Ann Arbor Area Business Monthly
Small Business and the Internet

Mac Viruses

April 2006

By Mike Gould

I try to keep articles about viruses down to one a year. And I also try to avoid talking about the Macintosh platform more than about once per article a year. Since there have lately been reports of Mac viruses in the wild after a hiatus of around fifteen years, this seems like a good time to kill two worms with one bird in the hand. Or however that's phrased. (You see, a virus is sorta like a worm, except…well…nevermind). Windows users need not nod off, as there will be comments relevant to them forthcoming as well.

When Bad Things Happened to Good Computers Back in the Good Old Days
As always, we start out with a bit of history. Back in the day (a Thursday, 1990 or so) I was working for the UM Hospital Psychiatric Department, supporting 300 or so Macs being used by doctors, nurses, administrators and just plain folks. Yup, Macs used to be the computer of choice at the hospitals in those days. And just two guys, myself and Jonathan Greenberg, could support all of the computer psychiatry by ourselves. I got a call from a psychiatrist who reports that his computer (a Mac SE, complete with one of those new-fangled hard drives) was talking to him, saying "Don't Panic". So naturally, he panicked and called me. [Insert usual joke about psychiatrists and hearing voices here].

Now I had just begun working at the hospital, after a stint at the repair shop of a computer store. This was at the height of the first Macintosh virus era (well before the days of the Internet). The Macs in our showroom were constantly being infected from dirty floppies (remember those?) being inserted by customers testing the computers. It fell to me to clean them up, so I had sent away for a "Virus Killer" floppy, loaded with several dozen anti-virus utilities and emblazoned with a picture of a middle ages demon. This was my magic bullet.

Don't Panic
I recognized the "Don't Panic" business as being a symptom of a virus called nVIR A. The virus would cause the computer to speak the phrase if MacInTalk was installed (as it was on most of the Macs at the time). This was also the time of the release of the first Hitchhikers Guide to the Galaxy book, which inspired the phraseology. I grabbed my magic bullet and my new boss (who I was eager to impress), and headed to Nine West of the new hospital building, where the infected unit lived.

Once at the infected computer, I inserted the floppy, fired up the anti-virus (A-V) software and cleaned him up. I also installed a resident A-V watchdog program and gave him a stern lecture about computer hygiene. My boss was so impressed she gave me a large raise soon thereafter (a true story). At that time, Macs were much more fun to write viruses for (instead of dopey old DOS) and it was the golden, or tin, depending on your perspective, age of Mac malware.

Fast-forward fifteen years: the hospital switched to the most virus-friendly operating system out there (Windows), Macs are a cognoscenti minority, and Mac viruses are a thing of the past. Until last month.

Enter the Dragon
In the middle of February 2006 a new evil appeared: OSX/Leap-A. Technically a worm, Leap-A spreads via the iChat Instant Messenger (IM) program, similar to AOL's AIM. To get it, someone would have had to have been infected and engaged in an IM session with you. You would have received a compressed file called "latestpics.gz" which would have purported to be a screen shot of the upcoming Mac OS 10.5. Once saved to your hard drive you would have a file that looked like a JPEG, icon and all. If you double-clicked on that, you would execute the virus code which would then do Bad Things, like sending itself to everyone you have subsequent IM contact with. The URL for Symantec at the end of this article leads to a page with more details, including instructions for disinfection.

Long story short, this is a pretty minor menace. To hurt yourself, you have to:
Engage in IM
Accept the delivery of something your correspondent didn't mention
Double-click on something suspicious
Bypass OS X's warning that you are opening an application (not a picture)

In other words, in order to shoot yourself in the foot, you have to use both hands to steady the gun and duct-tape your leg to the floor. I haven't heard of anyone in the area actually getting this.

But it is the shape of things to come; we're in for a bumpy ride in our previously-pristine computer environment. On the one hand, it's encouraging to Mac folk: we're finally so numerous that it is worth some evil bastard's time trying to screw things up. One the other, we've lost some high ground: we can no longer use the freedom-from-viruses issue to encourage Windows users to make the switch. Well, somewhat. There are now maybe 20 various poorly-designed and marginally-effective forms of malware out there for Macs, vs 73.2 bazillion deadly viruses affecting Windows. To say nothing of the other serious security flaws built into the system.

But the writing is on the wall and it spells out, "Buy some Macintosh anti-virus software". And more importantly, become clue-enabled (a technical term) as to proper computer behavior, especially in regards to the handling of attachments (which is the most prevalent means of spreading CTDs - Computer Transmitted Diseases).

Best Practices to Protect Yourself From CTDs
Never open an attachment from someone you don't know.
Never open an attachment from someone you do know if you weren't expecting it.
Keep your system updated, especially for security patches
(On Macs, go to Apple Menu/Software Update - On PCs, well, you've been doing this for years, so you know the drill)
On Macs with Safari, go to Safari preferences and turn off "Open 'Safe' files after downloading".
Don't open files that appear mysteriously on your desktop; if in doubt, do a Get Info and make sure the file is what it seems.
Don't assume a file from a friend is legit; spammers and scammers can spoof return addresses.
Consider removing administrator privileges from your day-to-day computing account. How this is done is beyond the scope of this article, but it prevents most viruses from doing their deeds.
Keep everything backed up on CDs or DVDs; a virus can't infect a write-protected medium.
Buy some AV software: Norton, Symantec and Sophos all provide this.

But beware; sometimes AV software itself can cause problems, but that is another tale. Stay clean; it's a petri dish out there.

Previous articles about viruses:
A Trojan at the Firewall
Code Red - SirCam on the Loose
Bugaboo
Things That Go Bump on the Internet:
      Viruses, Worms, and Trojan Horses

Anti-Virus software vendors
www.sophos.com/
www.symantec.com/avcenter/venc/data/osx.leap.a.html
us.mcafee.com/

Mike Gould, is a part-time mouse wrangler for the U of M, runs the MondoDyne Web Works/Macintosh Consulting/Digital Photography mega-mall, is a member of Factotem.com, and welcomes comments addressed to mgould@mondodyne.com.

MonodoDyne <M> The Sound of One Hand Clicking...
734 904 0659
Entire Site © 2016, Mike Gould - All Rights Reserved