The Mac OS X Virus Contest, A Year Later
An Open Challenge To The Technology Media
My name is Jack Campbell, until September, CEO of a manufacturing company producing Apple Computer related products.
Just over one-year ago, my company, DVForge, announced a $25,000 prize for the first virus developer who could infect two Powermac G5 computers located in our office, both with plain-Jane installations of OS X, by propagating that new virus over the internet. In the onslaught of correspondence that quickly then began streaming into our office we found enough wisdom to convince us to cancel that contest, due almost completely to potential risks to legal liabilities. But, the flare was shot into the sky, and the challenge received a huge degree of worldwide press attention, in both Apple press and mainstream press outlets. Presumedly, any virus coders who had not previously eyed the Apple platform would have seen some of this press exposure, and would have been enticed by the challenge, regardless of the retraction of the cash prize.
Well, more than a year has passed. And, surprisingly (or not, to some of us), there is still not one self-replicating virus in the wild that attacks the Mac OS X operating system. That's right, folks... not one. Not the first. Ever. Never. Zero.
Against this reality -- zero actual propagating OS X viruses in the wild -- there has been a groundswell of press attention offered recently to the notion that, somehow, Mac OS X is "nearly" as vulnerable to such afflictions as is Windows XP. In fact, this idea has become the darling for seemingly every writing hack in the industry to use as a stepping off point for whatever brand of yellow journalism they wish to pen.
When I announced the OS X Virus Contest, OS X had been on the market for four years, with still not one single in the wild virus. Now, it has been more than five years. And, guess what?... still not one in the wild virus!
We structured the contest last year to isolate the threat of an in the wild, self-replicating, self-propogating virus as that is the one true worldwide threat to any computer operating system. This can be seen from at least two hugely publicized attacks by just these creatures against the Windows OS in just the past two-years. Worldwide panic and devastation to millions of computers was the result in both instances. These were not "malware" or "trojan" attacks... and despite the yellow journalist's efforts to blur the distinction between these various security threats, the fact remains that it is the self-propagating virus, that launches from computer to computer without conscious involvement by the user, that poses the highest risk of devastating damage. So, that is where we focused.
Today, in honor of the many people who so vocally supported our virus contest last year, I am publicly challenging the many tech industry writers who have so loudly heralded "the growing OS X security risk" over the past few days to step up and show me one thing: just one in the wild virus that infects Mac OS X.
Show me that one item, and I will shut up.
Just over one-year ago, my company, DVForge, announced a $25,000 prize for the first virus developer who could infect two Powermac G5 computers located in our office, both with plain-Jane installations of OS X, by propagating that new virus over the internet. In the onslaught of correspondence that quickly then began streaming into our office we found enough wisdom to convince us to cancel that contest, due almost completely to potential risks to legal liabilities. But, the flare was shot into the sky, and the challenge received a huge degree of worldwide press attention, in both Apple press and mainstream press outlets. Presumedly, any virus coders who had not previously eyed the Apple platform would have seen some of this press exposure, and would have been enticed by the challenge, regardless of the retraction of the cash prize.
Well, more than a year has passed. And, surprisingly (or not, to some of us), there is still not one self-replicating virus in the wild that attacks the Mac OS X operating system. That's right, folks... not one. Not the first. Ever. Never. Zero.
Against this reality -- zero actual propagating OS X viruses in the wild -- there has been a groundswell of press attention offered recently to the notion that, somehow, Mac OS X is "nearly" as vulnerable to such afflictions as is Windows XP. In fact, this idea has become the darling for seemingly every writing hack in the industry to use as a stepping off point for whatever brand of yellow journalism they wish to pen.
When I announced the OS X Virus Contest, OS X had been on the market for four years, with still not one single in the wild virus. Now, it has been more than five years. And, guess what?... still not one in the wild virus!
We structured the contest last year to isolate the threat of an in the wild, self-replicating, self-propogating virus as that is the one true worldwide threat to any computer operating system. This can be seen from at least two hugely publicized attacks by just these creatures against the Windows OS in just the past two-years. Worldwide panic and devastation to millions of computers was the result in both instances. These were not "malware" or "trojan" attacks... and despite the yellow journalist's efforts to blur the distinction between these various security threats, the fact remains that it is the self-propagating virus, that launches from computer to computer without conscious involvement by the user, that poses the highest risk of devastating damage. So, that is where we focused.
Today, in honor of the many people who so vocally supported our virus contest last year, I am publicly challenging the many tech industry writers who have so loudly heralded "the growing OS X security risk" over the past few days to step up and show me one thing: just one in the wild virus that infects Mac OS X.
Show me that one item, and I will shut up.
Comments
apparently, it's self-replication that people have a tough time with... self-replication does not mean that it doesn't require user interaction - that would be self-instantiation... self-replication just means it makes a copy of itself and the current osx worms/viruses do just that...
and as has been demonstrated by one of the other commenters, osx/leap has been doing it in the wild
self-propagation is more common in worms than it is in viruses, but even then most worms require user interaction...
the popular notion that these things spread all by themselves and use vulnerabilities in the OS to do so is a myth - relatively few fall under that category... more often than not it's the user, rather than a programming defect, that gets exploited...
Obviously in this technically required user interaction, but they weren't presented with a file, alerted by the app, and then required to authenticate as the 'superuser', in the case of most of the worms for Windows.
So, though there is one with variants...it is not affecting a lot of people. People need to take a little more responsibility for what they click on, or what admins allow to be transmitted over their network. Running straight to AVs seems like the band-aid approach.
also, on most windows systems you already are the super user, no need for additional authentication...
People need to take a little more responsibility for what they click on, or what admins allow to be transmitted over their network. Running straight to AVs seems like the band-aid approach.
so you're going to have some magical oracle you can ask "is this file safe to send over the network"? or are you suggesting something more draconian like only allowing files from a pre-authorized list to be sent? how is a person supposed to know something is unsafe without having that knowledge packaged into a peice of software for them to query?
a whitelist (pre-authorized list) is easier to maintain but it's very limiting... a blacklist is more flexible but requires someone (ie. the av vendors) to provide the actual list...
I feel that the point that Jack is trying to make, is that no known virus has ever hit the Mac community at large. There are claims of hits in this post's comments, but even then it is contained to within a single network (campus). Hardly what I call a threat, unless you feel threatened by mosquitoes when you leave the house.
FYI, look up the viruses that 'dellscrewspeople' listed on Symantec's site, and under threat assessment, tell me that you really think Mac users should be concerned. Here's a couple for the lazier folks.
OSX.Leap.A
OSX.Inqtana.A
the sophos page (http://www.sophos.com/virusinfo/analyses/osxleapa.html)
is better in my opinion... you'll see that it too shows the prevalence for the worm to be fairly low, but it is still in the wild...