When I say 'virus,' you know exactly what I mean

When I say 'virus,' you know exactly what I mean

Summary: Discussions of malware have their own equivalent to Godwin's Law: As the conversation grows longer, the probability that someone will derail the discussion by arguing over the meaning of 'virus' approaches near-certainty.


Every time I write about the issue of malware on PCs and Macs, it is only a matter of time before someone shows up in the comments to get pedantic over the correct usage of the word virus.

In the Talkback section of a post I published last week, a commenter told me I "blew it" with an illustration I used, which contained Apple's reference to the Mac having no "PC viruses." He (it’s always a “he”) went on at excruciating length to explain all the different types of viruses. It was a trip to a world of strange creatures that would have made Tolkien proud. It was erudite, in a 15th Century way. He closed by reminding me that I need to “pay more attention” to facts.

In response, I want to reprint something I wrote a year ago, updated to reference current events:

The hardest part of talking about computer security is getting everyone to agree on the nature of the problem. It’s especially frustrating when you’re trying to weigh the pros and cons of different strategies with someone whose view of the PC security landscape is outdated and inaccurate.

Case in point: What’s the best way to deal with malicious software on PCs and Macs?

You can’t answer that question—you can’t even start talking about it—until you know how malware gets installed in the first place. And there’s where the disconnect begins.

Much of the discussion I read comes down to shorthand, like this: “There’s malware [on Macs], yes. No viruses though.”

I have read variations on this theme over and over again in the Talkback section of this blog over time. This was from last year:

Mac Defender is NOT a virus. … Mac OS X has ALWAYS been free of viruses… as opposed to Windows which has hundreds of thousands of viruses and new ones coming each day.

(Don't even get me started on that "hundreds of thousands of viruses" nonsense. It's a numbers game, and if you say "hundreds of thousands" or millions you're way off.)

Anyway, that obsession with the word virus is a recurring theme in Apple’s support forums. Search for the phrase “there are no viruses” at discussions.apple.com and you’ll find plenty of examples, like this one from January 2011:

There are no viruses that run on OSX. None. Zip. Zero.

There is some “malware,” such as Trojans, for Macs, though. But (unlike viruses that can get onto your system without your knowledge), you must approve their installation (via your Admin password) and/or operation (via the “This application was downloaded from the internet …” prompt).

Sorry, but that’s not true. There are already plenty of examples of successful social engineering for PCs and Macs. This year the Flashback gang moved the ball forward impressively, proving that the drive-by downloads that worked with unpatched third-party software on Windows can be just as wildly successful against third-party vulnerabilities in Macs.

Here’s a more recent example from the Apple support forums, from February 2012.

Repeat after me:

There are no viruses for Mac OS X. There are no viruses for Mac OS X. There are no…

That Level 4 Apple forum member went on to repeat the phrase more than 70 times.

Two months later, after Flashback had become well known, a Level 5 member added this comment to the thread:

Strictly speaking there are no OS X viruses. Viruses are self-replicating and, so far, none have been found "in the wild" for Macs. Not to say it couldn't happen. The term 'virus" is being used as a catch-all for any kind of malware or exploit. The Flashback Trojan, at least in one of its forms, is considered a "drive-by download."

That level of pedantry over the names of categories, while perhaps technically accurate and even nitpickingly correct, is like arguing over the motivations of characters in Star Trek (and specify whether you mean TNG or TOS, dammit) or debating the origin of ideas in a William Gibson novel or being able to repeat more than one XKCD verbatim and cite its number without searching. It is cyber-wanking.

To deal with the pedantry briefly:

These days, actual viruses are almost unheard of. Melissa, back in the late 1990s, was a real virus, the kind that copied itself to documents and spread via e-mail it sent automatically. Today, security professionals are more interested in what a particular family of malicious code does. The delivery mechanism is usually separate.

If this were simply a matter of semantics, I would let it slide. But it’s not. The obsession with these labels reflects a dangerously outdated view of computer security. If you’re quibbling about meaningless distinctions for pseudo-technical terms coined in the previous century, you are not concentrating on the actual threats that modern computer networks face, which often defy categorization.

Different families of malware have common behaviors. Knowing that some types of malware inject code into executable files and others attempt to spread through network connections and still others try to autorun from USB flash drives moves the conversation along. Arguing over whether one of those things should be called a worm or a virus or a rogue derails the conversation.

If you can’t see past those labels and get an accurate view of the current threat landscape, you won’t be able to make smart, informed decisions for yourself or for others.

Oh, and virii? That’s not a word, and using it makes you sound like Kevin Kline's Otto West in A Fish Called Wanda. ("Don't call me stupid.")

The plural of virus is viruses. Not virii. And if you hear someone talking about viruses on PCs and Macs you know exactly what they mean.

I’m just sayin’.

Read the much longer original post from which this excerpt was adapted:

Trojans, viruses, worms: How does malware get on PCs and Macs?

Topics: Security, Apple, Hardware, Malware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Linux!!!!!!

    Just another topical application of troll repellent.
    Ed Bott
    • IT'S NOT UNIX!!!

      Seriously, bravo (and brave).
    • An example of

      DDT S
    • The answer to everything, but does it solve anything? No.

      I find it funny that people like to point out that Linux is the best way to go. It's like saying you should rather buy a boat so you can avoid a car accident.
      • linux !!!

        It's an OS just like OS X and Windows. I makes your dead pc do things you would like it to. Like the engine in your car and boat.

        Linux can get malware. Just haven't seen it yet. No virusses though
      • Linux can get malware.


        [i]Just haven't seen it yet.[/i]

        Well no sh^t.

        [i]No virusses though[/i]

      • Yea, we're not in a depression, we're in a recession. Much different.

        The term virus came about shortly after the term bug when someone fished a dead one out of a circuit board. The bug accidently caused something we didn't want in the hardware; in that case. The virus was a maliciously created thing we didn't want. Call it malware, trojan or anything else, it's still a virus just like the microbe.
    • The ice age is ending. Good. We're making progress.

      Next, try writing a repellent story about a nameless operating system which purportedly has no market share yet insinuates itself into all manner of devices world-wide.
      DTS - Your Linux Advocate
      • Nobody cares

        This article isn't about that operating system. It is about the semantics of computer threats. Stop trying to threadjack everything!
        • If you care about semantics of computer threats

          you should care about anything that puts a stop to them. Yes? Logically then you should care and 'be open' to all security options. How does your mind deal with that?
          DTS - Your Linux Advocate
      • How can you write about something that hasn't been invented yet?

        William Farrel
      • On the desktop it doesn't have any market share

        so it's accurate.
      • Then YOU

        Can write a post answering my questions about LSMs... which since I started asking you about them you stopped bringing then up. Coincidence? Or is it that you cannot stake your reputation on LSM and are unable to answer my questions.
        • Reach me on my site for clarification

          d t s c h m i t z d o t c o m
          DTS - Your Linux Advocate
      • At least you like Plone

        My several Plone sites are running on old XP laptops.

        The last two were thrown up in 30 minutes on old Compaq laptops to solve two different immediate needs. The first has more thought put in it.

        I do maintain 2 linux boxes at one of my clients. They are set up as intermediaries between the LAN and the Netgear appliance on the WAN. These boxes have been trouble-free. I would not want to use them on a day-to-day basis. I use webmin, shorewall, and squid on these boxes. I have lately been using No Machines to maintain these boxes. I have a third box, an ancient Windows machine re-imaged with FC2. We use this as a print server. As appliances they are terrific. I do not use Linux on my personal laptop. I do have CentOS and Ubuntu (fairly old) installed as VM's for evaluation purposes. I'm sorry, but Linux is a fringe OS. Windows is mainstream. As popular as Apple is currently, their desktop market share is minuscule. Their server/infrastructure share is non-existent. I've played with open source MySQL, PostGreSQL, OpenOffice, Thunderbird/Mozilla, etc. They are not in the same class as MS SQL Server, Office 2010, SkyDrive, Windows Phone 7, Project, Visio, etc.

        You may be "Your Linux Advocate," but you are not living in today's world. I'm still hoping the Edsal will catch on (not really). You have to go with the numbers.

        I like the idea of open source. I have advocated OpenOffice amoungst my various clients. OOo is not going to displace Office. Period.

        Good luck on your further crusades (Don Quixote anyone?). BetaMax was technically superior to VHS. Where is it now? Where is VHS now for that matter?

        I can be reached at markdotcooperatmlc3dotcom if you wish to continue this discussion.

        Thanks - Mark
      • Hey, troll, get back under the bridge!

    • Jut so we're on the same page

      Incorrect plurals =bad
      Using singular words incorrectly = ok

      Just saying;-)
      Richard Flude
    • Maybe...

      ...but do you stake your reputation on it?
    • RE: Linux!!!!!!

      First, Steve Ballmer called Linux a cancer. Now, Ed Bott is calling Linux a virus. I call this progress.

      There are many strains of the Linux 'virus'. Linux folk refer to them as 'distros'. Some strains are short-lived (e.g., Damn Small Linux, [i]we'll miss you[/i]), while others are long-lived (e.g., Slackware, Debian). And, at the moment, the Android strain is quite widespread amongst mobile device users. Amongst sysadmins, RHEL server, SLES, CentOS, Ubuntu and Debian strains also have wide geographical distribution.
      Rabid Howler Monkey
  • Common Terminology, Scientific Approach

    As an amateur in the field of Mac malware and writer about the subject since 2007, I've consistently found that the anti-malware community, particularly the anti-malware business, is unscientific and uncooperative. It's full of contention with people arguing over what means what, who named what first, whose malware naming convention is the best, on and on. The result is a chaotic mess that obviously confuses anyone casually trying to understand what's going on. There is no overview organization for the field. There is no peer review. There are some standards, but breaking those standards is the rule.

    Therefore, when casual viewers mess up their terminology or make incorrect emphatic statements, I tend to be forgiving. If the anti-malware community really was scientific by nature, I'd take a stricter view. But it's not. Therefore, casual viewers are going to get things wrong without having any thoroughly reliable source of information from which to gather knowledge or opinions.

    For example, I had a conversation with the owners of a software download site on the net a couple years ago which revealed they had no comprehension of common terminology applied to malware. Every malware was a 'virus' to them. In turn they were sharing this misunderstanding with their users, who in turn repeated the same misinformation within their social circles.

    As an example of pointless contention between anti-malware companies, why did Kaspersky have to come up with its own name for a Mac Trojan horse series, 'Flashfake', for what had already been published as 'Flashback' months ahead of time?

    In this field, confusion is inevitable.