Trojans, viruses, worms: How does malware get on PCs and Macs?

Trojans, viruses, worms: How does malware get on PCs and Macs?

Summary: What's the best way to deal with malicious software on PCs and Macs? You can't answer that question until you know how malware gets installed in the first place. Here's a reality check.

SHARE:

<-- Previous page

What's a virus, anyway?

I’ve been writing about Windows security since before the turn of the millennium. Every edition in the Windows Inside Out series of books, starting in 2001, has had a lengthy section on security. Back in 2002, I co-wrote Microsoft Windows Security Inside Out for Windows XP and Windows 2000.

In every previous edition, the section on malicious software started with a lengthy glossary, explaining the differences between viruses, worms, Trojans, spyware, and other esoteric terms.

For the Deluxe Edition of Windows 7 Inside Out that went to the printer this week, I ditched that section completely. In 2011, those lines have become so blurred as to be practically meaningless.

Microsoft’s most recent security report lists threat categories by family. (The totals add up to more than 100% because some variants fall into multiple categories.)

Category % Detected
Misc Trojans 31.6%
Misc Potentially Unwanted Software 25.5%
Worms 24.4%
Trojan Downloaders and Droppers 20.1%
Adware 17.4%
Password Stealers & Monitoring Tools 11.7%
Exploits 7.1%
Backdoors 6.6%
Viruses 5.9%
Spyware 0.6%

You’ll find viruses down at the bottom of the list, just above spyware, which was a very big deal in 2005 but is practically nonexistent now.

I asked Microsoft for details on what exactly was included in the Viruses category, and they were kind enough to provide a list that wasn't in the original report. Interestingly, the two entries at the top of the category were already on the top 10 list. Some variations of the Alureon and Frethog Trojans can be technically classed as viruses, because they inject code into system files as part of the infection process.

I found the last entry on the Top 10 Viruses of 2010 list even more interesting. Microsoft’s virus encyclopedia goes on for page after page with variants of malware in the Delf family. It starts with Adware:Win32/Delf and continues over 40 pages until Worm:Win32/Delf.ZAB. That’s 2,359 variations from a single obscure family, covering just about every category in the malware universe.

And there’s the numbers game in a nutshell. I saw a headline from someone today marveling at the fact that there are 67,000 new threats aimed at Windows every day. Well, that’s only sorta kinda true. Most of those “new threats” are microscopic variations on an existing one, cranked out on the fly by automated malware toolkits that have learned how to slide past signature-based antivirus software.

And so we come full circle. Although it’s an odd way to look at things, malware is actually a market. An unfortunately healthy, thriving market. On the PC side, it’s large and mature, with reasonably skilled coders cranking out malicious product quickly, and an army of white hats well equipped to deal with them.

In the Mac universe (and in Android-land too), the malware market has only just begun to take off. The opportunities for malware developers on new platforms are practically endless. So, unfortunately, are the challenges for those who have to fight them off.

The good news about the bad guys is that they’ll be using a very predictable playbook. Those in the Mac security business who are willing to learn hard-won lessons from their PC counterparts will find life considerably easier. Those who insist that Macs and PCs are fundamentally different are in for a rude shock.

Topics: Security, Apple, Hardware, Malware, Windows, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

271 comments
Log in or register to join the discussion
  • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

    My father-in-law still doesn't get it when I explain about "viruses" for Windows. He's just damn lucky he doesn't have an Intel Mac ;)
    Imrhien
    • Still there is no non-laboratory scenario of getting a virus on a Mac, and

      @Imrhien: ... the trojans Edward talks about only work when user intentionally and voluntary installs (even if installer autostarts, it can not do anything on its own) them. But, before that, user has to believe that he/she got "a virus", what is practically not a real-life scenario. So there are no serious chances for these trojans to be installed on Macintoshes since the "phishing" trick is not really believable.<br><br>And, even if user is clueless or reads for years all of these articles about how Macintosh is the same as PCs and believes that he/she got "a virus", and installs this "Mac Defender" which promises to cure the computer, then still he/she has to be clueless twice, since the following trick is when "Mac Defender" tells that it lied and it will not cure the computer until user would pay for full version. And even then user has to be clueless thrice to pay money for application he/she neither ever heard about it, nor checked it out.<br><br>Seriously, it is three level of cluelessness -- no wonder the cases of problem are so microscopic in scale of Macintosh's fifty five million installed base.
      DDERSSS
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @DeRSSS The trouble with both Macs and PCs is that they rely on people. People are inherently the weak link in any security system. If you believe that it can never happen to you because 1) You are smart., and/or 2)Because you bought a Mac. Good luck!
        bobfastner
      • Yeah, and Ed tells us the same thing ...

        @DeRSSS ... when he states ...

        "The overwhelming majority of malware is installed by the victim, who is fooled by social engineering."

        Whether it is Windows malware or Macintosh malware, it cannot get in if you don't let it!
        M Wagner
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @DeRSSS
        Well then with that reasoning, it is probably a LOT easier to get a virus on MAC since most of the userbase buys them because they ARE in fact clueless when it comes to computers. That is why they buy them isn't it? So they have to learn less about how it all actually works and they can be further entrenched into the Apple Eco(distortion field) system?
        JimmyFal
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @DeRSSS

        Your points are all valid. Imrhien and others don't realize this has nothing to with someone not having a PC or having a PC. It's about ignorance in the user and nothing more. I work on both PC and Mac at work and user beware is the appropriate response.
        spikedstrider
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @DeRSSS
        If a Mac user REALLY believes that Macs are totally immune to every and any kind of malicious software, then that becomes like a self-fulfilling prophecy. Indeed, the Mac of such a user will never get infected, because a user who has such faith in the Mac will never click on any "your computer is infected" message, because by definition, Macs can't get infected by anything.
        arminw
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @DeRSSS

        It sounds as if you do not directly support end users, whether they are friends and family or in a business environment.

        If you did, you would be well aware that users are clueless. As Ed points out in his post, security breaches that are the direct result of vulnerabilities in the OS have been on the decline for years - the most dangerous and abundant threat is any type of malware that relies on social engineering. It is because of clueless users that they are so wide spread.

        And most importantly of all, <b>Mac users are not by default more educated, tech savvy, or immune to social engineering.</b> It is exactly the "I'm immune because I use a MAC, therefore I can stick my head in the sand" mentality that the creators of Mac Defender were targeting, and many of you fell for it!
        smtp4me@...
      • @JimmyFal

        You do realize that most Mac buyers have bought or used Windows computers in the past, right? So tell me how a user is more clueless buying a Mac than he was when he owned a Windows machine?
        fr_gough
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @DeRSSS

        If all it takes is clueless users, it is amazing to me that infections aren't more common.
        DLClark
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @DeRSSS you fail to realize that many windows and mac trojans are obtained on a hijacked website that is trusted by the user, it doesnt matter if the executable is called "fluffy puppies.exe" or "i will kill you and your family with a rusty spoon.zip.exe.7z" if that pops up on your favorite news website like usatoday or your local news website, then many people will allow it, and who said that all mac trojans/virus'/malware tell you that they are anti malware, i fixed my aunt's computer after she downloaded and installed something that said it was an addon for iMovie, it wasn't.
        Feds Against Guns
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @fr_gough
        """You do realize that most Mac buyers have bought or used Windows computers in the past, right? So tell me how a user is more clueless buying a Mac than he was when he owned a Windows machine? """

        Because they just paid twice as much money for a computer that still gets viruses. And most people go from the 10 year old XP to a brand new MAC, and are still complaining about a 10 year old OS, 10 years after it was created. I fix pc's for a living. The virus calls on Windows 7 are far and few between. And REALLY easy to get rid of when it does happen. I can talk any user through it over the phone in about 10 minutes.

        Windows 7 is pretty darn easy to use as well. Every bit as easy as a MAC. I'll give you a pass on the Pads and the Pods, because they dont' look or act like anything MAC OS.

        So now the argument isn't about Windows getting infected. It's about price. And anyone that pays double or more to check their email, is by definition, clueless.
        JF
        JimmyFal
      • even if installer autostarts, it can not do anything on its own

        @DeRSSS
        That is not my experience. I clicked on the 3rd result of a Google search, on a link that looked legit, and I could do nothing to stop the trojan from installing itself 12 times on my laptop! And apparently Mac users now have the same problem. Now, my Linux machine is a different story....
        danindenver
      • Oh Special Eddie... Wrong again... As usual...

        "If you install security updates regularly, your risk of being affected by a drive-by download is virtually zero."

        Wrong again brainiac... Updates are 99.5% reactive, it is extremely rare that they are ever proactive... Those updates come weeks, sometimes months after threats have been spreading in the wild... The known threats are easy... It's the unknown threats that are more dangerous, they can quietly do damage until they are discovered.

        So rephrase that lame statement you made to the following:

        If you install security updates regularly, your risk of being affected by a KNOWN drive-by download is virtually zero.

        The only way you are going to get proactive protection is with white listing or freezing the PC... And you might as well be completely honest, only a Windows PC is vulnerable to drive-by downloads, they are indigenous to Windows.
        i8thecat3
      • spin

        @DeRSSS
        of course ed is lying - as always. he even contradicts himself in one sentence: "The Mac Defender gang already proved they can sidestep the requirement to enter an Administrator password. They already convinced tens of thousands of victims to install a small program..."

        how is that "small program" installed on a mac without entering an administrator password, ed? right, not possible. absolutely not possible.

        it is a trojan, a simple trojan. as there have been trojans on the mac for ages. nothing about this mac defender thing is new, or more serious no matter how hard ed tries to spin it. a user has to download if by hand from the internet and type in his administrator password to install it.

        please ed, i know you get desperate, your mothership in redmond is sinking. but stop the laughable spin. just jump ship, become a google enthusiast or samsung or whatever and stop the ms defending lunacy please.
        bannedfromzdnetagainandagain
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @DeRSSS How delish. Ed says the kneejerk reaction from Apple fanboies is "Macs don't get viruses, and even if they did, only morons would get them," and here you are. Virus, worm, trojan -- who cares. Macs get malware.
        Vesicant
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @DeRSSS <a href="http://www.facebook.com/notes/black-friday-deals/nikon-lens-black-friday-sale-2011-black-friday-nikon-lens-deals-2011/253684421351007">black friday nikon lens</a>
        <a href="http://www.facebook.com/notes/black-friday-camera/black-friday-camcorder-sale-camcorder-black-friday-deals-black-friday-camcorder-/250683621650695">black friday canon lens</a>
        <a href="http://www.facebook.com/notes/black-friday-camera/black-friday-canon-lens-sale-canon-lens-black-friday-deals-black-friday-canon-le/250682674984123">black friday camcorder</a>
        <a href="http://www.facebook.com/notes/black-friday-camera/black-friday-camcorder-sale-camcorder-black-friday-deals-black-friday-camcorder-/250683621650695">camcorder black friday</a>
        <a href="http://www.facebook.com/notes/black-friday-camera/black-friday-canon-lens-sale-canon-lens-black-friday-deals-black-friday-canon-le/250682674984123">canon lens black friday</a>
        <a href="http://www.facebook.com/notes/black-friday-camera/nikon-d5100-black-friday-sale-black-friday-nikon-d5100-2011-nikon-d5100-black-fr/250710044981386">Nikon D5100 Black Friday</a>
        <a href="http://www.facebook.com/notes/black-friday-camera/black-friday-nikon-d7000-sale-nikon-d7000-black-friday-2011-black-friday-nikon-d/250717538313970">Black Friday Nikon D7000</a>
        <a href="http://www.facebook.com/notes/black-friday-camera/black-friday-nikon-d3100-sale-nikon-d3100-black-friday-deals-black-friday-nikon-/250723248313399">Black Friday Nikon D3100</a>
        delpi99
    • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

      The difference between Pc and Mac is how each company deals with the problem. In case of Microsoft, they initially ignored the problem letting third party anti-virus companies to deal with it. What happened was that the user experience suffered, full hard drive scans, slowdowns, interruptions and so on. That caused a great damage to the brand and the user experience.<br><br>I think that Apple will deal with the problem differently, providing virus protection seamlessly like they do all their software. Apple also has the option to allow installs only from the App Store or at least set that option as default.<br><br>My prediction is that viruses will be a much smaller problem for Mac users than people like Ed try to convince you...
      prof123
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @prof123
        "Apple also has the option to allow installs only from the App Store or at least set that option as default."

        Oh yeah, that'll work great.

        Apple really shouldn't allow people to run MS Office or Adobe PhotoShop. Or any actual big brand software.

        Yup, great ideia!
        CarlitosLx
      • RE: Trojans, viruses, worms: How does malware get on PCs and Macs?

        @prof123
        It's great being forced to only be able to buy software from the app store. Or not, I happen to like buying my software anywhere I want. It's that kind of thinking that will drive away consumers in the future. Apple has made many great strides so why ruin it with a communist tactic?
        kenpofighta@...