• Explore the magic and the mystery!



  • Remaining Proactive Against Possible Malware

    December 19th, 2006

    As I write this, Mac OS X users don’t really have to worry about virus infections — at least for now. The ones that have been discovered have been test cases, proofs of concept, to show a potential vulnerability but not much more. Sure, one virus did sort of leap into the wild a while back, but hardly affected anyone.

    This doesn’t mean there isn’t the potential for a malware infection. Every few weeks, Apple releases a security update to close system leaks. The latest, released Tuesday afternoon, addresses a potential threats involving QuickTime for Java and Quartz Composer in Mac OS X Tiger. According to Apple: “Java applets may use QuickTime for Java to obtain the images rendered on screen by embedded QuickTime objects and upload them to the originating web site. When this facility is used in conjunction with Quartz Composer, it becomes possible to capture images that may contain local information.”

    While some of those updates have caused stability issues, most don’t, and even when problems occur, they appear to be few and far between. So there seems to be no reason to avoid the update, but I’ll let you know if there is.

    At the same time, the folks at Mozilla updated Firefox 2.0 to version 2.0.0.1 to handle eight security flaws, five of which are considered “critical” by the security industry. They reportedly deal with RSS, Javascript and CSS code, among other things.

    In both cases, it doesn’t seem as if anyone actually exploited these chinks in the armor, but Apple and Mozilla did their due diligence and took care of the problems before they could cause any troubles for anyone.

    I should also mention that Microsoft’s Mac Business Unit released a “corrected” Office 2004 11.3.2 updater that addresses both security and stability. There was an 11.3.1 release that apparently got posted by mistake when the Mac BU was doing some test runs. It was quickly withdrawn, and folks who installed the update while it was available apparently didn’t have any problems to fret over. At least I didn’t. The problem is that the code hadn’t been tested.

    Even though folks are quick to shout at Microsoft for even the tiniest mistakes, let’s be fair and point out that Apple has released updates prematurely as well. It happens.

    The good thing about all these updates is that Mac users can feel a little more secure that the inevitable Mac OS X malware outbreak has been postponed for at least another day. This doesn’t mean it won’t happen, that it can’t happen. I suspect Internet criminals would love to be the first to boast they produced a Mac OS X malignancy that spread far and wide in the Mac universe. After all, it did happen in the days of the Classic Mac OS, so why can’t it happen now?

    I won’t dwell on the higher level of security offered by Unix-based operating systems. Instead I’ll remind you that the very first computer virus was created on the Unix platform, long, long ago. That’s something you shouldn’t forget.

    Beyond that, I’m am sure some elements of the tech community will use this opportunity to engage in their own viral behavior by spreading misinformation about Mac virus threats. Headlines will burst forth from the usual offenders, and the best thing to do is ignore them.

    At the same time, if you intend on sharing files with a Windows user, it doesn’t hurt to be armed with some sort of protection, or just be very careful. The things that won’t affect you can be brutal on a Windows PC. Even the virtual machine environment that you find on Parallels Desktop should be protected.

    Also you’ll want to be prepared. At the first inkling of a widespread Mac OS X virus — and it will happen someday — you should be ready to download software to protect yourself. The commercial products aren’t expensive, and, with a decently fast connection and a small deduction from your credit card or bank account, you’ll be able to arm yourself real fast.

    For now, just be on the alert, but don’t let anyone make you paranoid. There’s more than enough going on out there to do that task nicely as it is.



    Share
    | Print This Post Print This Post

    2 Responses to “Remaining Proactive Against Possible Malware”

    1. Robert Pritchett says:

      As part of our “Due Diligence” and as a service to our readers and listeners to our websites, podcasts and audiocasts, we have set up the “I Live My Mac” campaign such that everyone who registers and participates, gets a copy of ClamXav donationware at:

      http://www.maccompanion.com/IlovemyMacGiftaway.html

      That way, we will know that everyone who comes visits us from a Mac, will have that protection in place – just in case.

    2. Dan Shockley says:

      Good advice, Gene!

      If it becomes necessary, we’ll have time to install anti-virus software (well, we’ll certainly have as much time as it would take for a patch to be released to those who already had it installed, so no difference). Until then, I’ll be avoiding extra software that doesn’t benefit me while slowing me down.

      I know one thing, though, I won’t be buying from Symantec or Intego (and who else is there, again?) after all the fear-mongering over-the-top information they’ve released. I’ll probably go with something like ClamAV.

      Of course, if I eventually buy a copy of Windows XP (waiting for prices to drop on it when Vista comes out) and install that in Parallels Desktop, I’ll be sure to get some AV software for THAT. Yikes! πŸ™‚

    Leave Your Comment