Home > Mac News > Bad Reporting re: Mac “Virus” Scare

Bad Reporting re: Mac “Virus” Scare

February 27th, 2006

Reading Google News, I’ve been watching a steady stream of “news” reports go by that make me doubt how seriously I should take most of the computer reporting out there. There are just so many stories out there which are completely misinformed, I have to wonder how many of these people went to journalism school. Let me give a few examples:

Apple’s OS X Suddenly Not So Secure After All (FOX)
Security scares mount for Apple Macintosh users (USA Today)
First ever virus for Mac OS X (Ferret.com)
Apple Mac Virus Is Real Threat – The Apple Mac malware threat is real, according to anti-virus experts (GameSHOUT)
Second Mac virus in the wild (SC Magazine)
McAfee Provides Protection Against Mac Os X Exploits and Viruses (Hardware Zone)
First Mac virus found in wild (Globe and Mail)
Has the “Mac virus” struck your computer? (Austin American-Statesman)

Read most of these and you’ll find out about “viruses” hitting the Mac as told by “experts.” Well, not exactly. First of all, there are no viruses. A trojan, a worm, and a vulnerability. The “experts” and “researchers”? People who work for anti-virus software and security companies, who have a vested business interest in making people think they have viruses so they can sell their product.

But the trojan, worm and vulnerability are real, right? Depends on what you mean. The trojan and worm are “proof of concept,” and don’t do any damage (though Symantec, another anti-virus vendor, is claiming the trojan does damage files and the OS, completely unsupported from what I have ascertained). Furthermore, the trojan requires the user to enter a system admin password in order for the trojan to work, unlikely since the user will have just tried to open an image file. And the fake image file has to be downloaded (not viewed on a browser) or sent as file transfer by iChat, which not too many people ever do. The worm, meanwhile, requires not only two Macs using Bluetooth to be in the same room, it also requires both Macs to have an OS almost a year out of date, when most Macs update automatically. And it requires you to actively accept a file transfer over Bluetooth, which can be immediately confirmed as fake by asking the other Mac user in the room if they’re really trying to send you something. Oh yeah, and it self-destructs tomorrow, leaving no damage. And the vulnerability? Just that–it’s an opening, not an actual exploit. It means that no one is actually trying to damage your computer, it’s simply possible that such a thing could happen.

Which is really what all three of these represent: potential malware, not actual malware. Two harmless proof-of-concepts and one vulnerability. With the proof-of-concepts being almost ridiculously hard to acquire. Frankly, I doubt I could acquire either of them even if I went out on the Internet and aggressively tried to. And what’s more, you don’t need anti-virus software to guard against them–though the news stories, which could easily be just copies of press releases by anti-virus vendors, don’t tell you that. The vulnerability? Go to Safari’s preferences and turn off the “Open ‘safe’ files after downloading” option. The worm? Update your software through the Software Update control panel (it’s free, and probably it’s already been done–if there’s nothing in Software Update to install, you’re OK). The trojan? Don’t enter your admin password unless you are knowingly installing software or changing system preferences. To be completely safe, know that the filename suffix “.tgz” (signifying compressed files) is one you should avoid opening unless you know what you are doing.

Strange that all these stories trying to scare you don’t mention these simple protections against the malware, which doesn’t do any harm anyway. So, should you buy anti-virus software? Not yet, certainly. In fact, the Solution published by Sophos, an anti-virus security firm, actually didn’t work, mistakenly identifying the Bluetooth worm where none existed, sending users into a false panic and wasting their time. In the future, when Mac malware actually poses a threat, you’ll need security. But not yet. The problem is, when all these news outlets are reporting misinformed stories generated by businesses out to make a buck, how will you know when it’s really unsafe out there? I guess you’ll just have to research hard and read as many stories as you can–there are some out there that tell the real story, though not many.

Or you come come to this site–when I think I need anti-virus protection, I’ll certainly blog on it.

Categories: Mac News Tags: by
Comments are closed.