Linux and apple's viruses

which has more viruses?

pretty simple question.

i know windows has a lot, and i know linux has very, very few but not sure about apple.

I believe that Windows only has so many because soooo many people use Windows. No one focuses on Linux or Mac because they user base is small compared to Windows. 

Since OS X runs on a Linux kernel, some Linux viruses might work on OS X too. I've used a Mac for years and installed some pretty shady things in my time, never got a virus though. In my experience, it's very hard to get your Mac infected. 

 

There has been some Malware for OS X a few months ago. However, since you're on this forum, you're probably smart enough to avoid that particular program.

OS X dosent run on a linux kernel mac is based off of 'free bsd' 

 

OSX is based on a very old version of BSD, OSX has nothing in common with linux, it can't even be considered a UNIX clone because it's a proprietary port of a UNIX clone.

There are very few viruses for linux, because linux is inherently safe, it's as simple as that. When a virus enters a linux system, it can't do a lot of damage, unless it's targeting the user or is introduced by a vector because the user did something stupid.

Why is linux safe:

1. All software is downloaded from official repositories, with the exception of the AUR, but there is little risk in general in using open source software, just because the source code is visible, and introducing a virus in the source code would definitely be discovered. So the only viruses that could be introduced into a linux system would have to be hidden in proprietary blobs, like proprietary graphics drivers or skype or MS-Office for linux. Except the graphics drivers, that are still somewhat necessary because the open source drivers are not quite good enough, especially on the latest hardware, most linux users don't use closed source software.

2. Software can be run system wide or local. Things like Skype, Steam or closed source games, are not installed system wide (well on SteamOS Steam probably is, which will make it vulnerable to viruses), but rather locally, so viruses don't have access to system files and can't compile code onto the computer. So even if virus code would be executed, it would do nothing at all.

3. Most mainstream linux distros have some kind of MAC, which stands for Mandatory Access Control, a system that checks which parts of the system are accessed by which applications. For instance, there is a profile for firefox, if firefox tries to access a part of the system that is not "normal" for its profile, this access is blocked, and the user is notified. There are several kinds of application access filters: Ubuntu uses AppArmor, which is not a MAC, but still offers some degree of profile based protection, even though it has to be enabled manually and is not very user friendly. RPM-based distros use SELinux, which is the MAC developed by the NSA. It's by far the most modern and safe MAC system and although it's not easy for RedHat devs to configure with ever upgrading software, for the user it's very easy to use because there is no configuration necessary, it works on all applications without loading profiles or manually enabling stuff, and it is fast and efficient. Distros that do not have a the SELinux kernel extensions, like Arch for instance, and for which the user doesn't want to recompile the kernel with those extensions, can't use SELinux, and can use the Japanese counterpart of SELinux, which was developed by the Japanese Secret Service, and is called Tomoyo. Tomoyo is not used by the Japanese Secret Service anymore, they have stopped funding the project and are now using SELinux like everybody else, but the Tomoyo project being Open Source, lived on, and was developed further, and was even ported. Tomoyo 1.0 is a full blown MAC that requires kernel headers and is the original system like the Japanese Secret Service ordered, and works very well, but has to be configured manually. Tomoyo 2.0 is not a full blown MAC, but comes close, it's more of a MAC than AppArmor, and it works on all applications, and is self-teaching, so you don't have to configure anything manually, but it will autoprofile all the applications on a freshly installed clean system, and then you switch off the learning mode, and the rules Tomoyo learned will be enforced from that point on. Tomoyo is also light and fast, and doesn't provide as many "annoying" notifications as SELinux does. Tomoyo was also ported into Akari, which is also a MAC, but based on Tomoyo 2.0 and 1.0 together, so it provides pretty much the security level of Tomoyo 1.0, but with the user friendly features of Tomoyo 2.0.

Evidently, all these security systems can be used on all linux distros and installs, although SELinux and Tomoyo 1.0 require kernel headers, so require a recompilation of the kernel for some distros.

4. All linux distros have a system logging feature that allows for very precise tracing of an event. This means that a lot of people have tried to introduce malware in linux systems, but their stuff was discovered very rapidly, they were very tracable, and they were dealt with the open source community way... let's just say that they won't be trying it again anytime soon.

5. The open source community constantly has thousands of open communication channels all over the world, if a malware event pops up, there is no corporation that tries to hide a system vulnerability, which buys time for the malware to propagate, but the open source community immediately issues warnings and countermeasures within seconds, and the chance of propagation is really small.

6. Linux is so safe, that it's completely unnecessary to have any anti-virus program on the system. The best anti-virus checker on the planet is linux-only though, it's called clamav, and it's used on mailservers that serve mail to windows and OSX clients, like for instance the Google mailservers, or mailservers of hosting companies, etc... the sole purpose is to protect windows-users against themselves.

Since OS X runs on a Linux kernel

In which kind of world do you live?

some Linux viruses might work on OS X too

Oh, yeah, because you attack the kernel directly.

Even if they would use the same kernel, Mac even uses another executable format so it's next to impossible to run the same code on both systems.

nicely done. +1

No silly wabbit. OS X has the XNU kernel.

Linux destroys OS X and Windows when it comes to security, yes, but it's not unbreachable.

Remember Stuxnet? Of course nothing regular citizens needed to worry about, just proving a point. 

http://www.youtube.com/watch?feature=player_detailpage&v=yswPIwDFYDY#t=2728

Zoltan, how in the world do you learn this much stuff

is a linux system running java still vulnerable to java attacks through the browser?

You do realize that linux was in no way affected by stuxnet?

Also: necro.

Sometimes AFAIK.

Stuxnet targeted specific hardware that were running linux, bypassing all of the security measures, messing up the automation which lead to centrifuges blowing up. It was coding that should not have been in the software, and AFAIK that's what malware is.

You are wrong. It targeted Siemens ICS which runs some custom proprietary OS which is known to be insecure and runs all kind of stuff like power plants.

I might be, but if Mikko Hypponen mentioned the Siemens PLC S7 400's are powered by 32-bit linux, I trust they are.

Yup, so are cheap home routers from Belkin or Netgear or D-Link... yup... linux can be used for a lot of things, Google even has a huge success with screwing a java layer on top of an old linux kernel, which is not the most safe combination in the world... doesn't mean anything for the linux kernel that is used, which up until now has still not shown any dangerous flaws, even if it's more than clear that Java is a bitch when it comes to safety. So the Siemens PLC's use linux and use proprietary code that was definitely leaked before the stuxnet attack... noone knows what linux kernel was used, not any kind of mainstream linux distro was used for sure, and it was not open source, and the attack didn't seem to work on any open source linux machine... so where is the security problem... in the closed source, like it always is.

Argue as much as you want, it's very hard to find security flaws in an open source worldwide collaboratively designed software system, by the nature of things. Malware and security breaches are pretty much reserved for closed source software, because it's not verified and checked. It makes no sense whatsoever to even discuss this principle, it is futile.

I can't agree more; Let's just say that AES is not completely opensource by accident.

Interesting, couldn't find any information about linux being used there. Do you have a source?

Sorry,

I was talking about open-source being more waterproof (for flaws). I went a bit offtopic there.

(AES is a crypt protocol that is widely used and still not broken. I can name a few closed source counterparts which did became broken/obsolete simply because they were closed source.)