Network News

X My Profile
View More Activity

Virus Infection For Dummies

I've been saying for years that the best defense against viruses, spyware, trojans and other computing "malware" is your own common-sense skepticism about strange programs, prompts and Web sites.

That corollary of that statement is that no program in the world will protect you if you're sufficiently dumb, hasty, clueless or just careless.

I see proof of this in my inbox almost every day, when people e-mail for help about widely known trojans and malware attacks. (Here's a hint, folks: The Antivirus 2009 program some pop-up ads will push on you is a scam, as any Web search ought to verify).

The latest example, however, comes not from the Windows universe but the Mac world. As Brian Krebs noted in his Security Fix blog yesterday, some Mac users who downloaded a pirated copy of Apple's iWork '09 productivity suite wound up installing a trojan along with a "free" copy of this bundle of word-processing, spreadsheet and presentation software.

I am not exactly brimming in sympathy for anybody who got pwned (as the kids say) by this attack. We're not talking about some hideously expensive application that people had no way to try before buying -- iWork costs $79, with a 30-day free trial available at Apple's site. If $79 is too much, you can use free, open-source software or free Web-based applications instead.

(I will, however, grant that victims of this iWork trojan don't look quite as silly as people who not only clicked to install a Mac trojan, but confirmed its installation by typing in their Mac password, because a porn site told them they needed to update their QuickTime software.)

The Web is no different from real life in this aspect -- if you go looking for trouble, trouble is likely to return the favor. (Technically, it's worse than the physical world, since it takes so much less effort to waltz into a bad neighborhood online.) Even if you run security software, that can only do so much to protect you -- especially if you'll do things like typing an administrator password to authorize the installation of programs from an unknown source. Under those conditions, your luck will alway run out, probably sooner than later.

By Rob Pegoraro  |  January 23, 2009; 11:37 AM ET
Categories:  Gripes , Mac , Security  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Have I Answered All Your DTV Questions?
Next: Circuit City's Bones Offer Slim Pickings


Both Superantispyware and Lavasoft Adaware [there are multiple adaware programs out there] downloaded from PREFERABLY or have FREE editions. These days, these two antispyware programs detect more than just spyware [like trojans, worms, etc.] There each have MAC editions, but I don't know if those are also free.

Many 'antivirus programs' today focus on the 'virus' part and NOT on the 'spyware' part, so, for example, the basic versions of Kaspersky and Bit Defender, to name only 2 examples, would benefit from an additional antispyware install. Superantispyware is compatible with virtually all antivirus programs, like the 2 just named. To the best of my knowledge, so is Lavasoft Adaware in the free of basic version.

The more bells and whistles an antispyware package has, i.e. the Plus or Pro Editions of Adaware, the more 'possible' it is for the 'engines' to conflict, i.e., Kaspersky does not like PC Tools Spyware Doctor and will not install until it is removed for the installation [though the free version of Spyware Doctor did not intefer with Kaspersky on my reinstall.]

Some time back, a number of porn sites were offering 'additional' software for just a few bucks extra LOL. It is OBVIOUSLY never what they claim it is and a big issue with porn sites is questionable billing practices, namely, that $2 3 day trial subscrition CONTINUES each month unless you notify them to cancel [good luck -- but be honest with your bank that it was a porn site -- they know the scams -- and charge it back on your credit card.] You will need to keep looking for billing from a 3rd party billing [sometimes double billing you card each month and you may need to cancel the debit/credit card and get another card number to stop this.]

For those 'addicted' to Internet porn, the AA like group that address this 'habit' is known as Sex and Love Addicts Anonymous and there are multiple meetings of SLAA in all major cities, especially in the DC area. Unlike with AA or NA [Narcotics Anonymous] which are abstienance groups, SLAA has what is known as a 'variable bottom line' where some sexual activity, i.e., masturbation [without the need for hundreds of porn films is allowable, if it is deemed necessary.]

Posted by: | January 23, 2009 2:27 PM | Report abuse


My last entry was 'held for approval of the blog owner' probably for use of a single term that would be most likely appropriate for those addicted to especially porn cites. I thus encourage you to post it.

Posted by: | January 23, 2009 2:29 PM | Report abuse

I guess it will not get posted. Why don't you merely remove the 'medical term' that probably flagged the post and post the rest, or edit at your discretion.

I wouldn't normally request this, but there seems to be a current absence of posts to this discussion.


Posted by: | January 24, 2009 11:31 PM | Report abuse

I'm tech savvy and understand what you are saying. However, my wife is smart but not tech savvy. She is almost paralyzed to do anything because she knows from me to be careful but doesn't really understand what's safe and what's not safe. There are so many notifications in the Windows XP notification bar and other programs (like iTunes, Quicken, Java) that pop up different-looking dialogs saying an update available, that she can't distinguish between these and unsafe notifications/popups.

It would be nice if there was a standard, trusted, unspoofable way at the OS-level to do these type of notifications. Is VistA any better?

Posted by: LazyTechie | January 26, 2009 4:18 PM | Report abuse

Free Screen savers, themes, free software, free porn. Nothing -- absolutely nothing -- is free.

A smart virus/trojan install program will actually charge you money :)

Then there is the bribery that goes on to infect the boot sector of hard drives @ the manufacturer. Same with iPods and USB sticks.

It has gotten to the point where I won't log into critical accounts if I am at an inet cafe in Europe -- they are so poorly maintained.

And, I also have an 'onion' approach to my passwords.

1) Stupid sites that require me to register get the same username and password. The easiest I can get away with

2) Anything dealing with my information (email, blogs, twitter) or where someone can pretend to be me: They get the more complicated password (alas same username; maybe I should reconsider that). Never log in from inet cafe.

3) If it has to do with my money or someone can purchase in my name: Maniacle password, change it every so often. never log in from inet cafe.

I once violated #2 for my email @ a cafe. I promptly went home and changed the password

Posted by: chritipurr | January 29, 2009 2:23 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company