Windows 7: Apple Quietly Pulls Claims of Virus Immunity

I'm pretty sure that virus infections by way of USB flash drives and other portable media are becoming increasingly common compared to traditional methods like email (hence why its recently become a good idea to turn AutoRun off in Windows).



That said, I agree with everyone that the weakest link in the chain is the person sitting in front of the keyboard. An OS could become the most impregnable piece of software ever known to mankind and it still wouldn't be enough to save someone gullible enough to stick in USB flash drives of uncertain origins or click on links purporting to be from some random princess.

I'm not sure I agree with this.

Notepad is on every Windows PC.
How many Notepad exploits do you hear about?

Here are some charts I saw on ZDNet (last year).

ZDNet
Windows 7 more malware-resistant than XP/Vista | ZDNet

I definitely agree with this though.


In any case, "Social Engineering" is (probably) the most successful method of spreading malware, because it will work on any OS (Linux distros, OSX, & Windows).

Once again it just comes down to common sense computing. Although I do use an active antivirus program I have yet to get malware of any sort on my computers protected or not. I would hope by now the computer has become common place enough that everybody has got smart about randomly clicking on links and questionable websites. Alas as most things go in this world you can hope in one hand and s%*t in the other... At least we have a forum such as this with a great crew of volunteers to fix almost any issue people can get themselves into. To the problem solvers of this forum I tip my hat and say thanks, I know it doesn’t come as often as it should.

Apparently you just got connected to the internet then! 35yrs. without any bugs? Now in the real world there are all sorts of them. And viruses may come in various forms as well as other types of malwares. If you are on the web long enough you always gets winged by something especially if running right into a web snare on a "dubious" site?!

As far as Macs getting viruses those are out there. Like I mentioned before I know someone who collects them for testing purposes. Once anything is used for any long enough period of time it becomes a malware writer's dream! Social networks are idea for scam wares and other bogus items like the latest fake security prompt to verify your account info which exploits your info instead.

And you know the Fruit Company has been around for as long as MS! While MS worked out the desktop OS Steve Jobs worked out the desktop system concepts. The only thing Apple can claim to be free of is Windows viruses not effecting that OS while... Surprise! there are numerous viruses for the Unix platform.

As far as "it's always the user at fault" that doesn't necessary apply either since the malware writers have been getting more clever over the years in how things are hidden! It's knowing how to spot and remove bugs that proves to be something the user learns how to tend to over time with "Real World" experience.

It's an old joke, but then I am an old Joker ...

A man sees his neighbour dusting the borders of his property with a fine white powder.

"What are you doing that for?"
"It keeps the elephants away!"
"There are no elephants around here you moron!"

"Yeah, good stuff ain't it?"

Any good anti-malware precaution keeps the elephants away. You won't know about it until it tells you so. Or you simply won't know that you had an Elephant attack.

I just got a virus this week, after having not had one since the mid 90s and that one coming off a floppy from work. The virus this week is called Live Security Platinum. I'm making another thread concerning it so as not to hijack this thread, but I was looking for some weight lifting advice and clicked on a link in Bing search which then took me to a site that did not look suspicious. As I started to read, Malwarebytes came up with a message that an attack had been attempted and I then clicked on the Quarantine button, and left the site quickly. Still, the damn thing infected this box. I've been on the Net solidly since 1996 so my run of 16 clean years ended this week.

My son is running a MacBook Pro.
I did two things for him, ever:

1. Gave him the password to our home wifi
2. Installed Eset Antivirus for Mac on the Mac

I am clean. Since 1996. WOHO, no drugs, sex or rock'an roll for my comps...

(Although Melissa taught me install a comp offline.. ehem...)

Of course, MAC's do get security updates pretty easily and without that end user really having to know anything. It's really just the case of whether Apple patches the bugs quickly enough.

Certainly has an impact. But also remember that up to and including WIndows XP, everybody ran with Administrative access to their PC's. That certainly didn't help any. Even today, there are people who are simply determined to use an administrative level account.

Thanks for sharing. These are the types of things that always make me skeptical of the person who says they have NEVER had an issue and the only protection they need is common sense.

A friend of mine at work, got hit, just like you did searching the web for sunglasses. The only questionable thing they did, (IMHO) was use IE for that search.

An IT buddy at work was googling and Exchange error and clicked on a link and a picture of Emma Watson on a crapper popped up on his screen and his machine was hosed. Once again, IE was the browser being used.

Around 2.5 years ago, i got hit with something when I was searching on a local radio station talk show that was going away in my area. (So, you think you are secure and don't need precautions). It didn't ultimately really damage anything and I didn't have to start over, but I won't claim that it didn't happen.

Using something like Sandboxie "could" have helped to prevent something like this from happening...but always keeping my environment sandboxed while at work trying to accomplish tasks quickly isn't always convenient. Plus, my issues are so few and far between, that going to extra lengths usually means I spend more time protecting myself than actually fixing myself if a problem "were" to arise.

Hi there
I've just googled fopr "Sunglasses" and haven't had any virus infecting my machine to date

so what are you doing.

Provided you WARN in a reply post that this link has problems I'd like to check it out --or PM if you don't want to use the public Forum.

I really want to checkl this out.

Cheers
jimbo

The article isn't rocket science, Apple has simply acknowledged that the term "virus" is accepted by non-computer savvy folks as all forms of malware. Since OSX isn't immune to malware, it made sense to pull the virus claim.

Although OSX isn't immune to malware, you don't have to employ the same protection scheme as you would a Windows PC, it's still light years ahead of Microsoft in being very good against malware thanks to much of its Unix core.

A traditional PC needs realtime protection because there's several exploit vectors which can bypass the Windows DEP (data execution protection), exploit the UAC (user account control) and gain privilege escalation. Even browsers have become a popular vector for exploitation, IE9 currently has an unresolved zero-day that allows hijacking of Gmail accounts. There's no patch for this issue but MS does offer a tool to block the use of the exploit (see link below).

Source: IE zero-day flaw being used to hijack Gmail accounts - Neowin

MS Tool: Microsoft Security Advisory: Vulnerability in Microsoft XML Core Services could allow remote code execution

Mac users who believe they need to have some kind of antivirus running in realtime are misguided as there's no passive way for current malware to exploit privilege escalation like you can in Windows.

I've examined many Mac AV software and a lot of them like ESET and Sophos seems to need root access and there's no need for it, in fact there's risks involved with allowing AV/anti-malware software root access because if a signature file is corrupted/infected and/or a MIM (man in the middle attack) is performed, malware will have all the access it needs to do its thing without user interaction.

Suggestion: For Mac users, the only real AV that seems to work well without requiring root access is ClamXAV (2.2.4). I suggest using it "on-demand" to check incoming and outgoing files to include removable media/storage devices.