I really think there ought to be a clause in the forum agreement that one agrees to when registering, to the effect that no one is to claim infection by a virus as the cause of their symptoms without a cited reference to an advisory noting the existence of such an OS X virus making the rounds.

Especially in the thread title.

If and when enough MacOS X viruses show up and are established to be at large & "in the wild", constituting a true danger, for it to be reasonable to ascribe peculiar computer behavior to a virus, the clause could be rescinded from the agreement.

I'd like that to be part of the user agreement, and people who post threads titled "Infected by Virus", "I think I have a virus", "Does my Mac have a virus?", etc, would receive a reminder / warning.

(People who post "Should I install an antivirus to help insulate my Windows-using friends from PC viruses", "Hypothetical: What if a MacOS X virus shows up?", or "I think my Windows Vista on my Parallels virtual machine has a virus" would of course not be subject to such warning)

I think recurrent appearance of threads about illusory MacOS X viruses are disinformative.

I agree I just had a discussion with an IT director of an organization and Mac viruses came up. I said there were none to my knowledge only proof of concept and he was saying that there are some, and my neighbor who works IT for a design firm said that he found some on his Mac clients with their Mac virus scan.

I have been professionally supporting Macs since 1999, and I have yet to actually see a virus on a Mac in front of my face. So, I am very skeptical.

I am sort of under the impression that these Mac virus scan programs are falsely identifying certain files as viruses. Plus, with the nature of Unix, it would need to run as admin to do any real damage anyways. there is no way it could self propagate otherwise, unless it used some sort of zero day bug or other kind of exploit.

I think recurrent appearance of threads about illusory MacOS X viruses are disinformative.
They certainly are. I had somebody tell me today that there are Mac viruses. He couldn't name one, but he insisted that they existed!

Well, since I am completely unfamilar with OS X virus scanners, what are some major ones out there, i will see if I can wrangle up some information on their forums, seek and hunt down said virus on the internet and put it on my personal mac. I have an older G4 desktop that is totally expendable. I want to see for my own eyes what it does. I have seen countless viruses on windows in my time, and often time I even had to laugh at them. The Feliz navidad virus was funny, it hit one of my old offices years ago via email. It didn't do any damage it was just annoying, but I had to laugh at it.

So what software out there detects viruses for the Mac, everyone seems to think the intel switch made it possible.

List them, and I will research!

Much as one might wish to legislate against ignorance, I don't think it can be done effectively. Best to keep countering with education. Who knows, someone may actually pay attention.

So what software out there detects viruses for the Mac, everyone seems to think the intel switch made it possible.
Well that's heart of the matter, isn't it? If there were software that detects viruses for the Mac, that software vendor would be sure to let everyone know that you need their software to protect against the xyz and abc viruses. It's not like they'd want to keep that a secret!

Much as one might wish to legislate against ignorance, I don't think it can be done effectively. Best to keep countering with education. Who knows, someone may actually pay attention.

I guess it was too much to hope for that the Moderators would not see through my ploy and thereby realize it meant more work for them and less for the rest of us! :p

Well, it was worth a try...

i will see if I can wrangle up some information on their forums, seek and hunt down said virus on the internet and put it on my personal mac.

I've posted a similar challenge before, in other forums, when people insist there are Mac OS X viruses. "Send me one and I'll try to install it." I've yet to receive one.

.
How about confining all would-be posts on the issue to a single thread by announcing a contest? You know, one which can be won in two ways:

1) Offering proof of existence of an OSX virus. It has to be self-propagating and in the wild.

2) Collating a complete chronological list of virus that exist for the Windows platform.
Somehow I suspect the latter task to be the far easier one.

The prize: Roundtrip Greyhound tickets to Redmond, Washington, and free attendance at a week-long series of lectures on VISTA security issues and features.



PS. I would prefer not to have to moderate said thread...

.
The prize: Roundtrip Greyhound tickets to Redmond, Washington, and free attendance at a week-long series of lectures on VISTA security issues and features.

Sounds like a contest I would rather loose.

Sounds like a contest I would rather loose.
Yes, but perhaps those who partake deserve to win, each and every one of them. :D

Seriously,

Send me a Mac virus, PM me if you have one and I will provide you an email link to send it to. I want to see what these things actually do. Or maybe I will just purchase a 1 user license to anti virus software and see what it finds.

You should just be able to contact the major (and minor) antivirus vendors and inquire as to whether they have any Mac viruses in their definitions databases, shouldn't you? Maybe they don't give that information out without purchasing a license? For clamXav, you should be able to get that information at least, since it is a public license.

You should just be able to contact the major (and minor) antivirus vendors and inquire as to whether they have any Mac viruses in their definitions databases, shouldn't you? Maybe they don't give that information out without purchasing a license? For clamXav, you should be able to get that information at least, since it is a public license.

Just because they identify files as virus like does not mean they are an actual real world threat. Any company will always back their product.

I wasn't meaning to imply that just because they are identified as viruses that they must be. I was only suggesting that might be a good place to start. Every "virus" I have ever heard about for the Mac has been miscategorized, and even at its worst, could only ever be called malware.

I wasn't meaning to imply that just because they are identified as viruses that they must be. I was only suggesting that might be a good place to start. Every "virus" I have ever heard about for the Mac has been miscategorized, and even at its worst, could only ever be called malware.

Well, for example, and someone please chime in if I am wrong. ClamXav is a cross platform open source effort anti virus solution. So, your ClamXav can be picking up malicious cookies, trojans, and what nots that you get from just browsing the interwebs that are designed for windows or another platform. I am sure that browser cache probably picks up these malicious files on a Mac, but if it is not coded for the Mac platform then its not going to effect it.

Anyways, this is something that I am going to research when I get more time soon because I have had several debates with other IT people and when I ask for proof they never come through. They just say that their AV software picked up it and removed it. So I will have to see for myself. Time to DMZ the old G4 and go to every crappy website I can think of to pick up some of these malicious files.

Is it theoretically possible for an anti-virus application to detect a virus before the application developers obtain a copy of that virus? In other words, could having AV software protect a Mac on (a hypothetical) zero day? Or, does anti-virus software require that the virus already be known?

Could someone who knows a little bit about how such things work please share that knowledge with an ignorant Mac user like myself? Thanks. :)

Remember this (http://www.ambrosiasw.com/forums/index.php?showtopic=102379)? A lot of folks were quick to call it a virus, although it actually was just a puny trojan. Other than that, Symantic lists a virus (http://www.symantec.com/security_response/writeup.jsp?docid=2006-110217-1331-99&tabid=2) and another trojan (http://www.symantec.com/security_response/writeup.jsp?docid=2006-063013-2645-99&tabid=2), which were proofs-of-concept rather than actual attacks.

Is it theoretically possible for an anti-virus application to detect a virus before the application developers obtain a copy of that virus? In other words, could having AV software protect a Mac on (a hypothetical) zero day? Or, does anti-virus software require that the virus already be known?

Could someone who knows a little bit about how such things work please share that knowledge with an ignorant Mac user like myself? Thanks. :)

I do know many AV vendors add "heuristic" virus detection, to catch similar variants of viruses, such as MyTob.A, MyTob.B, MyTob.C, MyTob.AB, GH, and on and on.

These viruses has similar characteristics. AV companies don't know how anything about the characteristics of Mac viruses yet (neither do we), so it would be very difficult (if not impossible?) to to try and make an virus signature for a virus that hasn't even been released yet.