I occasionally get customers who say their systems are running very slowly. They may be brand new or a couple of years old, and the actual cause varies. Maybe they upgraded to the latest version of an application and now need more RAM. Maybe their hard disk is running low on space, or perhaps it’s failing. Quite often, it’s because they installed a bunch of applications that are auto-launching at login.
Every so often though, I will get someone who has done a little research on the web and has convinced him or herself that they have some sort of virus or spyware and want to know how to get rid of it. Just for the record, it is highly unlikely that a virus is the cause. In order to understand why, there are a few key points to know regarding the differences between Windows and OS X.
Mac OS X was designed from the ground up to be secure, not only against one person trying to access another person’s account, but from an automated outside threat like an application attempting to gain control of the computer. Originally based on BSD UNIX (Berkley Software Distribution,) OS X has evolved and grown to the point where it is now its own distribution called Darwin. For as much as it differs in looks, it still shares the same security model as other distributions such as Ubuntu or Red Hat Linux.
A long time ago, one of my co-workers gave a quick introduction to UNIX, and said to think of the UNIX security model as a hard-boiled egg. On the outside you have the shell, then there’s the white stuff, and finally the yolk. The shell of the egg would be the user shell, be it the bash command line or a graphical point-and-click interface like KDE or the Mac desktop. The white of the egg is the connection between the shell and the yolk—drivers, extensions, applications, etc. Then there’s the yolk, or the kernel of the OS, and you cannot get to the yolk/kernel without going through the white protective layer. Nothing touches the kernel unless the kernel specifically allows it.
For all the improvements Microsoft made over the years, Windows is still not as secure as anything UNIX-based. In allowing web pages and applications direct contact with the OS through various methods, they have created a giant security hole through which all manner of malware freely passes through on its way to the operating system’s core. Their first attempt at truly hardening the OS appeared in the form of Vista, however they went so far in the other direction (forcing the user to approve almost every action taken) that people got so used to clicking the “Stop bugging me and just do it!” button that they don’t even bother to read why the OS is asking permission. As a result, anything trying to install itself would be given permission without a second thought of whether Windows should even be asking to install anything in the first place.
How does malware infect a computer? To understand that, a few definitions are in order. Malware is an encompassing term which includes viruses, spyware, and adware, and is used to describe any program that serves no purpose other than to make your life miserable. A virus in computer terminology is an application designed to replicate itself and spread to other computers, typically causing data loss of some form. Spyware collects information about you and sends it to some outside entity without your knowledge or approval. One form of spyware, known as a keylogger, will record what you type in order to steal logins and passwords. Adware is an application that puts pop-up advertisements on your screen, trying to get you to buy things you don’t need or visit sites you were better off not knowing about. In most cases, adware is a harmless annoyance, but it can slow your system down.
Now that THAT’S out of the way… here’s a typical scenario. About a year ago I set up a computer for a friend. She asked me if she could use it to download movies, to which I replied you could, but I did not recommend it. The next day she called me up saying that her system was now unusable because some site she visited said her computer was infected with spyware and offered to clean it. Turns out she went to a site that installed a well-known malware application called Windows AntiSpyware XP, which is nothing of the kind. It installs itself and then monitors your surfing habits, sending information about everything you do to marketing websites so they know how to spam your inbox. A side effect of spyware is that it slows your system to a crawl, and in many cases your system will simply crash or not boot at all.
So how did this application install itself? Most of the web pages you visit are not just using HTML code, they are using a scripting language of some form (Javascript, Flash, Shockwave, etc.) This scripting allows advanced features such as animation, custom layouts, and other neat things. This script is running on your local system to bring you content, and if a small web applet is needed it is downloaded and executed in the background. Somewhere along the way, someone figured out that this scripting could be used to install harmful applications on your computer without you knowing about it and with that, spyware was born.
Almost without exception, those harmful applets that attempt to infect a Windows system via Internet Explorer do not run on a Mac. All applets are inspected carefully to make sure they are not trying to attach something to the operating system itself. Windows will happily allow an applet to attach itself to Explorer and put itself in startup, all without any indication to you that anything happened. OS X, however, would see an applet attempting to install itself and immediately pop up an authentication window. Any time you visit a web page and see an OS X message saying administrator access is needed, there’s a problem—you should cancel the request and leave that page.
A lot of people claim that the main reason Mac users don’t have problems with malware is because Macs are still a small market share, and hackers are going to hit the majority of users (those using Windows.) This may be true, but that doesn’t mean you’re completely safe. The larger threat is in the form of a Trojan, which is a program that claims to do one thing but in reality does another. Most of these are related to porn sites, which will tell you that you need a particular file to view their content. This lie convinces the user to install it, then the fun begins (sadly, not the kind the user expected). There have also been reports of trojans bundled in with pirated software, so bear that in mind before downloading iWork ’09 from a torrent site. As social networking like Facebook gains in popularity, so do attempts at infecting the unsuspecting user with all manner of garbage (such as the one mentioned here) so be careful what you click.
So, does this mean you will NEVER need some form of malware protection? Absolutely not. As Mac market share increases, hackers may turn their attention to our little corner of the world. The major players in the anti-virus market tell you that you must buy their products because they want your money, but they are not completely incorrect. At the time of this writing, the number of true Mac viruses could be counted on one hand, and most of those were pre-OS X. The strongest protection against malware is common sense. Practice safe surfing, stay away from the questionable sites, buy legal software, and you’ll be just fine.