What amazes me is that this page is several years old and it is still fairly up to date since there are not many viruses for the Mac! and STILL NONE FOR OSX. --- Bob

See my tech tips page for your current Trojan and Malware information.


Viruses on the Mac

By Stephen Beale

Mac users largely escaped the bite of the "Love Bug," but viruses and similar agents have been part of the Macintosh landscape for many years. The first Mac viruses, nVir and MacMag, appeared in 1987, the latter originating from a Macintosh magazine in Montreal. More recently, users contended with the notorious AutoStart worm that invaded Mac systems worldwide in 1998.

Viruses, worms and Trojan Horses--the three main categories of computer miscreants--remain a much bigger problem for PC users than their Mac counterparts. Of the 42,000 viruses counted by Symantec in October 1999, only a tiny handful target the Mac, and none poses a serious threat to Mac users, especially if you have up-to-date antivirus software and observe other common-sense precautions. The most recent virus definitions from Symantec and McAfee--the two major developers of commercial antivirus software for the Mac--guard primarily against macro viruses that attack Microsoft Word 6, which is no longer in widespread use.

The AutoStart worm

But Macs are not immune from infection. The most memorable recent example was AutoStart 9805, the first known Macintosh worm, which originated in Asia in 1998 and soon spread around the world. Using QuickTime's AutoStart feature, the worm and its variants invaded Power Mac systems from infected media if the CD-ROM AutoPlay option was enabled. Contaminated systems suffered from corrupted files, unexplained crashes and other symptoms.

A virus invades a computer by attaching itself to a host program or the boot sector of a diskette. It replicates itself in other files on the system, but spreads to additional computers only through incidental contact, when users exchange floppy disks or download files. Worms, in contrast, do not need a host program to replicate and tend to spread aggressively to other systems. (A Trojan Horse is a malicious program that masquerades as a useful one.)

The AutoStart worm prompted John Norstad to retire Disinfectant, a shareware program that many Mac users had relied on as an alternative to commercial antivirus packages. Norstad told users that Disinfectant was not designed to protect against worms, and advised them to buy a commercial program such as Virex or Norton Antivirus, whose developers have more resources for responding quickly to outbreaks.

The "Love Bug" and last year's Melissa virus, both of which are limited to attacking Windows PCs, combine elements of a virus and a worm. They resemble viruses because they use an e-mail program as their host, but they act like worms because they can send copies of themselves to other computer systems. Neither can infect Mac OS systems because they are written in VBScript, a scripting language that's not supported on the Macintosh. However, as some users learned, the viruses can attack the Windows partitions on Mac systems running PC emulators--including Mac files mapped to those partitions. (See "Macs mostly immune from worm.")

Other Mac outbreaks

Many Mac users were hit by the Microsoft Word and Excel macro viruses of 1997, which differed from other viruses in their ability to attack across the platform divide. Viruses are generally specific to one operating system, but because the macro viruses hid themselves in Word and Excel templates, they infected Mac and Windows users alike, although some strains caused more serious consequences for the latter.

The virus invaded Word or Excel when you opened an infected document. The infected programs would then save all documents as templates along with a embedded copy of the bug. The virus spread when users exchanged Word or Excel documents with others. Word 98 and Excel 98 include built-in protection against macro viruses, so the bugs are a concern only if you still run the previous versions.

Another class of Mac viruses targets HyperCard stacks. The first known HyperCard virus, MerryXmas, was not written to be destructive, but due to a bug, it sometimes causes HyperCard to quit. Another notorious virus, Blink, causes stacks to flash on and off.

HyperActive Software, a developer of HyperCard software, maintains extensive information about HyperCard viruses and their remedies on its Web site. Symantec's Norton Antivirus and McAfee's Virex offer protection against these viruses, as well as the macro viruses and AutoStart worm.

Virus hoaxes

Virus hoaxes--attempts to spread misinformation about nonexistent viruses--are almost as big a problem as viruses themselves. For example, after last year's Melissa virus outbreak, many users received e-mails similar to this:

"This information was announced yesterday morning from IBM; AOL states that this is a very dangerous virus, much worse than 'Melissa,' and that there is NO remedy for it at this time. Some very sick individual has succeeded in using the reformat function from Norton Utilities causing it to completely erase all documents on the hard drive. It has been designed to work with Netscape Navigator and Microsoft Internet Explorer. It destroys Macintosh and IBM compatible computers. This is a new, very malicious virus and not many people know about it."

In addition to needlessly scaring users, the hoaxes tend to create e-mail congestion as people warn their friends and coworkers about the bogus virus. Symantec and McAfee both maintain updated lists of hoaxes (Symantec, McAfee) on their Web sites.

Viruses from the Web?

Some security experts have warned that Web sites could be the next major source of virus attacks--not through traditional software downloads, but by placing malignant Java or ActiveX code on the desktop.

Symantec raised this frightening prospect in a background document on its Web site. "Although it has not yet happened, it is possible for virus writers to use ActiveX and possibly Java to introduce viruses, worms and Trojan Horses onto a Web-surfer's computer, turning Web pages into virus carriers. By simply surfing the Web, users could expose their computer to viruses spread via ActiveX controls, without downloading files or even reading e-mail attachments. The virus writers could then use the virus to access RAM, corrupt files, and access files on computers attached via a LAN, among other things."

Symantec noted that Java is much more secure than ActiveX, and would thus be less prone to such mischief.

More information

Symantec and McAfee both maintain up-to-date information about Mac and PC viruses as well as educational material on the subject. In addition, ICSA, a provider of computer security services, hosts Mac Virus, a volunteer-run Web site that provides information about Macintosh viruses. The site includes descriptions of Macintosh viruses, detailed information about the AutoStart worm and links to other resources.

Agax & other remedies

Posted By: Martin A. Totusek <bb553@scn.org> (06-077.009.popsite.net)
Date: 8-May-2000 2:16 a.m.


Agax (see: http://www.cse.unsw.edu.au/~s2191331/agax/agax.html) is a useful remedy; I've had it catch a couple things that the Symantec and McAfee (Network Associates makes McAfee's program) missed.

Anti-Virus Software Information:

Agax 1.3 {John Dalgliesh} (Freeware)

Download URL: http://www.cse.unsw.edu.au/~s2191331/agax/agax.html

Autostart Hunter {Akira Nagata - Yukos World Co., Ltd.} (Freeware)

Download URL: http://www.nettaxi.com/citizens/yukoswrd/

BugScan 1.2.3 {Mountain Ridge Dataworks} (Shareware)

Download URL: http://www.mrdataworks.com/download.htm

Disinfectant 3.7.1 {John Norstad} (Freeware, but no longer being updated, and doesn't cover the Macro Viruses or Worms)

Download URL: ftp://ftp.acns.nwu.edu/pub/disinfectant/

Eradicator {Uptown Solutions Ltd.} (Freeware) One of the first Programs for dealing with the Autostart Worm.

Download URL: http://www.uptown.com/

Norton AntiVirus for Macintosh {Symantec} (Commercial)

Sophos Anti-Virus {Sophos} (Shareware & Commercial versions)

Download URL: http://www.sophos.com/downloads/full/index.cgi/next?GroupsID=6

The Exorcist {LAFFEY Computer Imaging} (Freeware) -formerly known as Graphics Innoculator) - The Exorcist will attempt to inoculate your Macintosh against the new "666" AKA "SevenDust", and "Graphics Accelerator" virus. Please note that it has not actually been tested with a live copy of the virus.

Download URL: http://www.laffeycomputer.com/software.html

Virex 6.1 {Network Associates/McAfee} (Commercial) - One of the most popular of the Anti-Virus Programs. Note: Virex 6.0 can run under Mac OS 9 - it simply needs to be updated with the Virex Control Panel 6.0.1d2 in order to work under Mac OS 9;

WormScanner 2.3.1 {James W. Walker} (Freeware)

Download URL: http://www.jwwalker.com/


TeleFinder Web Server the best mac web server and mac bbs

Welcome Web BBS | Fun Stuff | Site Links | Business | Store | TeleFinder

Buy a Book!