Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

IHelpId10t5

macrumors 6502
Nov 28, 2014
486
348
My malware protection is: Don't type my administrator password for stuff I'm not choosing to install

santaliqueur is certainly right. Unlike Windows, there are no drive-by infections on the Mac. In all cases the user must be fooled to infect themselves by 1) overriding GateKeeper, 2) then purposely entering their admin password.

The one unfortunate thing that I find very frustrating is that Google and other search engines do a horrible job of allowing untrusted and bogus download sites to rank above the software's source website. Therefore, for uninformed users its like a minefield for them to find the safe place to actually download even very trusted software. Therefore you can't just tell a friend that they should download a particular application by name, you need to actually give them the URL to the source website or it's very likely that they will end up downloading a trojanized copy or one with a crapware wrapper added by on of the "download" sites.
 

simonsi

Contributor
Jan 3, 2014
4,851
735
Auckland
Not so... it has been patched now, but the Flashback trojan could infect an unpatched Mac just by visiting an infected web site. No admin password was needed.


He did say "are" rather than "ever have been", TBH anyone still running Lion unpatched probably has other issues or is running on older HW (for other reasons), with the security risks that entails.

IIRC it could not infect other machines directly as with a true virus but could only be obtained by an infected website? A good reason for the world to ditch Flash and Java tbh...
 
  • Like
Reactions: Erdbeertorte

Weaselboy

Moderator
Staff member
Jan 23, 2005
34,491
16,218
California
He did say "are" rather than "ever have been", TBH anyone still running Lion unpatched probably has other issues or is running on older HW (for other reasons), with the security risks that entails.

IIRC it could not infect other machines directly as with a true virus but could only be obtained by an infected website? A good reason for the world to ditch Flash and Java tbh...

I think that is splitting hairs. It is still a drive by Mac infection... period. Everybody likes to just gloss it over like it never happened.

I agree it is not a virus, but a trojan. I also agree on no Java or Flash being a good idea. :)
 

IHelpId10t5

macrumors 6502
Nov 28, 2014
486
348
but the Flashback trojan could infect an unpatched Mac just by visiting an infected web site. No admin password was needed

Not completely true. The early versions of Flashback absolutely did require the user to type their admin password. Flashback not only required that the user had Java installed and enabled in the browser (an exceptionally bad idea), but it would present an installer dialog that looked to the user like an Adobe Flash installer (that required an admin password to install). Eventually, an "improved" version of Flashback was released that could bypass admin prompting. However, this was long after both Oracle and Apple had patched Java. Therefore, you are correct that Mac users that never install OS updates could have been exposed at some point. Mac users that do install Mac OS updates as prompted would have never been at risk however.
 

IHelpId10t5

macrumors 6502
Nov 28, 2014
486
348
I also agree on no Java or Flash being a good idea

I certainly agree with you here. I have not had Java installed on any of my computers (Mac, Win, Linux) for many years, and have dropped Flash over a year ago as well, to eliminate the massive risks involved with these plugins. The world would be a much safer place if we could banish plugins from browsers. That, along with click-to-play, and a good ad blocker locks things up tight.
 

GGJstudios

macrumors Westmere
May 16, 2008
44,556
950
Old School:
OSX/Leap-A back in the day was a true floppy to floppy virus. Probably not a concern today.

Today: (and probably on your Mac right now):
Thunderstrike2 or a version of it.
Leap-A was a worm/Trojan that required user interaction. It was not a virus and could not propagate to other Intel Macs.

Thunderstrike2 is not a virus, either. Physical access is required to infect a computer.

Again, there have been other forms of malware that can affect OS X, but none have been a true virus.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.