Do I Need Malware Protection?

I occasionally get customers who say their systems are running very slowly. They may be brand new or a couple of years old, and the actual cause varies. Maybe they upgraded to the latest version of an application and now need more RAM. Maybe their hard disk is running low on space, or perhaps it’s failing. Quite often, it’s because they installed a bunch of applications that are auto-launching at login.

Every so often though, I will get someone who has done a little research on the web and has convinced him or herself that they have some sort of virus or spyware and want to know how to get rid of it. Just for the record, it is highly unlikely that a virus is the cause. In order to understand why, there are a few key points to know regarding the differences between Windows and OS X.

Mac OS X was designed from the ground up to be secure, not only against one person trying to access another person’s account, but from an automated outside threat like an application attempting to gain control of the computer. Originally based on BSD UNIX (Berkley Software Distribution,) OS X has evolved and grown to the point where it is now its own distribution called Darwin. For as much as it differs in looks, it still shares the same security model as other distributions such as Ubuntu or Red Hat Linux.

A long time ago, one of my co-workers gave a quick introduction to UNIX, and said to think of the UNIX security model as a hard-boiled egg. On the outside you have the shell, then there’s the white stuff, and finally the yolk. The shell of the egg would be the user shell, be it the bash command line or a graphical point-and-click interface like KDE or the Mac desktop. The white of the egg is the connection between the shell and the yolk—drivers, extensions, applications, etc. Then there’s the yolk, or the kernel of the OS, and you cannot get to the yolk/kernel without going through the white protective layer. Nothing touches the kernel unless the kernel specifically allows it.

For all the improvements Microsoft made over the years, Windows is still not as secure as anything UNIX-based. In allowing web pages and applications direct contact with the OS through various methods, they have created a giant security hole through which all manner of malware freely passes through on its way to the operating system’s core. Their first attempt at truly hardening the OS appeared in the form of Vista, however they went so far in the other direction (forcing the user to approve almost every action taken) that people got so used to clicking the “Stop bugging me and just do it!” button that they don’t even bother to read why the OS is asking permission. As a result, anything trying to install itself would be given permission without a second thought of whether Windows should even be asking to install anything in the first place.

How does malware infect a computer? To understand that, a few definitions are in order. Malware is an encompassing term which includes viruses, spyware, and adware, and is used to describe any program that serves no purpose other than to make your life miserable. A virus in computer terminology is an application designed to replicate itself and spread to other computers, typically causing data loss of some form. Spyware collects information about you and sends it to some outside entity without your knowledge or approval. One form of spyware, known as a keylogger, will record what you type in order to steal logins and passwords. Adware is an application that puts pop-up advertisements on your screen, trying to get you to buy things you don’t need or visit sites you were better off not knowing about. In most cases, adware is a harmless annoyance, but it can slow your system down.

Now that THAT’S out of the way… here’s a typical scenario. About a year ago I set up a computer for a friend. She asked me if she could use it to download movies, to which I replied you could, but I did not recommend it. The next day she called me up saying that her system was now unusable because some site she visited said her computer was infected with spyware and offered to clean it. Turns out she went to a site that installed a well-known malware application called Windows AntiSpyware XP, which is nothing of the kind. It installs itself and then monitors your surfing habits, sending information about everything you do to marketing websites so they know how to spam your inbox. A side effect of spyware is that it slows your system to a crawl, and in many cases your system will simply crash or not boot at all.

So how did this application install itself? Most of the web pages you visit are not just using HTML code, they are using a scripting language of some form (Javascript, Flash, Shockwave, etc.) This scripting allows advanced features such as animation, custom layouts, and other neat things. This script is running on your local system to bring you content, and if a small web applet is needed it is downloaded and executed in the background. Somewhere along the way, someone figured out that this scripting could be used to install harmful applications on your computer without you knowing about it and with that, spyware was born.

Almost without exception, those harmful applets that attempt to infect a Windows system via Internet Explorer do not run on a Mac. All applets are inspected carefully to make sure they are not trying to attach something to the operating system itself. Windows will happily allow an applet to attach itself to Explorer and put itself in startup, all without any indication to you that anything happened. OS X, however, would see an applet attempting to install itself and immediately pop up an authentication window. Any time you visit a web page and see an OS X message saying administrator access is needed, there’s a problem—you should cancel the request and leave that page.

A lot of people claim that the main reason Mac users don’t have problems with malware is because Macs are still a small market share, and hackers are going to hit the majority of users (those using Windows.) This may be true, but that doesn’t mean you’re completely safe. The larger threat is in the form of a Trojan, which is a program that claims to do one thing but in reality does another. Most of these are related to porn sites, which will tell you that you need a particular file to view their content. This lie convinces the user to install it, then the fun begins (sadly, not the kind the user expected). There have also been reports of trojans bundled in with pirated software, so bear that in mind before downloading iWork ’09 from a torrent site. As social networking like Facebook gains in popularity, so do attempts at infecting the unsuspecting user with all manner of garbage (such as the one mentioned here) so be careful what you click.

So, does this mean you will NEVER need some form of malware protection? Absolutely not. As Mac market share increases, hackers may turn their attention to our little corner of the world. The major players in the anti-virus market tell you that you must buy their products because they want your money, but they are not completely incorrect. At the time of this writing, the number of true Mac viruses could be counted on one hand, and most of those were pre-OS X. The strongest protection against malware is common sense. Practice safe surfing, stay away from the questionable sites, buy legal software, and you’ll be just fine.

Similar Posts

  • Magnify On The Fly

    One of the things that makes the Mac OS intuitive is Apple’s use of universal symbols. Apple also extends these symbols to most of their software titles, creating a cohesive environment. The most common examples are Apple’s use of ‘+’ and ‘-‘ symbols for adding and deleting, magnifying glass icon for searching and the gear icon for changes or additional options.

    While the use of these universal symbols adds to the usability of the OS, they are sometimes overlooked. The symbol that I find is most commonly overlooked is the magnification slider found in Finder and in iPhoto. Just yesterday a customer emailed support with a screenshot of iPhoto. It appeared that he was looking at single large image, and he was writing because he couldn’t get himself into “thumbnail view” despite having clicked on ‘Photos’.

    I immediately looked at the lower right of the screenshot and saw that his magnification slider was slid all the way to the right, which is the highest magnification. He __was__ in thumbnail view; his thumbnails had just been blown up to the full window size. By dragging the slider back towards the left, he was able to view the pictures in a more traditional thumbnail size.

    This slider can come in pretty handy, though! Not only is it nice to temporarily blow thumbnails up to a more viewable size, or scale them down to a mini-size if you have a ton of photos and want to scroll through them quickly, but it can also easily be used in Finder when viewing a Finder window in icon view.

    Try it out! Open a new Finder window by clicking on the smiling blue Mac face in your dock (or, if you love menus, you can go to the Finder and to *File > New Finder Window*). Now navigate to a folder with many documents or pictures in it; it’s much more fun with pictures! Get yourself into icon view by selecting the icon that looks like four squares on the top left of the Finder window. You should now see the slider on the bottom right and you can play around by dragging the slider to the left and right and watch your icons grow and shrink.

    Being able to resize photos and documents on the fly makes it even easier to find the item you want quickly. If you’re rocking Leopard or Snow Leopard, check out the Quick Look feature (select a document or picture in Finder and press the space bar) which helps fine-tune the process even further. Play around with it and have fun!

  • Happy Tuesday,

    As we close in on Christmas and the end of the year, Small Dog staffers are at full tilt picking and packing orders in our Waitsfield facility and helping record-breaking numbers of customers in all three of our “retail stores.”:http://www.smalldog.com/retail iPad is by far the most popular item with our customers and is closely followed by MacBook Airs and iPod touches. There are several items on our price list that you may not know about: if you donate to one of our “pet charities”:http://www.smalldog.com/charity through our website or in one of our stores, we will match your contribution up to $200. It’s part of our multiple bottom lines way of doing business. You can read more about that “here.”:http://www.smalldog.com/about

    I wish all you a happy holiday, however and whenever you celebrate it.

    As always, thanks for reading, and keep in touch.

    Matt
    “matt@smalldog.com”:mailto:matt@smalldog.com

  • Tip of the Week: The Joy of Discovery

    One of the joys of using OS X is discovering useful little features on a regular basis. I frequently hear this from new Mac users, but it’s just as true for me–and I’ve used a Mac daily for more years than I care to relate. These “new” discoveries are often old news to other Mac users.

    For example, in the Apple Mail program, I always thought that the little curling arrow next to an email you’ve replied to was simply a visual cue saying “hey, you replied to this email.” However, it’s actually a button. When you click the little curling arrow–the original email that you replied to–your response opens. This makes digging through an email chain a bit less cumbersome.

    This is something that everyone else at Small Dog seemed to know about, but again it was new to me. It makes me wonder what else I’m missing and have yet to discover. And for me, that’s part of what keeps the Mac fun to use!