Do I Need Malware Protection?

ByMike Moffit

I occasionally get customers who say their systems are running very slowly. They may be brand new or a couple of years old, and the actual cause varies. Maybe they upgraded to the latest version of an application and now need more RAM. Maybe their hard disk is running low on space, or perhaps it’s failing. Quite often, it’s because they installed a bunch of applications that are auto-launching at login.

Every so often though, I will get someone who has done a little research on the web and has convinced him or herself that they have some sort of virus or spyware and want to know how to get rid of it. Just for the record, it is highly unlikely that a virus is the cause. In order to understand why, there are a few key points to know regarding the differences between Windows and OS X.

Mac OS X was designed from the ground up to be secure, not only against one person trying to access another person’s account, but from an automated outside threat like an application attempting to gain control of the computer. Originally based on BSD UNIX (Berkley Software Distribution,) OS X has evolved and grown to the point where it is now its own distribution called Darwin. For as much as it differs in looks, it still shares the same security model as other distributions such as Ubuntu or Red Hat Linux.

A long time ago, one of my co-workers gave a quick introduction to UNIX, and said to think of the UNIX security model as a hard-boiled egg. On the outside you have the shell, then there’s the white stuff, and finally the yolk. The shell of the egg would be the user shell, be it the bash command line or a graphical point-and-click interface like KDE or the Mac desktop. The white of the egg is the connection between the shell and the yolk—drivers, extensions, applications, etc. Then there’s the yolk, or the kernel of the OS, and you cannot get to the yolk/kernel without going through the white protective layer. Nothing touches the kernel unless the kernel specifically allows it.

For all the improvements Microsoft made over the years, Windows is still not as secure as anything UNIX-based. In allowing web pages and applications direct contact with the OS through various methods, they have created a giant security hole through which all manner of malware freely passes through on its way to the operating system’s core. Their first attempt at truly hardening the OS appeared in the form of Vista, however they went so far in the other direction (forcing the user to approve almost every action taken) that people got so used to clicking the “Stop bugging me and just do it!” button that they don’t even bother to read why the OS is asking permission. As a result, anything trying to install itself would be given permission without a second thought of whether Windows should even be asking to install anything in the first place.

How does malware infect a computer? To understand that, a few definitions are in order. Malware is an encompassing term which includes viruses, spyware, and adware, and is used to describe any program that serves no purpose other than to make your life miserable. A virus in computer terminology is an application designed to replicate itself and spread to other computers, typically causing data loss of some form. Spyware collects information about you and sends it to some outside entity without your knowledge or approval. One form of spyware, known as a keylogger, will record what you type in order to steal logins and passwords. Adware is an application that puts pop-up advertisements on your screen, trying to get you to buy things you don’t need or visit sites you were better off not knowing about. In most cases, adware is a harmless annoyance, but it can slow your system down.

Now that THAT’S out of the way… here’s a typical scenario. About a year ago I set up a computer for a friend. She asked me if she could use it to download movies, to which I replied you could, but I did not recommend it. The next day she called me up saying that her system was now unusable because some site she visited said her computer was infected with spyware and offered to clean it. Turns out she went to a site that installed a well-known malware application called Windows AntiSpyware XP, which is nothing of the kind. It installs itself and then monitors your surfing habits, sending information about everything you do to marketing websites so they know how to spam your inbox. A side effect of spyware is that it slows your system to a crawl, and in many cases your system will simply crash or not boot at all.

So how did this application install itself? Most of the web pages you visit are not just using HTML code, they are using a scripting language of some form (Javascript, Flash, Shockwave, etc.) This scripting allows advanced features such as animation, custom layouts, and other neat things. This script is running on your local system to bring you content, and if a small web applet is needed it is downloaded and executed in the background. Somewhere along the way, someone figured out that this scripting could be used to install harmful applications on your computer without you knowing about it and with that, spyware was born.

Almost without exception, those harmful applets that attempt to infect a Windows system via Internet Explorer do not run on a Mac. All applets are inspected carefully to make sure they are not trying to attach something to the operating system itself. Windows will happily allow an applet to attach itself to Explorer and put itself in startup, all without any indication to you that anything happened. OS X, however, would see an applet attempting to install itself and immediately pop up an authentication window. Any time you visit a web page and see an OS X message saying administrator access is needed, there’s a problem—you should cancel the request and leave that page.

A lot of people claim that the main reason Mac users don’t have problems with malware is because Macs are still a small market share, and hackers are going to hit the majority of users (those using Windows.) This may be true, but that doesn’t mean you’re completely safe. The larger threat is in the form of a Trojan, which is a program that claims to do one thing but in reality does another. Most of these are related to porn sites, which will tell you that you need a particular file to view their content. This lie convinces the user to install it, then the fun begins (sadly, not the kind the user expected). There have also been reports of trojans bundled in with pirated software, so bear that in mind before downloading iWork ’09 from a torrent site. As social networking like Facebook gains in popularity, so do attempts at infecting the unsuspecting user with all manner of garbage (such as the one mentioned here) so be careful what you click.

So, does this mean you will NEVER need some form of malware protection? Absolutely not. As Mac market share increases, hackers may turn their attention to our little corner of the world. The major players in the anti-virus market tell you that you must buy their products because they want your money, but they are not completely incorrect. At the time of this writing, the number of true Mac viruses could be counted on one hand, and most of those were pre-OS X. The strongest protection against malware is common sense. Practice safe surfing, stay away from the questionable sites, buy legal software, and you’ll be just fine.

Similar Posts

  • Thoughts on Lion's Recovery Partition

    We’ve seen some issues with Lion installations, particularly regarding the creation of the recovery partition. If you use a non-standard disk format (such…

  • Making a Bootable Lion Installer

    Unlike its predecessors, Lion is primarily a download-only version of Mac OS. You can purchase a preloaded flash drive from Apple, but it’s…

  • Startup Keyboard Tricks

    Back in the days of the Classic MacOS, one of the most powerful keys to hold down at boot was the space bar….

  • The Trials of Data Recovery

    Data recovery is a service that doesn’t always yield results, and having done it a few times, I know that whenever a hard…

  • Backing Up vs Data Recovery Costs

    One of the toughest things a technician has to do is tell customers that their hard drive has failed and recovering the data will likely cost thousands of dollars. A Small Dog customer brought in her 24-inch iMac earlier this month because it would not start up. It was on the bench and diagnosed as a failed hard drive a few hours later, and we contacted her with a few options: replace the hard drive under warranty and return the failed drive to Apple, or send the drive to DriveSavers for professional recovery.

    DriveSavers is widely acknowledged as the most capable and best-equipped data recovery firm in the world, and our customer was happy to receive an external hard drive with 100% of her data mere days after sending in the toasted one. She was not happy about the bill, though, which was more than the cost of her computer!

    We spoke at length on the phone about how all hard drives fail eventually and how she needs to have a backup system in place. She clearly understood what I was saying, and I made it clear that our conversation was not really about sales but about her protection. No backup drive was purchased.

    Three weeks later, the warranty hard drive replacement has failed again. She didn’t back it up and has lost three weeks of work and simply cannot afford the pricey recovery again.

    David Lerner, an owner of the preeminent New York City Apple Specialist and repair shop Tekserve, has in his email signature “May you have 1,000 backups and never need one.” It’s a mantra we all should take seriously.

    This is just one more sad story about 100% preventable data loss. Do yourself a favor and get a Time Capsule, an external drive, even email important documents to yourself or stash them on your iDisk. A $200 Time Capsule is much cheaper than a $2200 data recovery!

    Do yourself a favor… (be sure to click the green links on the product page to view all specials)
    Time Capsule 500GB from $199.99
    Time Capsule 1TB from $349.99