Do you think your Mac is immune to malware infections? If you said Yes, you would be wrong. Although there may not be as much malware for a Mac as there is for Windows, you should still not be caught sleeping.
According to the Security firm Sophos, from November 2nd to November 16th 2010, their Sophos Anti-Virus for Mac Home Edition collected some 50,000 malware reports (This is based on an approximate 150,000 users).
Note that some of the above mentioned malware will just not run on a Mac, but there are some that will. For instance the DNS Changer and OSX/Jahlav are some specific examples of infections that you want to remove from you system right away. Some people make take this lightly as they have the idea stuck in their head that their Mac cannot be infected….but guess what it can.
My recommendation to anyone that owns a computer or mobile device is to protect yourself. Any device connected to the internet whether it be 3G, Wi-Fi, or on your LAN can be infected. Hopefully you do the right thing and I don’t have to say I told you so.
Having good anti-virus is a must, it is not a benefit. That being said there are a several on the market right now that you cannot trust. Microsoft has done a soft-released Microsoft Security Essentials 2.0 (free, direct) last month with little fanfare. Technically the product name is still just Microsoft Security Essentials, but the box shows a version number beginning with 2.0. This version has a few new features which is okay I suppose, nothing out of the ordinary. It can automatically ensure firewall protection by enabling Windows Firewall if necessary. In Windows Vista and Windows 7, Microsoft Security Essentials’ new network inspection system adds specific protection against network-based attacks. The app also claims better malware-fighting skills, though in my testing it seemed little improved. Last year AV-Test (http://av-test.org) evaluated a collection of antivirus products under Windows XP and under Windows 7. They rated each product for protection, usability, and ability to repair malware damage, with six points available in each area and a total of 12 needed for certification. Under Windows 7, Microsoft Security Essentials made the cut with 14 points, not far behind the 16 points achieved by top scorers Norton AntiVirus 2011 ($39.99 direct, 4.5 stars), Kaspersky Anti-Virus 2011 ($59.95 direct for three licenses, 3.5 stars), and Panda Antivirus Pro 2011 ($50.95 direct for three licenses, 3.5 stars). Windows XP test, Microsoft took just 11.5 points, not enough for certification. It score high for usability but low for protection and repair.
Installation and Cleanup: Installing an antivirus on my thirteen malware-infested virtual machines can be an arduous task. Some products take a long time to install and update; others won’t even install due to self-defense by malware. Microsoft Security Essentials didn’t give me any trouble; it installed quickly and smoothly. Microsoft Security Essentials’ real-time protection system detected active malware right away and popped up a simple warning box with a button offering to clean the computer. There’s a link to get details; clicking it also offers a chance to change the disposition for the found threat.
The real-time cleanup involves a mini-scan that frequently ends with a request to reboot. The product necessarily turns on automatic updates, so if for some reason you’ve been putting off updates you’ll be in for a lengthy session during that first reboot. At installation, the product schedules a weekly quick scan. You can change the schedule and the type of scan, if desired. By default the scheduled scan restricts itself to using 50 percent of CPU resources. That doesn’t affect on-demand scans, though. In testing, a full scan took over 50 minutes regardless of the CPU setting, which is about twice the average of recent products. A repeat scan came in under 25 minutes. For most found threats, Microsoft Security Essentials simply takes the necessary remediation action, though it will occasionally ask permission to remove low-risk items like adware. At the end of a scan it reports that it finished; you can click the History tab to see what it did. Microsoft Security Essentials detected 89 percent of the rootkit samples. That’s good, but more than half of the recent antivirus products detected 100 percent.
I would rate this product a 6 out of 10 for performance and accuracy.
When dealing with malware and viruses on Windows systems, often one tool is not sufficient. You may need to expand your tool set to include multiple applications in order to effectively clean off an infection or threat.
- Turn off System Restore. This can be done in the System control panel. Don’t forget to turn it back on when you’re finished!
- Clear temporary internet files (IE cache) for all profiles. If you’re only dealing with a single-user computer, this is easily accomplished with the Internet Options control panel. If multiple users login to the infected computer, rather than manually deleting for each user, you can use ICSweep to view and delete the IE cache for all users. Originally designed for terminal server environments, ICSweep works well on desktop operating systems, too. You can download it here: http://www.ctrl-alt-del.com.au/CAD_TSUtils.htm
- CCleaner is also effective at cleaning out the IE cache, but only for the currently logged in user. http://www.piriform.com/
- Boot the computer into Safe Mode with Networking, if possible, and launch your anti-spyware application. Safe Mode prevents many unwanted services & processes from running, but if you use the networking version, you can still update the definitions for your apps. However, this isn’t always possible, depending on the nature of the infection, so you may need to boot to Safe Mode (with no networking) and manually update from another source (eg. USB drive).
- I have had success using Malwarebytes’ quick scan for basic infection & removal. http://www.malwarebytes.org/. Recently, I’ve found Hitman Pro to be very effective in detecting and removing root kits and boot sector viruses, such as Alureon. http://www.surfright.nl/en/hitmanpro
- You may need to boot to a CD, or use another method to scan externally, if you’ve got something that’s really entrenched. There are many Linux-based “Live” CD images available for free download: http://www.knoppix.net/ or you can manually create your own Windows Preinstallation Environment (PE) CD http://technet.microsoft.com/en-us/library/cc766093%28WS.10%29.aspx Microsoft’s Diagnostic & Recovery Toolset (DaRT) includes ERD Commander disc images, and also includes Microsoft Security Essentials for offline scanning.