What amazes me is that this page is
several years old and it is still fairly up to date since
there are not many viruses for the Mac! and STILL NONE
FOR OSX. --- Bob
See my tech
tips page for your current Trojan and Malware
information.
Viruses on the Mac
By Stephen
Beale
Mac users largely escaped the bite of the "Love
Bug," but viruses and similar agents have been part
of the Macintosh landscape for many years. The first Mac
viruses, nVir and MacMag, appeared in 1987, the latter
originating from a Macintosh magazine in Montreal. More
recently, users contended with the notorious AutoStart
worm that invaded Mac systems worldwide in 1998.
Viruses, worms and Trojan Horses--the three main
categories of computer miscreants--remain a much bigger
problem for PC users than their Mac counterparts. Of the
42,000 viruses counted by Symantec in October 1999, only
a tiny handful target the Mac, and none poses a serious
threat to Mac users, especially if you have up-to-date
antivirus software and observe other common-sense
precautions. The most recent virus definitions from
Symantec
and McAfee--the two
major developers of commercial antivirus software for the
Mac--guard primarily against macro viruses that attack
Microsoft Word 6, which is no longer in widespread use.
The AutoStart worm
But Macs are not immune from infection. The most
memorable recent example was AutoStart 9805, the first
known Macintosh worm, which originated in Asia in 1998
and soon spread around the world. Using QuickTime's
AutoStart feature, the worm and its variants invaded
Power Mac systems from infected media if the CD-ROM
AutoPlay option was enabled. Contaminated systems
suffered from corrupted files, unexplained crashes and
other symptoms.
A virus invades a computer by attaching itself to a
host program or the boot sector of a diskette. It
replicates itself in other files on the system, but
spreads to additional computers only through incidental
contact, when users exchange floppy disks or download
files. Worms, in contrast, do not need a host program to
replicate and tend to spread aggressively to other
systems. (A Trojan Horse is a malicious program that
masquerades as a useful one.)
The AutoStart worm prompted John Norstad to retire
Disinfectant, a shareware program that many Mac users had
relied on as an alternative to commercial antivirus
packages. Norstad told users that Disinfectant was not
designed to protect against worms, and advised them to
buy a commercial program such as Virex or Norton
Antivirus, whose developers have more resources for
responding quickly to outbreaks.
The "Love Bug" and last year's Melissa virus, both of
which are limited to attacking Windows PCs, combine
elements of a virus and a worm. They resemble viruses
because they use an e-mail program as their host, but
they act like worms because they can send copies of
themselves to other computer systems. Neither can infect
Mac OS systems because they are written in VBScript, a
scripting language that's not supported on the Macintosh.
However, as some users learned, the viruses can attack
the Windows partitions on Mac systems running PC
emulators--including Mac files mapped to those
partitions. (See "Macs
mostly immune from worm.")
Other Mac outbreaks
Many Mac users were hit by the Microsoft Word and
Excel macro
viruses of 1997, which differed from other viruses in
their ability to attack across the platform divide.
Viruses are generally specific to one operating system,
but because the macro viruses hid themselves in Word and
Excel templates, they infected Mac and Windows users
alike, although some strains caused more serious
consequences for the latter.
The virus invaded Word or Excel when you opened an
infected document. The infected programs would then save
all documents as templates along with a embedded copy of
the bug. The virus spread when users exchanged Word or
Excel documents with others. Word 98 and Excel 98 include
built-in protection against macro viruses, so the bugs
are a concern only if you still run the previous
versions.
Another class of Mac viruses targets HyperCard stacks.
The first known HyperCard virus, MerryXmas, was not
written to be destructive, but due to a bug, it sometimes
causes HyperCard to quit. Another notorious virus, Blink,
causes stacks to flash on and off.
HyperActive Software, a developer of HyperCard
software, maintains extensive
information about HyperCard viruses and their
remedies on its Web site. Symantec's Norton Antivirus and
McAfee's Virex offer protection against these viruses, as
well as the macro viruses and AutoStart worm.
Virus hoaxes
Virus hoaxes--attempts to spread misinformation about
nonexistent viruses--are almost as big a problem as
viruses themselves. For example, after last year's
Melissa virus outbreak, many users received e-mails
similar to this:
"This information was announced yesterday morning from
IBM; AOL states that this is a very dangerous virus, much
worse than 'Melissa,' and that there is NO remedy for it
at this time. Some very sick individual has succeeded in
using the reformat function from Norton Utilities causing
it to completely erase all documents on the hard drive.
It has been designed to work with Netscape Navigator and
Microsoft Internet Explorer. It destroys Macintosh and
IBM compatible computers. This is a new, very malicious
virus and not many people know about it."
In addition to needlessly scaring users, the hoaxes
tend to create e-mail congestion as people warn their
friends and coworkers about the bogus virus. Symantec and
McAfee both maintain updated lists of hoaxes (Symantec,
McAfee) on
their Web sites.
Viruses from the Web?
Some security experts have warned that Web sites could
be the next major source of virus attacks--not through
traditional software downloads, but by placing malignant
Java or ActiveX code on the desktop.
Symantec raised this frightening prospect in a
background
document on its Web site. "Although it has not yet
happened, it is possible for virus writers to use ActiveX
and possibly Java to introduce viruses, worms and Trojan
Horses onto a Web-surfer's computer, turning Web pages
into virus carriers. By simply surfing the Web, users
could expose their computer to viruses spread via ActiveX
controls, without downloading files or even reading
e-mail attachments. The virus writers could then use the
virus to access RAM, corrupt files, and access files on
computers attached via a LAN, among other things."
Symantec noted that Java is much more secure than
ActiveX, and would thus be less prone to such mischief.
More information
Symantec
and McAfee both
maintain up-to-date information about Mac and PC viruses
as well as educational material on the subject. In
addition, ICSA, a
provider of computer security services, hosts Mac
Virus, a volunteer-run Web site that provides
information about Macintosh viruses. The site includes
descriptions
of Macintosh viruses, detailed information about the
AutoStart
worm and links
to other resources.
Agax & other remedies
Posted By: Martin A. Totusek
<bb553@scn.org>
(06-077.009.popsite.net)
Date: 8-May-2000 2:16 a.m.
Agax (see: http://www.cse.unsw.edu.au/~s2191331/agax/agax.html)
is a useful remedy; I've had it catch a couple things
that the Symantec and McAfee (Network Associates makes
McAfee's program) missed.
Anti-Virus Software Information:
Agax 1.3 {John Dalgliesh} (Freeware)
Download URL: http://www.cse.unsw.edu.au/~s2191331/agax/agax.html
Autostart Hunter {Akira Nagata - Yukos World
Co., Ltd.} (Freeware)
Download URL: http://www.nettaxi.com/citizens/yukoswrd/
BugScan 1.2.3 {Mountain Ridge Dataworks}
(Shareware)
Download URL: http://www.mrdataworks.com/download.htm
Disinfectant 3.7.1 {John Norstad} (Freeware,
but no longer being updated, and doesn't cover the Macro
Viruses or Worms)
Download URL: ftp://ftp.acns.nwu.edu/pub/disinfectant/
Eradicator {Uptown Solutions Ltd.} (Freeware)
One of the first Programs for dealing with the Autostart
Worm.
Download URL: http://www.uptown.com/
Norton AntiVirus for Macintosh {Symantec}
(Commercial)
Sophos Anti-Virus {Sophos} (Shareware &
Commercial versions)
Download URL: http://www.sophos.com/downloads/full/index.cgi/next?GroupsID=6
The Exorcist {LAFFEY Computer Imaging}
(Freeware) -formerly known as Graphics Innoculator) - The
Exorcist will attempt to inoculate your Macintosh against
the new "666" AKA "SevenDust", and "Graphics Accelerator"
virus. Please note that it has not actually been tested
with a live copy of the virus.
Download URL: http://www.laffeycomputer.com/software.html
Virex 6.1 {Network Associates/McAfee}
(Commercial) - One of the most popular of the Anti-Virus
Programs. Note: Virex 6.0 can run under Mac OS 9 - it
simply needs to be updated with the Virex Control Panel
6.0.1d2 in order to work under Mac OS 9;
WormScanner 2.3.1 {James W. Walker} (Freeware)
Download URL: http://www.jwwalker.com/