Posted by: David Harley | June 7, 2016

What is and isn’t a virus

Every so often, someone tells me that their Mac is misbehaving and asks if it’s due to a virus. While I can’t usually say with absolute certainty that the cause isn’t some form of malware, it’s almost never a virus. In fact, while there were certainly viruses for Mac OS versions before OS X (though not very many), there is hardly any OS X malware that everyone would unanimously define as a virus, even in the anti-malware community.

There are other forms of malware that affect OS X, of course, though the numbers of specific programs and families are vanishingly small compared to the numbers that affect Windows users. And I imagine that the people who ask me this question think of any harmful program as being a virus, whereas security people usually think of viruses as being programs that self-replicate. But if you’re an everyday computer user, you probably don’t care about definitional niceties: you just want to be sure that some form of malware, whatever it may be called, isn’t about to make your life a misery.

Graham Cluley used to have a slide, if I remember correctly (and I expect Graham will put me straight if I don’t), that showed a virus at work. The slide looked something like this:

virus at work

I don’t know how many Windows users – let alone passionate Mac users – know or remember what a DOS prompt looks like, but back in the days before Windows became the standard for desktop/laptop users, many of used machines that ran the non-graphical operating system MS-DOS (or its sibling PC-DOS). And this more or less was what MS-DOS looked like when it was waiting for a computer user to tell it which program to run. (Just looking at this, I’m almost overwhelmed by the urge to type WS and see whether it launches WordStar. But it won’t, because I haven’t used WordStar in decades and certainly don’t have it installed on this machine.)

Graham’s point, though, was that while some viruses would give you some visual warning that they were present and operational – Cascade, for instance, did a disconcerting impression of letters falling to the bottom of your screen, while Ambulance used text characters cunningly combined to look like an ambulance running across the screen – you wouldn’t usually know most of the time that your system was infected because there would be nothing unusual to see.  (The Mac or Windows equivalent to the DOS prompt would be a desktop display looking absolutely normal…) At least, everything would look normal until the malware delivered its payload, which might be a more-or-less harmless visual display, but might be something altogether uglier. For example, SMEG.Pathogen displayed (among other things) the text

‘Smoke me a kipper, I’ll be back for breakfast…’

Unfortunately some of your data won’t!!!!!

In the Mac arena too, there was early malware that triggered with some destructive effect: some Sevendust variants, ChinaTalk, and Virus Info for example. (Fortunately, the macro viruses that swamped the Mac scene in the 1990s rarely affected Mac systems significantly: mostly they just passed through unprotected systems on their way to another Windows machine. There was also malware that affected the keyboard in some way: for instance, there was at one time a spate of 3rd-party keyboards with a Trojan horse embedded in a ROM chip that would insert the text Welcome Datacomp at random intervals, while NVP modified the System file so that no vowels could be typed. So when people wonder whether issues with the keyboard and random insertion or substitution of characters are virus/malware-related, they’re not being totally irrational. However, modern malware tends to be driven by profit or ideology rather than the urge to ‘play’ with someone else’s computer or cruelly destroy their data. Even the ransomware gangs are out to make some money rather than simply indulge their own destructive impulses. So anomalous keyboard behaviour is probably due to a hardware or system issue rather than malware.

So by all means ask me if you might have a virus, but be aware that

  • I don’t give this site nearly as much attention as I used to, so you probably won’t get an instant answer.
  • There’s too much malware around nowadays, even for Mac, for me to know what all of it does, especially if you don’t tell me what kind of Mac you have and what operating system it runs.
  • The days when I worked in Mac support are long gone, and I don’t have a battery of test machines to work from, or the ability to fix problems remotely. Unless there’s a really obvious answer to your problem, I’m not going to be able to talk you through a fix. In fact, we’re probably not going to talk at all except through email. You’ll probably get a quicker and hopefully more reliable answer from one of the many support forums for Mac user communities, such as the appropriate Apple support community Or a Genius Bar, if there’s one near you.

And I hate to mention it, but there is plenty of decent security software for OS X nowadays. At this point, I think it’s worth paying for a decent security suite. But I won’t compromise my reputation for impartiality by recommending one in particular. 🙂

David Harley



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


%d bloggers like this: