I removed a virus from a PC yesterday and I have a question

[olnacl]

This was one of several variants of the "buy my antivirus" scams that pop up warnings saying there is a virus and locks up the computer until the user succumbs to the pitch and buys the product or takes steps to remove the virus. Luckily, there was a fix I found on the web that (relatively) quickly allowed me to remove it.

The question is: Since this "should" be easy to trace since money changes hands (at least from those that fall for the scam) why isn't the distributor of the virus arrested and charged? I'll give my opinion first - that it's run from a foreign country (most likely considering the poor English used in the warning dialogs) and there is no multinational cooperation for arresting these people. Any other reasons?

[mrlynn]

My guess is that they're not really selling anything; they want to collect charge-card numbers and other personal information. But that's just a guess.

Those 'rogue anti-virus' infestations are very hard to get rid of. A free program called Malwarebytes, http://www.malwarebytes.org/ , can sometimes do it where the big names can't. But even then they can regenerate, like the creature in the Alien movies. They may be 'rootkits' that can insinuate themselves into the OS at a low level and hide from AV software. So you end up wiping the HD and reinstalling everything.

Not long ago I clicked on a line in a page of Google search results, and was hit with a rogue AV ad that I couldn't get out of. But this was Safari, on my MBP, so I just force-quit Safari and it was back to business as usual. With PCs it's a different (and much more frustrating) ballgame.

I keep thinking that at some point the script villains are going to turn their sights on the growing Mac population. Maybe they have and the Mac OS is resistant enough that they haven't succeeded. But I wonder if some anti-malware software might not be prudent. . .

/Mr Lynn

[olnacl]

Yes, It was Malwarbytes that cleaned the virus and rkill that stopped the process so I could install and run malwarbytes. The machine had AVG free with current definitions and wasn't used for visiting pron/warz sites. After what appears to be a successful cleaning, I switched it to avast (free) in hopes of keeping these threats at bay, and advised my friend to run Malwarbytes at least weekly.

[JoeH]

One of the type of sites they tend to infest are the ones with on-line games. One woman at the office has managed to infect at least 3 different PC's several times over the last year. A couple times, in spite of the PC having Deep Freeze, the infection managed to bypass the protection and remain after restarting. Those required a reformat of the drive and a reload.

[H1N1]

mrlynn wrote:
I keep thinking that at some point the script villains are going to turn their sights on the growing Mac population. Maybe they have and the Mac OS is resistant enough that they haven't succeeded. But I wonder if some anti-malware software might not be prudent. . .

/Mr Lynn

The roots of MacOSX go back over 40 years and it runs the internet, and that "Not enough Macs to make it worth my time" argument is a bit of a straw man exercise, isn't it?
Think about it, what would grab more headlines, the thug mugging a few dozen townfolk in an alley, or the thief that breaks into Fort Knox?

[JEBB]

As I understand it:
To install a program (virus) on a Mac, or any Unix-based system, that messes with the system files, the administrator has to give his permission by entering his password. The name 'virus' was adopted for such computer programs because they can propagate without permission (at least in Windows). It's rather like, in your biological world, of having to give your permission to become infected with a cold virus. Not much chance of that happening.

When holes, one-off vulnerabilities, are found in the extremely complicated Mac OS, Apple issues a fix, a security update and the problem is gone.

With Windows the lack of a requirement for the password makes installing programs (viruses) easy and a constant threat.

[TheCaber]

[quote JEBB]
...
With Windows the lack of a requirement for the password makes installing programs (viruses) easy and a constant threat.
That is because the default operating mode for Windows is 'single user, administrator', what would be 'root, or superuser' on Unix/MacOSX/Linux.

In Windows, if you can get any system component to open {and by default, execute} any chunk of data that happens to have/be a viral payload, you're home free.

Windows has yet to have a multi-user operating environment.

[mrlynn]

Theoretically a non-administrative user in Windows cannot install programs, but in practice the nasties seem to evade this restriction.

If what H1N1 says is true, and the script writers really are constantly trying to get into the Mac 'Fort Knox', then the Unix core of OS X must in fact be more secure than Windows. A lot (maybe most) of Mac users routinely work with administrative privileges. I have taken the precaution of creating a non-admin user for my daily use, but I doubt if many consumers do.

Is anyone here running antivirus/antimalware software on their Macs?


/Mr Lynn

[deckeda]

TheCaber wrote:
Windows has yet to have a multi-user operating environment.

I'd like to know more about this; I'm really just now starting to learn about Windows. Gonna try and skip most of XP—I figure by the time I get to the point where I'm truly comfortable with Windows the world will hopefully be onto 7.

Anyway, are you saying that Windows user accounts generally occupy a level closer to the kernel or other underlying processes, compared to 'nix, which more thoroughly abstracts away the user accounts, thereby protecting both environments?

The reason for my guess there is because I've seen Windows described as nearly functionally unusable if you lock it down with UAC restrictions. But if you open them up to reach a level of personal control, you're vulnerable. Probably an oversimplification.

[JEBB]

mrlynn wrote:

Is anyone here running antivirus/antimalware software on their Macs?


/Mr Lynn

Not me. Only needed for Windows where such programs are essentially automatically installed. I have the firewall on but I'm not really sure that it is needed.