[dsrguru]

I don't think small market share was ever really a reason that Mac OS X didn't get traditional viruses. UNIX-based servers have always had a huge market share, and since servers are presumably a more desirable target of infection and cracking than home computers are, we would have seen traditional viruses hit UNIX machines a long time ago if it were realistically doable. Also, before Mac OS X became as popular as it is now, there were lots of Windows users who hated Apple fanboys and would have loved to write a wide-spread virus that targeted Mac OS X if possible. But it seems like Windows, especially pre-NT and pre-Vista and pre-7, but even now, has a unique vulnerability to traditional viruses. Obviously, Mac OS X can still get hit by trojans if people use intelligent social engineering, but I feel it's still not too much of a semantic exaggeration to say "Macs don't get viruses."

[felipeota]

There are a lot more Windows desktops than UNIX servers. Just picture that every UNIX server is in average serving more than one Windows machine.

Also, it is way easier to attack a desktop than a server. Desktop users are more careless than server admins and have many more different applications malware can use to gain access: im apps, browsers, media players, pdf viewers, flash runtimes, etc. To attack a server you have to find an exploit using an http, ftp or ssh request to a limited and more secure, in general, set of programs.

Apple is growing very fast and it is finding itself in that position now. You can see that in the new security measures of the Mac App Store. By limiting what apps itself can do you limit what malware gaining access to those apps can do. Maybe Microsoft should have done something similar to prevent Windows from being the virus hub.

[cooldeal]

This virus spreads from visiting malicious websites or websites with malicious ads. Since not much browsing happens on servers, there is no reason to target them.

>lso, before Mac OS X became as popular as it is now, there were lots of Windows users who hated Apple fanboys and would have loved to write a wide-spread virus that targeted Mac OS X if possible

What? Does that mean that some Windows viruses were written by Mac fanboys to make Windows look bad?

> But it seems like Windows, especially pre-NT and pre-Vista and pre-7, but even now, has a unique vulnerability to traditional viruses

How? Can you explain what you mean by Windows having a unique vulnerability that is not present on a Mac?

> Obviously, Mac OS X can still get hit by trojans if people use intelligent social engineering,

Again, this is a drive by exploit from a web page, not social engineering. Why is this so hard to grasp?

[dsrguru]

> This virus spreads from visiting malicious websites or websites with malicious ads. Since not much browsing happens on servers, there is no reason to target them.

Servers have a lot more information (thousands of credit cards, email addresses, passwords, etc.) than desktops. Criminals who seek personal gain rather than just mayhem would target servers.

> Does that mean that some Windows viruses were written by Mac fanboys to make Windows look bad?

No. To use sociological terms, Windows was the dominate group, Mac OS X the subordinate. When Mac OS X was starting to come into vogue in the first half of the 2000s, there were many fanboys that kept bragging about how their computers were infinitely better than "PCs", and everyone who grew up in the 90s and 2000s has surely had conversations with Windows users, often gamers or early /b/ users, who had almost a religious vitriolic hatred towards every aspect of Apple--Mac OS X, Mac computers, fanboys, "one-button mice", etc. Now that Mac OS X is accepted as a well designed OS, those fanboys and that hatred seem to be much less visible, although now lots of people dislike Apple for becoming the new Microsoft with regards to patent lawsuits, but I digress. The point is that whenever such vitriol exists, there are people dying to prove that they're right, in this case that Mac OS X wasn't immune to viruses like the "mactards" (that's one of the terms they called Apple fanboys) claimed. Did you really not witness this phenomenon of hatred in the early 2000s?

> How? Can you explain what you mean by Windows having a unique vulnerability that is not present on a Mac?

Mac OS X is essentially the Aqua window system atop Darwin, the OS's underlying system that descends from FreeBSD. As a form of UNIX, it does not give non-root users direct kernel access. Windows doesn't have this very logical restriction, and more and more ways are discovered to exploit this. Windows Vista and 7 have tried to mend this flawed infrastructure by asking users to explicitly authorize everything, but we all know how that's worked out.

> Again, this is a drive by exploit from a web page, not social engineering.

Escalation was allowed from the JRE vulnerability, but it was my understanding that initial authorization had to be given to run it. Edit: I just reread the article and it appears that this was a self-installing trojan. If that's the case, that certainly shows that vulnerabilities that allow self-installation as opposed to just privilege escalation do show up in Mac OS X from time to time, but from my limited experience, the main way to make use of trojans targeting Mac OS X is to use social engineering to install them (e.g. take advantage of the fact that Finder hides file extensions by default, and then change an executable's icon to that of an image, and then preserve the metadata in an archive) and then take advantage of a security vulnerability that allows privilege escalation. Such vulnerabilities are incredibly rare in Mac OS X since unlike Windows, kernel space is isolated from users.

[fpgeek]

> Such vulnerabilities are incredibly rare in Mac OS X since unlike Windows, kernel space is isolated from users.

That's just flat wrong and hasn't been true for an OS Microsoft has supported for mainstream use since 2003 [1]. Windows XP and all current Windows releases are based on the protected NT kernel which debuted in 1993 (with Windows NT 3.1). In fact, Microsoft and Apple stopped shipping OSes with unprotected kernels in the same year (2001) with Windows XP and OS X "Cheetah", respectively.

Look, Microsoft has made a lot of mistakes with respect to security (bad defaults, running as Administrator too often, too many low-level bugs, ...). Since OS X, Apple has had a much better security track record. That's why it is so frustrating to see people criticize Microsoft for mistakes they fixed a long time ago instead of focusing on current (or at least recent) issues.

[1] When Microsoft downgraded Windows 98/98SE/ME to paid support and critical security fixes only: http://support.microsoft.com/gp/lifean18

[dsrguru]

That can't be true. If NT-based versions of Windows implemented a system call mechanism that protected the kernel from users, XP wouldn't have been ridden with viruses, and there would have been no purpose in giving Vista and 7 the access control mechanism to warn users of potentially harmful system calls. By the way, Cheatah just refers to the original Mac OS X. Your phrasing "stopped shipping OSes with unprotected kernels ... [starting with] Cheetah" makes it sound like Mac OS X initially didn't have this protection, which is not the case.

[fpgeek]

First, Cheetah wasn't the first Mac OS X. There was Mac OS X Server 1.0 in 1999 (see: Wikipedia). Cheetah was the first desktop-oriented version of Mac OS X.

Second, I didn't imply that prior versions Mac OS X didn't have kernel protection, I implied that prior versions of Mac OS didn't have kernel protection. This is indisputably true (see: Mac OS 9). Personally, I find Windows / Mac OS parallel surprisingly close here: Windows ME is to Windows XP as Mac OS 9 is to Mac OS X Cheetah.

Third, UAC (User Account Control), the access control introduced with Windows Vista, is almost entirely unrelated to kernel protection (except that UAC would probably be pointless without it). The problem UAC tries to solve is "users running as an administrator too often", not "the kernel isn't protected from user programs". In other words, it is Windows' answer to sudo, not a fundamental change to the Windows kernel.