Halfway into a million-file scan, it's another two-plus hours to a clean bill of health

You want your Mac security tools to behave like Columbo, or Inspector Plodder from the play Sleuth. Not the fastest of detectives, but one that will not miss a detail. So it goes with the newest VirusBarrier X6 anti-virus and firewall product from Intego. You can set it and go, but you might as well go far away at first. Its initial inspections will take awhile.

On our 2.83 GHz iMac with 4GB of memory, that was more than four hours to do a full scan of our 150 GB of occupied hard disk. Full scan is a choice that the VirusBarrier setup prods you toward once you complete the easy install. Too bad that it’s so easy to send the tool into such thorough paces. VB X6 skips over the “check my malware file for updates” stop, so you notice that your file is “35 days out of date” amid a lengthy scan. We’d lead a user into NetUpdate, the VB checker for updated files, before starting a scan. This is also an “install and force a restart” program, not among our favorites.

A complete scan can be a once-in-a-great-while event, however. VB X6 has got one-0ff scan options for fresh files, or scan the folder, or whatever you want to drag onto nifty interface. The inspector is thorough enough to try to catch malicious scripts, the latest ploy in penetrating you Mac’s defenses. We were glad to see attention paid to a very long list of intrusion techniques like this. Drive-by attacks come out of scripts. You have to hope the malware file gets freshened up plenty to believe VB gets the job done. There’s good reason to believe it’s about 30 days or so between updates. Read the rest of this entry »

Editor’s Note: Our certified security expert Steve Hardwick reported on a insidious style of hacker attack, one that can infect Macs as well as the Windows world where he works everyday. Here at Bites HQ we use the Intego Software suite (NetBarrier and VirusBarrier) for anti-virus protection. Intego just rolled out X6 versions to protect against newer-style attacks. We’ll see once we complete our testing what’s been added.

Meantime, be careful where you browse in the course of your business. Steve got attacked while shopping for business travel at Expedia. You should always look extra closely at any dialog box on the Mac that advises you to update for security reasons. Apple’s software will never use this language, just advise you an available software update.

By Steve Hardwick, CCISP

Should you be worried about a Web drive-by attack? First off, what is it?

Most Internet users are not familiar with the concept of a Web drive-by attack. The one I recently encountered was scary because of its simplicity and how it preys on security fears. It also underlines how easy it is to create attacks that are targeted to specific operating systems. Mine took place in Windows, but it would be easy enough to target the Mac OS, too.

To be able to infect a computer in a drive-by, the hacker has to trick the end user into loading a piece of malicious code. In the past this was done using e-mail attachments and other applications that were used for file transfer. However there is a growing threat where your Web browser (Firefox, Safari) is used to trick you into downloading and running the virus code. Here is a walkthrough on what I recently encountered as it gives a good understanding of this type of attack. (For anyone who wants a much more in-depth explanation, Virus List is great site to visit.)

I was going to various sites, trusted sites that I have used in the past without any problems. As I arrived at Expedia.com, one of my favorite travel sites to look at air fares, the following screen popped up. When I saw it, my first thought was that I had a virus on my system.

The screen displayed on top of the browser looked identical to Microsoft Forefront Client Security interface, which is the antivirus software (A/V) installed on my PC. Even the progress bars moved on the display and the virus list was populated. To all intents and purposes it looked and felt like I had a bad case of several viruses on my system. After the virus list had been completed I got the two more screens.

Fortunately I am well-versed in security products. As soon as I was asked to run a program outside of my A/V application the alarm bells started to ring. I also noticed that the file had been downloaded to my PC from a Web site I did not recognize. This is not usual behavior for an anti-virus program. So I decided to hit cancel. When I tried to close any screen I saw the screen above.

Now I was definitely concerned.

Read the rest of this entry »

Using Windows software on a Mac is as simple as installing one of three tools: Nova Development’s Parallels, VMWare’s Fusion, or Apple’s Boot Camp. But of these three, only Parallels and Fusion supply the essential anti-viral component that every Windows installation requires.

This month I’ve installed the latest Version 5 of Parallels, as well as a trial copy of Fusion 3, on the Mac I use as a test system. (It’s a Mini with 3GB of memory, one that accesses the Internet though a wireless network port, since the Mini comes with a built-in Airport card. The 3GB is essential, since these Windows emulators suck up memory.) I can report the Fusion installation is smoother and tinkers less with a Mac’s user environment. Fusion uses McAfee anti-virus software, quite the brand name among Windows users. Parallels replies on the Kapersky Anti-Virus suite. Parallels seems to offer a half-dozen ways of using Windows alongside your Mac environment, but this slight of hand goes so far as to install folders on your Dock to speed up access to Windows programs. This trick erased a couple of useful Dock icons for my databases on the Mac side, demonstrating that Parallels Version 5 is like so many other versions of the software: buggy, with lots of fixes (long downloads) needed for stability.

Another thing that gets tricky about using these products is the constant updating that Windows users endure. Microsoft seems to add patches on a weekly basis to Windows (I use XP Home, very affordable) — so if your Windows use is infrequent, every startup of these environments will include downloads and restarts to get Windows into a secure state.

The anti-viral tools need their own updates religiously, too. This is a separate set of updates. In my tests I’ve found there’s an order to be recognized here: get the anit-virals updated first, even though Windows will ask you to restart itself before the anti-virals get their updates downloaded.

The process of running Windows on a Mac, essential for any programs you may need for your business that don’t have Mac versions, is an eye-opener about security. Don’t believe the Apple commercials about viruses, no matter how entertaining they are: Macs run on a variant of Unix, an operating system with plenty of security holes. Visiting the Windows world with Parallels or Fusion makes you aware how lucky we Mac users are, simply because there are fewer of us. We present a smaller target to the virus hackers, so we enjoy Security by Obscurity. Read the rest of this entry »