Sophos founder: Mac viruses are spreading

Sophos founder: Mac viruses are spreading

Summary: Dr Jan Hruska has warned that the Mac is not a virus-free platform, and that he believes Windows can be as safe as Linux

SHARE:
TOPICS: Security
6

The co-founder of antivirus firm Sophos said that the Apple Mac is not a virus-free platform. He also believes that Windows can be as secure as Linux — if it is configured correctly.

In an interview with ZDNet Australia on Thursday, Dr Jan Hruska, who co-founded Sophos and was one of the first ever PC antivirus experts, said viruses on the Mac are here and now.

Hruska said: "They are available and they are moving around — it is not as though the Mac is in some miraculous way a virus-free environment.

"The fact that most people do use PCs means you certainly do hear more about those attacks. It gives a false impression that somehow Apple Macs are all virus free," he continued.

Hruska's comments were made just weeks after an OpenOffice macro-virus, which is capable of infecting Mac OS, Linux and Windows, was discovered. On its website, rival antivirus firm Symantec said the virus is being distributed and OpenOffice users should "be cautious when handling OpenOffice files from unknown sources".

Windows can be as secure as Linux
According to Hruska, there is no reason why Windows XP cannot be made as secure as Linux, if the security systems within the OS are used correctly. "It is important to realise that there is no magic in Linux from a virus point of view. It is really the question of how that security is deployed," he said.

Hruska explained that Windows and Linux have been used for different purposes, which has affected their security record. "On Microsoft operating systems, which were traditionally used on the endpoint, everybody ran as an administrator, which meant that if the operating system has security built in, it is simply not used." "Linux came from the server world and in those deployments there was a great deal of effort put [into] separating users and making sure users do not run as administrator. It is really from the point of view of usage that security on Linux is probably used more than security on single user operating systems like XP and Vista," Hruska said.

Backing up those sentiments is James Turner, an industry analyst at IBRS. "I think it's a spurious argument to say that any of the leading operating systems is more secure than any of the others. It almost doesn't matter what OS you're using — it all depends on the processes and people supporting the OS. And this is without even talking about the supporting network architecture around the OS," said Turner.

Turner added: "If you want to get nitty gritty, then using the Common Criteria listings, Windows XP is certified to EAL4+ and Apple's OSX is only at EAL3."

Topic: Security

Munir Kotadia

About Munir Kotadia

Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.

Munir was recognised as Australia's Best Technology Columnist at the 5th Annual Sun Microsystems IT Journalism Awards 2007. In the previous year he was named Best News Journalist at the Consensus IT Writers Awards.

He no longer uses his Commodore 64.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

6 comments
Log in or register to join the discussion
  • If that's true...

    ..then I simply must go out and buy antivirus software for my Mac!

    Hey, wait a minute.....
    longmover
  • Finally...

    That myth of impregnable OS was getting really really old....
    apartment223@...
  • It

    The PRIMARY reason that viruses are rampant on Windows is that it has such a huge surface area to attack. This has nothing to do with market share, but with the promiscuous design of the core APIs and the way applications like Internet Explorer use it.

    The star of the show is the Microsoft HTML control, with Office coming in half a lap behind.

    The major virus floods started in 1997. They didn't start because Windows suddenly became more popular. They started because Active Desktop ... merging the desktop shell, Internet Explorer, and Outlook Express... made attacking Windows so much easier.

    The anti-virus companies have been arguing that this flood is going to spread to other platforms "soon" since shortly after the flood occurred. It hasn't, because no other platform gives attackers such a wide variety of ways to get in.

    On the Mac, on UNIX, on Palms, on Windows-powered handlelds, the only reliable way to get someone to run an infected file is to convince the user to deliberately open and run it. On Windows, all you have to do is convince the OS that you're in a trusted zone.

    Until that difference changes, one way or the other, the only antivirus you absolutely need on anything but Windows is common sense. And that's what scares the AV companies.
    Resuna
  • What???!

    Why even bother posting this sensationalist ****,


    "Hruska's comments were made just weeks after an OpenOffice macro-virus, which is capable of infecting Mac OS, Linux and Windows, was discovered."
    ----
    Do you guys even know what a macro-virus is? It's a script that runs inside the office appliaction, it doesn't infect the OS. It's capable of infecting OpenOffice not Mac OS, Linux and Windows....


    " "The fact that most people do use PCs means you certainly do hear more about those attacks. It gives a false impression that somehow Apple Macs are all virus free," he continued. "
    ----
    Yeah well, show me some Mac viruses please.


    "According to Hruska, there is no reason why Windows XP cannot be made as secure as Linux, if the security systems within the OS are used correctly."
    ----
    Bit of a problem there, Windows XP lacks the "security systems" of a true POSIX operating system so you can't secure it to the same degree as a *nix based system.


    "Turner added: "If you want to get nitty gritty, then using the Common Criteria listings, Windows XP is certified to EAL4+ and Apple's OSX is only at EAL3.""
    ----
    WTF DOES THAT MEAN? BUT OMGOSH WINDOWS IS 4+ AND APPLE IS ONLY 3 LAWLZZZZ WINDOWS MUST R0XX0RZ 8-)
    But seriously, what is an EAL rating? Why isn't this explained in the article?
    agret2097
  • EAL

    What's an EAL rating?, asks 1000065292. Sorry we didn't clear this up in the story. EAL ratings are part of Common Criteria, an international effort to promote standards for IT products, including security.

    If this interests you further, there's plenty to read at http://www.commoncriteriaportal.org/public/consumer/

    Unfortunately, the introductory documents promised on that page which explain the scheme have been removed, but there is plenty of information on the different certifications on offer.

    I was also intrigued to read the previous comment, from 2000387609, who argues it is users with common sense that scares anti-virus companies the most.

    Being in the media industry, we're in the frontline of the scare stories which most of the security companies push out, where they try to dramatise the latest attack or method.

    There's a lot of filtering going on at ZDNet, I can tell you.

    100 percent perfectly sensible and rational user behaviour won't stop every security threat that there is, but it'll go a long way. Alongside great IT policy and deployment of course.

    If that happens, then of course the anti-virus vendors won't be happy.
    RichardThurston
  • It's the same model, every article by guys like this they . . .

    . . . try to promote the idea that operating systems are all equally vulnerable to exploits. By this logic OS X, which has around 4-6% of the installed user base in the worldwide should have around 4-6% of the active exploits and viruses.

    And yet, despite these long-winded assertions by people with something to gain financially from you believing in their assertions, that's just not the case. OS X doesn't have 6%, it doesn't have 4% of the exploits in the wild, it doesn't even have 1% of the viruses and trojans currently plaguing computer users in the real world it has ZERO % of the troubles that plague other platforms, predominantly, Windows!

    How can this POSSIBLY BE if what the writer says is true? Use a little logic. Here are two related propositions based on the writer's thesis:

    Apple's Mac OS X is equally as vulnerable to attacks from viruses etc. as Windows and Linux et al.

    Apple's Mac OS X holds about a 4-6% market share of installed computers worldwide.

    Therefore:

    The percentage of ACTUAL SUCCESSFUL attacks on Macs in the real world must be:

    ZERO!

    Hmmmmm . . . there is a fallacy in here somewhere. Either Mac owners are LYING and they're being attacked but not admitting it and not seeking any help, nor are Mac AV programs reporting accurately nor are the majority of security experts (without an axe to grind) reporting accurately that there are NO KNOWN VIRUSES in the wild for Mac OS X . . .

    OR . . .

    Apple's Mac OS X is NOT equally as vulnerable to attacks from viruses etc. as Windows and Linux.

    Which would mean . . .

    . . . that the writer is either a wrong or lying. If he's wrong and this is his business then, well, use a little logic.
    joeldm