By Dan Ilett, 29 March 2005 16:40
NEWS
Plans to hold a $25,000 competition to write a virus designed to infect the Apple OS X have been scrapped after the company behind the scheme backed down over "legal problems" and complaints from Mac customers.
Apple accessories company DVForge announced the competition after security company Symantec claimed OS X was likely to come under increasing attack as Apple's market share in the computer market grew.
DVForge said it had so much faith in the security of OS X it did not believe a virus writer could disable the operating system.
"The contest was only cancelled because I was convinced on Saturday morning that there was some minor risk of federal law violation in continuing," the head of DVForge, Jack Campbell, wrote on the company's website. "I have been stunned by Mac users writing to us who seem to prefer to live in fear and uncertainty, with their heads down, feeling 'lucky' for the moment, rather than to actually know the truth."
Before it was pulled, virus writers were invited to infect PowerMacs connected to the internet and running the latest version of OS X, apparently without antivirus or firewall security.
The plan has been heavily criticised as a publicity stunt but the company has rejected these claims, saying it was better to settle the matter of the security of Apple's flagship operating system once and for all.
"Interestingly, this was actually a serious PR risk for us," wrote Campbell. "It is always safest to avoid controversy and to simply sit quietly on the sidelines and let the issues of the day drift by. The issue of the world at large constantly misstating the Mac OS X virus susceptibility was something we decided as a company to try and do something about."
Despite multiple attempts to contact Apple, the company did not respond for comment.
Dan Illet writes for ZDNet UK
Comments
There are 8 comments. Join the discussion
1. anonymous
I have a better idea for the virus writers.
Instead of responding to offers of prizes for the person who can infect machines A,B & C
How about seeing who can fix the hole that allows infection in the first place.
OK it'll get harder and harder to do and you won't have access to the source in many cases, but you guys say you are the best, so prove it, stop doing the easy kiddy "I can break things" stuff and try doing the much harder "I can stop you breaking things" stuff.
Put your reputation where your mouth is guys, or is that too hard ?
2. William F. Maddock
I think that the company sponsoring this competition is discovering something I've experienced for as long as I've been part of the Macintosh using community; namely that there are an awful lot of Mac users who want the world to think that they are intellectuals when they are actually bereft, wise when they are actually fools, and brave when they are actually cowards.
This, however, is a situation in which the sponsoring company is not wise. Wherever there are security measures, there are ways around them and virus writers are specialists at discovering those detours.
I love my Mac, and I love OS X, but I'm not silly enough to tell anyone, "Go ahead; try and invade."
Even Dirty Harry ain't that dumb.
3. anonymous
Jack Campbell = dumbass
4. Daniel
rewarding anyone who successfully creates something that could cause damage is irresponsible!
on the other hand, to encourage anyone to create mal-software because you think that Mac OS X is impenetrable is deftly arrogant!
i think Mac OS X is more secure but i wouldn't be so arrogant and tempt the devil! why not reward the person who discovers a potentially security problem and produces a fix instead?
5. anonymous
Interesting spin on debugging. I'm surprized Apple didn't do it first but, without the giant payout, maybe a pod or internship. You have to continually test security and upgrade any soft areas but, this may not be the best answer.
I too feel the OS is secure but, I personally wouldn't want to know that there is a league of hackers working to take it down. Apple does pay people to do that you know and thus far they have been pretty successful.
6. anonymous
I am a developer that has succeeded in freezing or 'disabling' OS X on a variety of occasions, and mostly when developing software and not even intending to so. So, if you want to figure out how I do it I can send you some source that does it, and all I ask in return is to help me fix the bug so it works the way it is supposed to and NOT freeze the system ;)
I have to agree on what has been said here though, that despite how things cannot be worked around 'in theory' that isn't the way it really is. For example, an application with a bug should not be able to crash the whole system, but it can. I am running 10.3.8 and I can do it right now.
7. anonymous
From the man himself:
http://www.spymac.com/forums/showthread.php?ppp=20&threadid=166382&sthreadid=&c=1
"You do understand that the stated in-the-wild OS X 10.3 virus, one that self-propagates, self-replicates over a network connection, does not require user authentication, does not require opening an email attachment, but executes across multiple OS X 10.3 machines is impossible?
You do know that, right?
I ask, because it has become obvious since Friday that the huge majority of Mac users aren't really clear on what is a virus, a worm, malware, a direct attack, an indirect attack, a direct insertion, having direct control or not, and many other extremely specific and extremely important system security terms. And, to make matters worse, person after person posts in these threads, sounding "knowledgeable," and offering all sorts of further confusing comments that mix all of the security issues together into one fuzzy wad of misinformation. Symantec did that last week... they lumped the whole idea of "threats" against the Mac into one amorphous pile, in what we believe was a calculated and specific effort to scare the hell out of the vast majority of Mac users. That really made the folks at our company mad.
So, we picked the one, highest profile, most scary word out of the mix... "virus," and called the bluff on the lie that OS X Macs are "exposed."
A virus is a bit of executable code, a 'program,' if you will, just like any other application program on your Mac... just like Word, or Safari, or Photoshop. It is an application that must be installed on your system before it can run. And, just with these other commercial programs, a virus program must be given explicit permission to run on your OS X Mac, by the user (you) reviewing a popup window, and intentionally entering an administrative password. No password, no installation, no virus. And, all of that is "if" the program (or 'virus') can get into your system in a way that it presents itself as an executable program asking to be launched.
Think for a minute... How do applications get on your Mac to begin with? Well, they can be presented to the system as files that are received as email attachments, from media connected to the Mac (DVD, CD, HDD, Flash, etc), or, through a network connection, where the file resides on another machine on the network to which your Mac is connected. In this last scenario, again, please think: If the other machine's user has password access to your Mac, they can drag the file to your machine. but, even they cannot launch it on your machine, unless software specifically has been enabled to allow remote launching of files. Otherwise, the moved file just sits on your hard drive, until you attempt to launch it, and again, the popup window appears, asking for the admin password.
Our contest specifically stated that we were looking for the threatened 'virus' about which so much misinformation has been thrown around the land for the past four years. This was defined as a piece of executable code that would automatically find its way to an OS X 10.3 Mac (that's called propogation), would install itself and run without the user entering an admin password, and, would then send a copy of itself back out onto the network and proceed to do the same things to other OS X 10.3 Macs.
That is precisely how the most threatening and popular viruses on the Windows platform do the job. And, it is precisely the type of virus that is impossible (not "unlikely") on a Mac running OS X 10.3, as shipped from Apple, with no user modifications having been made to the security settings as shipped by Apple.
We believe that the above description fits 90%+ of OS X Macs in use today, as very few users actually tinker around with the basic security settings on their systems.
So, say what you will about us. The reality is that we were attempting to cut through four years of nonsense, nonsense even repeated here on Spymac every day, about t
8. Cynic
I'm still walking to the train station. Doubt there's much chance of a virus for that mode of transport yet. Aside from the common cold of course - when it rains.