Tech Q and A: Are Macs Vulnerable to Virus Attacks?

By

Published September 28, 2009

| FOXNews

Every other week, FOXNews.com tries to solve your most vexing technology problems. Send your questions to TechQuestions@foxnews.com and we'll reply to selected ones in our next installment.

Texas Sharpshooter

Q: A recent online discussion regarding Apple computers yielded a discussion on Malware. While the general populace has begun using "Virus" as a catch-all for types of malware, viruses are actually a type of malware. Other types include trojans and worms.

The point was made that Apple's OS X has had zero viruses in the wild. (It has had trojans and worms.) Readers were challenged to give an example of a virus, as defined as "self installing, self propagating malware."

I'm not saying Macs are immune to malware, and common sense tells us that trojans, worms, and spyware are just as bad as a virus. So can you find an example of one legitimately defined virus? Not a proof of concept, but an actual loose-in-the-wild virus for OS X?

A: Are you familiar with the concept of a "Texas sharpshooter?" The name comes from a story about a Texan who empties his revolver against the side of his barn, then paints a target around the best grouping of bullet holes.

The debate over Macs and viruses is essentially the same story, except the target is painted where there are no holes, and Mac fans subsequently claim that the barn is bulletproof. 666/SevenDust? Only infected Mac OS 9. iBotnet? It's not a virus, it's a Trojan. OSX.Leap.A? That one's a worm, not a virus. OSX.Macarena? It's a proof-of-concept virus, only 49 known infections worldwide. And so the debate goes on.

The discussion of whether or not there's a legitimate, in-the-wild, OS X virus (narrowly defined to exclude worms and Trojans) may be intellectually stimulating—and may actually make hardcore Mac enthusiasts feel better about themselves and their choice of systems—but the more important issue is the increasing frequency of attacks on the Mac platform, regardless of type. To your credit, you've acknowledged malware, in general, and even invoked common sense. A reasoned response, I think.

I fear that these debates may be an injustice to the average computer user, however, a person who may not grasp the subtle differences between a worm and a Trojan.

For example, take the guy habitually looking for love in all the wrong places—alone, late at night on the Internet, and so on. He buys a Mac, having been told they are impervious to attack, believing he doesn't have to worry about all of those nasty things while, err …watching nasty things (borrowing Graham Cluley's nifty turn of phrase). He gets a pop-up, informing him that he must download and install an ActiveX component to view more. Then he wonders how his supposedly virus-proof Mac became infected.

Apple is promoting this malware-proof image. In one of the company's recent ads, an innocent, sweet, young heroine pleads that she just wants a computer "without thousands of viruses and tons of headaches." The ad would be a melodrama if it didn't have such good production values, and Patrick Warburton playing the villain to Justin Long's hero. Except Long is far too hip and cool to proclaim, "I'll save you, Tess!"

As to your specific question, I'm not aware of any in-the-wild, OS X-specific virus as you're defining it. In actual fact, there isn't much in the way of malware (a portmanteau of "MALicious" and "software") in general for Macs. In all my time doing tech support (admittedly, mostly for Windows) I've come across exactly one case. The customer knew he was infected, because he could create a new document, send it to himself, retrieve it using the webmail interface of his e-mail provider, and the obligatory virus scan of the attachment informed him his document was infected with some variant of WM97.

A Microsoft Word macro virus. On a system running Leopard. Yes, I know. Not really a virus because it's not a Mac OS X virus. I'll let you decide if it meets your criteria.It's a little old, but take a look at Viruslist's Malware Evolution analysis anyway. It's a comparison between Mac threats for the first half of 2005 and the first half of 2006. "OS and Related" went from 24 to 38. In the Windows world, a 14-threat increase could happen in a single morning, in the Mac world, it took a year.

It does show that threats are on the rise, however. Kaspersky Lab recently published Malware Evolution 2008. The company wrote:

<blockquote>Increased competition between cybercriminals and the drive to infect as many computers as possible will lead to a migration of threats to platforms previously not commonly targeted. This will affect all non-Windows platforms, but the impact will first and foremost be felt by Mac OS and mobile platforms. Previously, malicious programs targeting these platforms were, by and large, proof of concept code. Now, however, their market share is large enough for them to be of interest to cybercriminals. There are also numerous unresolved security issues relating to these platforms and users are generally not prepared for attacks by malicious programs.</blockquote>

Sooner or later, the bad guys are going to start targeting the Mac. It's a matter of economics. When they become popular enough, they'll start getting hit. It's already been shown that a Mac virus is possible – that's why they call it proof-of-concept, no? Until then, Mac users, enjoy your (nearly) malware-free systems—but please, practice safe computing. And if you're the belt-and-suspenders type, invest in an anti-virus program.

Speaking of Nasty Viruses …

Q: I purchased a Western Digital 1TB external hard drive a few months ago and didn't have any problems with it whatsoever. I could turn on my computer and the external hard drive wouldn't stop Windows from loading.

Unfortunately my desktop caught a very nasty virus, which required a lot more technical know-how then I possessed. My desktop was reverted back to Windows XP, and my external hard drive was scanned and cleaned. After that, I reloaded Windows Vista and all my other wonderful programs. When I turned on my computer with my external drive plugged in, my PC stuck on the very opening screen; it would go no further unless I shut the computer off and started over without the external drive connected.

I've formatted my external, and even ran the recovery tool Western Digital says will fix the problem. However, I still have to unplug my external when I restart my computer and then plug it back in once Windows loads. How can I get my external drive to operate like it used to? Where I don't have to unplug and reconnect it while turning on and restarting my computer?

A: In order to reinstall your OS, the tech would have had to boot from something other than the hard disk partition containing your Vista installation. Most HP systems have a recovery partition with a fresh copy of Windows. I would have restored your OS from that hidden partition, but that's just me.

If he used an installation CD instead, he would have gone into the BIOS and changed the boot sequence. If he used a USB memory stick, he would have enabled the "Boot from USB device" option. Whatever he changed in the BIOS, it sounds to me like he forgot to change it back.

When your computer starts with the external drive plugged in, it attempts to boot from the external drive and somewhere in the process, it hangs. The solution is to go into your system's BIOS as you first power up. Do this by pressing F2 or Delete just after you turn on the power. Look for the "Boot from USB device" setting or something with a similar name and disable it. For good measure, also disable "USB Legacy Support"—but not if you're using a USB keyboard (or mouse), else you won't be able to get back into the BIOS. Check the boot sequence setting and make sure your internal hard drive is first in the sequence, and the CD/DVD drive is second. Depending on which BIOS your PC uses, there may be three items: 1st boot device, 2nd device and 3rd device.

Knowledge Base article 1201 on the Western Digital support site has some additional tips. And if you're not comfortable fiddling with BIOS settings, you might call the tech who restored your OS and ask him to finish the job.

Feedback: Windows vs. Linux and 32-bit vs. 64-bit

On the topic of thin client computing, Daniel writes:

You described a Microsoft version in your Q&A yesterday on thin clients, but there's a Linux variant that requires even fewer resources on the client, and no licenses. :) The Linux Terminal Server Project and the Edubuntu distribution of Ubuntu come with it as part of the OS.

Thanks for the information, Daniel!

With regard to 32-bit and 64-bit compatibility on Macs, Joel in Nebraska, writes:

Some 32-bit apps make direct hardware calls or need special drivers, leading to incompatibility. Old versions of Parallels, VMWare Fusion, eyeTV, etc. come to mind. These applications address hardware directly, by loading 32-bit drivers into the 64-bit system. 64-bit programs can be relaunched in 32-bit mode (most commonly seen in system preferences with third-party panes) to run 32-bit code successfully, but more advanced programs that require kernel extensions will not run unless the 64-bit kernel extensions are present. This is why older versions of those programs have to be disabled and moved to an Incompatible Apps folder. Installing Rosetta won't help in that case.

I appreciate the correction. It was my understanding that 32-bit applications wouldn't run, period. As you've detailed, many will but a few won't—even with Rosetta installed. The official list of incompatible applications can be found on Apple's website.

Feedback: Upgrading from Windows XP

On upgrades between various Windows versions, Tim writes:

You stated that you need a full version of XP to downgrade from Vista, an "upgrade" won't work. Actually, an upgrade looks for a previous version... if you have a Win98, Win2000, or Win NT disk, an upgrade works fine. I've done a bunch of them that way.

Couldn't agree with you more. However, I'm not sure exactly which column you were looking at. In my September 1st installment, a reader asked about replacing 32-bit XP with something else: 64-bit XP, Vista, or Windows 7. I suggested Vista. That way, when it comes time to get Windows 7, he can go with an upgrade. If he installs Windows 7 now (that is, from a free copy of the Windows 7 beta or Release Candidate), he will not be able to use the Windows 7 Upgrade, which checks for a paid version already installed. Win7 RC doesn't qualify.

You do need to save any files you want, then format the HD. I do this with a HD utility. Boot with it, delete the partition, and reboot with the new OS disk, formatting from that. Takes a while to format, as I don't like to quick format, and the updates take a while also, but it's a clean install, with no problems. Also, get the drivers first, before making the move. If the HD is a Seagate, I pick up a new WD HD, install on that, and use the Seagate as a slave drive, transferring the files back to "C." If you are going to go to Win7, swap drives and install on the Vista drive.

Out of curiosity, and discarding the rumors going around, will an OEM (full) version of Win7 install on a clean drive? The rumor mill seems to think that it will install only over Vista. Haven't heard anything concrete from MS about this.

It is my understanding that a full version of Win7, OEM or Retail, will install on an empty hard drive. The only restriction I'm aware of has to do with upgrade versions: The disks check for an installed, paid version of Windows Vista or better.

I'll let you know if it won't - once I get my paws on a full OEM version of Win7!

Follow Guy Briggs on Twitter: http://twitter.com/citizen_gee.

Got questions about computers and technology? Sent them to TechQuestions@foxnews.com and we'll answer selected ones in our next installment. We regret that we can't answer questions individually. Neither FoxNews.com nor its writers and editors assume any liability for the effectiveness of the solutions presented here.

URL

http://www.foxnews.com/tech/2009/09/28/tech-q-macs-vulnerable-virus-attacks