Posts Tagged‘virus’

Why Macs Aren’t (and Never Were) Virus/Malware/Spyware Free.

While I might enjoy a good old fashion Apple bashing more than I should I’m still pretty heavily invested in their platform, with me counting an iPhone and MacBook Pro amongst my computing arsenal. Still anyone who’s been reading this blog long enough will know that I’m no fan of the hype that surrounds their products nor the hoard of apologists who try to rework any product fault or missing feature as a symbol of Apple’s “vision” when realistically Apple should cop some flak for it. Today I want to tackle one of the longest standing Apple myths that has still managed to perpetrate itself even in light of the overwhelming evidence to the contrary.

I am talking about, as the title implies, Mac’s apparent immunity to malicious code.

Wind back the clock a few decades and we find ourselves in the dawn of the consumer PC age and with it the initial success of the Apple II series of microcomputers. Back then the notion of a computer virus was almost purely academic with all working viruses never leaving the confines of the places that they were created in. Rich Skrenta, a then 15 year old computer whiz, took it upon himself to code up what would become the very first virus to make it into the wild, he called it Elk Cloner. This particular virus would attach itself to the Apple DOS running on the Apple II and on every 50th boot would display a lovely little poem to the user. Whilst it didn’t cause any actual harm (apart from annoyance) it was able to spread to other floppy disks and was the first virus to overwrite the boot sector so that it would be loaded each time.

That’s right, the first ever in the wild virus was indeed Mac only.

Still there’s a little kernel of truth in the saying that Macs are resistant to malicious code. Whilst most viruses in the past were done to inflict chaos and harm upon their users the last decade saw virus writers make the switch to the more profitable adventures of stealing credit card information, mining data or turning your PC into a zombie to be used for nefarious purposes. Mac’s immunity then came from obscurity as there’s little reason to go to all that effort to only target a small percentage of the worldwide PC user base and so the most favored platform became the most targeted, leaving the Macs relatively untouched.

Still even a small percentage of billions still adds up to multiple millions of people and so some virus writers started to turn their sites towards the Mac platform. Reports started surfacing over the rumors that were circulating and it became official, Macs were now a target. Apologists shot of volleys left and right saying that these were just in a minority and were even doing so right up to the end of last year, stating that the Mac’s immunity remains intact. Today brings news however that not only have Macs made the mainstream for normal users, they’re now mainstream for virus creators:

The kit is being compared to the Zeus kit, which has been one of the more popular and pervasive crimeware kits for several years now. A report by CSIS, a Danish security firm, said that the OS X kit uses a template that’s quite similar to the Zeus construction and has the ability to steal forms from  Firefox.

“The Danish IT-security company CSIS Security Group has just yesterday observed a new advanced Form grabber designed for the Mac OS X operating system being advertised on several closed underground forums. In the same way as several other DIY crimeware kits designed for PCs, this tool consists of a builder, an admin panel and supports encryption,” Peter Kruse of CSIS said in a blog post.

Indeed they are now also the targets of scareware campaigns that masquerade themselves as actual virus scanners and with the prevalence of web based malware on the increase the Mac platform only provides immunity against the garden variety botnet software, not the fun stuff like man-in-the-middle attacks or cross site scripting vulnerabilities. Truly if you believe yourself immune to all the threats that the Internet poses simply because you chose the “better” platform you’re simply making yourself far more vulnerable to the inevitable, especially for things like social engineering.

I’m not sure why people continue to perpetuate the myth that Macs are completely immune to the threats of the Internet. It seems to stem from the deep rooted belief that Macs are the better platform (whether they are or not is left up to the reader) and quelling the rumors that Macs can be compromised would seem to strengthen it, somehow. Instead Mac users would be far better served by acknowledging the threats and then building countermeasures to stop them, just like the Windows platform has done before them. It’s not a bad thing, any platform that holds some kind of value will eventually become the target of nefarious forces, and the sooner Mac apologists wake up and admit that they’re not the shining beacons of security they think they are the better the worldwide computing system will be better for it.

Norton Internet Security 2011: My How Things Have Changed.

It’s been a long time since I used a Norton product. Way back when I had just started working for Dick Smith Electronics I can remember happily recommending their products to nearly every customer that walked through the door and rarely did I get any complaints back from them. That all changed when I moved onto actually fixing people’s computers where upon I discovered that Norton’s latest incarnation (then 2004) was actually worse than the problems it was trying to solve. So many times I’d fully clean up a PC only to have it bog down again when I put Norton back on so you can imagine my scepticism when I was approached to review their latest version, Norton Internet Security 2011. Still I thought that they couldn’t have continued on if their product range continued down the path they had all those years ago so I decided to give it a go to see how far (or not) they had come.

Still I wasn’t entirely ready to risk my main machine with this so I fired up a Windows 7 virtual machine on my server and began the installation process on it. Installing Norton took just under 10 minutes, including the time it took to download the updates. Interestingly the installer updated itself before attempting to install on my system which is definitely a welcome change from updating afterwards. Doing so before installation means that Norton should be capable of detecting threats that might try to subvert the installation process, if you’re trying to clean an already compromised system. Unfortunately before the install will complete you have to provide your registration key, meaning there’s no free trial should you want to give your friends the software to trial before they buy it. Still the retail copy allows you to protect up to 3 PCs for the one purchase, enough to cover most households. Part of the installation process will also ask if you want to participate in the Norton Community which I’d definitely recommend you do (more on this later).

The user interface is a worlds away from the Norton that I remembered. The main screen is very well laid out with all the needed features available right on the main screen, I rarely had to dig more than one or two layers deep to find a setting I was looking for. The map at the bottom of the screen shows the recent cyber crime incidents across the world (although how they define this is a bit of a mystery) and is pretty cool to watch as ticks slowly over the past 24 hours. By itself though it doesn’t really add much value for the regular user apart from possibly piquing their curiosity about the events.

At this point a regular user could close the program and leave it at that since everything else is taken care of automatically by Norton Internet Security. This was why I used to recommend Norton products to people as they required the least amount of intervention from users to ensure that they kept working as intended. For the super and power users however there’s a fair bit more value that can be unlocked if you want to go digging a little deeper into Norton Internet Security, as I’ll show you below.

Before I get into the guts of this program let me talk about the performance of this application. Talk to any long time Windows administrator and they’ll tell you that anti-virus programs can be some of the most performance degrading applications you can install on your PC. This isn’t through any fault of their own, more it’s because to provide the maximum level of security they have to be constantly active, ensuring they’re ready for any incoming threats. Norton used to be the worst of the lot in this regard often bringing top of the line equipment to its knees in order to keep it safe.

Norton Internet Security 2011 however has progressed quite significantly since my encounters with its previous incarnations. Keen readers would’ve noticed that the main screen of Norton had a Performance link on it which reveals the screen shown above. The period shown before the two large spikes was completely idle and you can see that Norton does a good job of keeping its resource usage low during these periods. The two large spikes are from me performing a scan across about 600GB of data and doing that will use up most of your available system resources whilst the scan is running its course. This isn’t unique to Norton however and the scanning itself was quite quick, taking just under an hour to complete. The System Insight section provides an overview of what has been happening on your system over the past month. For an administrator like me such information can be quite valuable especially when trying to diagnose when some problem may have originated.

The meat of any AV program however is in its ability to catch potential problems before they can do any harm, which Norton Internet Security seems quite capable of doing.

The EICAR file is a virus test file designed to trigger any AV product. Upon downloading it I was greeted with a little pop up in my browser that said it was scanning the file for viruses and not too long after I was presented with this. As you can see not only does Norton identify the file and remove it before it has a chance to inflict any damage it also provides a wealth of information about the potential threat it removed from your system. This is where the power of the Norton Community comes in as it provides you with some idea about how widespread a threat might be and what it might do to your system if it was infiltrated. This kind of information is great for empowering users making them aware of what’s happening and hopefully educating them to avoid such things in the future. Most users probably won’t take advantage of this but it’s still quite useful for power users or system administrators.

The feature even extends to running processes which becomes quite handy for something you might be suspicious of but aren’t quite sure about. Again this kind of information might not be particularly useful to the user directly but it could prove quite valuable to administrators or super users attempting to troubleshoot issues.

The second feature set is the network protection section which encompasses two interesting features: Vulnerability Protection and the Network Security Map.

Vulnerability protection is an interesting idea. In essence Norton Internet Security can protect against flaws in particular programs, preventing the exploit from working. Whilst the vast majority of these exploits have been patched not all users are rigorous with their updates and Norton can help cover the gap for them. Additionally this also allows Norton to respond to threats quite quickly, nullifying their effects whilst the software vendors work on releasing a patch. Since there’s usually a month between patch cycles this feature goes a long way to securing a user against imminent threats that they might not even be aware of.

The network security map gives you a broad overview of the network you’re on and the other devices connected to it. This kind of thing can be helpful for users who are on public internet connections and want to be sure that their safe. Whilst this can’t detect any of the advanced threats (like a compromised access point running a man in the middle attack) it does give the users some much needed guidance on when they should and shouldn’t be doing things over a public connection. The information on other hosts is interesting too as its basically an IP and port scanner. Normal users probably won’t care about the information contained in here but after the hassle I went through to spoof a MAC address for free wifi in Los Angeles this kind of thing is quite valuable (if for all the wrong reasons ;)).

Lastly there’s the Web Protection section which contains an identity safe, credit card store and a parental controls section. Whilst there are already many password saving solutions out there the fact that Norton includes one is a good step towards improving a user’s security. Using a password store means that should you be compromised with a keylogger a malicious attacker won’t be able to get ahold of your passwords when you type them in. Sure there’s the possibility they’ll crack the store but it’s another layer of security that can help reduce the impact of a compromised system. The same can be said for the credit card store as whilst credit card details are one of the few things you don’t want to store anywhere on your computer the use of this store provides similar benefits to that of the password safe.

I didn’t get into the parental controls section much as it was very much geared towards fretting parents who require fine grained control over their child’s online experience. It provides all the useful goodies of being able to see what you’re kids are doing online and creating rule sets for browsing but probably the most useful part of it would be the online resources for educating children on safe web behaviour. Personally I’m a fan of keeping the PCs in a communal area and being an active online participant yourself instead of trying to approach the problem at arms length with tools like this. Still it wouldn’t be in the product if the users hadn’t been begging for it so I’m sure many users will appreciate its inclusion.

To be honest I went into this review with a great deal of scepticism, thinking that Norton wouldn’t have changed their sinful ways despite their continued existence. I’m glad to say that my experience with their latest product, Norton Internet Security 2011, changed all that and they’ve delivered a program I wouldn’t hesitate to recommend and use myself. Harnessing the power of their large user base in order to empower them with the information they gather is an excellent way to improve security and for power users like me it’s something that will give me just that little bit of an edge when dealing with unknown issues. Before I reviewed this product I didn’t think I’d need to pay for anti-virus ever again as things like Microsoft Security Essentials covered all the required functionality. Now however I can now see the vast difference between a paid product like this and their free cousins and I couldn’t bring myself to say that buying Norton Internet Security would be money wasted any more. If you’re looking for a paid anti-virus product with a wealth of features you wouldn’t go wrong with Norton Internet Security 2011.

Norton Internet Security 2011 is available from most software stores and online for AU$69.99. A copy of this software was provided to me free of charge for the purposes of reviewing it. All testing was conducted on a Windows 7 virtual machine running on VMware ESXi with 2 vCPUs, 2GB RAM and a 40GB HDD.