Sick ComputerIf you read some of the mainstream press lately you would be easily led to believe that OS X now has as many viruses, worms, spy-ware, ad-ware, and exploits as Windows users has suffered through. Well this is NOT true at all.

First, what is a computer virus? Well, a “virus” is a self-replicating/self-reproducing-automation program that spreads by inserting copies of itself into other executable code or documents as explained nicely on Wikipedia. Computer “worms” are similar to a “virus” but do not need to be part of another program to propagate themselves. See the wiki on computer worms. Well the point is self-replicating/self-reproducing-automation program that spreads by inserting copies of itself into other executable code or documents is what makes a virus! Just like a biological virus that people get. All you need is to come into contact with a person that has a “virus” and you can get sick without any action from you! Spreading from person to person. In the case of computers, spreading from computer to computer.

Computer viruses can be as bad to computers world-wide as the Bubonic Plague was to people in the middle ages. There have been computer viruses that have spread in a matter of hours, that have affected tens-of-millions of computers.

Spyware and Ad-ware have also become a huge problem. Spy-ware does not usually self-replicate. However, spy-ware exploits infected computers for commercial gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements; theft of personal information (including financial information such as credit card numbers); monitoring of Web-browsing activity for marketing purposes; or routing of HTTP requests to advertising sites. I am sure you have seen this on a Windows machine were windows will pop-up all over the place when you were trying to browse, many times with very questionable material.

Computer Virus

A “script” is a term that refers to lines of code that are executed to perform some task. They can be a Windows-type batch file, a UNIX shell-type script, an Applescript, etc. Scripts can be helpful or harmful depending on what it does. If someone sends you a “script” that can trash some of your files when it asks and you put in your admin password, and it does not spread to others. Is this a virus? NO! If I trash my own files, am I a virus? NO! This would NOT be self-replicating/self-reproducing-automation program that spreads by inserting copies of itself into other executable code or documents.

Some History
Windows has suffered many security woes. Mostly due to the fact that Windows was never designed with networks (computers strung together), multiple users, or the Internet in mind. It was based on DOS (Disk Operating System) a stand-alone machine with one user.

Mac OS X is based on FreeBSD UNIX. UNIX was invented at AT&T in the 1970′s as a “multi-user” networked computing platform from day one. Its use was based on thousands of users connected thru terminals to a mainframe computer all at the same time. Connected users had the ability to use their own resources, fully separate and secure from the other users. In fact, most users could not even tell there were any other users. Sounds a lot like the Internet, doesn’t it? This is the same model for Linux, as Linux is also derived from UNIX.

Microsoft has been strapped with an old legacy operating system and has not been able to correct all of its security woes. One reason is they have been afraid by moving users to a more modern OS, many applications will be broken giving fits to its large user base. Apple’s OS X is a more modern OS for today’s connected world.

Security: OS X vs Windows
The security model for Mac OS X is quite different than Windows. With OS X (client) the root password is never enabled by default. I usually suggest you keep it this way. There are two levels of users under root. Administrators and Limited users. You need an “admin” account and password to install anything or change anything. Limited users can only use whatever was allowed when the account was setup and can usually install nothing. Every file on an OS X system belongs to “someone” and only they can use or decide who can modify them. Except if a “root” users was enabled as root user is a superuser and can control all system resources. Most critical System resources can only be modified by root. Since “root” is disabled by default, most of them can not be modified without first enabling root. It is not easy to enable “root” for the average user, nor should it be done. Even advanced OS X users really never need to enable root.

Windows has little in the way of built-in security like this UNIX model. It relies on technology that has been added by Microsoft over the years. OS X security can be said to be “built-in” while Windows has it “bolted on”.

What does this mean in the real-world to users? Well nothing can be installed on an OS X system without at least an “admin” password. Critical system settings can not be modified except by root, and root is shipped disabled. Mac OS X will always ask for an admin password to install an application, run a script, or execute code. If you download a file using Safari (OS X default browser) containing an application or a script, OS X will prompt you telling you that this file contains an application and asks you to click on continue to even finish the download. Then if you want to install or execute the file, you will still need an admin password. OS X will never just install something without you knowing it and you must use your admin password.

This is a world of difference on a Windows system. Windows systems usually require no password to install applications. Internet Explorer, Microsoft’s default browser contains ActiveX controls that can execute code without the users intervention. This was invented to do good things for users. But unfortunately has a long history of security issues. I usually advise Windows home users to get Firefox and not use Internet Explorer for this reason. Most people using Windows are running their system as an admin (Windows version of root) leaving them open for many security problems and exploits. This is not their fault, as it is a bit harder to set up Windows for limited user. Some applications will not work very well if you try to run them as a Limited user. It all goes back to the legacy of Windows and DOS.

Anti-Virus and Anti-Spyware
Windows users are forced to use an Anti-Virus and an Anti-Spyware application to keep their machines un-infected or risk losing their data and their time dealing with problems. They must update not only Windows, but their Anti-Virus and an Anti-Spyware applications as well. These applications must run in the background at all times to be effective. With today’s worms and spy-ware, once a computer has it, it may be absolutely impossible to remove it. So you must stop them before they install themselves.

Not only does these Anti-Virus and an Anti-Spyware applications cost time and money. But they use valuable resources of your computer, slowing down the tasks you are trying to perform. The Anti-Virus and Anti-Spyware business is huge and making billions trying to protect legacy-based Windows computers. So big in fact, that Microsoft themselves are now in this business. They will be soon selling you security, for their un-secure OS! Another important aspect to look at when measuring the cost-of-ownership os a Windows system.

Many Mac users run NO Anti-Virus application at all! Why? Well there has never been any viruses or spy-ware for Mac OS X, no matter what you may have read. Big difference between a computer exploit and a virus as I will explain.

The Small Market-share Myth
Many mainstream media types theorize that due to the Macs smaller market-share there have been no viruses for OS X. Now it is true that the Mac user base is small as compared to Windows. But it is not that small. There are ten-of-millions of Macs running on the Internet as well as ten-of millions of Linux machines that have had few exploits or viruses. Fact is OS X has a stronger security model than Windows and is harder to exploit. It is not just a smaller market-share.

Most of the source code for Windows is a closely guarded secret by Microsoft. They claim that this is done to NOT give “hackers” an edge in exploiting Windows. Mostly, it is to keep proprietary code proprietary! FreeBSD (the underlying code-base for OS X) and Linux are open source and every line of code is freely available to anyone for download on the Internet. There are few secrets. Anything a “hacker” wanted to know on what makes up these systems is right there for them. Yet there have been few exploits! Since Linux runs most of the largest websites (as well as the smaller ones also) like Amazon, eBay, Google, and others you can not say it is not a good target or suffers from a small market-share.

No sorry, as it may be true that OS X has a much smaller market-share than Windows. This is not the main reason it has such a better security track record than Windows. Mac OS X and Linux simply have better security. The Windows security flaws seem to be endless throughout the OS, causing Microsoft to scramble regularly for a quick fix, like applying band-aids. Companies spend loads of money on staff to just patch Windows! Then spend money on fixing the applications Windows broke after the patch.

Security Updates
Apple has done a very good job so far keeping ahead of security exploits on OS X. They usually put out a simple to install update around once a month or so that comes to you automatically using the built-in Software Update located in the OS X System Preferences. You still choose what you want to update and MUST provide your admin password. Nothing is installed without your knowledge.

This is much different from Microsoft’s Windows Update. Which you must use Internet Explorer to go to the Windows Update website to find updates. If you choose to install updates automatically on a Windows system, it will go ahead and install all the updates without any user intervention. NO password needed. This alone has caused much heartache for many Windows users as they sometimes get updates installed automatically that breaks applications or causes problems.

I have seen many Windows computers were Windows Update just no longer works anymore for one reason or another leaving the Windows user stuck with a machine that no longer updates. Microsoft has been a bit slow addressing these issues in my opinion. You should not need an IT department just to use your computer. Any Windows user knows tech help from Microsoft is lacking to put it a nice way.

Many of the Anti-Virus and Anti-Spyware application makers have had a hard time getting Mac users in recent years to pay for their services due to Mac OS X’s good security record. Some have actually gone out of business. This has prompted them to come up with all sorts of “proof-of-concepts” to show users they are not safe using OS X without their products. These “proof-of-concepts” are theories of how an something bad can happen, NOT real world viruses in the “wild”. They are trying to prompt the OS X user-base to buy their products, seems the Mac market-share is significant enough to make a lot of money.

Some of the experts the mainstream media like to quote actually work or are funded by some of these large Anti-Virus and Anti-Spyware application companies. Also there seems to be a lot of Windows centric websites that can not wait for a true Mac wide-spread virus to happen so they can claim that it is not just Windows. Many of them have done the same thing to the Linux community and they are still waiting.

As I always tell my Windows only peers, when it happens, or if it happens, it would STILL be something like 70,000 to just ONE! You can look on the Internet and see a story about yet another Windows exploit practically on any given day.

If you connect an unprotected Windows XP machine, without at least SP2 (service Pack 2 from Microsoft) installed to a broadband connection it can become infected in less than 20 minutes without you doing anything! If you run Windows, protect yourself. Run Windows update, get a good Anti-Virus and Anti-Spyware package. Update often.

Watch Social Engineering
As it is true that Mac OS X has very good security and requires an admin password to install or run code. You still should be careful, not to install or run a script you are not sure of. Even if it is not a virus, worm, or spy-ware a malicious script can still mess up your machine. Someone can easily write a script to do something bad to your Mac. But in most cases it is you that has to provide your admin password unlike your Windows friends.

Now there are some not so nice people who use social engineering to get you to foolishly put in your admin password for an application posing as something else. NEVER EVER put in your admin password to install anything, except from trusted sources. If you are told that a file is a picture, you should realize you do not need to put in an admin password to simply view a picture! If you are told that the file you are looking to install (especially from a questionable source) is an application. Take a look at its size, most applications are larger than a few kilo-bytes. Never install anything questionable.

The mainstream media has had a habit of over-blown and inaccurate reports on OS X security, especially lately. One recent report that a user was sent a file over iChat IM (Instant Messenger, like AOL IM) that they were told that were pictures of a future Mac OS. After receiving this very small file (how can a picture be so small?), they clicked on it. It asked for their admin password (why would a picture file need an admin password?). They gave the password and it erased some files on their Mac. This exploit is NOT a virus, but it caused the user who did this a problem.

This exploit was guesstimated to have maybe affected up to 50 users. A far cry from the millions and millions of OS X users. Apple has already addressed this particular exploit in a recent security update. This is not a virus and did not break OS X’s security model. What the exploit did was use “social engineering” to get a user to do something stupid. Not a worthy exploit to take up so much space on so many mainstream media websites. Certainly NOT a virus as some have called it.

Do not worry, when I see a “real” virus on OS X I will let you know. I am not telling you to go to sleep on security. I am telling you to be careful and mindful of possible exploits. Basically, don’t be stupid! Back up!

Mac users are lucky that backing up to an external drive is so easy with freeware and shareware. These clones are also easily boot-able. Allowing you to be back up and running in minutes. Cloning and booting from external drives is NOT nearly as easy for Windows users. See OS X Tip #20: Clone Your Mac and Never Lose a Thing. I have automated my backups so my Mac backs up every week without be even being there using a firewire drive and Shirt-Pocket’s SuperDuper.

Not to pick on all mainstream media. Here is one that got it mostly right.
Triple threat to Mac OS X largely academic

 Email Post  Print Post |