Why does OS X warn me before running an app downloaded from the Internet?

I'm always hearing that there is practically no malware threat in Mac OS: clearly claims that there is no Mac malware are exaggerated, but the received wisdom is that they are a negligible threat and anti-virus software isn't generally used unless required by a corporate policy.

So that being the case, why does OS X warn me before running an app downloaded from the Internet? What's the perceived risk exactly? Either there's a credible malware threat out there (in which case everyone should be running AV software) or there isn't (in which case the warning is unnecessarily obstructive).

Edit for clarity in response to some surprisingly hostile replies: apologies if my terminology is misleading. I'm using "virus" loosely to mean malware that an anti-virus product would protect against. For example, a software site is hacked and the genuine download replaced with an infected version. A user downloads it in good faith and runs it. That's the kind of thing a good AV client would be expected to deal with: that's what I'm referring to.

Edit for clarity 2 (not by OP): changed "virus" to "malware" in the question to further the distinction.

Solution 1:

Okay, I'm going to chime in.

Firstly, let's look at your first question: Why does OS X warn a user before they launch it for the very first time?

OS X had instituted the added precaution for one important reason: so that apps wouldn't seemingly launch on their own. Obviously it would be crippling to workflow if the confirmation popped up every time the app was launched, so a first-time only policy was instituted. And that seems to be sufficient if you give it some thought, as that means any app that runs without the confirmation has already been approved once before, thus making it a "trusted" application.

The implications here aren't measurable beyond this simple strategy. Apple wanted some assurance that programs wouldn't just be run without a level of consent. If they somehow happened to find their way on a user's machine, they wouldn't be thought of as something "old" or something "trusted." It's not meant as a total safe-guard against malware, but rather almost as an important training tool. It gets the user to understand that OS X monitors these things. And that if an app is run, the system will be there to provide a little protection. If a user stumbles on a strange file somewhere, and double clicks on it, the system will check to see if it meets certain criteria. If it does, it'll notify the user that it's never been launched and is to be deemed "potentially" dangerous. It is then to the user to decide if they should run. It is a safeguard that does more to for user behavior than actual, hardcore system protection.

So it's not that there is a definitive threat. It is more a user-land security measure and perhaps even to be better thought of as a "pre-emptive" strike. To label it a clear cut case of either implement a security measure for a specific threat or axe it doesn't apply in this case (for the reason's above). Think of it more along the vein of Apple being pro-active (and quite clever). And it's not that obtrusive is it? Windows gives warnings each and every time. OS X delivers one just on the first run. It's a sane compromise.

Now, to get to the second tail of your query (and excuse me if I'm paraphrasing here, but I think this is what you're driving at): Why doesn't OS X have an anti-virus program to deal with these threats instead?

First, I think it's important to square away the terminology. There are no known viruses that have propagated into the wild for OS X. OS X is based on a Unix structure, which poses a seriously problem for virus-makers. In a nutshell (and excuse the oversimplification) Windows marks everything with executable rights. From images, to text files, to even music. This is ultimately what allows virus-makers to, for a lack of a better term, go to town. Unix doesn't exhibit this trait. It's crafty with its privileges. So the likelihood that OS X (and all Unix-based systems for that matter) will ever need an anti-virus is remote. Windows and Unix are fundamentally very different. Essentially, if you wanted to get a virus on OS X, you'd require either root access or significant user activity. You could not deliver and run it from simply opening up an email.

Now that does not speak towards security, per se. OS X is not any more secure than Windows and this is a common misperception. This of course depends on your definition of security. It is largely immune to viruses (I use the term "immune" loosely here) but it is still susceptible to buffer-overlows that can allow root access. Charlie Miller has razed OS X in seconds numerous times at the Pwn2Own competition. He's a masterful security researcher, but putting that aside, he shows that OS X (along with pretty much everything else) is not an iron horse. It can be exploited just like every other system.

But the chances of being targeted by Lulzsec are rather slim. You'll likely face a gauntlet of script-kiddies that pack ready-made tools that serve more to aggravate than deliver a focused attack. To this day, only one has managed to make the rounds—enough to force Apple to step up it's security measures: Mac Defender. And even with Mac Defender's seaming success, it still required the user to navigate through a series of prompts via its native OS X installer (note that later versions didn't require an administrative password). So you have to take the "success" of Mac Defender with a grain of salt. It was likely successful because it was the first of its kind, and exploited more the user's blind faith in OS X than the system itself. People readily installed it thinking they were safe from harm because they aren't running Windows.

So in closing, OS X does not require an anti-virus because quite simply, there are no known viruses making their way out in the wild. Proof-of-concepts do exist, but again, the likelihood that they will one day wreak havoc is very remote simply because propogation is incredibly difficult to sustain. Malware, on the other hand, has shown itself to be a cause for concern. OS X now contains a built in safety feature (called a "safe downloads list") that can be viewed under the Security & Privacy section of System Preferences (General tab). This should protect users from future malware that follows the same trend as Mac Defender. Additionally, Lion has implemented sandboxing and privilege separation, which is a real significant step towards not only preventing malware, but solidifying the overall security of the system from even focused attacks.

I hope that provides you with more insight into why Apple has decided to implement what looks like half-measures. It's important to bear in mind that security is always in direct conflict with usability. So the former must always be in balance to provide a semblance of the latter.

Solution 2:

There is a credible threat. You have to understand that virus means different things to different people, but the entire reason of it is to let a user know that there's a possible attack vector there.

For example, I don't think it counts as a virus when you've entered your admin password and installed a piece of software that trashes your system, it's just malicious software. I do however think something that propagates without user knowledge is, Apple seems to take a tighter view of security in general so the warning is for the casual user, just so they know to be careful.

Solution 3:

The warning message about which you complain doesn't protect you against viruses, but against trojans, which are a different kind of malware. There aren't many trojans for OS X either, but they're much easier to create than viruses, and the warning is a sensible precaution to at least make you think once before opening something you just downloaded.