Understanding Malware threats to your Mac
As a Mac user, one of the things you get to congratulate yourself about is choosing a computing world that is free from viruses. It’s true. In “the wild” there aren’t any Mac Viruses. But there is Mac Malware. The thing about Malware is that it can’t install itself. It takes your participation to install it. The latest is a fake anti-virus website MACDefender. The crooks placed fake ads on websites inviting you to click and get a free virus scan of your Mac.
Like most modern malware, MACDefender isn’t designed to erase your hard disk or display a message saying “Hahaha you have been cracked by ]-[@©Km£i$ste®”, or whatever viruses used to do when we were little. It’s all about making money. Having shown you a professional-looking anti-virus scan “Control Center” that lists all the terrible (imaginary) malware on your Mac, it invites you to enter your credit card details for a fix. Presumably its work is done at that point, but of course there’s no way of knowing where your credit card details might end up.
Until about a year ago I didn't pay much attention to the string of Mac malware. Then I got a new MacBook Pro and installed it from scratch. Every application was installed from install disks. Nothing was copied into the System or Library folders from any backups. The only files copied to it were my data files. I wanted to know if I had any tracking cookies in my system. I installed a program called MacScan and ran it, finding not only dozen tracking cookies, but a Keystroke Logger — a program that records every keystroke and sends them to a server somewhere consolidating this information for some criminal organization. I was freaked out! How the hell did this get on my computer? I never run rogue applications. No one ever works on my computer but me.
MacScan removed the Keystroke Logger, and the tracking cookies. I started to run it weekly just to see if anything else showed up. No more nasties like the tracker, but there are additional tracking cookies occasionally. Tracking cookies are placed on your computer by online advertising companies. These companies track your movement on the Internet for statistical and relevancy reasons. No thanks. I didn't give you permission to track what I read, what I buy, etc. Delete! Delete! Delete!
There are two prevailing views on Mac Malware.
* One, that it's a real problem and you should protect yourself against it — "Apple Mac malware: A short history." from Sophos, an anti-virus company.
* Two, that it's an invented technology news story — "Wolf!" from John Grubber's Daring Fireball blog.
I think the truth takes both points of view into account. After these articles, I'll tell you how I've come to handle the issue.
Then two short pieces of brilliant business advice from the mind of Steve Jobs.
Apple Mac malware: A short history (1982-2010)
There's been a lot of discussion in the media recently about the threat that malware poses on the Mac OS X platform. It's clearly an emotive subject, with strongly held views on both sides.
To help some of the discussions, here's a brief overview of some of the malware we have seen infecting Apple computers. From the early 1980s, right up until the present day, here are some of the highlights in the history of Apple Mac malware.
Mac Virus Timeline
1987
The nVIR virus began to infect Macs, spread mainly by floppy disk. Source code was later made available, causing a rash of variants.
1990
The MDEF virus (aka Garfield) emerged, infecting application and system files on the Mac.
1995
Microsoft accidentally shipped the first ever Word macro virus, Concept, on CD ROM. It infected both Macs and PCs. Thousands of macro viruses followed, many affecting Microsoft Office for Mac.
1996-2010: The rest of the Mac Malware timeline is here.
Wolf!
Ed Bott, ZDNet, three days ago: “Coming Soon to a Mac Near You: Serious Malware”:
Now I am seeing evidence that the next target is OS X. That’s potentially very bad news for Mac owners who have abandoned their PCs in the belief that switching to a Mac somehow immunizes them from malware.
Security experts know, of course, that there’s nothing magical about Macs when it comes to security. They just haven’t been targeted because Windows has been such a big juicy target for so long.
But now that Macs have achieved a critical mass of success in the marketplace, they’ve attracted the attention of malware authors. According to a report from a Danish IT security company, an underground group has completed work on a fully operational kit specifically designed to build malware aimed at the Mac OS platform.
Tony Bradley, PCWorld, December 2010: “Apple No Longer Flying Under the Security Radar”:
The McAfee report explains, “McAfee Labs saw malware of increasing sophistication that targets Mac this year; we expect this trend to increase in 2011. The popularity of iPads and iPhones in business environments and the easy portability of malicious code between them could put many users and businesses at risk next year and beyond,” adding “We anticipate threats of data and identity exposure will become more pronounced.” […]
If McAfee is right, 2011 could be a bittersweet year for Apple and Apple fans.
Nick Farrell, The Inquirer, September 2009: “Hackers Target Macs”:
A bunch of Russian hackers are offering 43 cents for each Mac that their partners in crime can infect with bogus video software. The move has been cited by insecurity experts at Sophos as a sign that Mac users’ security by obscurity days are coming to an end. […]
This is because most Mac users believe that faith in Steve Jobs protects them from all malware. To them, malware is only for Windows users because OS X is perfect and totally secure. The fact that Mac OS X’s security is the stuff of jokes at security experts’ parties does not matter to the Apple faithful.
Bernhard Warner, The Sunday Times, July 2008: “Hackers Start to Target Apple Macs”:
The company [Sophos] reports today that two new Mac-ware Trojans that emerged in February and June ought to shake Mac users of their misconceptions that their computers (and, eventually, iPods and iPhones) are impenetrable. To put this in perspective, the first really pernicious piece of Mac malware emerged only in October, 2007, Mr. Cluley adds, suggesting that a worrisome trend is about to get worse.
See the rest of the medias dire warning list back to 2004 here.
My Malware Solution
Since my Keystroke Logger experience, I’ve been running MacScan weekly for months. I find a few tracking cookies each week. A few months ago I ran it on a clients iMac and discovered dozens of PC malware varients that it could identify but couldn’t remove.
I see two premiere products in this arena. MacScan and Intego VirusBarrer Plus.
MacScan removes the largest library of tracking cookies – about 10,000. It detects and removes Mac (not Windows) Spyware. Cost $30 here.
Intego VirusBarrier Plus removes the most common tracking cookies, plus Mac and Windows Spyware, plus looks for virus-type behavior. It costs $7.99 and is only available in the Mac App Store.
I use them both and have them set to run automatically every week. MacScan finds tracking cookies that VirusBarrier Plus doesn’t. VirusBarrier Plus finds the occasional Windows malware I receive via shared files. In most cases it can clean the file so that I don’t pass on the infection. So, for about $40 you’re protected from the current ways people are trying to steal your info via malware or tracking cookies. If I were to choose one over the other, I choose VirusBarrier Plus. The threat from Spyware, Microsoft Office viruses, and passing on Windows Malware is protecting against a larger and deeper threat than the larger tracking cookie library of MacScan. Tracking cookies aren’t doing any “harm”. I just don’t think a company should be able to put a tracking device on me without my permission or a court order. I don’t recognize any difference between slipping one in computer and slipping one in my pocket. I use both because there are some areas that don’t overlap.
Wyn Matthews provides in-home and in-office technology break-fix services for Ojai, Santa Barbara, and Ventura, California. He also specializes in Mac tutorials and is an expert in all things “gadgety.” Check him out HERE.
{ 0 comments… add one now }