The Safe Mac

Follow The Safe Mac on Twitter to stay advised of the latest Mac security news!


“There are no Mac viruses”

Posted on July 5th, 2013 at 7:23 AM EST

e-biohazard

I see this all the time in Mac-related forums. When a person expresses a concern about viruses, someone (often someone identified by the forum as an expert) will invariably respond with, “There are no Mac viruses.” Usually, no additional information is given. This always annoys me to no end, because that is a partial truth that hides and denies the greater reality. So what is the truth, then?

First, a lot of people don’t understand  basic malware terminology. The technical definition of a “virus” is a malicious program that installs by itself, embedding itself inside another program or file, and spreads itself to other computers. The word “malware,” on the other hand, refers to all classes of malicious software: viruses, worms, trojans, etc. The average user refers to all malware as “viruses,” without an understanding of the strict definition of the word. There’s nothing wrong with that, and it should be the job of those with more tech knowledge to educate those with less, not to play word games with them or belittle them for a minor misuse of terminology.

Second, it is only mostly true that there are no Mac viruses. People claiming that there are no Mac viruses are conveniently forgetting about Word macro viruses. Those do fit the technical definition, but nobody counts them anymore, since they are mostly just an annoyance on the Mac, if you still encounter them at all.

There are also a number of cases of proof-of-concept viruses in the history of Mac OS X. The Inqtana and Macarena viruses, for example, were never actually seen “in the wild,” but they were created as proof that viruses could be created that would affect Mac OS X. Even recently, there have been proof-of-concept viruses announced, such as the Clapzok virus that was created by a security researcher and announced last month. It’s true that none of these have actually been used maliciously, to anyone’s knowledge, but they still exist and should not be so quickly dismissed.

Finally, it’s important to understand that the most important aspect of the definition of the word “virus” is the capability to install itself. In other words, unlike a trojan, which relies on fooling you into opening something you shouldn’t and can therefore be avoided through cautious behavior, a virus can infect you without your doing anything that you might consider risky. All the other details, like injecting itself inside other applications, are just fluff. There is actually quite a bit of malware for the Mac that would fit that criterion. Flashback, for example, is the most well-known case, in which all that was needed to become infected was to visit a hacked web site with Java enabled in the web browser. Technically speaking, Flashback (and all the more recent malware that uses similar tricks) is not a virus. Practically speaking, I certainly would call it one!

In other words, if you have found this page after having been told that “there are no Mac viruses,” you have basically been lied to. Probably not on purpose, as many Mac experts have a rather poor understanding of malware; but in the end, the results are the same. That lie could give you a false sense of security, and could end up causing you to become infected more easily, and that is a very bad thing. To learn how to protect yourself against Mac malware, regardless of what you decide to call it, see my Mac Malware Guide.


8 Comments

  • Jay says:

    I’ve been meaning to write about this topic, great post. It’s a discussion/debate that, to my surprise, is mostly started by those experts and those with more tech knowledge. Never understood why as it is simply is not true. Are they stuck in their old ways? Is it a matter of pride in a way? Is it just a silly word/terminology game? I don’t know, maybe all of the above. I used to say it: no such thing as a virus (in any way, shape or form) for the Mac. But i learned, educated myself and changed my tune. Wonder why other’s can’t.

  • Laurel says:

    I suspect a number of people still use that old and inaccurate turn of phrase for several reasons. Firstly, when tech people are communicating with non tech savvy people, the overall information load can be daunting. To easily distinguish between the kind of viruses a PC can get versus a Mac, it could be much more efficient, albeit inaccurate, to say “Macs don’t get viruses.” Or even better: “Macs don’t get viruses like PCs do.” From one technical savvy person to another, it makes sense to distinguish the difference between malware and viruses and explain exactly how those might affect a Mac. Frankly, in my experience, Luddites can find basic computer concepts daunting so the people communicating with them use simple explanations. I think people have gotten lazy and don’t want to know more than they have to, obviously to their detriment.

  • Someone says:

    Thank you SO much for this post! It bugs me to no end when people say that!!

  • Maxim says:

    Sorry, but can you give any examples with malwares for “iOS”? If no – could you please explain why ios dont have, but mac has?
    Thank you.

    • Thomas says:

      That’s a bit outside the scope of this article, but the quick answer is that iOS is far more restrictive than Mac OS X. It only allows apps from the App Store, and those apps are tightly sandboxed to prevent them from interacting with anything else except in a very controlled manner.

  • Anonymouse says:

    “First, a lot of people don’t understand basic malware terminology.”. Funny you mention this, as this is exactly the thought that crossed my mind when reading your post “Classes of malware” (http://www.reedcorner.net/mmg-threats/), in which you use a very misleading (in my opinion) definition of trojan horse and virus. Both can infect your system by means of a vulnerability, they just differ in their behaviour and intentions once in your system.

    You are right here that viruses do exist for the OS X platform, and the “No viruses” mantra is widely overused, but in my opinion it is an “easy” (misleading as it could be) way of explaining, to non IT people, the fact that the Mac OS X platform is less prone to be the target of virus, trojans or malware in general, due to several factors. If you try to explain it to a non tech savvy person, the answer will probably be “uhg?”

    • Thomas says:

      I stand by my definitions on that page. Although a trojan horse may very well utilize vulnerabilities, that is not particularly relevant to the definition. A trojan, by definition, requires the user to open something, and may or may not rely on a vulnerability in the system. A virus, on the other hand, does not require the user to do anything, and thus cannot operate without a vulnerability. Further, once installed, both a trojan and a virus may behave in exactly the same way… the difference is not what they do once in your system, but how they get into your system in the first place.

      Also, the larger point behind this article is that saying “there are no Mac viruses” is misleading precisely because the novice computer user does not understand the difference between a trojan and a virus, as you point out.

This post is more than 90 days old and has been locked. No further comments are allowed.

This page and all contents (unless otherwise noted) copyright 2011-2014 by Thomas Reed.
For questions or comments, please contact me.