Pages

Fixing a Windows virus makes me appreciate my Mac

A good friend of mine called me on my cell this morning.

"Yo! Hey brother, I have a problem with my laptop. Can you help me out?"

Walt's a really bright guy but isn't into computers at all. Computers are just another tool for Walter, giving him access to e-mail and the web while he is out on job sites. He works from his truck so it has become his mobile office, with a little Sprint broadband device allowing him to get electronic access from nearly everywhere.

The company he works for is small and since he works hundreds of miles from the headquarters it's up to him to maintain his own computer. He was not a happy camper because Windows was telling him that he had some virus infections and that he needed to clear them out. At this point his machine had become unusable and he wasn't sure what to do next.

Since he was in the area I asked him to swing by so I could take a look at it. The machine itself was a newer Dell laptop running Windows XP. Sure enough, there were a bunch of dialogs popped up complaining of virus infections. But something seemed really wrong.

Though the dialogs looked like they came out of the Microsoft Security Center they looked... I don't know... odd. I had never seen those particular dialogs before and had never had Windows prompt me to click a button to scan for viruses.

Apparently the latest trend in Windows viruses and spyware is to create windows that tell you that you are infected and to follow their steps to remove the crap from the machine. They masquerade as very official looking Windows dialogs. The giveaway for me was that I haven't seen Microsoft use an Always on Top window for a warning before. They may make it system modal but never something that simply covers other windows.

When I asked Walt what he used the machine for he said e-mail through Outlook and looking up manufacturers web sites for information. That was it. Nothing else I asked? "Not even porn" was the smiling response. Obviously in one of his web searches he clicked on a link that he thought contained a legitimate site for his job but was wrong. Who knows, maybe he just clicked the wrong link in a search result.

I went to the PC Tools web site, downloaded and installed PC Tools Spyware Doctor with Anti-Virus. Sure enough his machine was infected with something that was generating all of these little error dialogs. After a couple of successive scans and repair cycles we were able to get the machine clean and I made sure the system was set up to keep the machine relatively safe, at least for the year that the subscription lasts.

While this was going on I mentioned that I had switched to Mac and that problems like this were not something I even worried about anymore. Walt looked at me with the "that's nice" stare. This was a company supplied machine and he sure as hell wasn't going to be getting them to buy him a Mac. He just needed this machine to be able to work so he could get his day back on track.

Walt of course really appreciated the help. It only took me about 45 minutes to get everything resolved for him before he was able to pull out of the driveway and head off to the next job site. While his truck drove down the street and I walked back inside I thought to myself, I'm so glad I'm not dealing with THAT any longer.

What, me worry?
Sure, there are viruses trojans that have been created for Macs though they are few and far between. Macs can be hacked and compromised and pretending they cannot be is just plain unhealthy. The reason Macs have been left relatively unscathed while Windows machines are easy pickings is because there are literally tens of millions of unpatched and unmanaged Windows machines just sitting on a live internet connection.

It is really hard to run a Windows XP based system without commercial virus protection. I don't run any on my Macs because I'm very cautious about what I download and install. I do believe that the Mac will continue to grow in popularity and with that growth a bigger target will be placed on them. Until that happens though I'm going to continue to enjoy not going through what my buddy Walt just went through.

17 comments:

Jeff said...

Sure, there are viruses that have been created for Macs though they are few and far between.

There have been no viruses for OS X. The link you provided referred to a Trojan horse, not a virus. There is a difference.

Pascal said...

David, It's a small point - and one that most users don't care about, perhaps, but there really are no viruses for the Mac. That isn't to say that there isn't any badware of any kind on the Mac - just that, so far, Mac OS X is immune to the daddy of all nastys (and long may it continue to be so).

A virus, for those who don't know, is self-propagating and invisible to the user. That means that the virus installs itself, copies itself, and does its badness without requiring permission or intervention by the user. The user only realises they have an infection when a) it's too late and b) the virus has passed itself on to all the users buddies. Viruses can be protected against by the writer of the OS - OS level security, provided it's sufficiently advanced, will (theoretically) protect against all viruses. Please note, I'm not saying that OS X is sufficiently advanced - but it's holding up well so far.

The badware you linked to was a Trojan Horse. A Trojan Horse requires the user to give permission to do bad things. Sure, it'll probably dress itself up as a helpful app or an intriguing new way to view naked girls, but it still requires the user to do something. You can download as many Trojans as you like, but if you don't given 'em your password or (better yet) don't double click them then they won't harm you. I can't imagine how to protect against Trojans since they rely on human fallibility to work. Hmm. You could shoot the user, I suppose.

Adware and Spyware are specialised instances of the above - although usually Trojan rather than viral in nature.

The bottom line is, be sensible. Regardless of whether you use a PC or not, don't run programs of unknown provenance. If it's on a well known site (like Apple or MacUpdate), you should be fine. If it's on a porn or warez site, I recommend you take a rain check. And if any app asks you for your password but you're not sure why it did, stop and find out before going further.

For the record, Vista might be a sack of rubbish - but it seems to be pretty good at being virus free too. Credit where it's due.

I realise that I'm only telling you what you already know (I apologise for this), but I think that it's important that we use the correct terms and try very hard not to panic.

aka said...

Pascal, what you describe in your second paragraph IMHO is a worm, not a virus. A virus needs user intervention, like running a contaminated executable.

David, I very strongly disagree with: It is really hard to run a Windows XP based system without commercial virus protection. I recommend free Antivir (www.free-av.com) to everyone that needs a virus scanner. I have the feeling scanners like Norton hurt your system more than they help, Antivir is the only scanner I trust so far (of course I haven't tried every scanner on the planet)

David Alison said...

@Jeff & Pascal: Thanks for the clarification guys. I updated the post to be a little more accurate.

Though I do know the differences between the different types, be they Spyware, Malware, Viruses, Trojans, Worms, etc. I have found myself lately lumping them under the category of Viruses which as you both pointed out is inaccurate.

David Alison said...

Aka: I've never tried Antivir - hadn't heard of it prior to your post. I like that they offer a free version but it's limited to home use. People like my buddy Walt would have to get the commercial version (technically).

jtaylor said...

With the popularity of Macs increasing, it will only be a matter of time before a real threat is developed. I don't want to be caught off guard when that happens. I use ClamXAV Sentry on my Macs. It's free and it provides that extra level of protection. I'm just saying... :-)

aka said...

Ah, yes David, I forgot about him using it commercially. The commercial version is priced pretty fair with 20 Euros (about 30$) for a single license.

I often hear with Windows, you have to buy a virus scanner as well. However, for non-commercial use, there seem to be free scanners (antivir, avg, avast) that perform exactly as well or better as the 50$/year packages from McAffee or Norton. You should give it a try the next time you come across a problem like this.

Anonymous said...

@ jtaylor, who said: "I use ClamXAV Sentry"...

Just what security does that provide? Doesn't an anti-virus program need something to look for?

-brotherStefan

Pascal said...

Aka. Not true. Neither viruses nor worms require user intervention - although I can understand how the confusion might arise. Too many terms!

Both viruses and worms will spread without user intervention (see my previous post for an explanation of what that intervention might be), and both may (not always) do bad things to your computer. The difference is that, like a lamprey, a virus requires a host program to execute its code. So the virus might 'infect' Word or the boot sector of a disk and do badness when that code is executed.

Like a shark, a worm is self-contained and will happily bite your leg off without the help of another program. I hope that this helps.

ajp said...

For home users, I use antivir for XP and avast for Vista.

If It is a dial up connection, I use antivir because it has a smaller foot print and updates easily. Antivirus that is not up to date is less than worthless.

So far for spyware, the best I have found is superantispyware. It is the only one I have found that fixes vundoo. Best to run these in safe mode.


I use clamav on my Mac and Linux systems.

Avast has a version for Mac at http://www.avast.com/eng/avast-antivirus-mac-edition.html But I haven't tired it.

John

devburke said...

While there is somethign to the "security through obscurity" argument, I don't think that's all there is to it. A lot of people hate Mac fanboys and would just love to (in their mind) "wipe that smug look off their faces". I think there are plenty of people who would love to write a good Mac virus, but OS X is just a fundamentally more secure system than Windows. We might have to start staying more on guard as Macs get more popular, but we're still inherently safer than Windows.

jtaylor said...

@anonymous - actually the ClamXAV Sentry scans for more than just viruses. In my case it has already caught some phishing emails that bypassed my ISP's defenses - Phishing.Heuristics.Email.SSL-Spoof showed up a few times. Since it's also connected into Growl - I got the notification pretty quick.

So for me - it's worth it. Besides, once it is setup - it's fire and forget.

VesperDEM said...

I was going to warn you about posting a comment like "Apple is relatively safe considering that there are millions of Windows systems on the internet that are unprotected vrs. Macintosh systems."

I subscribe to this reasoning myself, but every time I mention this, I get an earful from folks that claim the reason Macs are more secure is the OS and not the "Security thru Obscurity" argument.

I see that I wasn't quick enough to warn you of this since there already is a comment about just that. Fortunately, this comment isn't as rude as some I have seen.

I will state my reasoning here to for the "Security thru Obscurity" argument. It's simply this:

Viruses and Trojans are written these days, not for hacker recognition, but for the single purpose of making money. A hacker that can supply a very large bank of zombie computers to spammers can make a ton of money from spammers.

Spammers need zombie machines to allow them to send the millions of emails they send out without being spotted by anyone. If they send out 1 millions emails from a single email server, they would be spotted in seconds. If they send 2-3 emails from millions of zombie computers, they don't get spotted at all.

Spamming is really big business. Millions of dollars if not billions per year. All that money goes to the few spammers that are out there taking the chances of being found. Those spammers will gladly pay a percentage of their income to gain access to millions of machines so that they can do their spamming safely.

As an example of how far along hackers have come to gain control of the millions of Windows systems that are potentially available to them; there is a virus out there that has an anti-virus program built into the virus. It's purpose is to wipe out all the other viruses on the target machine so that the only virus on the system is the one with the AV program built-in.

It's clear that viruses are big business these days. There are still "script kiddies" out there that take simple viruses, make small changes to them to "make them their own" and then deploy them, but those viruses are few and far between.

So, with Macs becoming more and more popular, it's possible that the Mac could start becoming a target for hackers to attempt to make zombie systems out of them. However, the OS may make that very difficult. We see through the ones that have been attempted so far, that they are pretty difficult to do without the aid of the Mac's owners helping them out. Some of the holes that have been found recently seem to be getting closer and closer to not needing human help to get started.

With Microsoft helping out Apple by doing such a bad job with Vista, Macs seem to be getting more and more popular. It may not be too much longer before Macs become less safe.

albert said...

if you're ever concerned about what kind of information is being sent out from your Mac, you should give something like Little Snitch a look - it keeps an eye on what apps are trying to communicate with the big bad world (yes even those Adobe & MS apps!!)

Anonymous said...

Devburke, how do you come to that conclusion? Have you heard of the Mac Hack at CanSecWest? Or the Applescript exploit?

It is undeniable Macs are currently less under fire than Windows computers. But that can change, and any computer is vunerable. Especially with things moving to the web more and more, at some point it might not even matter anymore what OS you are using.

Anonymous said...

Bie Bie Billy LOL

Partners in Grime said...

Like I told my wife when we got married: "I don't do Windows."

She switched to a Mac. :)