Trojans, viruses, worms: How does malware get on PCs and Macs?

Trojans, viruses, worms: How does malware get on PCs and Macs?

Summary: What's the best way to deal with malicious software on PCs and Macs? You can't answer that question until you know how malware gets installed in the first place. Here's a reality check.

SHARE:

The hardest part of talking about computer security is getting everyone to agree on the nature of the problem. It’s especially frustrating when you’re trying to weigh the pros and cons of different strategies with someone whose view of the PC security landscape is outdated and inaccurate.

Case in point: What’s the best way to deal with malicious software on PCs and Macs?

You can’t answer that question—you can’t even start talking about it—until you know how malware gets installed in the first place. And there’s where the disconnect begins.

Judging from the reactions to my recent posts on OS X and malware, the Mac community has a pretty consistent collective understanding of how computer security works. Their worldview is based on opinions that might have been close to the mark in 2004 or 2005 but are just plain wrong in 2011.

They think, incorrectly, that Windows is inherently insecure. They assume, with no support, that large numbers of PC users are infected every year just by visiting websites or opening e-mails. And they believe, sincerely but also incorrectly, that OS X is inherently secure and that they are basically immune as long as they avoid doing stupid things.

Here’s the reality, for PCs and Macs:

  • The traditional labels for malware categories—viruses, worms, Trojans, and so on—aren’t nearly as meaningful as they were 10 years ago.
  • If you install security updates regularly, your risk of being affected by a drive-by download is virtually zero.
  • A very small number of malware families account for virtually all malware infections.
  • The overwhelming majority of malware is installed by the victim, who is fooled by social engineering.

Much of the discussion I read comes down to shorthand, like this: “There's malware [on Macs], yes. No viruses though.”

I have read variations on this theme over and over again in the Talkback section of this blog recently:

Mac Defender is NOT a virus. ... Mac OS X has ALWAYS been free of viruses... as opposed to Windows which has hundreds of thousands of viruses and new ones coming each day.

Indeed, that obsession with the word virus is a recurring theme in Apple’s support forums. Search for the phrase “there are no viruses” at discussions.apple.com and you’ll find plenty of examples, like this one from January 2011:

There are no viruses that run on OSX. None. Zip. Zero.

There is some "malware," such as Trojans, for Macs, though. But (unlike viruses that can get onto your system without your knowledge), you must approve their installation (via your Admin password) and/or operation (via the "This application was downloaded from the internet ..." prompt).

Sorry, but that’s not true. The Mac Defender gang already proved they can sidestep the requirement to enter an Administrator password. They already convinced tens of thousands of victims to install a small program that then downloads and installs additional malware without any user interaction. And it’s just a matter of time and financial motivation before they begin whacking at vulnerabilities in OS X.

And categories don’t matter. These days, actual viruses are almost unheard of. Melissa, back in the late 1990s was a real virus, the kind that copied itself to documents and spread via e-mail. Today, security professionals are more interested in what a particular family of malicious code does. The delivery mechanism is usually separate.

If this were simply a matter of semantics, I would let it slide. But it’s not. The obsession with these technical labels reflects a dangerously outdated view of computer security. If you can’t see past those labels and get an accurate view of the current threat landscape, you won’t be able to make smart, informed decisions for yourself or for others.

Or, put another way: We can’t even have a discussion if one side thinks the world is flat and the other thinks it’s round.

So let me give you the lay of the security landscape that PCs and Macs share in 2011, starting with how malware gets on PCs and Macs in the first place.

Page 2: Where does malware come from? -->

Topics: Security, Apple, Hardware, Malware, Windows, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

272 comments
Log in or register to join the discussion
  • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

    My father-in-law still doesn't get it when I explain about "viruses" for Windows. He's just damn lucky he doesn't have an Intel Mac ;)
    Imrhien
    • Still there is no non-laboratory scenario of getting a virus on a Mac, and

      @Imrhien: ... the trojans Edward talks about only work when user intentionally and voluntary installs (even if installer autostarts, it can not do anything on its own) them. But, before that, user has to believe that he/she got "a virus", what is practically not a real-life scenario. So there are no serious chances for these trojans to be installed on Macintoshes since the "phishing" trick is not really believable.<br><br>And, even if user is clueless or reads for years all of these articles about how Macintosh is the same as PCs and believes that he/she got "a virus", and installs this "Mac Defender" which promises to cure the computer, then still he/she has to be clueless twice, since the following trick is when "Mac Defender" tells that it lied and it will not cure the computer until user would pay for full version. And even then user has to be clueless thrice to pay money for application he/she neither ever heard about it, nor checked it out.<br><br>Seriously, it is three level of cluelessness -- no wonder the cases of problem are so microscopic in scale of Macintosh's fifty five million installed base.
      DDERSSS
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @DeRSSS The trouble with both Macs and PCs is that they rely on people. People are inherently the weak link in any security system. If you believe that it can never happen to you because 1) You are smart., and/or 2)Because you bought a Mac. Good luck!
        bobfastner
      • Yeah, and Ed tells us the same thing ...

        @DeRSSS ... when he states ...

        "The overwhelming majority of malware is installed by the victim, who is fooled by social engineering."

        Whether it is Windows malware or Macintosh malware, it cannot get in if you don't let it!
        M Wagner
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @DeRSSS
        Well then with that reasoning, it is probably a LOT easier to get a virus on MAC since most of the userbase buys them because they ARE in fact clueless when it comes to computers. That is why they buy them isn't it? So they have to learn less about how it all actually works and they can be further entrenched into the Apple Eco(distortion field) system?
        JimmyFal
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @DeRSSS

        Your points are all valid. Imrhien and others don't realize this has nothing to with someone not having a PC or having a PC. It's about ignorance in the user and nothing more. I work on both PC and Mac at work and user beware is the appropriate response.
        spikedstrider
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @DeRSSS
        If a Mac user REALLY believes that Macs are totally immune to every and any kind of malicious software, then that becomes like a self-fulfilling prophecy. Indeed, the Mac of such a user will never get infected, because a user who has such faith in the Mac will never click on any "your computer is infected" message, because by definition, Macs can't get infected by anything.
        arminw
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @DeRSSS

        It sounds as if you do not directly support end users, whether they are friends and family or in a business environment.

        If you did, you would be well aware that users are clueless. As Ed points out in his post, security breaches that are the direct result of vulnerabilities in the OS have been on the decline for years - the most dangerous and abundant threat is any type of malware that relies on social engineering. It is because of clueless users that they are so wide spread.

        And most importantly of all, <b>Mac users are not by default more educated, tech savvy, or immune to social engineering.</b> It is exactly the "I'm immune because I use a MAC, therefore I can stick my head in the sand" mentality that the creators of Mac Defender were targeting, and many of you fell for it!
        smtp4me@...
      • @JimmyFal

        You do realize that most Mac buyers have bought or used Windows computers in the past, right? So tell me how a user is more clueless buying a Mac than he was when he owned a Windows machine?
        fr_gough
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @DeRSSS

        If all it takes is clueless users, it is amazing to me that infections aren't more common.
        DLClark
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @DeRSSS you fail to realize that many windows and mac trojans are obtained on a hijacked website that is trusted by the user, it doesnt matter if the executable is called "fluffy puppies.exe" or "i will kill you and your family with a rusty spoon.zip.exe.7z" if that pops up on your favorite news website like usatoday or your local news website, then many people will allow it, and who said that all mac trojans/virus'/malware tell you that they are anti malware, i fixed my aunt's computer after she downloaded and installed something that said it was an addon for iMovie, it wasn't.
        Feds Against Guns
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @fr_gough
        """You do realize that most Mac buyers have bought or used Windows computers in the past, right? So tell me how a user is more clueless buying a Mac than he was when he owned a Windows machine? """

        Because they just paid twice as much money for a computer that still gets viruses. And most people go from the 10 year old XP to a brand new MAC, and are still complaining about a 10 year old OS, 10 years after it was created. I fix pc's for a living. The virus calls on Windows 7 are far and few between. And REALLY easy to get rid of when it does happen. I can talk any user through it over the phone in about 10 minutes.

        Windows 7 is pretty darn easy to use as well. Every bit as easy as a MAC. I'll give you a pass on the Pads and the Pods, because they dont' look or act like anything MAC OS.

        So now the argument isn't about Windows getting infected. It's about price. And anyone that pays double or more to check their email, is by definition, clueless.
        JF
        JimmyFal
      • even if installer autostarts, it can not do anything on its own

        @DeRSSS
        That is not my experience. I clicked on the 3rd result of a Google search, on a link that looked legit, and I could do nothing to stop the trojan from installing itself 12 times on my laptop! And apparently Mac users now have the same problem. Now, my Linux machine is a different story....
        danindenver
      • Oh Special Eddie... Wrong again... As usual...

        "If you install security updates regularly, your risk of being affected by a drive-by download is virtually zero."

        Wrong again brainiac... Updates are 99.5% reactive, it is extremely rare that they are ever proactive... Those updates come weeks, sometimes months after threats have been spreading in the wild... The known threats are easy... It's the unknown threats that are more dangerous, they can quietly do damage until they are discovered.

        So rephrase that lame statement you made to the following:

        If you install security updates regularly, your risk of being affected by a KNOWN drive-by download is virtually zero.

        The only way you are going to get proactive protection is with white listing or freezing the PC... And you might as well be completely honest, only a Windows PC is vulnerable to drive-by downloads, they are indigenous to Windows.
        i8thecat3
      • spin

        @DeRSSS
        of course ed is lying - as always. he even contradicts himself in one sentence: "The Mac Defender gang already proved they can sidestep the requirement to enter an Administrator password. They already convinced tens of thousands of victims to install a small program..."

        how is that "small program" installed on a mac without entering an administrator password, ed? right, not possible. absolutely not possible.

        it is a trojan, a simple trojan. as there have been trojans on the mac for ages. nothing about this mac defender thing is new, or more serious no matter how hard ed tries to spin it. a user has to download if by hand from the internet and type in his administrator password to install it.

        please ed, i know you get desperate, your mothership in redmond is sinking. but stop the laughable spin. just jump ship, become a google enthusiast or samsung or whatever and stop the ms defending lunacy please.
        bannedfromzdnetagainandagain
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @DeRSSS How delish. Ed says the kneejerk reaction from Apple fanboies is "Macs don't get viruses, and even if they did, only morons would get them," and here you are. Virus, worm, trojan -- who cares. Macs get malware.
        Vesicant
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @DeRSSS <a href="http://www.facebook.com/notes/black-friday-deals/nikon-lens-black-friday-sale-2011-black-friday-nikon-lens-deals-2011/253684421351007">black friday nikon lens</a>
        <a href="http://www.facebook.com/notes/black-friday-camera/black-friday-camcorder-sale-camcorder-black-friday-deals-black-friday-camcorder-/250683621650695">black friday canon lens</a>
        <a href="http://www.facebook.com/notes/black-friday-camera/black-friday-canon-lens-sale-canon-lens-black-friday-deals-black-friday-canon-le/250682674984123">black friday camcorder</a>
        <a href="http://www.facebook.com/notes/black-friday-camera/black-friday-camcorder-sale-camcorder-black-friday-deals-black-friday-camcorder-/250683621650695">camcorder black friday</a>
        <a href="http://www.facebook.com/notes/black-friday-camera/black-friday-canon-lens-sale-canon-lens-black-friday-deals-black-friday-canon-le/250682674984123">canon lens black friday</a>
        <a href="http://www.facebook.com/notes/black-friday-camera/nikon-d5100-black-friday-sale-black-friday-nikon-d5100-2011-nikon-d5100-black-fr/250710044981386">Nikon D5100 Black Friday</a>
        <a href="http://www.facebook.com/notes/black-friday-camera/black-friday-nikon-d7000-sale-nikon-d7000-black-friday-2011-black-friday-nikon-d/250717538313970">Black Friday Nikon D7000</a>
        <a href="http://www.facebook.com/notes/black-friday-camera/black-friday-nikon-d3100-sale-nikon-d3100-black-friday-deals-black-friday-nikon-/250723248313399">Black Friday Nikon D3100</a>
        delpi99
    • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

      The difference between Pc and Mac is how each company deals with the problem. In case of Microsoft, they initially ignored the problem letting third party anti-virus companies to deal with it. What happened was that the user experience suffered, full hard drive scans, slowdowns, interruptions and so on. That caused a great damage to the brand and the user experience.<br><br>I think that Apple will deal with the problem differently, providing virus protection seamlessly like they do all their software. Apple also has the option to allow installs only from the App Store or at least set that option as default.<br><br>My prediction is that viruses will be a much smaller problem for Mac users than people like Ed try to convince you...
      prof123
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @prof123
        "Apple also has the option to allow installs only from the App Store or at least set that option as default."

        Oh yeah, that'll work great.

        Apple really shouldn't allow people to run MS Office or Adobe PhotoShop. Or any actual big brand software.

        Yup, great ideia!
        CarlitosLx
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @prof123
        It's great being forced to only be able to buy software from the app store. Or not, I happen to like buying my software anywhere I want. It's that kind of thinking that will drive away consumers in the future. Apple has made many great strides so why ruin it with a communist tactic?
        kenpofighta@...