I've been in discussion about PC viruses, and I've stated that there are no Mac viruses. Zero. Nil.

Am I right?
http://www.msnbc.msn.com/id/12537279/
http://news.bbc.co.uk/1/hi/technology/4739432.stm

I have also been informed that a chap had a virus on his PowerBook a couple of times. Can this be possible?

Thanks
Mick.

Start with reading up on THIS.

Although there might have been a "proof of concept" or two, there are no Mac viruses (or spyware, or Trojans...) in the wild.
Does that mean Mac users may be uncareful? No.
Best advice: since you cannot install anything on your Mac without providing your admin password (even maintenance programs such as OnyX ask for your password, as they "dig" deep into the system), always ask yourself: "Why should I give my password?" and only then supply it.

Do I have to install antivirus software: here, there are two schools. I belong to the school that says that antivirus software is a virus as such and, up to now, has caused more harm than actual protection. The other school will promote the use of antivirus software, one of the arguments being "so as not to spread any viruses towards PC users".

Let's make one thing very clear here: there may not be any active viruses for Mac OS X right now, but there is malware out there that affects Macs. The difference with viruses is that it cannot be installed without your knowledge and permission. At some point you will have to authorize any software installation.

The problem is that any attempt to install malware worth its mettle will try to masquerade as something else. That's where Pingo's advice comes in. Be prudent when downloading and installing software. Make sure of the source, and be very wary of unsolicited stuff. And last but not least: in case of doubt, throw it out.

To date, there are no "in the wild" viruses that can affect or infect Mac OS X. However, having said that, it's important to understand that when people use the word "virus" they're actually talking about, and often confusing, three separate and unrelated things.

Before I go into that, though: Yes, you will meet people who say their Macs have been infected by a virus. Some folks believe that any time anything happens on their computer they did not expect or do not understand, it must be a virus. We get a few of those from time to time here at MacFixIt. I've seen people say "It's a virus!" when confronted by anything from a defective keyboard to problems with their Internet service provider to their own ignorance about how Unix operates.

Technically speaking, there are four completely different, totally unrelated types of malicious software that people call "viruses." There are computer viruses, which are small programs that attach themselves to other applications and spread from application to application and from computer to computer. There are "worms," which are programs that do not attach themselves to applications, and copy themselves from one computer to another by exploiting flaws in networking software or server programs. There are "Trojan horse" programs, which are programs spread by deceit and lies. There are "rootkits," which are programs that bury themselves in a system and then hide themselves by modifying the operating system so that standard file APIs will not show them.

People also talk about "adware" and "key loggers." The classifications above refer to how a program operates; the names "adware" and "keylogger" refer to what a program does. Adware displays ads on an infected computer. Key loggers record each time a button on the keyboard is pressed, with the idea that if a person does something like visit his online bank account or his eBay account after he is infected, the key logger will record his password.

Let's talk about each of these one by one.

"Viruses" are little bits of self-replicating computer code that are not complete programs; they work by attaching themselves to other programs. When a computer is infected with a virus, which usually happens by copying a program off of an infected computer onto an uninfected computer, the virus copies itself onto programs, usually as they are run. For example, if you have a virus on your computer, and you run Adobe Photoshop, the virus embeds itself inside of Adobe Photoshop. Then you run Internet Explorer, and the virus embeds itself inside Internet Explorer. Then you run Second Life, and the virus embeds itself inside Second Life. Then you give your copy of Adobe Photoshop to your brother, and now his computer is infected. Some viruses can attach to types of files that are not computer programs, such as Microsoft Word files (these are called "macro viruses").

There are no viruses which can infect or affect Mac OS X, though Microsoft Word files which are infected with macro viruses can sometimes be found on Macs.

Worms are programs that scan computer networks searching for computers that are running programs that listen for network connections, then trying to exploit flaws in those programs to copy themselves. Worms work automatically. They do not need people to trade files in order to spread. They are a huge problem on Microsoft Windows systems, because when you install Microsoft Windows, it installs many programs that listen for connections from across the Internet and will accept incoming commands from other computers on the Internet. Worms do not always try to exploit built-in operating system programs; sometimes, they try to exploit flaws in server software that you install later. W32/Witty is a worm that propagated by copying itself onto Windows computers that were running a security program called Black Ice.

There are no worms that can affect or infect Mac OS X. When you buy a Mac or install OS X, there are no server processes running; your computer is not listening for connections across the Internet. Therefore, an infected computer from somewhere on the Internet can not connect to you and copy the worm onto your computer.

Firewalls are useful to prevent worms. A firewall blocks connections from across the Internet; firewalls are highly effective at stopping network worms.

A Trojan horse is any program that says it does something, but actually does something else. There are many examples. The common W32/Storm Trojan that infects Windows computers pretends to be a video game, or pretends to be an electronic greeting card. People deliberately download it onto their computers because they think that they are downloading a video game or a greeting card, but they are really downloading malicious software. Another common Trojan pretends to be a Microsoft security update. Still another common Trojan pretends to be pictures of Brittney Spears naked.

The common theme of Trojans is that they never get onto your computer by themselves. You have to deliberately, intentionally download them and deliberately, intentionally run them in order to be infected. They will never infect you unless you specifically choose to put them on your computer and run them. So the people who create them use lies and deceit to trick you into putting them on your computer. It turns out that this is very effective; people are easy to trick and gullible enough to believe everything they read. If you have ever received an email that has a From: address of "security@microsoft.com" that says "Attached is a critical Windows security update, please download it and install it at once," then you have seen a Trojan. If you've received an email that says "Please click on this link to see a love letter from a secret admirer," and then when you go to the Web site you see a message saying "Please click here to download your love letter," then you have seen a Trojan.

There are Trojans in circulation for Mac OS X. One, which came out a while ago, pretends to be a pirated copy of Microsoft Office that you can download for free. When you download it, it deletes everything in your home folder. The other pretends to be a special piece of software that you need in order to view Internet movies or Internet porn. You will go to a Web site, you will see a picture on your screen that looks like a movie player, and you will see a message telling you that your computer can not show movies unless you download a video player CODEC and install it on your computer. If you believe the message and download the software, you infect yourself.

The last category is "rootkits." These are programs that will embed themselves in an operating system and then hide themselves by modifying the system in such a way that it won't display them. For example, they might change the way the Finder looks so that when you double-click on a folder, it will look empty, even though it has files in it.

Rootkits may be installed on a computer deliberately; for example, some rootkit writers will go to Internet cafes, install their rootkits on all the computers at the Internet cafe, and then whenever anyone goes to eBay or an online banking site the rootkit records what they do. Sony released a rootkit on certain music CDs some time ago; when a person put the CD in their computer, the rootkit copied itself onto the computer, concealed itself, then prevented that computer from being able to rip those CDs.

There is a rootkit that can infect Mac OS X. Like with a Trojan, it can not get on your computer by itself. It must be installed manually, and the person who installs it must know the password of the computer it is being installed on. Because of this, it is not a significant threat; since it has to be installed manually, it can not get onto a computer on its own, and since you have to know the password for the computer you're installing it on, a stranger can't put it on a computer by walking into an office or something like that.

The structure and architecture of Mac OS X makes writing viruses and worms extremely difficult. People have been trying for years to create viruses and worms for OS X, without success so far.

Trojans and rootkits (some of which are distributed as Trojans) are potentially a problem on any computer. They do not rely on hacking the computer or on infecting programs on the computer; they rely on tricking human beings into infecting themselves. As long as human beings can be tricked, it will be possible to spread Trojans.

Thank you. A fullsome, comprehensive and knowledgeable reply.

My mind is at rest!

Regards,
Mick.

A brilliant exposition, Tacit. I often point posters on other boards to your posts made here. From time to time I even employ the expression you coined ("antiwerewolf software" ) as well. Keep up the good work!

Nicely written, explicit, and concise.

Many thanks for yet another bookmark-worthy post.

Thanks for you in-put. It broaded my understanding on viruses. But how would you go about repairing a trojan virus "rootkit"? Does this trojan rootkit infect those CPU's beside MAC too?

New Mac User, just purchased my FIRST MacBook notebook (Blk)

The trojan that has been reported in the wild and I assume you are concerned with as Tacit pointed out requires you to cooperate or collude with it and intentionally install it yourself. There is no way of totally protecting a user from themself. As to how to repair the situation, erase and install comes immediately to mind.

Although you have posted this in the Mac OS X 10.4.x forum, I assume since you have a new black MacBook you are not running Mac OS X 10.4 (Tiger) rather you are running Mac OS X 10.5 (Leopard). If you are using Time Machine backup in Leopard another fix would be to boot from the Leopard Install DVD, go into Time Machine and restore the system from a date prior to your installing the Trojan.

This information was extremely useful (considering that i know nothing of this topic and I'm a new Mac user), however I'm still confused about these rootkits?

I've always known how to avoid a trojan horse, 'cuz you'd have to be ridiculously trusting (or just plain stupid) to get one of those, and I get how they spread. But I'm still confused about how rootkits spread or how they must be installed on your own accord.

Also, and I'm not sure if anyone's mentioned this already, but can a PC virus affect a Mac, or is that something that just doesn't happen?