Sophos Cloud Optix
Since this article was first published we have released a revised and more complete history of Mac malware. Make sure to check out that version!
There’s been a lot of discussion in the media recently about the threat that malware poses on the Mac OS X platform. It’s clearly an emotive subject, with strongly held views on both sides.
To help some of the discussions, here’s a brief overview of some of the malware we have seen infecting Apple computers. From the early 1980s, right up until the present day, here are some of the highlights in the history of Apple Mac malware.
Mac virus timeline
1982
The first virus to affect Apple computers wasn’t written for the Macintosh (that iconic computer wasn’t set to appear until 1984) but is of historic interest none the less.
In 1982, 15-year-old student Rich Skrenta wrote the Elk Cloner virus, capable of infecting the boot sector of Apple II computers.
On every 50th boot the Elk Cloner virus would display a short poem:
Elk Cloner: The program with a personality
It will get on all your disks
It will infiltrate your chips
Yes, it's Cloner!It will stick to you like glue
It will modify RAM too
Send in the Cloner!
What may surprise some Apple fans is that the Elk Cloner boot sector virus predates IBM PC viruses by some years.
1987
The nVIR virus began to infect Macs, spreading mainly by floppy disk. Source code was later made available, causing a rash of variants.
1988
HyperCard viruses emerged that could run on early versions of Apple’s Mac OS. One HyperCard virus showed the message “Dukakis for President” before self-destructing.
1990
The MDEF virus (aka Garfield) emerged, infecting application and system files on the Mac.
1995
Microsoft accidentally shipped the first ever Word macro virus, Concept, on CD ROM. It infected both Macs and PCs. Thousands of macro viruses followed, many affecting Microsoft Office for Mac.
1996
Laroux, the first Excel virus, was released. Mac users were unaffected by this new strain of macro virus until the release of Excel 98 for Mac meant they could become victims.
1998
It was in Hong Kong, in 1998, when the next significant Mac malware outbreak was first spotted. A worm – dubbed AutoStart 9805 – spread rapidly in the desktop publishing community via removable media, using the CD-ROM AutoPlay feature of QuickTime 2.5+
David Harley of Macvirus tells me that he remembers watching with interest as reports of Autostart spread from Asia to the rest of the world.
In the same year, Sevendust, also known as 666, infected applications on Apple Mac computers.
Big changes to the Mac malware scene were just around the corner, however, with the release of Mac OS X – a whole new version of the operating system which would mean that much of the old malware would no longer be capable of running. In the future, Mac-specific malware would have to be written with a new OS in mind..
2004
The Renepo script worm attempted to disable Mac OS X security, downloaded hacking tools to affected computers, and gave criminals admin rights to the Apple Macintosh.
Hackers also wrote a proof-of-concept program called Amphimix which demonstrated how executable code could be disguised as an MP3 music file on an Apple Mac.
2006
Leap-A, the first ever virus for Mac OS X was discovered. Leap-A can spread via iChat.
The Inqtana worm and proof-of-concept virus soon followed.
A buggy proof-of-concept virus called Macarena appeared, written in Xcode. Every infected file contained the phrases
"MachoMan - roy g biv"
and
"26/10/06"
2007
Sophos discovered an OpenOffice multi-platform macro worm capable of running on Windows, Linux and Mac computers.
The BadBunny worm dropped Ruby script viruses on Mac OS X systems, and displayed an indecent JPEG image of a man wearing a rabbit costume.
The first financial malware for Mac was discovered. The gang behind the attacks developed both Windows and Mac versions of their OSX/RSPlug-A Trojan horse.
The Trojan posed as a codec to help users view pornographic videos, but in fact changes DNS server entries to direct surfers unwittingly to other websites.
2008
Cybercriminals targeted Mac and PC users in equal measure, by planting poisoned adverts on TV-related websites. If accessed via an Apple Mac, surfers would be attacked by a piece of Macintosh scareware called MacSweeper.
Close relatives of MacSweeper followed shortly afterwards, including Imunizator – another example of scareware for the Apple Mac, which claimed to find privacy issues on the user’s precious computer.
In June, the OSX/Hovdy-A Trojan horse was discovered that could steal passwords from Mac OS X users, open the firewall to give access to hackers, and disable security settings.
Troj/RKOSX-A was discovered – a Mac OS X tool to assist hackers create backdoor Trojans, which can give them access and control over your Apple Mac computer.
In November, Sophos warned of the Jahlav Trojan. Like in other malware campaigns, cybercriminals created a bogus webpage claiming to contain a video. Visiting the site produces a message saying that you don’t have the correct codec installed to watch the video – whereupon the site offers you an EXE if you run Windows, and a DMG (Disk Image) file if you are using an Apple Mac.
Controversially, Apple issued a support advisory urging customers to run anti-virus software – but after media interest, rapidly deleted the page from their website.
2009
In January 2009, hackers began to distribute the OSX/iWorkS-A Trojan horse via BitTorrent inside pirated versions of Apple’s iWork ’09 software suite.
In the same month, a new variant of the Trojan was distributed in a pirated version of Adobe Photoshop CS4.
In March, Sophos reported on how hackers were planting versions of the RSPlug Trojan horse on websites, posing as an HDTV program called MacCinema.
In June, SophosLabs discovered a new version of the Tored email worm for Mac OS X, and hackers planted a version of the Jahlav Mac Trojan horse on a website posing as a portal for hardcore porn videos.
Shortly afterwards, the Twitter account of celebrity blogger Guy Kawasaki had a malicious link posted onto it, claiming to point to a sex video of Gossip Girl actress Leighton Meester. In reality, however, the link lead unsuspecting users to malware which could infect Mac users.
Meanwhile, Apple finally began to introduce some rudimentary anti-malware protection into Mac OS X.
Although it wasn’t really equivalent to a true anti-virus product (it only protected against a handful of Mac malware, doesn’t defend you if you try to copy an infected file from a USB stick for instance, and doesn’t offer clean-up facilities), it was still encouraging to see some attempt to offer more protection for Mac users.
2010
The OSX/Pinhead Trojan (also known as HellRTS) emerged.
The backdoor Trojan horse can allow hackers to gain remote control over your treasured iMac or MacBook.
Once again, the malware was distributed disguised as a legitimate application – in this case, iPhoto, the photo application which ships on modern Macs.
More recently, the Boonana cross-platform worm appeared, using a Java applet to target not just Windows computers for infection, but Mac OS X and Linux too.
Sophos detects various components of the attack as Troj/Boonana-A, Troj/KoobStrt-A, Troj/KoobInst-A, Troj/KoobCls-A, Troj/Agent-PDY, Troj/DwnLdr-IOX, and Troj/DwnLdr-IOY. In addition, Sophos’s web protection blocks access to the malicious webpages.
Also in 2010, Sophos issued a free home user version of its anti-virus for Macs. We have been protecting business customers who have Macs for years, and now there was a chance for home Mac users to protect themselves against the threat too.
Early reports indicate that there are plenty of Mac users with malware on their computers – some of it is Windows malware, some Mac OS X, and some cross-platform.
There’s no doubt that the Windows malware problem is much larger than the Mac threat – but that doesn’t mean that the danger of malware infection on Mac OS X is non-existent.
Free Anti-Virus for Mac
Download Sophos Anti-Virus for Mac Home Edition
Of course, no one would doubt the sincerity of a security software company to raise dire warnings to Mac users about the ever-present, growing menace of Macintosh viruses. [Much like the TSA trying to convince the flying public that having your genitals groped is absolutely necessary to insure flight safety] Yeah, right!
Only a fool would believe that ANY computer system is invulnerable to some kind of attack. Fortunately for the Mac, most attacks have been trojans or a form of social networking attack. Few, if any, that have directly attacked and that have been able to replicate themselves within the Macintosh environment.
I believe Dennis Fisher said it best: "Virus attacks are not an indicator of the security of an operating system.
That probably sounds like clueless trolling to many of you reading this, but it's not, and it highlights an important distinction. Security is about technical measures, like the strength of the locks on your doors and windows. Safety is about the likelihood that you’ll actually suffer from some sort of attack. Microsoft has in fact implemented more advanced security measures in Windows than Apple has in Mac OS X, but that’s not surprising, because Windows is where nearly all the malware is.
But it rings untrue to most ears to claim that Apple is doing a bad job with regard to security. The evidence suggests that Mac OS X has been and remains secure enough to be safe, and safety is what real people actually care about."
Great comment! You just summed it up 🙂
Malware associated with Apple's original (pre-OS X) operating system is irrelevant to any discussion of modern Mac security, as it was an entirely different architecture, and was admittedly less robust than today's Unix-based OS X.
It is worth noting that even back in the '90s, the classic Mac OS suffered significantly fewer attacks than Windows. While Norton and Symantec antivirus programs were gumming up the Macs of others, mine was trouble-free using only the free Disinfectant extension, which I regularly kept current.
No system can ever be 100% secure, especially from trojans which don't exploit any flaw in the OS, but rather fool the user into installing them. Mac users would do well to keep apprised with the current state of malware, but I think it is premature to panic and start relying of third-party security utilities with ongoing maintenance costs and potential problems of their own. Security utilities can instill a false sense of safety as they can only protect against known (but not new) malware. Employing safe practices such as only installing software only from known and trusted sources is even better. Clicking on random links to porn and pirated software is just plain stupid.
For all the laboratory proof-of-concepts and FUD (like this article with an agenda), there has yet to be any significant malware outbreak on OS X. If and when that happens, I will consider my options.
As for Macs being unwitting carriers of Windows malware…. Screw Windows users. They made their choice. Let 'em get a clue and finally switch to the Mac. I'm not willing to gum up my computer on their behalf.
I ran Disinfectant too, but did you ever use GateKeeper? It was fantastic. I wish it was possible to write something like that today! But if it is, I suspect it would end up a lot like Vista's constant "Allow or Deny" dialogues.
You're right that the pre-Mac OS X malware isn't a threat to current Mac users. But this *is* supposed to be a history, so that's why I have listed them.
I don't think you're right in saying that anti-virus software can only protect you from known malware. For instance, in the last couple of weeks we've seen a number of different versions of the Boonana attack – all of which we've been able to protect against proactively without needing to update our products.
Of course, that's not to say that anti-virus can detect *all* future threats… 🙂
Yes, the article is a history, and there is nothing untrue about what you have written. However by (deliberately ?) omitting the fact that OS X is not an evolution of the more vulnerable classic Mac OS, you leave the uninformed reader to assume that the current Mac has a less robust foundation, when in fact OS X is completely different operating system with much better inherent security
The definition of FUD is Fear, Uncertainty, and Doubt. Sowing FUD is a potent marketing tactic in the security software business.
If Mac market-share keeps growing, malware attacks will undoubtedly increase. The day may eventually come when we feel compelled (as many Windows users do) to install third-party security software. It not here yet as far as I'm concerned, but I'm sure that day can't come too soon for you .
Check again. I did update the article (after your first post) to make clear that much of the early malware became obsolete with the introduction of Mac OS X.
OMG, you are so funny, I just love the comments here " Screw Windows users, They made their choice". LOL
I tried out Sophos on my Mac Pro a few days ago, just to see if I had been compromised in the last two years. It found nothing. So much for "lack of safety".
So did I: same NIL result. Still, it gave me reassurance, and I shall keep on trying, perhaps on a monthly basis…after all, "NO news is GOOD News" !
Wow ! That is like saying you wore a seatbelt for a day in your car and "Hey, look, no car accidents". *sigh*
I'll chip in to ask all readers to consider "security" as also including other risks besides those that Sophos highlights.
I don't know a huge number of Mac users, but of the few whom I DO know, none has been hit by a virus/trojan that did any damage, but ALL have had their work destroyed by other, more easily prevented problems.
Generally, the prevention is to Backup, Backup, Archive and BACKUP! It takes care of theft, "prankster" co-workers, operator errors, software glitches, hardware failures –AND– viruses, without slowing down your work every time you insert a USB stick, every time you download a file, every time you unzip a document that you sent yourself from your office PC.
Another few minutes well-spent: think long & hard about why you need java enabled in Safari. Whether some system utility is so worthwhile that it'll be worth having even when it keeps your machine from booting on OS X 10.9, long after you've forgotten you installed it (but migrated it forward). Why you should punch holes in the Mac firewall by turning on sharing features that you don't fully understand.
I'm NOT saying anti-virus is useless; I'm saying it's NOT the answer to "security," by itself. It's not even the most important part of a security mindset.
Every so often , there is a rash of articles such as this one, spreading FUD about Mac security.
I've used Macs since 1985. I've been a Mac systems manager for a photo lab, and for my wife's marketing company. In that time, I've seen exactly one virus infection, on a machine at my day job that an employee played games on in his spare time. That was 1991, and the OS was version 7.1, which was a piece of crap by modern standards. The game player was fired, the computer was cleaned up with a hard drive wipe, and we never had any more issues.
We have never run any anti-crap software on Macs. We always run anti-crap software on Windows. Our IT folks can't leave a "honey pot" computer on the 'Net without any anti-crap protection for longer than a few minutes without it being attacked by something. At least, then, they can see what the "bait" caught, and be sure we're protected from it on our behind-the-firewall PCs.
I'm like the other guys here. I can't see a point to anti-anything software on the Mac, yet. But I can see a point to educating users, teaching them to NOT click on anything that wants to download and install software.
At home, for instance, the in-Mac firewall is on, and the in-router firewall is on, and NAT is active. The wireless network is protected with WPA2. I lock down all unnecessary ports, and turn off all but print sharing.
I keep my kids out of trouble with Parental Access Controls. The 12-year-old twins are prevented from installing anything without my reviewing it and entering an Admin password. They're also blocked from porn sites and other problem sites, by policy and by name, as need be. We run Windows 7 under Parallels Desktop 6, and it is fully protected by anti-virus, anti-adware, anti-spyware software, in addition to hiding behind two firewalls.
Finally, we update everything on schedule… Mac OS X, all Mac software, all Microsoft Office software, all Adobe Creative Suite software, all Reader, Flash, Java, Windows, and other software. We don't install software we haven't vetted thoroughly.
Are we impenetrable? Hell, no. Are we paranoid enough to install anti-this-n-that? Hell, no! We have a reasonable level of risk and tolerance. And we have backups…
Nothing is impenetrable. That is why you *need* to keep very current backups on removable, offline media. If you do all of the above, the probability of your Mac being attacked "in the wild" is so low as to be negligible. You have to be stupid or asleep to allow your Mac to become compromised. But you have to plan for the eventual mistake, and the possibility of an attack.
Maybe, if you are into porn, every social website known to exist, downloading lots of bit torrent stolen apps, and other illegal, immoral, and unethical computing behavior, you should run an anti-crap app. But then again, maybe you shouldn't engage in risky behavior!
I agree with your views. Although I run Intego VirusBarrier X6 on Snow Leopard and MS Security Essentials on Win 7 Pro inside Parallels 6, I think common sense and judicious firewall settings are sufficient.
I always get pissed off when I go into the Apple Store and ask if you can get viruses on the Mac. They say no and surely this is selling a lie. Consumer rights should be all over this because they are falsely claiming shit.
There is no OSX virus in the wild. They are right.
There aren't that many viruses for Windows in the wild either.
Most of the bad stuff we see for Windows are Trojans. Same story with Macs.
Not really sure why Mac users get so hung up about the terminology. Just throw it all in one bucket and call it "bad stuff" if it makes things simpler.
Correct terminology is always important.
Especially when it comes to firms such as Sophos abusing it, when trying to flog their wholly unnecessary Mac ANTI-VIRUS.
LEAP-A is a trojan, not a virus as described in the above article.
When something comes along that I don't have to deliberately download, then deliberately install by entering my Admin password, then let me know.
It's all just a bit more Sophos FUD-spreading.
If they can't get something so extremely basic correct, how can I have faith that their product might be anything more than a mere scareware scam.
A Trojan horse is a seemingly legitimate computer program that has been intentionally designed to disrupt and damage computer activity. Importantly, Trojan horses do not replicate or have any mechanism of spreading themselves. They have to be deliberately planted on a website, or accidentally shared with another user, or spammed out to email addresses. There is nothing inside a Trojan's code to distribute themselves further to other victims.
Trojan horses do not contain any code to distribute or spread themselves, viruses and worms do.
OSX/Leap-A is programmed to use the iChat instant messaging system to spread itself to other users. As such, it is comparable to an email or instant messaging worm on the Windows platform. Worms are a sub category of the group of malware known as viruses.
Therefore, it is correct to call OSX/Leap-A a virus or a worm. It is not correct to call OSX/Leap-A a Trojan horse.
Great article, though I'm a little troubled by the fact that you neglected the Autostart worm from around 1998-99. This one was a real pain in the printing industry for a couple of months, transferring via removable media (the Iomega JAZ in particular), and corrupting files.
Here's a link:
http://www.macintouch.com/hkvirus.html
Thanks for the reminder about AutoStart. How remiss of me! David Harley also mentioned my omission in a blog post. Now updated!
You failed to mention the Autostart worm (from os 8 or 9 era computing) which was probably the most damaging of anything to hit an apple platform.
There is a lovely little donation-ware program known as ClamXav that I have used on my OS-X based systems for years. Combined with MacKeeper, a superb management utility that includes an antiviral component, I have NEVER been afflicted by a virus, trojan horse, or malware. I appreciate that Sophos offers a fine service, but to this point, I have never seen the need for it and do not see the need for it now. If I ever do, I will be among the first to sign up.
Hey! Happy Thanksgiving all! I'd like to thank SOPHOS & Graham for making this software & information available for free. I try to follow the suggestions listed in the posts above, I'm even a bit of a scrooge to my fellow computer users, often giving them the only heads-up they ever hear about something I've read regarding potential threats or malware. I've had a couple of incidents in my 20 years of MAC only experience – one funny one with the WAZOO! infection – via a corrupted floppy disc (co-worker sharing my box) & a scary incident involving having a hard drive wiped clean while online surfing (re-direct to a chinese website) so I guess all things being equal I'm lucky. I do know that the threat exists & I've used all the freeware mentioned above at one time or another & I see this offering from SOPHOS as another tool from a respected source to be used accordingly.
Thanks again for the help.
I DO appreciate it.
lee
Ahh.. yes, Wazzu!
Wazzu was a simple Word macro virus, capable of infecting DOC files – just as happily on Macs as Windows. Wazzu would mess around with your documents, shifting words around and inserting the word "wazzu" randomly.
No financially-impacting payload… it's weird looking back and realising just what innocent times we lived in back then.
(and Happy Thanksgiving to all our American readers!)
Awesome post. Better than the article itself, although I must say to the main author, thanks for not being a typical basher like the rest of these articles popping up all over. I suspect you are a mac user yourself.
I have been manager of many mac departments since the 90s. Convinced every single one to delete annoying auto-run anti virus software, and like others, only had the one worm from the 90's that used to come in from client's zip disks. (Pre-OSX)
I come from a world where about 90% of the people I know are mac users. Between my friends and I, we manage maybe 100 macs, and none of us yet have ever seen a virus on OSX. Doesn't mean we should not be careful. One day the viruses will come. That will be the first day to actually run anti-virus software.
i agree totally, especially the last part, if you do dumb s#@t you probably deserve the stuff you get back, still a free virus protection, that dust take much system resources is probe a good idea.
Leap-A is a trojan.
It requires user interaction to spread itself.
It is an application despite being disguised as a jpg.
It is also a "proof-of-concept" product rather than something released into the wild.
It is disingenuous for Sophos to call Leap-A a virus.
The rest of the malware listed by Sophos are either "proof-of-concept" or trojans.
There are still no Mac OS X viruses in the wild.
I agree with you that it's not "in the wild". But here's what I wrote back in February 2006 when people first argued about whether OSX/Leap was a virus or not:
Some members of the Apple Macintosh community have claimed that OSX/Leap-A is a Trojan horse, and not a virus or worm, because it requires user interaction (the user has to receive a file via iChat, and manually choose to open and run the file contained inside).
However, this is not the definition of a Trojan horse.
A Trojan horse is a seemingly legitimate computer program that has been intentionally designed to disrupt and damage computer activity. Importantly, Trojan horses do not replicate or have any mechanism of spreading themselves. They have to be deliberately planted on a website, or accidentally shared with another user, or spammed out to email addresses. There is nothing inside a Trojan's code to distribute themselves further to other victims.
Trojan horses do not contain any code to distribute or spread themselves, viruses and worms do.
OSX/Leap-A is programmed to use the iChat instant messaging system to spread itself to other users. As such, it is comparable to an email or instant messaging worm on the Windows platform. Worms are a sub category of the group of malware known as viruses.
Therefore, it is correct to call OSX/Leap-A a virus or a worm. It is not correct to call OSX/Leap-A a Trojan horse.
I'm surprised this article didn't mention the freeware Disinfectant that ran on pro-OS X Macs and was maintained for a very long time. It was generously made available by John Norstad and his employer Northwestern University. I must admit though I never got a Mac virus though in the 15 years I've been using Macs.
In many ways I like to imagine that the free Sophos Anti-Virus for Mac home users is the natural successor to the likes of Disinfectant from the early days.
There have been other anti-virus products for Mac along the way of course – including Virex, ClamXav, Symantec AntiVirus for Mac (which I think now might have been rebranded as Norton), ProtectMac, Intego and others… but hey, this was supposed to be a brief history of Mac malware, not a slightly longer history of Mac anti-malware. 🙂
Apple has claimed that only PCs have viruses. Remember the Mac vs. PC ads that claim only PCs have viruses and require reboots?
What’s sad is that Apple will soon suffer from the same levels of malware as PCs do. As Apple grow in popularity, more and more of their products will be targeted. It’s a question of bang for the buck. If Apple wishes to be popular, they will have to accept that they are going to be targets of malware.
The spiffy advertising campaign has also attracted the same kind of customers that PCs (Microsoft Windows) have suffered from also: the less educated and more likely to click on that website pop-up informing the user that their PC/Mac require a through scan & disinfection.
This year in our shop we are seeing more infected OSX systems from residential clients than last year. We are seeing trojans, DNS hijacking, unwanted Safari search bars. Sometimes the payload also includes Windows EXEs and DLLs which are harmless in OSX. Glad Sophos is making their product available free to home Mac users now. Of course the infection rate is only a tiny fraction of the Windows rate, but since the product is reliable, free, and does not slow down the system, it is a no-brainer to recommend to our residential clients.
Remember this video?
BLah blah blah … dont click on what you dont know . If you arent expecting an email and one comes with an attachment (esp from a pc user ) trash it.
If you have any doubts from a known correspondent . Send a new (clean) email to them asking did they send an attachment
If you stick your cursor where it dont belong you deserve to be infected.
Mac user for years with 9 in the office and 4 at home and no issues
Very useful post, thanks!
I do believe that this article is a history of malware affecting the Mac platform. I do not see neither FUD nor an attack on the security features or design on the Mac. I fail to see why people are writing such a passionate defenses to an attack that is just not there.
There is AV software for Unix and AV software for the Mac. It is probably not such a bad idea to have one installed. Just as a bank has multiple layers of security to protect their vault, not because the locks on their vault are defective.
Subsequently, as more and more people use the Mac OS X platform, it is only a matter of time before organized crime decide that is might be profitable to put more focus on designing Mac specific malware. Having some sort of defense in place, before a problem, seems prudent.
Airport security is, in my opinion, increasingly invasive, ineffective, reactionary and foolish. On the other hand, installing an AV product is relatively transparent, after the installation, and mostly effective against known threats.
Last but not least, people need to get off their high horses. Not everybody who is infected by Malware brought it on themselves by visiting naughty sites or installing Malware on their own computer. There are forms of Malware that require almost no user intervention. I leave it as an exercise to the reader to think of ways that malware can infect a full patched, fully updated computer, with an up to date security suite, although exclusively used to visit web sites of good reputation or even just one online banking site. One possible vector is to think about is a day 0 attack at the OS level by a worm.
Well, all I can say is that I've used macs since 1985. I've waited (with baited breath) to experience my first virus -but have yet to see one.
And I have YET to install any anti-virus software.
Now, either I've been extraordinarily luck (which I doubt) -or an awful lot of 'web-writers' (not journalists -they'd know better) have been dabbling in FUD in order to get their click rate up.
Somehow, I suspect the latter.
I've had an iMac for 3 years and love it. However, a friend had some kind or virus/trojan, so I installed Sophos and 2 days later it picked up this fake anti-virus
"OSX/FakeAVZp-C' detected"
Whilst it may not have caused damage to my data, I believe that it may have made some personal information available, or redirected me (or my kids) to porn sites, etc.
The risk is much smaller than with Windows, but why not install something like Sophos that is free and unobtrusive? Personally, it puts my mind at rest.
I remember in the late 80s and early 90s, installing anti-virus software on Macs in order to keep them clean of virus problems. Most of the infections were caused by the engineers bringing software and utilities with them from japan. Infected diskettes were no fun. At that time, it was mostly malicious and pranksters. Now, its organized crime with mission statements and watching their bottom line.