Macs had malware long before Mac OS X

For the first three years after the release of the Mac, it’s believed to have remained blissfully free of viruses and other unwanted and malicious software, which was only just starting to plague other personal computers.

Then came the first variant of the nVIR virus in 1987, and the following year a spate of malware in HyperCard stacks. Those were encouraged by the app’s rapid popularity, and exploited its built-in scripting language HyperTalk. John Norstad of Northwestern University responded by releasing his popular anti-virus app Disinfectant in 1989, and others followed in his wake.

Symantec Antivirus for Macintosh (SAM), renamed Norton AntiVirus (NAV) in 1998, was launched in 1989, two months after Disinfectant. McAfee later based its commercial VirusScan on Disinfectant.

During the 1990s viruses became more widespread and malicious, and some exploited features such as CD AutoPlay, widely used to run QuickTime rich media from optical disk. Apple’s new accessible scripting language AppleScript soon fell victim to a whole range of nasties, which continues to this day. In 1997, it was estimated that there were at least 35 Mac-specific viruses, together with numerous malicious macros for Microsoft Word and Excel that caused mayhem across platforms.

Here’s my small collection of samples that I used when evaluating and reviewing anti-virus products at the time. Many of these were INITs that loaded at startup, and several could prove very damaging. There were several unfortunate accidents where Mac malware was distributed by commercial sources, including one provided in the cover floppy disk of a reputable Mac design and publishing magazine.

John Norstad’s Disinfectant finally bowed out on 6 May 1998 after nearly a decade of service to the community, but there were still free tools including Agax, with its modular design, shown above.

By the end of that decade there were six commercial anti-virus products for Macs, of which the most popular were Norton/Symantec Antivirus for Macintosh, and Virex for Macintosh from Datawatch Corporation. In addition to those, two British developers offered products, Dr. Solomon’s AntiVirus ToolKit for Macintosh and Sophos, and there was one from France.

Intego, then based in Paris, first released its anti-virus Rival in 1997, initially only in French. Then in October 2000, it released the first version of VirusBarrier for Mac OS 8 and 9.

Throughout this period, Classic Mac OS retained its reputation as being largely untroubled by malicious software, despite reality. Protection provided by Mac OS seemed rudimentary if not lacking altogether. This didn’t change with the introduction of Mac OS X, at least not until Renepo/Opener, a widely publicised Trojan, appeared in 2004 and Apple was forced to add protection in Mac OS X 10.4 Tiger.

Fortunately, by that time commercial developers were supporting Mac OS X, and Tomasz Kojm’s freeware ClamAV, first released in 2002, had been ported from Unix as ClamXav.

10Comments

Add yours

1
Enzo Vincenzo on July 13, 2024 at 9:28 am
Reply
You mentioned Symantec Norton Antivirus and this brought me back to the nightmares of when I used to try the aforementioned software when I also used Winzozz or when friends, colleagues and relatives would ask me for help to optimise their PCs that had become super slow.
That programme was like an octopus (and if it still exists I believe it behaves in the same way) as it weighed down the PCs with its components scattered everywhere, especially in that nightmare represented by the Winzozz Registry which is made up of two files (User.dat and System.dat) that grow out of all proportion and which there is no way to really clean up except by reinstalling Winzozz absolutely from scratch.
On the other hand, I’ve never tried antivirus for Macs and can’t say whether they slow down the system. The fact is, I’ve never had any problems and my only experiences with Mac malware involve friends who were naive enough to visit abusive free streaming sites and that installed whatever came their way. Then it was my turn to figure out why Safari would start up with unwanted pages or why strange things would appear during login and so on.
And of course most of my time was spent trying to educate them about honesty….
Have a good weekend everyone!
LikeLiked by 1 person
- 2
  hoakley on July 13, 2024 at 9:33 am
  Reply
  Thank you. Are you thinking of Norton Utilities rather than Antivirus, perhaps?
  Norton Utilities started off being really useful on the Mac, but quickly went downhill and just messed up the system.
  Have a great weekend, Enzo!
  Howard.
  LikeLiked by 1 person
3
Tristan Hubsch on July 13, 2024 at 3:59 pm
Reply
Aaah… John Norstad’s Disinfectant!! The giant foot that came down stomping on viruses! Brings back fond memories of my Mac SE (1MB RAM + 80MB SCSI — WOW!)… and not so fond memories of nVIR. …which Disinfectant thankfully removed.
Thank you for (reviving) the memories.
LikeLiked by 1 person
- 4
  hoakley on July 13, 2024 at 6:44 pm
  Reply
  You’re most welcome. Should you ever want to relive nVIR, I think somewhere on this Mac I still have that old malware library
  Howard.
  LikeLiked by 1 person
5
Yyzguy on July 13, 2024 at 9:22 pm
Reply
Do you have any recommended AV for modern MacOS? I have installed the free version of MalwareBites, which does NOT have realtime scanning. I run it manually from time to time and have never found a virus on my system. With all the newest protections, it seem a user would first need admin rights and then have to work pretty hard to install malware that could withstand a restart.
LikeLiked by 1 person
- 6
  hoakley on July 13, 2024 at 9:33 pm
  Reply
  I think the first question is whether you need to use a third-party product, and that all depends on risk. If you have disabled SIP so you can run ‘cracked’ games, which are a common way for malware to be distributed, then your risk is high and you’d do well to use third-party protection
  For the vigilant user with macOS security fully active, they may not need anything other than the growing number of features built into macOS. I don’t routinely use additional protection here, but I do have a range of tools from Objective-See that enhance that, and they’re all free.
  On the other hand, I do test and review anti-malware protection, and there are some excellent products available if your risk justifies them. They’re also expensive.
  Howard.
  LikeLike
- 7
  Sven on July 15, 2024 at 8:31 am
  Reply
  ^^^ BTW, the VirusBarrier 1.0 for Mac OS 9 interface – which I didn’t remember – looks really “terrific” (both for the good and the bad, of course): in the Steve Jobs days of “lickable” buttons, extreme skeumorphism and lots of 3D effects. IMHO, the best Mac interface was probably in the OS X Leopard-Mavericks days: afterwards, with the flat interface paradigm (Yosemite+), things didn’t look so good, anymore. Anyway, today’s trend seems to go back to a moderately skeuomorphic GUI and with transparencies, which is good (the same could also be said on the Windows front: Vista and 7 looked good, 8 was terrible and thus 10 and above all 11 are slowly becoming more and more 7-like, albeit sadly sans Aero Glass). Just personal opinions, of course…
  LikeLiked by 1 person
  - 8
    hoakley on July 16, 2024 at 8:31 am
    Reply
    Thank you. It was quite unusual at the time, and for many became almost a trade-mark of VirusBarrier.
    Howard.
    LikeLike
9
Paul R on July 15, 2024 at 9:50 pm
Reply
The only malware experience I’ve had was around 1998. It might have been the AutoStart worm, although I don’t remember for certain. The ad agency studio in NYC where I worked was thrown into mayhem. Every CD ROM that came into the studio had to be checked by an air-gapped Mac running some kind of AV software. I think they also used this machine to check every outgoing disk.
When machines got infected they crashed relentlessly, which was especially bad news in the pre-OSX days.
The article I just read says Autostart could be defeated just by turning off the auto-play feature for CDs. It’s possible we just didn’t know this yet.
LikeLiked by 1 person
- 10
  hoakley on July 16, 2024 at 8:33 am
  Reply
  Thank you. Sadly, Autostart was a big thing for QuickTime.
  Howard.
  LikeLike

The Eclectic Light Company

Macs had malware long before Mac OS X

Further reading

Further reading

Share this:

Related