Tech Tips
My Mac Magazine #40, Aug. ’98

It’s time for the buzzword of the decade: virus. Yes, I know it instills panic and fear into the heart of many, but it shouldn’t. This article will hopefully clue you in to (if not already) the most recent virus on the Mac platform and hopefully dispel a couple myths.

Before getting too far into this article, let me reassure you that there are not that many contagious critters that you can contract on the Mac platform. Windows is a different story and, as you will see later, is a major contributor to the number of viruses on the Mac with the Microsoft Office macro viruses. If it were not for the most recent virus (AutoStart and its variants) this article would almost not be worth writing/reading…

The latest actual virus to reach Macintosh users is the AutoStart “worm”. It is actually a worm and not a virus. What’s the difference? A virus will damage/modify other programs/files to spread itself. A worm, on the other hand, only replicates itself. Technical descriptor notwithstanding, they all can and do perform damage to your computer. This particular critter copies itself to your hard disk, and then tries to copy itself to (virtually) any other volume available to it. The basics of AutoStart is an invisible file on your hard drive named “Desktop Print Spooler” or “DB”. Do not confuse these with the necessary files named “Desktop Printer Spooler” or “Desktop DB” both of which your computer needs to run. The most common ways for this worm to spread is through the AutoPlay feature of QuickTime 2.0 up which will automatically run certain programs upon mounting of the volume containing them. For those not familiar with AutoPlay (of QuickTime) it’s a feature that runs the program from a CD as soon as you insert it in the drive, thus saving you time from finding the actual program. Unless I missed something, this is a feature originating from Windows 95 which is actually useful (those that use Windows-based PCs will understand) on PCs, but not on a Mac. I’ll leave out the specifics for you to read, most of which are available at the following sites:
http://www.macintouch.com/hkvirus
http://www.cert.org
http://www.drsolomon.com

The other heavy hitter on both Mac and Wintel machines are those generated from macros used by Microsoft Office products (particularly Word and Excel). These are the first viruses, I’m aware of, that are actually contained within the document and not the application. Macro viruses, contained within an Office document, run small macro scripts which can potentially damage things. The only real nasty ones (like delete hard drives and such) are on the Windows platform and do not work on the Mac. There are annoying ones, such as those that force you to save every document as a template (hence, a new copy every time you hit ‘Save’) which I’ve hit on the Mac several times. I’ve seen infection occur for receiving an attachment via email that, after the attached document was opened, infected the machine. The sources listed above are good starting points if you desire more information on the macro viruses.

Ah, now that I’ve raised your interest you probably want to know how to protect yourself from these things. Before the advent of the Office viruses, the best free option was Disinfectant. Unfortunately, the author couldn’t/didn’t keep up with the numerous occurrences with the macro viruses and has discontinued the product. Personally I use, and recommend, Virex by Dr. Solomon. I’ve found that product to be the best among the ones available (including Symantec AntiVirus which is now Norton AntiVirus). There are several free utilities for the AutoStart worm, all of which are available on the “net (see above links). Once you have decided upon a product, the only way to protect your machine is to use the antivirus product. Do not hit bypass, if it allows that option. If you turn it off to install software, then don’t forget to turn it back on. I’ve hit a few infected sites that did have good utilities available but they were disabled. Another note on the commercial products is to keep your copy current. Both Virex and NAV offer virus definition downloads (usually free) from their websites to keep your software up to date on the latest viruses.

One final note on viruses on which I have to make a point (because I’ve been hit by it so many times): You can NOT get a virus by reading your email. Not yet anyhow, and most likely not for a long time. Whenever you get a virus “warning” via email, especially those that say “tell everyone you know”, ignore it. If the sender is a good friend, politely slap them. Maybe duck afterwards as well. The only way to get a virus via email is from a file attached to the email. Even then you must open the attachment to become infected; just reading the message will not harm you or your machine. The safest practice (and what I do) is to scan the attachment on your hard disk with your antivirus application before opening/running/decompressing/viewing it. I’ve read several great articles on the “net about how the ‘real’ virus is the one spread by email, and it sums up like this:

  • You get a “warning” message.
  • You also notice 30 other people got that message.
  • You forward it to 30 of your friends (I hope not).
  • So do the 30 other people who received it when you did.
  • So do the 30 you sent it to.
  • The message itself spreads just like a real virus.If you are ever unsure of a whether a virus is a hoax or not, I highly recommend checking out the Computer Emergency Response Team website http://www.cert.org before making a decision. That group is usually on top of things. 

    Real World Experience

    The system: PowerMacintosh 8100/110.
    The problem: Couldn’t save Microsoft Word 6.0 docs.
    The solution: Removed Word Concept virus and variants.
    The explanation:
    Although this was a few weeks ago, it fits well with this article. The client called complaining that every time she tried to save a document it would save as stationery, or ask if she wanted to replace that same item. Removing the macro virus from all the documents on all the machines (they are networked so everybody else had it, too) corrected the problem.


    Jeramey R. Valley
    jvalley@centuryinter.net

    Websites mentioned:
    http://www.macintouch.com/hkvirus
    http://www.cert.org
    http://www.drsolomon.com

  • Leave a Reply