Paul Wallbank – Brilliant Communications

Author: Paul Wallbank

  • The Mac malware threat

    The Mac malware threat

    For years we’ve heard warnings of a deluge of Mac based viruses coming as the Apple systems gained popularity. Does the Mac Defender program that’s infecting OS X systems represent a new risk for Apple computer users or is just another trick targeting unsuspecting computer users.

    Recently Daring Fireball’s John Gruber called those predicting an immanent deluge of Apple Malware out in his “Wolf” post, pointing out seven years of warnings of an impending wave of Mac based security attacks which never eventuated.

    Mac Defender, a Trojan Horse which pretends to keep Apple systems secure, is catching unwary Mac users. To many who’ve cried “WOLF!”, this is the first horseman of an Apple apocalypse.

    Are we really about to see a wave of Mac based malware similar to that which plagued Windows users over the last 15 years? The truth is more complex than just Apple and Microsoft fanboys trading insults.

    Can an Apple Mac catch viruses?

    The short answer is “yes”. Every computer system has some weakness that can can be used by rogue software. Apple Macs, Linux computers and even corporate mainframes have software flaws that can catch out the unprepared user.

    Given there are always flaws in software code, it’s important that a computer operating system has some protection against installing unwanted programs. Apple, and other systems, avoided the problems of the Windows world by putting more barriers in the way of rogue applications finding their way on to machines.

    The “big target theory”

    Windows’ susceptibility to viruses is often put down to it being the biggest target. Because over 90% of the world’s computers were running on Microsoft Windows, the theory goes, it was the obvious target while Apple, Linux and smartphone applications are too small to be worthwhile for the dedicated hacker.

    This “big target” theory is bunk – predators, vandals and criminals go for the weakest victims and Windows was by far the easiest target.

    If we think of the different software systems as being homes on a street, most of the houses were small with well maintained fences and secure locks on their doors.  They weren’t immune from being broken into, though to do so involved a degree of skill and cunning.

    The biggest home on the block, the House of Microsoft, chose to have a pretty poor fence and few locks. It didn’t help that the occupants, more often than not, would gladly let anyone in and were mildly suprised when the odd uninvited visitor made off with the silverware or graffitied the garage door.

    Windows computers were the easiest target on the block and this was why they were targeted. The fact they were by far the most popular systems was an added bonus for malware writers.

    “Security by obscurity” is not the reason Macs attract fewer malware attacks.

    Why did viruses attack Windows?

    To understand why Windows is more prone to viruses we have to go back to 1998 when Microsoft were preparing for the next generation of systems to replace the aging Windows 95, 98 and ME platforms.

    Microsoft based their new operating system – Windows XP – on their existing Windows NT system which had a strong security focus that allowed users to run in restricted profiles, preventing them altering key system files, this was perfect in a world where users were connecting to the World Wide Web and exposing themselves to multiple new security risks.

    A problem for Microsoft was many of their consumer and office products didn’t like being denied full access to the systems they were installed on. It was possible to run Microsoft Office and other applications without full Administrator permissions – and many big organisations did – but doing so involved the resources of a skilled, full time IT department which was beyond most Windows users.

    So Microsoft made the decision to sell Windows XP to the general public with Administrator access enabled for ordinary users. It meant various programs would work properly but it also gave full access to all the internal parts of Windows. Microsoft decided there were would be no secure parts on a standard, out-of-the-box Windows XP computer.

    Internet Explorer blues

    To compound the security problem Microsoft had decided to continue the integration of the Windows web browser, Internet Explorer, into the core functions of Windows XP – something they’d started when they’d discovered the Internet shortly after releasing Windows 95 – a policy that had already created a malware nightmare with Windows 98 and ME.

    Internet Explorer itself was prone to security problems because of a programming language built into it called Active X that allowed applications to run without the user knowing. This was convenient for users and websites but basically invited virus writers and hacker into a system through the web browser.

    Put a deeply flawed Internet Explorer together with most users running their computers with full Administrator rights and conditions were perfect for the tidal wave of malware that swamped the Windows world in the period of 2001 to 2004.

    Faced with massive problems Microsoft steadily improved security on their consumer products, the later versions of Windows XP were substantially better than the first version with the releases of Microsoft Vista and Windows 7 seeing great improvements that reduced the virus and malware threats.

    Microsoft’s bad choices reverberate today though with Windows users lumbered with layers of security to protect them from rogue applications and frequent nasties that manage to sidestep the safeguards.

    Social Engineering

    As Windows computers became more secure, and criminal gangs more aware of the opportunities residing on people’s desktops, the threat moved on to “social engineering” tricks that involved either posing as a financial opportunity – phishing and the notorious 419 scams – or offering “free” software, pictures and music to unsuspecting users.

    Often the free download hid a program called a Trojan horse that would sneak something ontoward onto a victim’s computer, this is what the Mac Defender program is.

    Trojan horses and phishing attacks don’t rely on weaknesses in a computer’s software, they rely on fooling the user. So it doesn’t matter what computer system the victim happens to be running as long as they can be fooled into doing something.

    Is there a wave of Mac malware looming?

    While those who’ve called WOLF! on Mac viruses in the past might be celebrating what appears to be a breakout of malware targeting the Apple Mac, the conditions that caused the boom in Windows based malware don’t exist on the OS X operating system – or on mobile platforms like Android, Blackberry or the iPhone’s iOS for that matter – so a virus boom isn’t going to happen.

    On the other hand, new social engineering tricks are evolving as savvy conmen come up with new and original ideas to fool us into giving away our bank details or installing rogue application on our Macs, smartphones and social media applications.

    Fighting old battles

    In many ways arguments about malware attacking operating systems is the old battle. The virus fight is largely over as vendors, particularly Microsoft, and users learn secure ways to use their computers.

    Today’s security battles are being fought in the cloud and on social media platforms as scammers and users come to grips with the changed security and computing environment.

    Most of what we do on computers today relies upon the Internet, that we use a Mac or a Windows machine doesn’t really matter that much as the serious threats are now lurking on our Facebook and cloud computer applications. We need to stay alert regardless of the computer, or smartphone we choose.

    Similar posts:

    • No Related Posts
  • The listening business

    The listening business

    Some years back a crook computer repairer did the rounds of Sydney and regional NSW. For all his sins Joe, as we’ll call him, always stood out as an example of a business that effectively listened to the customer.

    Joe would advertise in local papers and you could spot his ads by the line “all our technicians are qualified computer programmers”, which is a nonsense slogan like a landscape gardener claiming all her labourers are civil engineering graduates, but it was an effective catchphrase in a market that didn’t know better.

    After a while the local community would start wise up to Joe and his “computer programmers” and when the complaints and fair trading investigations mounted, he’d change his business name, move to another suburb or town and the cycle would start again.

    I was reminded of Joe at the City of Sydney’s discussion on the connected consumer at the latest Lets Talk Business seminar last week and wondered how he’d survive in today’s markets where people are quick to go online and criticize.

    Dealing with criticism has always been big businesses’ Achilles heel; bureaucracies have a tendency to protect themselves and when there’s managerial or team bonuses at stake there’s strong incentive to ignore the concerns of customers.

    A good example of this Vodafone where the chief executive, Nigel Dews, has been open in admitting the company failed to listen to their customers as their network failed to meet the demands placed upon it.

    While the network itself was buckling under the strain, the company spent millions on sponsorship and advertising effectively trying to drown the criticism under a wave of tightly controlled good news stories, promotions and competitions.

    It didn’t work, just as Facebook’s PR agency Burson-Marsteller failed dismally in planting an anti-Google story, which saw the two organisations not only busted but also descend into an unseemly argument with their client while frantically deleting Facebook posts.

    All of these actions – deleting social media comments, ignoring customer complaints and attempting to distract critics with pictures of pretty girls and racing cars – smack of the old way of doing business in an era where tightly controlled mass media was the only channel complaints could be heard. Those times ended with the arrival of the Internet.

    At the Lets Talk Business event one of the panellists, Jody Fox of Sydney’s Shoes of Prey described how her business is engaging with customers online and discussing any concerns openly on the Facebook page, not deleting them.

    This is the new reality of business, if you don’t listen and engage with upset clients or ­– even worse – try to control their comments on your sites, you’ll only get them angrier and they’ll go elsewhere to tell their stories.

    Another striking difference between the new and old business was Jody’s point was that shoes of Prey treats customer service as a marketing expense, not a separate cost centre. In most large organisations helping paying customers is treated as an unnecessary expense that should be outsourced and minimised as much as possible.

    This sort of works when you have a licensed oligopoly like telecoms or banks but fails dismally in competitive industries. Without purchasers there are no shareholder returns and eventually no executive bonuses.

    Ignoring customers worked nicely in the era of mass media when it was difficult for upset clients to be heard above an expensive marketing campaign; Vodafone, Burson-Marsteller and even governments are finding it doesn’t work today.

    Joe the computer technician would have understood this, if he’s still doing dodgy IT support then he’ll be watching the Facebook pages, Twitter feeds and blogs for bad news.

    Somehow though I suspect he’s no longer in computer repairs though, my guess he’s making a lot more money in social media or search engine optimisation these days.

    Similar posts:

    • No Related Posts
  • Too old to surf?

    Too old to surf?

    “For those of us aged over forty, we don’t use the web. And neither do our customers!”

    An audience member threw this statement to the panel at last night’s Let’s Talk Business seminar discussing The New Consumer. One of the panel members, Adam Ferrier of Naked Communications, replied flatly; “you’re wrong”.

    That business owner assumed her own likes, priorities and experience are shared by her customers. This isn’t always true, what we think is true about our clients and markets often proves not to be the case.

    Just because you don’t have time to surf the web, use social media or play online games doesn’t mean your clients aren’t using these tools.

    Assuming that the internet is for young folk means your business focus is on older people who don’t use the net – which is probably the fastest declining segment in our society as seniors move online.

    The US based Pew Internet Survey’s Generations Online in 2010 Report reported older user were rapidly increasing their net use while in Australia the 2010 Sensis ebusiness report came to the same findings saying;

    “The groups most likely to report below average usage were those aged 65 and above and retirees. For those Australians 65 years and above only 66 per cent reported accessing the internet in the past 12 months. However, usage in this age group has increased by six percentage points over the past year.” – p. 17 Sensis e-business report.

    Six percentage points to 66% represents 10% growth in the over 65 age group. At that rate we’ll see the seniors reaching the 97 to 98% levels of Internet usage sometime in 2013 and the 50-64 year age group will be there next year.

    Restricting your business to an 8%  slice of the market  – which will soon be 3% – is up to you, it may well be that is where your customers are. But it’s a big risk and one you wouldn’t want to make on some blind assumptions.

    Many of us may be too old to surf the point at North Narrabeen, but we’re all using the web and older users are the fastest growing group. Rather than assuming your customers aren’t going online, it’s time to ask them what they are doing with their computers.

    Similar posts:

    • No Related Posts
  • Skilling for the future

    Skilling for the future

    Tonight we see the first budget of the Gillard government and one of its stated priorities to get the long term unemployed, disabled and single parents back into the workforce.

    This is welcome in a society where we are facing skills shortages, the effects of an aging population and a developing global race for talent that is steadily making the old model of importing immigrants to cover workforce gaps no longer viable.

    For those who’ve been out of the workforce for a long period the biggest challenge is acquiring the skills they need for the modern economy, to work in most industries today means using technologies that weren’t around five or ten years ago.

    Like many ideas that come out of Canberra, the scale of this task seems to be underestimated by the public servants, politicians and the media reporting their plans. Training those currently excluded from the workforce is going to take more than a visit to Centrelink.

    To give these folk marketable skills is going to require rebuilding our adult education and TAFE systems that have been systemically allowed to run down by governments over the last thirty years. That in itself is a major task that neither the states nor Canberra seem to have the appetite to address.

    One of the big challenges with bringing disadvantaged groups back into education is transport, the colleges and teachers are often a long way from the students who usually face a convoluted and time consuming public transport journey to get the colleges and schools.

    This is where technology comes in with access to the internet and online learning tools. Developed sensibly, broadband access can create relevant community learning centres along with individual in-home training.

    We should be careful though treating technology as the only solution, one of the essentials for using computers and the Internet effectively is literacy and that’s a big challenge for many of these groups and something that is going to take a lot of investment in well trained and motivated teachers.

    Those education investments, along with the spending we’re committing to the National Broadband Network, need to be co-ordinated and this seems to be where the Federal and state governments really drop the ball with poorly thought out, short term schemes.

    For businesses, those last thirty years of government neglecting adult education have seen us neglect training as well. We’ve thrown much of the training burden onto reluctant governments or increasingly asked workers themselves to pay for training out of their pocket then moaning when new staff don’t have the skills we need.

    That indulgence is running out as we begin to face the inevitable consequences of failing to train young workers coupled with the demographic certainty of an aging workforce.

    We can hope our governments can deliver on their promises but we shouldn’t wait on them, even they get it right this is a project that will take years to bear fruit, we need to be starting right now with our own businesses and staff.

    Training all workers, managers and business owners is a great opportunity to build new industries and use the web to give people the skills that will make them valuable members of their community.

    Our days of complacently expecting workers to have the skills we need from the day we hire them are over, if they ever existed. We have the tools to fix the problems ourselves and we need to start now.

    Similar posts:

    • No Related Posts
  • ABC 702 Weekends: The spies in our pockets

    ABC 702 Weekends: The spies in our pockets

    You don’t have to be an FBI suspect to have your car tracked, recently the GPS manufacturer Tom-Tom admitted it sold users’ traffic data to Dutch police which was used to set speed traps and security researchers discovered Apple’s iPhone is storing location information that is used by Apple for research purposes.

    On the 15 May 2011 702 Sydney program, Philip Clarke and Paul Wallbank discussed are our phones, GPS and other electronic devices tracking us and some of the things we should be aware of when using mobile phone and other GPS enabled technology.

    We had a full board of callers and promised we’d get back to some of the following;

    Images not showing in Internet Explorer

    Kim called about her computer not showing images in Internet Explorer running on Windows Vista. This could be simply a matter of ticking the Show Pictures check box in the Advanced tab of the Internet Explorer Options settings. We explain how to do this, and how to handle further similar problems, on our IT Queries website.

    Free Backup options

    One of the most irritating things to lose when a computer crashes or you replace it are your email and contacts. Arthur asked about backing up this important data in Windows Hotmail Live on his Windows 7 computer.

    Unlike some of the earlier versions, Windows 7 comes with its own backup program which Microsoft shows you how to use it on their website. Make sure you choose to backup your profile as this will save all your email, contacts and favorites along with your computer settings.

    Once you’ve created the backup, we’d suggest using an online service like Dropbox or Box.net to keep a secure copy of these files.

    Fixing a slow computer

    Kristina asked about speeding up her computer that’s running slowly, particularly when Outlook 2003 is open. The first step is to backup your Outlook data which is saved in a PST file, just in case something goes wrong.

    Next you should uninstall any programs and add ins that might be interfering with Outlook then run the Mailbox Clean Up Tool to get rid of anything you don’t need.

    Having cleaned up Outlook, it’s time to run the Outlook Inbox repair tool which will fix any inconsistencies in the PST data store.

    Once you’ve cleaned up Outlook, it’s time to do a general clean up of the computer that will flush out anything unnecessary on your system. Follow this with a drive check by running chkdsk which will clean up minor problems with the way your computer has saved data.

    With all of these clean ups done you should have a much fast computer, if you don’t it may be time to call a computer technician.

    Next 702 Sydney Weekend segment

    We’ll have the date of the next 702 Weekends up on our events page in the next few days. The next Nighlife spot will be on June 16 where we’ll be discussing how to secure your data against incompetent organisations.

    If you’d like to get advanced notice of radio programs and other events, subscribe to our newsletter at the right of this screen.

    Similar posts:

    • No Related Posts