Update on Mac Malware

Yesterday I posted about malware that infected my wife's Mac computer. As soon as I published the article, I checked to see if my wife had taken her laptop to work. She hadn't and so I brought it down to my office and ran one more test. I ran yesterday's "find" command prefaced with "sudo" so it looked like this:

sudo find / -name AccessibleEngineSearch -print

The "sudo" command tells the operating system to run as the super-user with permissions. You will need to enter a password before the command runs. Sudo enabled the command to look into more directories than when I ran it the previous day. I found one more instance of the "AccessibleEngineSearch" malware in the startup directory. That means whenever the computer started up, it would try to load the malware. I removed the file and rebooted the laptop. I no longer receive the message telling me that AccessibleEngineSearch can hurt the computer.

My wife came home for lunch as she works less than a mile away and I shared with her that I completely removed the malware from her computer. She also shared that she went through her Applications directory and deleted a number of programs that she didn't recognize. That is another important task when you discover malware on your computer. I didn't feel comfortable doing that as I didn't know if my wife installed a useful utility. I'm glad she took care of it.

As I mentioned, Mac's don't get a lot of malware. When they do, the operating system can keep a lot of damage from happening. It is also fairly easy to remove the offending programs. One still needs to be careful though as bad things can happen on a Mac.

Malware on a Mac

Yesterday my wife came home from a very busy day as her office switches from locally hosted software to web based. She is the one spearheading the project and yesterday they went live on the new system. Naturally there are some first-day pains as the staff try to figure out how to do things using the new and unfamiliar software. To make matters worse, my wife's Mac picked up some malware.

I happened to be in an online meeting when my wife came home and so when the meeting ended, I left my office to ask my wife how her day went. She seemed extremely frazzled and started talking quickly about how the new software has everyone anxious and to top things off, her computer had a virus. My wife is not very technical and so I asked how she knew her computer has a virus. She opened her laptop and showed me a message about "AccessibleEngineSearch will damage your computer."

The message told me that the Mac operating system smartly caught the problem. Unfortunately it rendered the computer unusable. When I clicked on the message to dismiss it, I had about 3 seconds before the message reappeared. It is a good thing I have another computer in the house to help me fix the problem. I quickly did an Internet search and came across several websites explaining how to remove the offending program.

AccessibleEngineSearch is a browser hijacker that throws up unwanted advertisements in your browser. The trick to eliminating it is hunting down all of the files that have infected the computer and removing them. I started with the documented ones:

• ~/Library/Application Support/com.AccessibleEngineSearch/AccessibleEngineSearch
• ~/Library/Application Support/com.AccessibleEngineSearchDaemon/AccessibleEngineSearch
• ~/Library/LaunchAgents/com.AccessibleEngineSearch.plist
• ~/Library/LaunchDaemons/com.AccessibleEngineSearchDaemon.plist

I then emptied the trash and rebooted the computer. Things improved but I still kept getting the message and so I did a bit more searching. This time I pulled out my Unix skills and opened the command prompt. I then ran the following "find" command to look for all instances of AccessibleEngineSearch on the computer:

find / -name AccessibleEngineSearch -print

 If you are not familiar with the "find" command found in all flavors of Unix and Linux, the first argument tells the command where to start looking. I specified the / or root directory so that it would search the entire file system. The next argument is where you specify the name of the file you are looking for. Finally there is the -print on the end that specifies to print the results on the screen.

Naturally I got a lot of "permission denied" errors because I ran it as a user and not the superuser. It still gave me 2 directories that I found and deleted. Once again, I rebooted the machine and the errors disappeared.

Reading through various websites on this issue, I saw the recommendation to install Malwarebytes. I installed the free version and ran a scan of the computer. It found 30 other files infected with some sort of malware. I quarantined the files in question hoping that the computer is clean. Then I rebooted the computer once more.

Unfortunately there is a message about AccessibileEngineSearch when I start the computer and log in. Once I dismiss the message, it doesn't reappear and so I imagine there is one more file hanging around in the system loading area. It probably is in one of those directories I didn't have permission to read when I ran my find command above. I can rerun the command prefaced with "sudo" and eliminate the problem for good.

One of my favorite things about the Mac is that it doesn't get many computer viruses or malware. Unfortunately that has made me a little lazy about protecting them. As shown by the scan on my wife's computer, they do exist and are need to be addressed. You can say I've learned my lesson.

What is Linux?

I was at a friend's house last week who was giving me a bunch of photo's and movies from one of my many summer activities. He had some questions about Windows XP that I couldn't answer without a bit of research because I don't really use Windows on a day-to-day basis. Naturally he asked what I did use. While I have both Windows and Mac computers in my office, my primary computer runs Linux.

So what is Linux and why would anyone remove Windows from a new computer and install Linux instead? Actually I don't completely remove Windows from the computer when I install Linux. I set it up so that when I turn on the computer, it asks if I want to run Linux or Windows. This gives me a bit of flexibility with each of the machines in my office.

So back to the first question: What is Linux? Linux was created by Linus Torvalds in 1991 who wanted to create an operating system or computer user environment similar to Unix. Unix is an operating system created by Ken Thompson at Bell Laboratories in 1969. Linus was able to leverage other work done by Richard Stallman who created the GNU project in 1983 to create another Unix-like operating system. So what is Linux? Simply an open source or free version of Unix.

OK, so what is Unix and what makes it better than Windows or Macs for day-to-day use? Better is a relative term and so it is with extreme caution that I continue. When I worked at Oracle Corporation for the summer after my freshman year of college, they put me in the Unix technical support group and had me learn Unix. This was back before graphical user interfaces (GUIs) that most people are familiar with. Instead of being able to use a mouse to navigate thru directories and file folders, one had to know commands like "cd" and "ls". If you knew the name of file but didn't know where it was located, you could use the "find" command. Unix also has a bunch of tools and utilities that I learned such as the text editor called "vi" (pronounced like the letter V and the letter I). You could say that I got really used to using these two, three, and four-letter commands to help navigate the computer. Since my hands never have to leave the keyboard to touch the mouse, I feel I can do things faster and so I have continued to use Linux. Does that make Linux better than Windows? Probably not for most users, but it does for me and so I continue to use it.

Interestingly enough the operating system used by Macs is also Unix. Apple just did a spectacular job of hiding all those cryptic commands so that even the most novice user can enjoy the Mac experience. However if you know how to open a terminal window, you can revert back to those short-but-confusing Unix commands.

One of the benefits of Unix is how it protects itself from rogue programs like viruses and malware. When the PC first came out, it cam with the Microsoft DOS operating system and could only run one program at a time. Unix on the other hand was created to run multiple programs for different users at the same time. The creators of Unix knew that Jimmy might be running a program that could crash the computer and cause harm to Susan's program. Therefore they built in protection so that Jimmy's program cannot harm Susan's nor can it harm Unix itself. Therefore it is much more difficult to write a virus for Unix than it is for DOS which has now evolved into Windows.

This brings us back to my friend asking about Linux. It seems that my friend's son had contracted a nasty virus on his computer. In an attempt to cover his tracks, the son had reformatted the hard drive. He figured he could just reinstall Windows and nobody would know there had been a virus. Unfortunately the son didn't have a license key for Windows and couldn't reinstall it. Eventually the son had to confess about the virus. While my friend could easily get a license key from Microsoft to reinstall Windows, he has opted to put Linux on his son's computer. Maybe now his son won't get a computer virus.