Did you catch the headlines? Macs get viruses. Macs can be hacked. Your Mac is in danger. You should buy virus protection software. Mac security is not as good as Windows. Will this nonsense ever end? The number of lies, distortions, mistruths, fabrications, and fear mongering makes the Mac seem like the Silicon Valley version of the health care hot potato in Washington. Who and what can you believe? Is your Mac in danger?
An education often results in a competition between facts and truth, and fear through misinformation. In any war, truth is often the first casualty. So it is in the desktop wars.
The next time your Windows-loving relatives point out that Mac gets viruses, give them this little primer. All of the following fall under malware. Windows has lots. Macs have almost zero.
All desktop computer systems, Mac, Windows, Linux, have vulnerabilities. Some are well known but not exploitable. Others may or may not cause you grief of any kind.
In my attempt to keep it basic and simple, I offer the following:
A security risk may be classified as a vulnerability. A vulnerability with one or more known instances of working and fully-implemented attacks is classified as an exploit. The window of vulnerability is the time from when the security hole was introduced or manifested in deployed software, to when access was removed, a security fix was available/deployed, or the attacker was disabled.
In other words, your computer—Mac, Windows, Linux—is likely to have far more vulnerabilities than exploits. Even with an exploit, the hacker has to find a way to connect to your particular computer. That’s easier said than done.
Hackers want to find a way in. They need a known or unknown vulnerability on your Mac. And an exploit.
An exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). This frequently includes such things as violently gaining control of a computer system or allowing privilege escalation or a denial of service attack.
Once they figure out a way to exploit the vulnerability, they still may or may not hack your Mac. Why? They have to get in.
There are several methods of classifying exploits. The most common is by how the exploit contacts the vulnerable software. A ‘remote exploit’ works over a network and exploits the security vulnerability without any prior access to the vulnerable system. A ‘local exploit’ requires prior access to the vulnerable system and usually increases the privileges of the person running the exploit past those granted by the system administrator. Exploits against client applications also exist, usually consisting of modified servers that send an exploit if accessed with client application. Exploits against client applications may also require some interaction with the user and thus may be used in combination with social engineering method.
All this is easier said than done and occurs far more often on Windows PCs (whatever the flavor) than Macs. How much more often? Tens of thousands of times more often.
Why do Macs not get viruses?
A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner. The term “virus” is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability.
See a problem with common terminology? A virus replicates itself and can infect other computers. That happens so seldom on the Mac that even the proof of concept viruses for OS X can be counted on a few fingers.
A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.
There are other reasons why this happens so seldom on a Mac. Say, “Thank you, Unix permissions.”
If a virus replicates itself by attaching itself to an existing file or program, what does a worm do?
A computer worm is a self-replicating computer program. It uses a network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. Unlike a virus, it does not need to attach itself to an existing program. Worms almost always cause at least some harm to the network, if only by consuming bandwidth, whereas viruses almost always corrupt or devour files on a targeted computer.
The worm doesn’t need to attach itself to any other program. It connects and causes damage by itself. But how does the worm get transmitted or exchanged from one computer to another?
The Trojan Horse
One method that hackers use to distribute their malware is through a Trojan Horse.
A Trojan horse, or trojan for short, is a term used to describe malware that appears, to the user, to perform a desirable function but, in fact, facilitates unauthorized access to the user’s computer system. The term comes from the Trojan Horse story in Greek mythology. Trojan horses are not self-replicating which distinguishes them from viruses and worms. Additionally, they require interaction with a hacker to fulfil their purpose. The hacker need not be the individual responsible for distributing the Trojan horse. It is possible for hackers to scan computers on a network using a port scanner in the hope of finding one with a Trojan horse installed.
So, if you visit a nefarious website in the hopes of downloading Jessica Biel’s latest naked photos, you might be downloading a Trojan Horse instead. You are responsible for downloading and installing it.
Once a Trojan horse has been installed on a target computer system it is possible for a hacker to access it remotely and perform operations. The operations that a hacker can perform are limited by user privileges on the target computer system and the design of the Trojan horse itself.
Why are there so few viruses, worms, and Trojan Horses for Macs? Is it because the Mac’s market share is so small compared to Windows PCs? No. If that were the case, there would still be thousands of malware for the Mac. There’s not.
All the malware added together for Macs can be counted on two hands and still give you enough fingers to show the hackers you know sign language. Unix permissions help because it’s difficult to change files or add damaging files without administrator access. Plus, historically, it’s been more difficult to distribute malware to Macs than Windows PCs.
Do Macs have vulnerabilities? Of course. Virtually all computers do. Are there exploits for those vulnerabilities? Yes. But not all. Even with an exploit a hacker has to have access to your Mac.
When someone tells you Macs get viruses or worms, ask them what they mean. Again, counting all Mac viruses and worms on two hands will get you plenty of fingers left over. Most of those have been poorly constructed and are not in the wild. You’re in no danger.
What about a Trojan Horse? Yes, the exist for Macs, too. Wil once gave me a little script which I double clicked. It was one click away from erasing my Mac’s hard drive. It’s that easy. A Trojan can be hidden in a downloaded file, and you install it. So be careful what sites you visit and what you download. Macs are not immune to a Trojan. There just are not very many.
Can your Mac be hacked? Sure. But it’s unlikely to be hacked unless you’re the cause. You and your Mac need more protection from those who Attack Your Mac With Misinformation.