Monday looks to be entertaining! Second appointment of the day is an iMac malware removal. I got a call about this Saturday night, and I was so interested (OK, so these folks actually spend a bunch of money with me) that I went over to take a quick look at the computer.

Lo and behold, here's this year old iMac with a flashing notification up on the screen that says, "Windows Security has detected that your computer is infected... etc." . Professional demeanor? Hell, I laughed until I hurt.

So, I spent some time today trying to get my tools ready to go kill this pest. I haven't done a Mac malware removal since long about Mac OS 7 so I wasn't feeling well prepared at all. Time to fire up Google.

First thing I learned is "Don't visit Mac support forums for malware help." Talk about denial! Anyway, most of the potentially useful information I've found has come from mainstream AV vendors, along with a couple of tools that are Mac specific. This should be interesting, and I'll update the thread as appropriate.

Oh I have to subscribe to this forum. Can't wait to hear your findings. I have a couple teachers that are in total denial that Macs can get infected. Actually one of them is quite funny because she bought a Mac, installed Windows as her OS (Reformatting and removing MacOS) and insists she does not need Anti-Virus software because her friend which is a self-proclaimed Mac expert says Macs do not get viruses. Then she proceeded to insult me and say that I do not know anything about Macs, except that I do. I did go to school for graphic design and been using Macs since the 603x processors. I currently own a Macbook that was given to me by Apple (perk of working in education). But there was no use arguing with her because I am wrong and she is right.

OORAH! Killed 2 Mac bugs today! Since the "Windows Security Alert" was such a crude piece of business, I wasn't too surprised that the removal was simple. I ran SecureMac.com's DNSChanger removal tool, which took just a few seconds to find and kill DNSChanger 2.0K, then I downloaded PCTools iAntivirus which took 1hr 3m 14s to scan 832084 objects (using the Normal Scan as opposed to quick or complete scans) and found and removed iMunizator.

Now, the "alert" that I saw onscreen looked absolutely nothing like any of the iMunizator screenshots I could find; it was just a generic SmitFraud/Anivirus XP, etc. window. But, it was gone after the removal, and after spending some time online, I'm comfortable that the machine is clean. After I talked to the teenager who owns the computer, he admitted that he was pretty sure the bug installed from a porn site, and we had the same conversation about Limewire that we have had about twice a year for the last 4 years, all the way back to the Dell he had before the Mac.

Anyway, my take on the whole experience was that just like so many PC users, some Mac users aren't sufficiently cautious about where they go online and what they do there. Macs also seem to be way to eager to open disk image files. I wasn't much impressed by the security tools I had to choose from.

Apart from iAntivirus, one of the few freeware apps I found was ClamXV. Since I had no reason to expect that ClamXV sucked any less than their other versions, I didn't download it. The apparent condition and performance of the computer didn't give me sufficient motivation to download and run Kaspersky's Trial version, and the "free" download of MacScan doesn't do removals. Avast!'s Mac version gets wretched reviews.

All in all, a pretty boring, but somewhat educational experience. As it turns out, the best part of the experience was getting to check out Mom's brand new Bentley Continental GT.

About Macs and Security. So you're disproving the statement that's been circulating around out there that Macs are "virus proof," right?

Right now, there are about 80-90 nasties capable of infecting the Mac OS, and many of the vulnerabilities affect OS 9 only, so there really aren't all that many around. Rather than viruses, most of the pests are Trojans, scareware, and exactly the same kind of junk you deal with on most Windows machines that are infected. And they get on the computer for the exact same reason so many Windows machines get infected; clueless users.

Lots of people show incredibly bad judgment about the stuff they are willing to put on their computers. "Free" porn, screensavers, stuff off file sharing networks, cracked software, whatever. Since writing this stuff is very big (very profitable) business, you can bet Mac users are going to be exposed to more and more of it.

I approached my Mac Malware removal with a lot of uncertainty. I looked at the available tools and wasn't too happy with what I had to work with. Some of the AV tools were obviously overkill; I can't imagine owning a Mac and actually buying Symantec's product, and I wouldn't bother to download Kaspersky's trial version unless I was dealing with a seriously hosed computer. About the only situation that might have changed my mind would have been a Mac running Windows as well as OSX, because I would have wanted a product scanning both operating systems.

It looked to me like about the only decent freeware antimalware tools for the Mac were iAntivirus and some of SecureMac's focused removal tools. Overall, they made me feel like I was going hunting with a .22, when I really wanted at least a .30-06. Fortunately, I didn't have to shoot anything worse than a raccoon. If the bears had been out, it could have been ugly.

My biggest disappointment was various Mac user forums 9including some of Apple's) where many posters actually denied the existence of any Mac malware. For example, I read some posts in response to users who were obviously infected with some iMunizator variant which just said, "No, that flashing message on your screen that says your computer is infected with One Million viruses, isn't an infection; you must have a browser window open to a hacked site that's redirecting you."

Long winded answer to your question, huh? Of course there is Mac Malware around. Are Mac users still much safer than Windows users? Absolutely. Unfortunately "safer" doesn't mean "invulnerable" and denying the existence of threats only makes users, regardless of platform, more vulnerable.

About Macs and Security. So you're disproving the statement that's been circulating around out there that Macs are "virus proof," right?

They are not even Virus Resistant. It all comes down to that there are not many viruses out there and some Mac people take that as a false sense of security. But like any other computer if you are irresponsible you will get into trouble. If Macs continue to gain popularity I think you will see more and more exploits come out and hopefully Mac users will wake up and realize that any software (no matter who makes it) can be exploited if someone out there wants to take the time to do it. But why go after a computer and OS that only has like 3% of the worlds computers. Just like terrorists go attack the big cities. You can harm more people crashing a plane in the middle of a big city than in a cornfield.

"Apple today warned that opening or viewing image files could lead to remote code execution attacks against Mac OS X users.

In an update that contains fixes for a total of 19 documented vulnerabilities, Apple said malicious hackers could rig PNG (Portable Network Graphics) and other images to take complete control of unpatched Mac systems."

You can read the full story here on ZDNet (http://blogs.zdnet.com/security/?p=3933). The list of vulnerabilities is both interesting and fairly extensive.

Actually, I have to give Apple credit for responding to Mac security issues with the enhancements built into Snow Leopard. How many years did Microsoft try to down play the question of security before they started to get serious?

I just can't wait to see how Apple markets Snow Leopard's enhanced security features.

It's NEW! It's IMPROVED!! IT'S SNOW LEOPARD!!!
Now featuring Security Technologies developed for Windows!! Yes! The world's only PERFECTLY SECURE Operating System just got more perfecter!

uh huh