Silicon Shecky

Ed Bott (@edbott Twitter) at ZDNet has been feeling the wrath for the MacFanatics after he reported, “According to a report from a Danish IT security company, an underground group has completed work on a fully operational kit specifically designed to build malware aimed at the Mac OS platform. ”

Lets get some things straight. I’m not a Mac person. I think its a nice Operating System, and has its place out there, but I think the Cult of Mac, just like the Cult of <insert favorite OS here> needs a reality check. There are good and bad point to every OS, and each one shines in its own way. Microsoft is still the most popular, Linux is great for older or less powerful desktops, and Mac is fantastic for Graphics. It is what it is. Security wise, all of them have their plus and minuses. Any sane person knows that no OS is completely secure, and all can have viruses. So why when a report about one for Mac, let alone a kit to make more, comes out that many Mac Fanatics have to start attacking the report as a FUD (Fear, Uncertainty, Doubt) campaign?

The story I am referring to is written by Ed Bott, in his Microsoft Report Blog on ZDNet. “Crying Wolf? Apple Support Confirms Malware Explosion,” is a well put together article. It references multiple sources, and does a good job of defensing his original post from May 2 about the possibility of more Mac Malware coming. The Mac Fanatics tend to disagree, and do so in a lot of unprofessional ways in the talkback section of the article. Heck a lot of the deny the current malware even exists.

Let us pose a simple question. If 1 million people get a disease one year, and 100 million get it the next year, would that be considered an outbreak? Most people would say so. 100 time more infections. Yet according to a supposed number (which I cannot verify), there were 2 mac infections last year, and the new malware has 200 infections. That is the same 100 times increase. That is still a significant rise in the number of infections. Is it the end of the world? No. Does it mean that Mac users are as gullible to social engineering as Windows users? Yes.

In fact, being a SMB Consultant, 95% of the virus infections I deal with on a daily basis are socially engineered. Through Facebook, ads, e-mails, doesn’t matter, the end user has to do something to get infected.

Mac has been known for its security. I remember a long time ago when Mac Servers were basically unhackable. Times have changed though. the last 3 PWN TO OWN conventions, Apple’s vaunted OS has fallen, and fallen fast (even when they have patched right before the competition). In 2009, it was reported about the first Mac Zombie Botnet was active. Let see, to become a zombie on a botnet they have to hack your machine, and/or usually slip a rootkit and a trojan on it. That would be considered malware.

The evidence has shown that Mac isn’t as secure as it used to be. Its the way things are. Get over it and act like adults when debating things. I’ve had debates with Ed over his Microsoft slant in the past, but he does slam Microsoft a lot also. His blog is like this blog on more well known. Its news mixed with opinion. Take it or leave it, but as one talkback comment reminded people, the end of The Boy Who Cried Wolf finished with the wolf actually showing up and causing damage.

So as the malware war continues, I have found that the fake AV virus learned a new trick or two. The latest version I dealt with had a new rootkit in it that prevented combofix, malwarebytes and superantispyware from running. Of course it is not smart enough to stop those pieces of software from running if you change the name of their executables.

I suggest using combofix from bleepingcomputers.com first. Download it, rename the executable to comboxif.exe, and do not have it update. The autoupdate will have problems because of the infection. Just download the latest one available and run it.

Once combofix has run, all the other anti-malware programs should run without any issues or needing to rename them.

Back in March, Microsoft announced that Live One Care, a suite of security products, was going the way of the dinosaurs. Vendors such as Symantec and McAffe rejoiced that they didn’t have to go up against the 900 pound gorilla, and everything seemed to be fine with the world. Everything was back in its proper place.

That’s what you thought at least. In reality it has been leaked that Microsoft has been working on an AntiVirus program that will be free, and will be officially announced soon. Morro, as it is being called, is supposed to offer protection from viruses, spyware, trojans, and rootkits. It is also going to be free. Now it will supposedly only compete with software such as the low end offerings from the Major AV vendors, plus items such as the AVG free software out there. The real question is, how will this affect the AV companies, and is this going to be bundled with Windows 7.

Why bundle it with Windows 7? Well, the rumor is that it will be out of beta and on the market near the end of 2009. This puts it in the same time frame as the release of Windows 7 (Oct. 22, 2009). I figure it will come out as a High Priority Update a month after Windows 7 is launched, to try and circumvent the antitrust issues bundling Morro with Windows 7 would cause.

Try as the might though, if Microsoft ties Morro in anyway into Windows there will be antitrust allegations. Honestly, we have seen this sort of behaviour from Microsoft in the past, when it went head to head with Netscape back in the 90′s. Just look at all the lawsuits from that. The difference is that the AV/Security companies do have a lot more resources available to fight Microsoft in the courts.

My big question is this, why must a company such as Microsoft try to be everything? Can’t they learn to focus on the OS and other current offerings without getting into another software area? Add on that you can bet Morro will be heavily targeted by the underworld on the Internet, just because it is Microsoft.

This is something to keep your eyes on.