Mac users have had a long history of feeling smug about the number of viruses that routinely infect PCs running Windows. Earlier this year, however, there was news about the first potentially dangerous Mac OS X virus. This virus, known as OSX/Leap (or MacOS/Leap, CME-4, and OSX/Leap.a), was distributed via iChat as a series of images in a compressed file (typically described as screenshots of Apple’s upcoming Mac OX 10.5, known as Leopard). When the file was decompressed, it turned out to be a Unix executable that could delete files from a workstation and use iChat to send copies of itself to other users. A security flaw in Safari that would enable Unix executables to run automatically when visiting a malicious Web site also made news around the same time (although preventing this was easily accomplished by deselecting the Open Safe Files After Downloading option in the Safari preferences).
Both of these events illustrate that Mac users are not immune to malicious software (a.k.a. malware) threats. I use the term malware because neither of these threats meets the classic definition of a computer virus. In fact, many of the news stories about the OSX/Leap threat focused on defining whether it was in fact a virus, worm, or a trojan horse. They are all variations on the way a piece of malicious code functions and propagates, although most computer users use the term virus to refer to all of them.
What Defines a Virus?
Malware refers to a whole host of malicious software. It can include viruses, worms, trojan horses, code fragments, malicious Web sites, and other nasty things. For the sake of this article, we’ll talk specifically about nasty things that can infect a Mac OS X computer or server. This leaves out suspicious pieces of spam that can determine whether your email address is active (and send you more spam) or be part of phishing schemes that send you to what appear to be legitimate Web sites in an attempt to get you to provide personal and/or financial information. We’ll also leave out the majority of spyware because it is not yet an issue for Mac OS X users (although the vulnerability in Safari could be an open door for Mac spyware authors).