Quote:
Originally Posted by Red
It's not a myth, it's mostly truth. Just the fact that we are discussing one malware instance that needs the user to download, input the admin password and install some malicious software is a testament to how secure macs are.
In windows it would just plant itself without any user interaction. Just like thousands other viruses do.
That's the difference here.
|
That's not entirely. If UAC is active, very little malware is getting installed without a prompt. And if it does (without a UAC prompt), it's likely running in the local user context. (let's leave XP out of the equation, it's obsolete)
This whole idea that you need to get admin privileges, and how it's harder on the Mac to do that because of the password prompting is BS. Most malware doesn't want to eff up your machine, it wants to sit there and steal passwords, do spam, or other "useful" work. From that perspective, 90% of the malware out there is PERFECTLY happy running in your non-privileged user context.
So you combine that fact with vulnerabilities in browsers, internet-listening tools like Skype, etc, and its not only possible, it's probably that this stuff is going to slip onto Macs.
Removal of malware is in some cases going to be easier, by virtue of the malware possibly being confined to the user account. But this is no different than on a windows system, really - in either case, if you execute code with admin priviliges, or allow privileges to elevate via UAC or the Macs security prompt, you're hooped - it'll get embedded deeper into the system.
Nobody can claim, with a straight face, that there aren't attack vectors on the Mac that will, at the very least, get code remotely executing in your user context, which, as I've just outlined, is plenty for most malware.