This morning at work

Estragon: We’ve got an email from one of our clients. Apparently an email we sent her was infected with a virus.

Vladimir: Not possible, we’re a mac shop.

Estragon: I know, but here it is, all the same. They sent us back symantec’s report on the email headers, and it’s definitely…

Vladimir: Not us. Maybe we forwarded something infected. Attachments? There are no mac viruses.

Estragon: Yes, but it’s not something we forwarded from someone else. It’s the records for the Locke Route, definitely something we made ourselves.

Vladimir: Not us. I know you’ve been reading all these stories about it lately, but we can’t be infected. It’s just not technologically possible yet for OSX to have… look, her antivirus is probably just getting a false positive, or it’s been marked as spam and she’s emailing us all confused.

Estragon: No, look, the Locke Route is a word document, doesn’t that m…

Vladimir: There are no mac viruses, man. I’m sure you’d love to see one, PC boy, but…

Estragon: Word documents, doesn’t that mean macro viruses that exist in word’s normal dot files ca…

Vladimir: Jesus, how plain do I have to be. You want it in esperanto?

Estragon: If a virus exists in a word document, and the recipient also uses word, and the virus infects word, even if it isn’t a bona fide Operating System virus, it’s still a vir…


This kinda sounds like a P&R discussion. Maybe if you replaced “mac virus” with “WMDs” or something.

Word macro viruses are so 1990s

Fire Vladimir, maybe? He at least needs to be sent to sensitivity and IT training. He sounds pretty rude, not to mention clueless about unsafe Word macros.

Vladimir sounds like he’s let his love of Apple cloud his brain. :)

Yeah. Tell vladimir that even though Macs are immune (so far) to Word macro viruses, they can still pass them on as a carrier. There’s nothing magical about the Mac version of Microsoft word that filters out macro viruses.

So if anyone worked on this .doc file on a Windows computer and saved it back, he or she could have infected it with a macro virus during its short life on the Windows computer. Any Mac OS X computers that subsequently opened the file would be immune, but the Windows computers would not.

It’s worth spending 5 minutes to see whether this was the case.


I ran ClamX on all our file servers after the morning’s fun. It is Melissa’s party house in there.

We do have a couple of PCs on the network, but it looks like they’re not the culprit: an infected Word (the basic document template, will independently infect new files and anything loaded and saved, regardless of platform.

Mac’s are a funny false sense of security. It’s rather like being the inheritor and propogator of a genetic disease that cannot affect you. However, there are exceptions: it turnes out that that printing our macro-infected word docs from word 2001 on OS9 occasionally resulted in the virus printing out a Scrabble joke instead, which was mildly amusing.

Please post Scrabble jokes!

Have you ever flirted with an attractive scrabble opponent by purposefully spelling out words like “pretty”, “date”, and “bouquet”? I have. :-)

No, it didn’t work, of course, but i was only 15 at the time and didn’t know better.

But “bouquet” is good for points even if you don’t get, uh, anything else.

If there are no Mac viruses why does .mac come with virus protection and why in the guy in the apple store push this on me as a major selling point of .mac when I bought my PowerBook?

One answer is that you may not want to act as an unwitting propagation mechanism for windows viruses via the forwarding of email attachments. And, I presume, your protection will stop old word macro viruses, if you are an MS Office user.

But there are no OSX mac viruses in the wild, AFAIK, only some proof of concept stuff that I think still needs you to actually go through the OSX application installer widget to install it.

I fear you were sold rustproofing by your apple store. I run an hitherto-unprotected 70-host mac network with no virus protection at all and unrestricted use by employees, and just today has a virus problem presented itself, and it only affects a single microsoft application and document format that is somehwat insecure anyway because MS decided a word processor just has to include a whole programming language.

Well I don’t think of .mac as rustproofing. I think it’s a pretty good package, it just seems like the antivirus stuff is a bit vestigial.

Q: Are there no mac viruses because the OS is difficult to penetrate, or because hackers don’t target Mac users?

Pshaw! I once flirted with my opponent while playing The Awful Green Things From Outer Space.

[size=1]It didn’t work, either.[/size]

It’s the nature of the operating system. Mac OS X and other Unix-like operating systems don’t let programs access resources beyond a limited scope.

So, you can write Trojan programs and the like that depend on tricking the user into accidently launching the program, but not a self-propagating virus that runs some code and then automatically gets some other computer to run the same code.

Edit: Pshaw? Geezus, Beezus!

There is an OSX virus I think.

Hmm. after re-reading the description, that one seems to be a cross between a virus and a worm, because it requires user-intervention to propagate, yet it spreads via a network protocol instead of infecting files. And yet, it’s also a trojan, because it depends on tricking a user into running it (it’s a program that disguises itself with a .jpg icon).

The sophists at Sophos disagree with you!

Is Leap-A a virus or a Trojan?
Some members of the Apple Macintosh community have claimed that OSX/Leap-A is a Trojan horse, and not a virus or worm, because it requires user interaction (the user has to receive a file via iChat, and manually choose to open and run the file contained inside).
However, this is not the definition of a Trojan horse.
A Trojan horse is a seemingly legitimate computer program that has been intentionally designed to disrupt and damage computer activity. Importantly, Trojan horses do not replicate or have any mechanism of spreading themselves. They have to be deliberately planted on a website, or accidentally shared with another user, or spammed out to email addresses. There is nothing inside a Trojan’s code to distribute themselves further to other victims.
Trojan horses do not contain any code to distribute or spread themselves, viruses and worms do.
OSX/Leap-A is programmed to use the iChat instant messaging system to spread itself to other users. As such, it is comparable to an email or instant messaging worm on the Windows platform. Worms are a sub category of the group of malware known as viruses.
Therefore, it is correct to call OSX/Leap-A a virus or a worm. It is not correct to call OSX/Leap-A a Trojan horse.

Let them. It’s all 3. it’s a virus/worm/trojan-horse.