Why are there no Mac viruses? by Philip Elmer-DeWitt @FortuneMagazine September 2, 2009, 2:50 PM EST E-mail Tweet Facebook Google Plus Linkedin Share icons Image: Apple Inc. There are, as far as we know, no Mac OS X viruses in the wild. To prove that assertion wrong, you only have to name one. Academic proofs of concept and theoretical vulnerabilities don’t count. Neither do computer worms, Trojan horses, spyware, adware, spam or any of the other nasty species in the zoology of malware. That eliminates Inqtana-A, iBotNet, MacSweeper and a handful of other examples of Mac malware usually trotted out at this point by PC apologists. Nor can you count the 10-second Zero Day Pwn2Own Safari exploit that got so much press attention last March. None of these, strictly speaking, were viruses. The issue comes up anew because Apple’s AAPL latest Get a Mac ads are once again hammering Microsoft MSFT for those “thousands of viruses” to which its operating systems and application suites are heir. And that, in turn, has led to a resurgence of comments in this space to the effect that a) Macs are just as vulnerable as Windows machines and b) the only thing that protects them is their miniscule market share. Those ideas, while widely promulgated on the Web, are wrong. The fact that Mac OS X represents less than 4% of the worldwide installed base of computers might explain why there are fewer Mac viruses. But it wouldn’t explain why there are none. So what’s the answer? First, let’s define some terms. A Mac OS X virus in the wild, to use the definition put forward in a short-lived contest that offered $25,000 to the first hacker who could write one, is executable code that attaches itself to a program or file so that it can spread from one Mac to another. “In the wild” means it has infected, or is currently infecting, new machines through normal day-to-day usage. By this definition, there have been hundreds, if not thousands, of Windows viruses (see partial list), a handful of Mac OS 9 viruses, and not one for Mac OS X. The reasons for this have been extensively debated by security experts, who offer several explanations: Small market share. There is some truth to the “security through obscurity” argument. Many virus writers are motivated by the power they can command — and the money they can make — by seizing control of large numbers of computers. That puts a financial premium on Windows viruses. Mac OS X, with its Unix-based file system and kernel, is harder to infect with a self-replicating program. (See Claudiu Dumitru’s MacOS X Vulnerabilities for background.) Windows, as I understand it, allows users to write run executable code outside their own protected memory space; Mac OS X does not. Viruses are going out of style. The action these days, I’m told, is in Trojans and spyware. This is not to say that OS X is invulnerable. The frequency of Apple’s security updates and the emphasis the company is putting on the new security features in Snow Leopard are proof that it is not. Maybe Apple is just lucky. Or maybe it’s better at protecting its users from infection than Microsoft. That said, if the built-in anti-virus protection in Windows 7 is as good as some earlier reviewers suggest. the security gap could close when Microsoft’s new system finally launches next month. Which may be why Apple is hammering home the “thousands of viruses” message now.