN READ would be a start 

••

When Mac was on OS9, *which was not a UNIX based OS* despite a small marketshare there WERE a few viruses in the wild.

When Mac moved to Unix...no viruses.

Windows is *not based on a UNIX OS*

Windows has a virus problem

You see any pattern there??. 

any viruses on your phone lately????

a fellow pilot told me 20 years ago when he was earning $140 an hour THEN doing high end UNIX consulting, * "UNIX is the future"* ...he was correct.

Apple was correct in moving to UNIX for the reasons he understood and brilliant in putting a useable face on it.

MS?? - well "just desserts" comes to mind.


----------



## Guest (May 22, 2008)

chas_m said:


> Yes, indeed. The proof IS in the pudding.
> 
> PCs=276,000 viruses per year
> Macs = 0
> ...


Ok, I've just lost what little respect I might have had for you. It's pretty obvious at this point that you can't read at all. Try reading all the comments I've posted and come back to this one Chas.

Just how is the burden on me to prove? As for the balmer comment that's the biggest piece of flamebait I think I've seen you post to date, and it makes absolutely no sense at all, LOL. I think I'll wander away now and let you "armchair experts" (that somehow can't seem to even fathom simple english) misinform everyone.


----------



## Adrian. (Nov 28, 2007)

So much anger. What sort of reception is this to the OP who is a new potential mac user and new member to ehmac. If I was new and saw this bickering I wouldn't come back.

I thought we were a rung above the rowdy windows forums. Keep it civil guys.


----------



## jeepguy (Apr 4, 2008)

mguertin said:


> I think I'll wander away now and let you "armchair experts" (that somehow can't seem to even fathom simple english) misinform everyone.


Don't let this put you off, we need sensible debate. People forget that OSX hasn't been around that long, and as more people migrate to it, it brings the hackers with it. No OS is *virus proof*, but UNIX is more *virus resistant*, and has better security to combat attacks. Lets' just hope those little Bastards, don't start looking for OSX vulnerability.


----------



## EvanPitts (Mar 9, 2007)

G-Mo said:


> The last version of Windows to run on the MS-DOS base was the mostly un-used Windows Millennium Edition (Me) which was essentially Windows 98 but adopted some aspects of Windows 2000. The NT family of Windows systems are not based on DOS at all, but provide a command-line interface similar to MS-DOS's character-mode interface...


Actually, the statement that Windoze is DOS bases is essentially correct. NT was not developed ex nilhio - it wasthe Evil Empires variant of OS/2 - which itself was derived from TopView - which was a multitasking version of DOS. NT also features a number of DOS items within the core, including the use of File Control Blocks (which is a remnant of CP/M) which are now used as pointers for the Virtual Memory unit, the same basic low level interrupt calls, the same usage of Global Descriptor Tables that DOS Extenders used, and the same basic MASM compiler, modestly updated from the last public release of that assembler.

NT does a better job at hidding their DOSishness, but it still has such DOS traits as the C:/ drive nomenclatura, and a similar amount of brain damage when it comes to the command line interface.

But it is also correct that NT and it's derivatives are not DOS - only because DOS relies entirely upon BIOS, while NT machines originally needed IBM's ABIOS and CBIOS. Because of the lack of these chips on machines other than specialized OS/2 machines that IBM had - ABIOS and CBIOS were "integrated" into both OS/2 and NT - thus the machine BIOS is used solely to load the boot track, in much the same way that Linux loads on a BIOS based machine. NT still has the DOS mindset, with much of the DOS brain damage; while at the same time stemming from early versions of DOS rather than a continuation of the end DOS product (as '98/98,Me...)

Suffice it to say that the crappiness of Windoze has little to do with DOS - and a lot with vapourware engineering projects gone astray.


----------



## screature (May 14, 2007)

Adrian. said:


> So much anger. What sort of reception is this to the OP who is a new potential mac user and new member to ehmac. If I was new and saw this bickering I wouldn't come back.
> 
> I thought we were a rung above the rowdy windows forums. Keep it civil guys.


I have to agree with you Adrian, but as with so many other threads around here that turn ugly, you have to look at the instigator of the mud slinging and remember that the ensuing nastiness is always in reaction to that instigation. I actually think that mguertin has been very restrained in his rebuttals considering the aggressiveness of the attacks.

For the newbies, just remember that old Michael Jackson lyric, "One bad apple don't spoil the whole bunch girl..."


----------



## Brainstrained (Jan 15, 2002)

> Yes, indeed. The proof IS in the pudding.
> 
> PCs=276,000 viruses per year
> Macs = 0


The absence of proof is not proof to the contrary.


----------



## EvanPitts (Mar 9, 2007)

ahMEmon said:


> Really? I'm logged in as admin on the 3 macs that I use (home, work and my oldest daughter's) and still need to enter a password to install apps and make changes to the system.
> 
> And all this time I though only the ROOT user (which you have to turn on in the first place) had such total control over your system../QUOTE]
> 
> ...


----------



## Macfury (Feb 3, 2006)

chas_m said:


> PCs=276,000 viruses per year
> Macs = 0
> 
> That's the pudding, exactly as GT said. The burden of proof is ON YOU to prove you CAN WRITE a virus for the Mac as easily as a Windows PC.
> ...


You're getting out of your depth here, and this taunting is NOT a cogent argument. I think mguertin has stated his reasonable position quite effectively.


----------



## StageDive (Feb 8, 2008)

screature said:


> For the newbies, just remember that old Michael Jackson lyric, "One bad apple don't spoil the whole bunch girl..."


But What about a bunch of bad apples?

In all honesty, I have to fully agree with mguertin on every point he's made. Out of curiosity, why does everyone insist putting words in his mouth?

I'm starting to think Chas_M is a ventriloquist.

(Not to say that you're a dummy, mguertin...)


----------



## EvanPitts (Mar 9, 2007)

ahMEmon said:


> Really? I'm logged in as admin on the 3 macs that I use (home, work and my oldest daughter's) and still need to enter a password to install apps and make changes to the system.
> 
> And all this time I though only the ROOT user (which you have to turn on in the first place) had such total control over your system..


Almost all OSX software does need intervention for "the crucial step", either by having to enter a password and agree to intall, or by dragging an icon out of a .dmg and pulling into Applications. However, this can also be achieved within the terminal by using the sudo command - which grants a "one time use" of superuser priviledge. In fact, almost all exploits of not only OSX, but *Nix systems have long used this vector.

Twenty years ago, when the GnuEmacs security flaw surfaced, it was shown that even a secure kernel could be "infected" by other means. Using that as an example... Some versions of the Emacs editor would arbitrarily grant superuser (root) priviledge that was uncontested by the OS. Thus, a cracker could simply access locked directories and normally, they would download the password file. Using another computer, they could do a brute force attack on the encrypted database, yeilding all of the passwords and user accounts. Then they could simply log on to an "upgraded" account, and hack beyond all belief. This was not only peculiar to certain *nix systems - it was widely exploited on the incredibly difficult to hack VAX/VMS system. However - this exploit is not a "virus", nor is it even malware - but perhaps it is even more insidious because once a system is compromised in this manner, someone else "owns" the machine. They can then do whatever, including making the system a virus distribution hub. Flaws like this have been corrected many times by Apple, long before the cracking community really tunes in.

There are a lot of people saying a lot of things. OSX itself is highly resistant to viruses - as evidenced by the low numbers of viruses ever successfully written in controlled environments - and the fact that basically no Mac users have found one in the wild. Viruses have been created, but do not propagate well, not just because there are "few" users, but because OSX does not allow arbitrary code execution. Any infection must result from either a user agreeing to do something (and starting up some kind of malware), or by an outsider hijacking the system through some hitherto unknown sudo flaw (and unleashing some kind of malware).

By definition, a virus not only destroys something, but it must successfully infect other systemms by self-replication. So by that definition, OSX has high immunity. But the greater danger is from malware. A user just has to know what they are installing, and not just wildly clikc on various icons that may appear in the Downloads folder. Even a script can be set up that can purloin sudo and do some task - but like all things OSX, it requires the "crucial step" of a user clicking something (or at least an outsider bombing in and doing it).

Virus scanning is less critical for OSX users - unless they are connecting to Windoze machines. OSX boxes are highly valued by crackers as distribnution sites for viruses. Half the time a Windoze virus will infect a machine and just crash - giving a BSOD - not very good for propagation of the species. An OSX machine, on the other hand, will happily spool out viruses to whoever visits - especially if the machine has an external user who is manipulating things from the outside world. This kind of computer warfare is not just science fiction - it happens on a daily basis - and Apple is pretty good at catching such things and stomping them out. That is why it is such a secure system.

Windoze, on the other hand, is a different beast, where really, a virus is just a "device driver" that does things that are not good; and a regime where the whole OS runs arbitrary code without the user knowing what is going on, let alone the fact that no one really knows how to find out what is going on...


----------



## ahMEmon (Sep 27, 2005)

Wow. A lot of words I have to eat. Anyone have any ketchup and mustard handy? 



screature said:


> For the newbies, just remember that old Michael Jackson lyric, "One bad apple don't spoil the whole bunch girl..."


I think that was the Osmond Brothers...

And mguertin, you have earned my respect for your in-depth knowledge and layman's term explanations. I bounced a lot of your points off of my brother-in-law who is versed in many programming languages including Linux, Unix and many others I have never heard of, and is a network security specialist, computer programmer and software developer, and he agrees with the many points you have put forward. 

I guess the one thing that OSX has going for it is that User Interaction is necessary for code to be executed.


----------



## Guest (May 22, 2008)

StageDive said:


> But What about a bunch of bad apples?
> 
> In all honesty, I have to fully agree with mguertin on every point he's made. Out of curiosity, why does everyone insist putting words in his mouth?
> 
> ...


LMAO ... that's too funny 

Thanks everyone for the support. I harbor no ill feelings here, I was just befuddled with the words put into my mouth (fingers). I like to think of myself as a pessimist/realist in this area. If you do some searching here you'll see it's not the first time that I have discussed viruses on macs and got controversial replies! Call me the devil's advocate on this one beejacon


----------



## screature (May 14, 2007)

ahMEmon said:


> Wow. A lot of words I have to eat. Anyone have any ketchup and mustard handy?
> 
> 
> 
> ...



Actually it appears that they both did a version, although the one I was thinking of was the Jackson 5 version. (Just for the record, you weren't the apple I was referring to.)


----------



## SoyMac (Apr 16, 2005)

Maybe I'm used to loud, passionate debate and borderline personal attacks, but I _like_ this thread and I think it's informative and useful, for both sides of the debate. I think the heat just makes things more interesting here.

Anyway, I'm going to try to list some of the things that I think we can all agree on (not because I want people to calm down or to facilitate civil debate, but simply to give us like references to build our arguments on):

1. Unix is a generally inherently more stable and secure foundation on which to build an OS than Windows (DOS or not - now I'm confused  )

2. Unix is _not_ virus-_proof_, but it _is_ virus-_resistant_.

3. The OP asked about viruses on the Mac vs. viruses in his Microsoft world. I see confusion arising from some people comparing the security of different Unix OSes, while others are basing their arguments on the premise of the OP's original question. ( I think this is where part of the words-in-mouth ailment originated.)

4. There are currently *no* viruses for Mac OS X.

That's my list for now. 
Anyone disagree with anything here?

Also, I notice some posters still express belief in the Security-By-Obscurity ... theory.
If you've read the articles/essays refuting Security-by-Obscurity, and disagree, I'd like to know what you disagreed with in the article(s).

And now, as the cheerleaders for the Nepean Raiders say:
"...Sit down!
Stand up!
Fight! Fight! Fight!


----------



## Guest (May 22, 2008)

> 2. Unix is not virus-proof, but it is virus-resistant.


Sort of, I think it's closer to say that there are just not as many options out there for the virus creators. With the windows world you can literally download virus making "kits" that use known exploits and allow you to attach your own payload to them, but there is nothing like that for the Unix world that I've seen to date. I think that a lot of the windows viruses out there are based on these types of kits, so without the easy access to this sort of resource the script-kiddies don't bother.


----------



## jfpoole (Sep 26, 2002)

SoyMac said:


> Also, I notice some posters still express belief in the Security-By-Obscurity ... theory. If you've read the articles/essays refuting Security-by-Obscurity, and disagree, I'd like to know what you disagreed with in the article(s).


From Matasano Chargen » Mac Punditry and The Office Paradox



> Mac OS 9 was no more secure from viruses than DOS was. There were close to 100-200 Mac OS 9 viruses compared to 50,000+ PC viruses. Explain to me how the security architecture of Mac OS 9 protected users from viruses.


Again, you can't determine how secure a platform is based on the amount of malware present on the platform.


----------



## EvanPitts (Mar 9, 2007)

Just to clarify...



SoyMac said:


> 1. Unix is a generally inherently more stable and secure foundation on which to build an OS than Windows (DOS or not - now I'm confused


Do not be confused... Windoze was originally a graphical shell for DOS; while Windoze NT (OS/2) was originally a multitasking system that was seen as a successor to DOS. NT eventually ended up with a program called Presentation Manager, which was basically the Windoze graphical shell built over a different core. There is not sharp differentiation between DOS and Windoze - both were maintained concurrently, though the DOSsiness has somewhat disappeared over the years.

I think it is pointed out because Windoze and DOS share the same philosophy - that the OS (whether it is multitasking or not) is essentially a single user system where that single user can do everything. Security add ons are just that, add ons, that are not part of the design of the kernel itself. They were written for microcomputers that had a single processing unit; and thence, scaled up, but essentially they run only on microcomputers.

*NIX and derived systems are built on a different philosophy - a fully multitasking OS for multi user systems. UNIX was originally written for a minicomputer that was intentionally multiuser (using terminals in the day), and scaled up to mainframe technology. Only when PC's became powerful enough was it possible to squeeze UNIX down. Thus, the kernel is not only aware of security, it is entirely built with security, not just to keep out hackers and viruses, but to keep users of the big time share mainframes from nuking each other.

OSX is derived from the *NIX world - based on the MACH kernel which itself is a derivative of BSD ("West Coast UNIX"), and thus, inherits the same structure of security within the kernel.

The difference between the systems is in the way the OS interfaces with the hardware. In OSX, like other *NIX based systems - the kernel is the only interface with the hardware, so anything has to be "approved". Windoze, on the other hand, allows for software to "go around" the kernel and interface directly with the hardware. And even though security is a major problem, Windoze can not undo this (and hence, make a secure kernel) because if they did, many applications would fail to run. M$ also faces the problem of backward compatibility, and anytime they make a change that disables a fifteen year old piece of software, people rant and rave about it.

There is also a programming difference. OSX, though it is proprietary to Apple, is based upon BSD, which is open source. Because of this, and the fact that OSX is written in C Language - it is always possible to recompile older software for reuse. This is of increasing importance in the corporate world. The Y2K situation showed the problems of closed coding and obsolete compilers - that programs could not easily be repaired over even the most trivial of things.

Windoze, on the other hand, is entirely closed source, and written in a crazy assortment of compilers. This makes it very difficult to actually fix anything because sometimes, the bug fixes cause software to fail in other ways.

As far as stability, *NIX systems have long been used for mission critical applications in large organizations, so stability is very important. *NIX is also very "network aware", since even the first UNIX run at Bell Labs ran on a timesharing DEC PDP connected to terminals.

Windoze, on the other hand, is mostly a collective for all of the vapourware promises made by the Evil Empire, destined to run on some of the worst hardware ever created. Windoze was a johnny come lately to networking. Early versions could not handle anything above COM2: without hacking it to bits, then they clung onto NETBEUI for years, then when everyone was going Internet, well, Windoze was once again a johnny come lately - cobbling together Trumpet WinSock and SpyGlass and saying it was good. Really, M$ was terribly good at convincing people that their OS was somehow easier to use because it had icons - even though Macs were and continue to be superior in all respects.

But as for the confusion over DOS and Windoze - it is a continuum, each pollenating each other with their brain damage.



> 2. Unix is _not_ virus-_proof_, but it _is_ virus-_resistant_.


I would say highly virus proof, though perhaps some enterprising cracker will find a way - but it is perhaps a hurdle too high for any true viruses. I think the greater thread is compound: that *NIX systems may be prone to indirect attacks via malware or trojans, especially since the skills of newer users may not be up to par; and as a vector for distributing malware to other machines, simply because they are more resistant and hence, tend not to crash and burn.



> The OP asked about viruses on the Mac vs. viruses in his Microsoft world. I see confusion...


Based on the OP - I can take a Dell with Fi$ta and by using e-mail only, I could probably end up with fifty viruses within two hours, entirely disabling the system; while with a MBP with OSX, I could probably spend two years trying to find something virus like that may do some kind of damage to the data on the system, but with a very good chance I would find nothing at all.

A few years ago, my Mac was in for service, so I ended up having to use a Windoze box for a period of ten days. I used it to read my WebMail account only, and perhaps I looked at twenty web pages. I ended up with over 80 viruses and trojans, plus many other pretty suspicious files. Over the year I had a Windoze box, I had to reinstall Windoze perhaps ten times, as well as many virus infections - half of which did not come from the Internet but rather from data disks from one of the companies that we used to represent that were all afflicted with the Automatic Infant virus. Those disks were quite classic - the worst software I had ever seen - EVER. Normally, DOS would be able to print the text and trash the graphics - but peculiarly, this Belarus written software would print the graphics (onto a dot matrix printer!), but could not render the text. Because of a law suit in the US, the company was forced to make all of the materials available via PDF - thus ending the whole need for a Windoze box.

In the four years that I have used my Macs, I have ended up with a grand total of perhaps a hundred Windoze viruses (which can not do anything because they sat in the downloads folder waiting to be trashed), plus of recent vintage, three files that I believe may be trojans intended for the Mac. They were in my Downloads with the .app extension, but they couldn't run because the OS did not grant them the eXecute flag. Considering that I have an interest in viruses - I have come across so few OSX viruses, and none propagate very well to start with. The most recent was a variant of Automatic Infant that a hacker in the Netherlands modified to attack Macs if booted from a CD - but it is not in circulation, more of a programming curiosity that can only propagate if an unwary user "agrees" to install it.



> 4. There are currently *no* viruses for Mac OS X.


More precisely, there are currently no known viruses in circulation, and those that have been created either rely on user intervention for the "crucial step", or are peculiar to a single security flaw inherent in a specific (and usually older) release of OSX.

The greater threat, next to a Mac being used to dispense offending code to Windoze boxes, is through various forms of Malware, that an unsuspecting user may install. It would be easy to create a website that would say that you need a special codec to watch a video - and have a package install that could do much harm to a system - though even then the user would have to make the "crucial step" to either install a package, drag an icon from a .dmg, or execute a script that would achieve sudo access, making the malware a root program. Of course, the other possible vector would be in installing a specially crafted CD that would, upon the "crucial step", perform whatever damage it wanted. These are not, by definition, viruses, since they can not self-replicate without user intervention - though they do represent the very possible dangers for OSX users, especially naive ones that may be used to the way Windoze does things, and expect the same brain damage under OSX.


----------



## HowEver (Jan 11, 2005)

The "clarification of the month award" goes to... EvanPitts. And yes, it was worth quoting.




EvanPitts said:


> Just to clarify...
> 
> 
> 
> ...


----------



## StageDive (Feb 8, 2008)

looks more like clarification of the decade....


----------



## SoyMac (Apr 16, 2005)

jfpoole said:


> From Matasano Chargen » Mac Punditry and The Office Paradox...


Thanks for that link! The comments/debate is a really good read, and again left me feeling that Unix and OS X are simply inherently safer than DOS-Post-DOS Windows.

For readers' convenience, I've gathered here the selections I found most illuminating:
(And only a couple of these are from Daniel Eran  )


During the decade of System 7 and Mac OS 9, there were a few Mac viruses, but they were really only a problem when working with shared files. Networked Macs didn’t have significant security problems because they didn’t allow remote access by default. That’s why the Army moved its webservers from NT to Classic Macs running WebStar. The only port open was 80.
While the Classic Mac OS “didn’t have security” in the sense of system enforced file or user permissions, it also didn’t have open ports listening for LANMan chat, nor did it ship with insecure protocols like SMB running.
Your description of the classic Mac OS isn’t really accurate; the old Mac OS was more secure than DOS+Windows, and even NT in practical applications such as serving web pages without being taken over and vandalized.

...people don’t steal the most common cars because they are there, they steal things that offer them some sort of value with minimal effort.
That’s why car “security systems” work. They aren’t impossible to get around, but they make attacking the car more dangerous and slower, making other, easier targets appear more attractive.
Similarly, if Macs were easy to target, they would be used to propagate viruses and spam too, just as they can be used to transmit Word macroviruses today.

...That’s not to say Macs can’t be compromised, only that it’s a myth to say that Macs aren’t under attack because their numbers don’t compare to PCs. We know that there are significant installations of Macs that are attacked but not owned, and that they are regularly holding up in high volume Enterprise environments.

...Windows code quality most certainly is part of the problem behind Microsoft’s security nightmare, but so is Microsoft’s reliance on proprietary development. There are also factors Microsoft can’t control: bad third party software, for example.

Now, if you are an attacker, are you going to go after the 80% part of the Internet?
Nope, I am going after the platform that will allow me to have an automatic installation, replication, distribution of my malware with little to no user interaction after first infection. If I need to have a simpleton at the keyboard having to always authenticate and authorize activities that supposedly should happen without requiring attention of the user then I am not interested. I do not care whether there are 2 million, 20 or 200 if that is a constrain. I’ll go with the platform where I only need the user just once at most. And I’ll go toward the platform where I could gather zombies that I can sell more profitably. For that again, I do not care to look at your files, photos, documents etc in the user space. I need full control of your machine quickly, automatically and unnoticed. When that will happen on Mac OS X it will become instantly very interesting a target.

Another comment would be on Leopard: Apple is nicely tightening Mac OS X. Even fewer things to attack than in Tiger.
Number of platforms is only a factor, not the only one in deciding where an effort will have a better ROI. When a platform has tens of million users it is already sizeable enough. Even with same numbers, Windows gives a larger ROI for less effort than Mac OS X. 80% ? who cares, it could be 50-50 the split. Easier to go after Windows and with easier return. One goes after the low hanging fruits, period.

At least 60% of the world’s internet servers are UNIX based. It would make sense that if you wanted to really exploit the internet with viruses or hacks you would do so on those servers. So why is this not the case? It’s because those internet servers are more securely built. They are behind firewalls, MPRs, and have nigh-on bulletproof OSs. It’s a 3 pronged attack.
Windows internet servers on the otherhand are really only a 2 pronged attack as they sit behind firewalls and MPRs but their OS is so insecure, although the security risks are lowered if those Windows servers are running Apache.
MacOS X is based on BSD Unix. OpenBSD is actually rated as the most secure OS not Sun but then it isn’t really deployed widely so Thomas may be right.

With MacOS X making more headway in both the desktop and server market it makes more sense to want to attack those systems if only to get the kudos of being the first to fully hack the system. Guess why the attacks aren’t happening? It’s because it’s not as easy as everyone makes it out to be. If it was, all BSD based OSs would have been exploited over their lifetime but it simply isn’t the case.

The exploits for MacOS X required a user’s interaction. Most of the Windows attacks don’t. Recall the difference between Windows and Mac for the Sony RootKit debarcle. Windows automatically allowed the software to be installed without users knowing. On the Mac the user had to specifically install the application. Now tell me how MacOS X isn’t more secure than Windows in this case?

As jfpoole first indicated, here is the full article and complete discussion:
Matasano Chargen » Mac Punditry and The Office Paradox

EvanPitts, what would Freud say about the size of your post and mine? Are we just compensating? Is a post sometimes, just a post? :lmao:


----------



## jfpoole (Sep 26, 2002)

HowEver said:


> The "clarification of the month award" goes to... EvanPitts. And yes, it was worth quoting.


It'd be worth quoting if it were more right than wrong. Unfortunately there are so many factual errors in his "clarification" it's almost impressive.


----------



## EvanPitts (Mar 9, 2007)

jfpoole said:


> It'd be worth quoting if it were more right than wrong. Unfortunately there are so many factual errors in his "clarification" it's almost impressive.



So what are those things that you claim are wrong? If you don't think malware is a possible problem, then all the power to you - I prefer to remain safe, even though I am not paranoid about it.  And even though I hate Windoze - I still refuse to send them viruses or trojans, if nothing but out of decorum...


----------



## jfpoole (Sep 26, 2002)

EvanPitts said:


> There is not sharp differentiation between DOS and Windoze - both were maintained concurrently, though the DOSsiness has somewhat disappeared over the years.


Saying there's no sharp differentiation between Windows and DOS is like saying there's no sharp differentiation between Mac OS 9 and Mac OS X. Sure, they're part of the same product line, but they're two fundamentally different designs. 



EvanPitts said:


> I think it is pointed out because Windoze and DOS share the same philosophy - that the OS (whether it is multitasking or not) is essentially a single user system where that single user can do everything. Security add ons are just that, add ons, that are not part of the design of the kernel itself.


Windows NT isn't a single-user system. It supported multiple users (with different permissions) from the very beginning, and this support isn't a thin veneer on top of the operating system, it's built right into the kernel.

Heck, until recently, Windows had much finer grained access controls than Mac OS X (Mac OS X 10.4 implements ACLs that are very similar to the ACLs found in Windows).



EvanPitts said:


> Only when PC's became powerful enough was it possible to squeeze UNIX down.


I'm not sure why Unix would need to be "squeezed down" to fit PCs. After all, the first machines that ran Unix were pretty primitive themselves. Plus, Microsoft Xenix first shipped back in 1979, a couple of years after PCs became widespread. It's entirely possible other versions or variants of Unix were available before that. 



EvanPitts said:


> Thus, the kernel is not only aware of security, it is entirely built with security, not just to keep out hackers and viruses, but to keep users of the big time share mainframes from nuking each other.


Early Unix security was a joke. The Morris worm was able to take out over 10% of the internet in 1988, and all of those hosts were running Unix. Even more recent versions and branches of Unix are problematic; most of the sysadmins I know are reluctant to connect certain kinds of Unix directly to the internet, for fear the machines would get hacked if they did. 



EvanPitts said:


> The difference between the systems is in the way the OS interfaces with the hardware. In OSX, like other *NIX based systems - the kernel is the only interface with the hardware, so anything has to be "approved". Windoze, on the other hand, allows for software to "go around" the kernel and interface directly with the hardware.


Under Windows NT all user applications run in Ring 3; only the kernel and device drivers (which run in Ring 0) can directly access the hardware. So, no, applications can't access hardware as they please.



EvanPitts said:


> OSX, though it is proprietary to Apple, is based upon BSD, which is open source. Because of this, and the fact that OSX is written in C Language - it is always possible to recompile older software for reuse. This is of increasing importance in the corporate world. The Y2K situation showed the problems of closed coding and obsolete compilers - that programs could not easily be repaired over even the most trivial of things.


What language an operating system is written in has no bearing on whether older software can be recompiled. If you want to recompile old software, well, you're going to need the source code for it. The fact that the OS was written in C (or whatever language) isn't going to help you.



EvanPitts said:


> Windoze, on the other hand, is entirely closed source, and written in a crazy assortment of compilers. This makes it very difficult to actually fix anything because sometimes, the bug fixes cause software to fail in other ways.


I have no idea what you mean here. Either you're saying Windows is written in a crazy assortment of languages (which isn't true; it's written in C like most modern operating systems) or built with a crazy assortment of compilers (which also isn't true; it's built with Microsoft's own compiler). 

Given Microsoft's ability to release security fixes at a reasonable rate (often times faster than Apple) I don't think they're having problems fixing anything.


----------



## chas_m (Dec 2, 2007)

As much as I loathe Windows, jfpoole is point-by-point correct on this. I would still argue that while the original DOS may no longer be present in Windows, there remains a DOS-like layer for compatibility and that this DOS-like layer has security issues.


----------



## jeepguy (Apr 4, 2008)

jfpoole said:


> I'm not sure why Unix would need to be "squeezed down" to fit PCs. After all, the first machines that ran Unix were pretty primitive themselves. Plus, Microsoft Xenix first shipped back in 1979, a couple of years after PCs became widespread. It's entirely possible other versions or variants of Unix were available before that.


Just to add a little history, yes I was around back then and used Xenix, as well as Unix on DEC PDP machines



> Xenix was Microsoft's version of Unix intended for use on microcomputers; since Microsoft was not able to license the "UNIX" name itself, they gave it an original name. The -ix ending follows a convention used by many other Unix-like operating systems.
> 
> Microsoft purchased a license for Version 7 Unix from AT&T in 1979, and announced on August 25, 1980 that it would make it available for the 16-bit microcomputer market. The initial development of Xenix was done by Human Computing Resources Corporation of Toronto, Canada.[1] The initial port of Xenix to the Intel 8086/8088 architecture was performed by The Santa Cruz Operation.[2][3][4][5][6]
> 
> ...


----------



## jeepguy (Apr 4, 2008)

jfpoole said:


> I have no idea what you mean here. Either you're saying Windows is written in a crazy assortment of languages (which isn't true; it's written in C like most modern operating systems) or built with a crazy assortment of compilers (which also isn't true; it's built with Microsoft's own compiler).
> 
> Given Microsoft's ability to release security fixes at a reasonable rate (often times faster than Apple) I don't think they're having problems fixing anything.


I'd like to add that they also use assembler for some parts where speed is an issue, and i know at one time they were using more powerful Workstations (non windows based) to compile the code I think they were using DEC's Alpha, but that was back in the NT days.


----------



## EvanPitts (Mar 9, 2007)

jfpoole said:


> Saying there's no sharp differentiation between Windows and DOS is like saying there's no sharp differentiation between Mac OS 9 and Mac OS X. Sure, they're part of the same product line, but they're two fundamentally different designs.


OS9 and OSX are quite different - not only because of the change in kernel, but also in the change from cooperative multitasking to preemptive multitasking. However, many of the OS9 features are still present in OSX: the HFS file system, Carbon libraries, etc. Classic allows for OS9 applications to run under OSX - so there is less differentiation than you may see on the surface. The main difference that catches the eye is the move from lower resolution 256 colour screens to higher resolution screens capable of thousands or millions of colours.

The perspective you make between Windoze and DOS is based on looking at 20 year old DOS and comparing it to brand new Windoze. However, this is a falsehood, since the first 3 major releases of Windoze were nothing more than a graphical front end for DOS; with subsequent releases burying DOS deeper and deeper into the inner recesses. All Windoze machines still employ the same boot sequence inherited from DOS - though the file names have changed, as well as employing similar file systems and drive interface. Windoze simply could not run of M$ took everything "DOS" out of their system - they are indeed, one and the same continuum.



> Windows NT isn't a single-user system. It supported multiple users (with different permissions) from the very beginning, and this support isn't a thin veneer on top of the operating system, it's built right into the kernel.


Perhaps I was not clear on my definition of a single user system. A multi-user system can have multiple people sharing computer resources simultaneously. In *NIX one can easily getty a number of terminals and have multiple users using the same CPU simultaneously. Windoze NT was not capable of doing that for many years, until M$ subsumed Citrix WinFrame, which emulates the capabilities of utilities like getty.



> Heck, until recently, Windows had much finer grained access controls than Mac OS X (Mac OS X 10.4 implements ACLs that are very similar to the ACLs found in Windows).


ACLs were adopted by Apple in order to interface to Windoze boxes. ACLs do not indicate any kind of true kernel security, it is just a wrapper for a false sense of security because they can easily be hacked of the OS is porous enough to allow theft of the ACL database.



> I'm not sure why Unix would need to be "squeezed down" to fit PCs. After all, the first machines that ran Unix were pretty primitive themselves. Plus, Microsoft Xenix first shipped back in 1979, a couple of years after PCs became widespread. It's entirely possible other versions or variants of Unix were available before that.


PC's normally did not have enough memory for systems like XENIX. XENIX itself was a fairly brain damaged system, though corporates got into it because M$ is good at sales. The man problem with implementing UNIX on a PC was because, even if the first UNIX systems ran on "primitive" machines - those machines did use multiple discrete CPUs - and were inherently multi-user, multi-tasking by virtue of them being used in time sharing environments.

There were some nasty UNIX like systems that would load on an 8088/8086 system - but they were not only expensive, they were pretty nasty. Things like PC-MOS or QNX allowed for "multi-tasking", DesqView was quite a bit easier to handle despite the limits. (Even DesqView didn't come into it's own until the 80386 became common).

The 80286 processor could actually load and run UNIX, but because you could not bring the 286 processor out of protected mode - any crash of any program was entirely fatal to the machine and the data on it. The 80386 processor, on the other hand, was derived as being a "micro-mainframe", and fully supported not only a properly implemented protected mode, but a virtual 86 mode for compatibility. Thus, UNIX (and OS/2 and Windoze NT) could be made perfectly at home.

But the big systems like UNIX, OS/2 and NT, suffered the effects of the memory shortage in the years after the Kobe Earthquake. Not many people would wish to shell out the $16,000 for the 16 MB of memory required to run those systems properly - so DOS prospered long beyond the time that it was slated to be scrapped. Of course, when memory prices dropped, and even more powerful processors were released - things changed.

In the early days there was the lowly MINIX system - mostly a hackers curiosity and a way of learning how to construct an OS. And one student took the ball and ran - giving us LINUX, written on and for the lowly PC grade machine...



> Early Unix security was a joke. The Morris worm was able to take out over 10% of the internet in 1988, and all of those hosts were running Unix.


Actually - the Morris Worm took advantages of some of the system utilities like sendmail, and finger, as well as weak passwords - and did not compromise the UNIX kernel itself. It was not a virus, but rather initiated a denial of service... These were known weaknesses of the day. As for the 10% of the "Internet" - it only affected DEC VAX machines running certain versions of BSD, and some SUN systems - and amounted to something like 6,000 machines. The worm was never able to "take over" anything - it was nothing more than a denial of service attack.

As for security - any system with weak passwords can be hacked, and there is nothing that any OS can do about it, well, without demanding strong passwords, that leads to people putting their passwords on post-it notes on their screens - leading to more mischief. A weak password is but the "crucial step" in taking down a system, and really, the existence of a worm on two variants of Unix twenty years ago doesn't indicate to me that UNIX is somehow entirely insecure...



> Even more recent versions and branches of Unix are problematic; most of the sysadmins I know are reluctant to connect certain kinds of Unix directly to the internet, for fear the machines would get hacked if they did.


The only way for a machine to not be hacked is to be sealed into a Faraday cage and entirely disconnected from any other machine. Being hacked is not the same as acquiring a virus. What you stated is that, because two versions of UNIX were afflicted with a worm twenty years ago, that somehow OSX can be attacked and given viruses. This is certainly not true. OSX is highly resistant to viruses because OSX does not allow arbitrary code execution - this does not mean that if a person decides to open up every port to outside access, and use either weak or non existent passwords, that somehow OSX will keep them from being hacked.

Sysadmins that are "reluctant to connect certain kinds of Unix"... Known defective UNIX releases simply do not have to be implemented, just like known defective variants of OSX do not have to be implemented. A Sysadmin that is afraid to tango with the hackers have no guts - a good Sysadmin is more of a hacker than the pimple faced kiddie scripters who have little life beyond the computer desk. And really, the point is about viruses, not about hacking. They are two separate things.

And in essence, if you put me in front of an OSX machine and a Windoze machine that have similar security in place - I can easily wipe both machines out because I have physical access. But I probably could not install malware on the OSX machine, while I could do it quite easily on a Windoze box.

UNIX machines are regularly attacked by crackers because it is a thrill - while it is a bigger thrill to toss a bunch of viruses at Windoze machines because it is a cheap and easy thrill. Not many people would bother to spend the time to write a UNIX or OSX virus because it would be far too difficult, and would probably be more like malware that would require the "crucial step". If it can not self-propagate - it can not be a virus.



> So, no, applications can't access hardware as they please.


Except for the fact that the developer's kit and the compiler allow for inline assembly language code - so that anything can be written to any hardware port without restriction. This is a common end run around the limitations of Windoze, and their is little that M$ can do about it because it is they themselves who long encouraged such programming techniques - and they themselves use it with reckless abandon. That's in part why OSX weighs in at 10 millions lines of code, while the retrograde XP (with no service packs) weighs in at 80 million...



> If you want to recompile old software, well, you're going to need the source code for it. The fact that the OS was written in C (or whatever language) isn't going to help you.


And in the universe of the Evil Empire, source code is strictly verboten - so if they don't fix something, it remains broken forever. In the Linux universe, most code is in fact, open source, so one can easily recompile it. The importance of C language is that it is portable between platforms - so even if one changes platforms, they can recompile the code for it rather than having to write it from scratch. That is why there are so many programs these days that are available on Linux, OSX, Windoze and whatever... Without C, porting becomes so much more difficult because there are few languages that run on multiple platforms with similar syntax. For instance, I have never seen PL/M for OSX...



> I have no idea what you mean here. Either you're saying Windows is written in a crazy assortment of languages (which isn't true; it's written in C like most modern operating systems) or built with a crazy assortment of compilers (which also isn't true; it's built with Microsoft's own compiler).


Of which it is. The core of the kernel is written in Assembler, and M$ maintains an internal version of MASM for this task. Some device drivers also resort to MASM for inline machine language code. The rest of the source code is written in a variant of C derived from the subsummed Lattice C, though the code is not really portable because M$ uses their own conventions rather than the ANSI C and C++ used by pretty much the rest of the computer universe. Add to that that many of the programs associated with Windoze are written in a number of different languages, including Visual BASIC.

This is a major difference. Jobs decided that OSX should be written from the bottom up, not only in C language, but in a clear and concise manner that could be maintained for the long run. He did this prior with his NextStep and BeOS - which were both highly advanced and powerful for the day. M$, on the other hand, because they allowed their programmers to put all kinds of hooks into their OSes, hooks that outside programmers hacked out of the system and used, they can't remove the hooks because no one knows that programs will cease to work. Any time M$ has tried to remove such spurious code - customer complaints have driven them to put them back in. The code is not only unclear, but intentionally obfuscated, to keep a "competitive edge" - but in the long run, it has made for a messy OS that is every so difficult to maintain. It also has given M$ a major headache because they are now forced to support obsolete BIOS at the same time as supporting EFI. Since they have to "emulate" BIOS on EFI machines, EFI machines are prone to viral attacks on BIOS, though it is easier to base the attack on the tried and true arbitrary code execution that Windoze embraces.

The other problem that M$ has is that they continue to maintain a monolithic kernel - a kernel that is the exact same on all machines. This leads to kernel bloat, and any number of difficulties because the machines that it has to run on have diverged so much over the years. It also leads to easier virus propagation - simply because any virus that is created will (or should) behave in the same manner on any Windoze machine with the same kernel. 



> Given Microsoft's ability to release security fixes at a reasonable rate (often times faster than Apple) I don't think they're having problems fixing anything.


That's a laugh. If Microsoft could fix their security problems - Norton Anti-Virus would simply not exist. Not to mention the need to have SpyBot software at hand to rid the system of even more nastiness.

Microsoft couldn't even fix the change in Daylight Savings Time last year in a rational manner, and many machines were left either brain damaged for a period of three weeks, or people just shut off the DST adjustment feature and set the time themselves. Apple fixed it, what, a week after the law passed. Not only can't M$ get a handle on viruses or security - they can't get the time correct!

Really, for all of their hoopla about ACLs and their fine graininess - they should really concentrate on the over 1 Million viruses floating around... I'd take less graininess if I can visit a web page without worrying about downloading who knows what kinds of viral junk...


----------



## jfpoole (Sep 26, 2002)

EvanPitts said:


> The perspective you make between Windoze and DOS is based on looking at 20 year old DOS and comparing it to brand new Windoze. However, this is a falsehood, since the first 3 major releases of Windoze were nothing more than a graphical front end for DOS; with subsequent releases burying DOS deeper and deeper into the inner recesses. All Windoze machines still employ the same boot sequence inherited from DOS - though the file names have changed, as well as employing similar file systems and drive interface. Windoze simply could not run of M$ took everything "DOS" out of their system - they are indeed, one and the same continuum.


Fine then, we can compare Windows 3.1 and Windows NT 3.1 (two operating systems available at the same time). Windows 3.1 was a graphical shell that required DOS to run, while Windows NT 3.1 was a completely different operating system based on entirely new code. There's nothing (NOTHING!) in common with how DOS boots and how Windows NT boots once the BIOS figures out which system to boot.

DOS boot sequence:
The DOS Boot Process

Windows XP boot sequence:
Windows XP Boot Sequence: How a Computer Starts Its Day



EvanPitts said:


> Perhaps I was not clear on my definition of a single user system. A multi-user system can have multiple people sharing computer resources simultaneously. In *NIX one can easily getty a number of terminals and have multiple users using the same CPU simultaneously. Windoze NT was not capable of doing that for many years, until M$ subsumed Citrix WinFrame, which emulates the capabilities of utilities like getty.


A multi-user system isn't just one that allows multiple users at once, but also different users at different times. If we stick with your definition, though, you could argue that Mac OS X isn't multi-user since only one person can use the computer at a time.

Sure, you can SSH into a Mac if someone's using the GUI (like you can telnet into a PC) but you can't run applications like Photoshop from SSH. 



EvanPitts said:


> Actually - the Morris Worm took advantages of some of the system utilities like sendmail, and finger, as well as weak passwords - and did not compromise the UNIX kernel itself. It was not a virus, but rather initiated a denial of service... These were known weaknesses of the day.


No, the Morris Worm was a worm; it was able to execute arbitrary code on the infected computers. The fact that the worm also managed to pull off a DoS attack was an unintented side-effect.

Plus, the Morris Worm didn't just exploit weak passwords, it also exploited security problems in, as you point out, system utilities. Do you not consider system utilities to be part of an operating system? I (and most other reasonable people) certainly do, and those utilities have a huge impact on security. What's the point of having a secure kernel if the rest of the operating system is completely insecure (and I'm not talking about weak passwords here, I'm talking about buggy system utilities)?



EvanPitts said:


> As for the 10% of the "Internet" - it only affected DEC VAX machines running certain versions of BSD, and some SUN systems - and amounted to something like 6,000 machines.


Back in 1988 there were approximately 60,000 machines on the Internet, so 6,000 machines would be 10% of the Internet. 



EvanPitts said:


> OSX is highly resistant to viruses because OSX does not allow arbitrary code execution


Are you kidding? What do you think Mac OS X is letting you do when you download an application from the internet? It's letting you run arbitrary code! 



EvanPitts said:


> Except for the fact that the developer's kit and the compiler allow for inline assembly language code - so that anything can be written to any hardware port without restriction.


Being able to write inline assembly (something you can also do with the Mac OS X developer tools) doesn't mean you get direct access to hardware. 



EvanPitts said:


> That's in part why OSX weighs in at 10 millions lines of code, while the retrograde XP (with no service packs) weighs in at 80 million...


Where'd you get these numbers? The only numbers I've been able to find put Windows XP at 40 million lines and Mac OS X 10.4 at 86 million lines. 



EvanPitts said:


> And in the universe of the Evil Empire, source code is strictly verboten - so if they don't fix something, it remains broken forever.


Awesome! Where can I get the source code for Photoshop 7 so I can recompile it for my Intel-based Mac? 



EvanPitts said:


> The core of the kernel is written in Assembler, and M$ maintains an internal version of MASM for this task. Some device drivers also resort to MASM for inline machine language code. The rest of the source code is written in a variant of C derived from the subsummed Lattice C, though the code is not really portable because M$ uses their own conventions rather than the ANSI C and C++ used by pretty much the rest of the computer universe.


You're just making stuff up now -- can you cite sources for any of your far-fetched claims? As for portability, Windows has been ported to a variety of architectures (i860, x86, MIPS, and PowerPC to name a few) and right now runs on two differerent architectures (x86 and IA64). 



EvanPitts said:


> I'd take less graininess if I can visit a web page without worrying about downloading who knows what kinds of viral junk...


Go take a look at all of the recent Safari vulnerabilities and explain to me how Mac OS X is going to prevent a third-party from executing arbitrary code on my machine after exploiting one of these vulnerabilites.


----------



## jeepguy (Apr 4, 2008)

EvanPitts said:


> That's in part why OSX weighs in at 10 millions lines of code, while the retrograde XP (with no service packs) weighs in at 80 million...






jfpoole said:


> Where'd you get these numbers? The only numbers I've been able to find put Windows XP at 40 million lines and Mac OS X 10.4 at 86 million lines.


from wiki

Year Operating System SLOC (Million)
1993 Windows NT 3.1 4-5[1]
1994 Windows NT 3.5 7-8[1]
1996 Windows NT 4.0 11-12[1]
2000 Windows 2000 more than 29[1]
2001 Windows XP 40[1]
2005 Windows Vista Beta 2 50[citation needed]



Steve Jobs said:


> (August 2006). Live from WWDC 2006: Steve Jobs Keynote. Retrieved on 2007-02-16. “86 million lines of source code that was ported to run on an entirely new architecture with zero hiccups.”



I just love looking up stuff..


----------



## jeepguy (Apr 4, 2008)




----------



## Silv (Mar 28, 2008)

This has been an awesome thread.. seriously.

So much about computers I've learned about and forgotten at some point.

Thanks for the great read.


----------



## Adrian. (Nov 28, 2007)

Yeah

sure has brought up a great conversation.


----------



## (( p g )) (Aug 17, 2002)

Silv said:


> This has been an awesome thread.. seriously.
> 
> So much about computers I've learned about and forgotten at some point.
> 
> Thanks for the great read.


I agree. This thread has been quality entertainment...and I learned a thing or two as well.


----------



## leep (May 21, 2008)

Hey everyone. Thanks for the extensive info (though I didn't understand much of it http://www.ehmac.ca/images/smilies/smile.gif. It seems that this forum is full of lively participants and mac experts.

Anyway, I purchased the macbook (white middle-cost model) this morning and even opening the box was exciting! Just ten minutes (even including the welcome screen) got me addicted. ive been on it since the morning and still cant let it out of my sight! Theres lots of neat functions that ive never seen before (like the magnetic ac adapter/ lid and battery life meter) and I now truly understand what an IDIOT I was to choose between the mac and PC (like comparing diamonds to rocks for a similar price).

Everythings great, but I am experiencing one problem. My wireless function fails to work properly. I can connect to my network, but "safari" will not let me load anything (the bar stops 1/4 of the way). Is there an update or driver that I have to install first or is my new macbook a defective product?


----------



## GratuitousApplesauce (Jan 29, 2004)

leep said:


> Hey everyone. Thanks for the extensive info (though I didn't understand much of it http://www.ehmac.ca/images/smilies/smile.gif. It seems that this forum is full of lively participants and mac experts.
> 
> Anyway, I purchased the macbook (white middle-cost model) this morning and even opening the box was exciting! Just ten minutes (even including the welcome screen) got me addicted. ive been on it since the morning and still cant let it out of my sight! Theres lots of neat functions that ive never seen before (like the magnetic ac adapter/ lid and battery life meter) and I now truly understand what an IDIOT I was to choose between the mac and PC (like comparing diamonds to rocks for a similar price).
> 
> Everythings great, but I am experiencing one problem. My wireless function fails to work properly. I can connect to my network, but "safari" will not let me load anything (the bar stops 1/4 of the way). Is there an update or driver that I have to install first or is my new macbook a defective product?


I doubt if it's defective based on that alone, but anyone who could diagnose the problem would likely need more info about what's going on. You have Applecare support (3 months, I think?) with your new Mac, you should give them a call. It's probably just a setting that needs tweaking.

Good luck with your new Mac. This forum is a great place for getting good advice and help.


----------



## Adrian. (Nov 28, 2007)

Try resetting your wireless router. It could just be that.

Cheeers


----------



## SoyMac (Apr 16, 2005)

(Sorry I can't help you with the Safari issue, but I'm sure it's something minor and you'll soon get some help)


leep said:


> ... even opening the box was exciting! Just ten minutes (even including the welcome screen) got me addicted. ive been on it since the morning and still cant let it out of my sight! Theres lots of neat functions that ive never seen before (like the magnetic ac adapter/ lid and battery life meter) and I now truly understand what an IDIOT I was to choose between the mac and PC (like comparing diamonds to rocks for a similar price)...


I can tell from just these few lines that you are right for the Mac life, and you will be over-joyed at having made this decision. Welcome to easy, fun, effective computer use!! :clap: 

And thank you, leep, for starting this very informative thread!


----------



## Guest (May 24, 2008)

leep said:


> Hey everyone. Thanks for the extensive info (though I didn't understand much of it http://www.ehmac.ca/images/smilies/smile.gif. It seems that this forum is full of lively participants and mac experts.
> 
> Anyway, I purchased the macbook (white middle-cost model) this morning and even opening the box was exciting! Just ten minutes (even including the welcome screen) got me addicted. ive been on it since the morning and still cant let it out of my sight! Theres lots of neat functions that ive never seen before (like the magnetic ac adapter/ lid and battery life meter) and I now truly understand what an IDIOT I was to choose between the mac and PC (like comparing diamonds to rocks for a similar price).
> 
> Everythings great, but I am experiencing one problem. My wireless function fails to work properly. I can connect to my network, but "safari" will not let me load anything (the bar stops 1/4 of the way). Is there an update or driver that I have to install first or is my new macbook a defective product?



Congrats leep, enjoy the new mac. It did turn into quite the thread LOL.


----------

