Friday, July 14, 2006

symantec, viruses, and the mac

i've written about viruses and the mac before but of course people don't read what i write or don't listen to what i say or maybe just don't think i'm right and so continue to make silly gaffes... sometimes those people are even in a position where you'd expect them to know what they're talking about...

take for example the recent pronouncement from symantec that there are no file infecting viruses for the mac osx platform... todd woodward is a symantec employee so of course people are going to assume what he says about viruses and the mac must be true... he makes a pretty convincing argument too, except for one tiny problem - in trying to convince us that osx/leap.a wasn't a file infecting virus he points to a symantec virus analyst's write-up that actually says osx/leap.a does infect files...

ooops...

but lets not be too hard on poor todd, after all he's not a virus analyst himself, rather he's a product support analyst for symantec... still, that embarrassing gaffe could have been avoided if he'd simply read the page he was linking to...

so just to clear up the confusion (and to repeat something i've said a bunch of times already) osx/leap.a is an overwriting file infector (that would have been a companion infector if not for a bug in the code) and an instant messaging worm at the same time... that's right, is a worm/virus hybrid and therefore there IS a virus for the mac osx platform... i get the feeling that perhaps todd is not aware that something can be both a virus and worm at the same time but it can and there are plenty of examples in the windows world so that part of his post about the differences between worms and viruses is poorly conceived..

0 comments: