On Macs and Viruses
I am going to make this my single, definitive posting on Macs and viruses. It’s a topic that comes up almost every day in discussion with other people, and I simply hate repeating myself every single day. So this one posting shall serve as my only commentary on this issue. If necessary, I will come back and update this posting in the future.
If you want the summary of this posting, here it is:
There are NO VIRUSES — and there have NEVER BEEN ANY VIRUSES — for Mac OS X. This is an unarguable fact.
That’s it. The End.
Okay, if you really want the detailed discussion of this topic, read on.
A recent email discussion came up amongst my friends regarding Macs and viruses. Here’s the exact thread of our conversation.
I’ve been using Safari and FireFox kind of interchangeably on my Mac. I have a slight preference for the page rendering of Safari. Recently though Safari began pegging my CPU cycles at 98 – 100 (actually 103% sometimes!?) as reported by Activity Monitor.
Anyway, I’ve now switched to FireFox full-time and having no problems, but I’m still curious. Has anyone else seen this? Was the machine under some kind of attack perhaps?
It happened shortly after I installed Norton Antivirus on the Mac, so I wonder if that was involved.
Some of my clients started getting spam emails that could only have come from someone hacking some of my recipient lists – cc’ing a group of people that included some of my personal/family email addresses and client addresses (strangely enough some 4 year old client addresses). I don’t think they came from someone hacking into my computer, but it was disturbing enough that I wanted to add some protection to my Mac; and wanted to be be able to TELL my clients that I had. Not a lot of anti-virus programs available for the Mac, so I chose Norton kind of at random. I know their Windows products have been getting good reviews recently
I replied with:
There are absolutely ZERO viruses for the Mac. Not “a few”, not “some”, not “a couple”, but ZERO. Compare ZERO to the approximately 350,000 viruses (actually, I think it’s more) on the PC. Norton AntiVirus on the Mac is a horrible product… Norton does NOT make quality products for the Mac. Norton’s Mac products are known to crash systems, damage files, and all sorts of other nefarious behavior. I would never put anything named Norton on any Mac ever. On the other hand, VirusBarrier is a really good virus program for the Mac. The only reason to get an antivirus software for the Mac is to help protect your fellow humans who use PCs, because Mac users can silently pass on a virus from their computer to a PC user… for example, if they inadvertently receive an infected file from a PC user and then email it on to another PC user. But the bet way to help your fellow humans is to tell them to burn their PCs altogether and get a Mac. If you’re having Safari problems on a Mac, it’s NOT a virus. It’s something else.
Then Joshua said:
scott, the latest “conficker” virus has even my mac friends sweating. though i tell them the same thing you just wrote. is there a good source for this info?
Then Michael said:
My feeling is not to install anti virus software on the Mac it is absolutely not needed, there are no viruses for the Mac and Norton has always been considered crap software on the Mac, causes all kinds of problems!
Bob (still not convinced) said:
Has anyone else seen Safari hit their CPU like this? On the virus note, I know there hasn’t been much nefarious activity successfully hitting OS X yet, but that’s no reason to be complacent. It’s only a matter of time before someone successfully targets the Mac platform. When they do it will be all the worse because so many users don’t think it can happen to them. See this Washington Post article. Other than this Safari thing, which may not be related to Norton at all, the Norton Antivirus software has been easy to live with.
I responded with:
“When they do”? Don’t fall into the hysteria behind that CanSecWest contest — the point of the contest is to discover & report vulnerabilities to vendors such as Apple, so they can fix those vulnerabilities immediately. Well, at least Apple does. Microsoft usually doesn’t get around to it for a few years, if at all.
“In the years between 2002 and 2007, Apple released 815 patches compared to 678 by Microsoft. […] In that timeframe, Apple shipped 38 significant feature and security releases. In contrast, Microsoft only released a total of seven updates over that period, including Windows XP SP1 and SP2; Windows Server 2003, SP1, R2, and SP2; and Windows Vista.”
The entrants in the contest are forbidden from releasing the vulnerability information to the public — they are required to tell the vendors about the vulnerabilities they’ve discovered.
And lest you believe all the hype behind that contest about the “Mac being exploited”, Windows was also hacked as well — just a few seconds after the Mac computer was hacked. There were browser exploits found on both platforms. The point is that Apple takes these exploits seriously and fixes them immediately. Even the guy who won the contest by exploiting the Mac recommends the Mac over Windows. His personal computer of choice is a Mac.
But again, let’s take a look at the REAL WORLD. In the REAL WORLD — the one where REAL PEOPLE LIVE, not where these security contests take place — there are ZERO viruses for the Mac. Not one, not two, not a dozen. Zero. Meanwhile, there are hundreds of thousands of active viruses, spyware, and other security vulnerabilities for the PC that affect tens of millions of people on an hourly basis all across the world, in every single country on the planet. There’s no denying that.
Again, as I mentioned in my previous post on this thread, if you still want to install antivirus software on the Mac to protect your fellow PC users, Norton Antivirus is not the recommended antivirus software for the Mac. It has a very long history of screwing majorly with the system, up until as recently as just a few months ago. The recommended one is VirusBarrier.
If the entire Mac has slowed down, then there’s something certainly going on… but it’s not a virus. First, you should completely uninstall Norton Antivirus. That’s clearly the most obvious culprit of all. Then, you should run a series of troubleshooting & maintenance steps on the Mac. An archive & install of the operating system might even be necessary. Hey, it might even be a dying (or almost full) hard drive. I have a 175-point “spring cleaning & maintenance” checklist that I perform on my clients’ Macs when people hire me to do complete spring cleaning & maintenance on their machines.. If you need a few pointers, some of the most important things at the top of my checklist include: running Disk Warrior, repairing permissions with Disk Utility, verifying the SMART status of the drive, run keychain first Aid, run UNIX maintenance scripts & clear caches with Cocktail, resetting Safari, delete & rebuild the Spotlight index, zap PRAM, reset PMU (under certain circumstances), run Apple Hardware Test, check if there’s enough RAM installed, check if they have less than 10% of the hard space available, run all software updates, update any 3rd-party system preferences, run all MS Office updates, install or update to the latest version of Flip4Mac, Flash Player, and MS Silverlight, update the Airport Base Station firmware. There’s many more things on the list, but those are some of the top ones. If those top ones don’t fix the problem, then you should investigate doing an archive & install of the OS.
I then sent another email:
And, to answer Joshua’s previous questions on this thread:
Also, I like the site MacDailyNews which has extremely biting & aggressive commentary on all sorts of Mac news stories, and usually backs up their stories with lots of sources & references.
For example, here’s their article on the recent CanSecWest contest:
Safari hack wins Pwn2Own; Triggers annual feeding day for Windows sufferers’ Stockholm Syndrome
And here’s their article on the recent Conficker worm:
Conficker worm hits University of Utah’s Windows PCs; Apple Macs unaffected
I wish everybody would wake up and get it that Microsoft does not care about the consumer in any sense of the word. All of their behavior is anti-consumer, and it shows in their low-quality products, anti-consumer DRM deals, closed proprietary products, and much more. I literally could write an entire book on this topic, and I actually may do so at some point. I mean, Microsoft EVEN MAKES FINANCIAL DEALS with spyware companies to let their spyware infect your machines! For example, in July 2005, Microsoft came under fire when it revealed that Microsoft’s anti-spyware product would no longer label Claria software (a spyware and adware maker) as “spyware”.
And there’s more details on Microsoft’s tactics here, with lots of good source links.
All of us on this list are technology consultants in the field. It is all of our moral responsibilities to our fellow human beings on this planet to help them make the switch to a computer platform that is reliable, dependable, easy to use, free from spyware & viruses, mostly free from headaches… and from a company that can be trusted to look out for consumers’ best interests… and a company that wants their users to feel empowered & creative, instead of trying to make their users feel frightened. And if our clients still need to run a piece of Windows software, they can run Windows on any Intel-based Mac at full speed. My clients who are running Windows on their Mac tell me that Windows runs better on a Mac than it ever did on a PC. It is our responsibility to get our clients out of the mindset of “saving a quick buck” and instead helping them think & prepare long-term. Macs also last, on average, 3 times longer than the comparable PC. A lot of this has to do with the fact that Apple’s newest operating systems will install on very old hardware, but also because Apple uses higher-quality parts that last longer. There’s really very little reason these days to be putting people on PCs.
Actually, there is one reason to keep people on PCs: to make more money as a consultant. I know that as a Mac consultant in Los Angeles, that I am often like the Maytag Repairman: waiting around for a call, hoping that somebody calls me with a problem. I make most of my money from FileMaker Pro development for these same clients. Their Macs just keep humming for years & years.
Then, Jeremiah jumped in with some great humor:
No religious zeal here. My attitude towards anti-virus is pragmatic. I do a cost/benefit mental exercise as follows:
1. Definitions are the only effective and efficient way to stop viruses.
2. On Windows, there are thousands of definitions, and therefore AV software is effective and efficient.
3. The only way to create a definition is to have something to define.
4. AV without definitions requires heuristics.
5. Heuristics is defined as, “proceeding to a solution by trial and error or by rules that are only loosely defined.”
6. Heuristics is a bleeding-edge, process-intensive attempt to trap previously undiscovered threats in the wild.
7. I’m not willing to donate my processor time to finding the first-ever virus on a Mac.
8. I’m comfortable with infinitesimal risk that I could be the in the first wave of people to be afflicted if a Mac virus is ever created.
9. The day the first Mac virus definition is created, I’ll be first in line to install AV on my Mac.
And then Doug said:
I was very surprised to hear Leo Laporte “The Tech Guy” on AM 640 today said that, because of viruses, spyware, etc, Windows is for businesses with full time IT people and that if you are buying a computer for someone, buy them a Mac. He did say that he expects that there will be viable viruses for the Mac one of these days. :-)
I continued by saying:
And that’s exactly why IT Departments loathe Macs and won’t recommend them. Because they know that they would all be out of jobs if they switched their companies to Macs. Hell, if it wasn’t for FileMaker, I wouldn’t have much Mac troubleshooting work to do either. I have 150 clients in Los Angeles running Macs, and they almost never have any problems.
Then, Jeff chimed in to say:
Scott, I’ve always used Safari on my Mac, but two years ago I had to disable Norton to do another installation. As soon as I did, I began to watch files disappear from my directory right before my eyes! About one every two seconds. These files were GONE before I realized what was happening and shut down. Restarting restarted Norton and the damage stopped. If this was not a virus or worm I don’t know what it was. A blanket statement the Macs CANT get viruses through Safari is, IMHO, not true. A blanket statement that Norton won’t let them in seems also to be untrue.
So I was forced to respond with:
Jeff, if you could please back up your statement with documented proof of any real Mac virus in the wild in the last 9 years, I would be tremendously interested in seeing this information. And this would also be a breaking news story. I think there may have been 2 or 3 worms or trojan horses over the last 9 years — but those are not viruses, as they require interaction from the user to download, install, and enable them (usually by typing in their admin password).
The fact that Norton was even installed at all when your problems took place is cause for alarm and a red flag right there… Norton’s Mac products (both Norton Utilities for Mac and Norton AntiVirus for Mac) have a LONG HISTORY of causing file damage, file deletion, system damage, and system slowdowns on Macs… dating all the way back to the Mac OS 8.5 days and earlier.
Norton AntiVirus for Macintosh causes Mac vulnerability
And here’s another one from way back in 2005:
“This was a false positive generated by Norton Anti-Virus, and in fact, Norton Anti-Virus’ attempt to eliminate the non-existent ‘trojan’ can cause a host
of other issues, including kernel panics and extreme slow-down in some applications.”
Here’s another article from 2006 with lots of Norton AntiVirus problems listed in it.
Here’s a more recent article from 2008:
There’s actually dozens upon dozens of more stories like this. These articles even go back into the 80’s and 90’s. Here’s one from 1998:
But hey, I obviously don’t know for sure if Norton was the cause of your files getting deleted — it’s possible that you may have had directory corruption which could cause files to appear like they’re being deleted, but in reality, you just needed to repair the directory with a tool like Disk Warrior. (Of course, Norton could’ve been the cause of the directory damage in the first place.) And there’s other reasons that files could disappear too, like a failing hard drive.
Anyways, these are the 2 points I am trying to make here. I want to be as clear as possible:
1. There are NO VIRUSES — and there have NEVER BEEN ANY VIRUSES — for Mac OS X.
2. Norton’s Mac software programs — Norton AntiVirus for Mac and Norton Utilities for Mac — have a very long history of doing more harm than good to a Mac system. This is known and documented.
Then, Michael spoke up again:
I agree with Scott 1,000 (that’s one thousand) percent. I’ve seen Norton corrupt hard drives. I’ve fought uninstalling it and cleaning up the mess it made on my clients’ computers. THERE ARE NO VIRUSES ON MACS, PERIOD. I don’t worry one second about getting the first Mac virus sometime in the future, I know IF it happens, I will have time to protect myself.
My twin brother does IT at a private school in the valley for Windows computers. He used only Mac before that, but gave it up seven years ago when he desperately needed a job. He tells me all the time that if I want to make a lot more money doing support, that I should learn to fix Windows because there are so many more problems with it, I would be busy all week long instead of just part time. I passed on the idea.
Then, Jeff got defensive and replied with:
What kind of “documentation” would you be referring to? I told you “my” story which for me is all the documentation I need. All I did is turn off Norton to do an install. And the second I did so, files started disappearing from a folder open on my desktop, from bottom to top, at a rate of one every two seconds or so, until I shut down. IMHO, these facts point far more plausibly to a “latent” virus or worm (perhaps a quarantined one) just waiting for me to let my guard (Norton) down. Scott, It’s not my intention to argue with you on this. I merely stated my single, lone, virus experience to the group. Your mileage may differ.
And I replied with:
Jeff, I fully 100% believe that your files disappeared. I am NOT questioning your experience at all.
I’m just saying that it is technically impossible that a Mac virus caused it to happen. It was something else, and it very well may have been a bug in the Norton program.
Oh, by the way: on the other hand, if somebody is running Windows on their Mac and they have mounted a Mac folder or volume within their Windows environment with write privileges, it is possible that a Windows virus from within the Windows environment (while the Windows environment is running only) could affect that Mac folder or volume. That’s because Windows would be treating it as just another folder or volume within the Windows environment. To protect against this, they would need to install Windows anti-virus software within their Windows environment (not within their Mac environment). Again, though, this is a Windows virus problem.
Bob then came back full circle to his original inquiry, wisely avoiding the virus discussion:
Great discussion about viruses, but has anyone else seen Safari peg their CPU on OS X, as I describe? Anyone have a clue as to what was going on?
Dan chimed in with some very helpful information:
I backed up Dan’s claim with this information:
Bob simply would not stop, and continued with:
I agree with you guys entirely.
In my case, when clients began getting spam/phishing emails with my sister’s personal email address in the “cc” address (along with other client email addresses) I had to seriously consider if this may be the first evidence of a virus infection on my Mac, where I do my emailing. I immediately downloaded virus software and scanned my drive. I left the software running for a few weeks; it’s now installed but inactive.
As I expected, the only problems it reported were what looked like Windows Trojan Horses in some Word docs sent to me by clients many years ago. I actually think these were false positives. I did report back to those (personal and professional) that spammed that I had taken steps to ensure that I was not the source of the emails.
I expect that were living in a “Golden Age” on OS X were we are relatively secure from Internet attacks. I don’t think we can assume that OS X will always be safe and have to avoid being smug. There is no substitute for being careful and vigilant.
So obviously, I had to keep going by saying:
I do not believe that Mac users are living in a “Golden Age”. I believe that it will always be this way. The “Golden Age” that you are describing is one of the core differences between Mac OS X and Windows. Mac OS X is secure, Windows is not. Mac OS X is based on open source UNIX, Windows is not.
Mac OS X Security Detail (PDF)
And regardless of whether or not this miraculously changes in the future, let’s take a look at TODAY. Windows users have been fighting legions of security problems since Day One, and are affected every single second of every single day in every single country around the world.
Mac users, on the other hand, sit around thinking about what creative projects they want to work on next.
Oh my god, I really can’t believe it, but Bob CONTINUES this discussion by saying:
In one of the earlier attached articles a “winners” of a hacking contest said that as Windows 7 and newer versions of IE come into use, that many of the common Windows exploits would be closed and that Macs will start to get more attention from the “bad guys”. Apparently right now it isn’t just a market share issue – it a time reward thing. Yes, Macs may have a large enough share to be worth attacking, but because of the easier “holes” in Windows, in addition to the market share, it just isn’t worth the effort to target Macs right now. Let’s hope Scott is right, and it never will be…
There is absolutely no way that I would leave that common misperception as the final statement, so I added:
Look, all of us could sit around and pretend to be fortune tellers & psychics, predicting the future. I know it’s one of the things that I personally love to do all the time. But regardless of what may or may not to happen in “the future” (queue up mystical music here) to Windows 7 or Mac OS X Snow Leopard, facts remain facts. Zero viruses for Macs. Over 350,000 exploits for Windows — and I believe that is a conservative number. And yes, of course it’s a time reward thing — why burglarize a skyscraper with bulletproof glass and 24/7 laserbeam robotic security guards… when you can burglarize all the shacks that people bought for $499 from Dell?
For more updates on the unthinkable state of viruses on Windows PCs — including new virus attacks on Windows — please see all of my comments in the comments section below.
I hope you enjoyed this article. If so, please donate a small amount so that I can continue to post blog articles like this in the future: