Don't leave the Windows open

Back when I first started experimenting with Windows on my Mac (nearly a year ago now), I made a decision: I wasn’t going to install any third-party antivirus, anti-spyware, or anti-malware applications. I wanted to get a real sense for what a Windows user was up against. Given that my Windows installation was completely separate from the OS X installation—Windows couldn’t see the Mac partition at all—I figured the worst case scenario would be an infected Windows installation that required me to wipe the Windows drive clean. I also thought, “Really, can it be as bad as everyone has described?” I figured this was a good way to find out.

Since my first experience, more Windows on Mac solutions have emerged. Apple released Boot Camp, which converts your Mac into a full-blown Windows PC. Parallels Desktop for Mac then came out with the first virtualization solution, allowing you to run Windows alongside OS X. Recently, VMWare’s Fusion has entered public beta, providing the same sort of simultaneous access. And finally, CodeWeavers’ CrossOver Mac lets you run some Windows apps without actually installing Windows, which is quite an impressive trick. Over time, all four of these solutions have found homes on my two main Macs. I don’t run Windows apps often, though I have been known to use Boot Camp to play the occasional PC game.

The other day, I ran Parallels on my Mac Pro for the first time in a while. I wanted to tweak the virtual machine’s settings, which requires shutting it down. When I did so, Windows XP informed me it was installing a few updates. (I have auto-update enabled.) Eventually, the updates were applied and the virtual machine shut down. I tweaked my settings and restarted the virtual machine. When XP finished booting up, I was very surprised to see this on the screen:


Somehow, somewhere, my virtual Windows XP installation had been infected by a member of the rbot family of malicious software. This one seems particularly nasty, as it allows remote control of the target machine via an IRC server. Definitely not something you want hanging around on your machine. Thankfully, as seen in the screenshot, Windows found and removed this hack all by itself.

To be completely honest, I have no idea how my machine got infected. This particular virtual machine hasn’t done much more than surf the net and run some Office applications. I used it to download a dozen or so possible iPhoto competitors (for a comparison piece I was considering writing). I thought I had only downloaded from “safe” sites such as CNet and Tucows, but maybe I accidentally went elsewhere while link hopping and downloaded an infected file (or visited a malicious Web page?). Or maybe the machine was just sniffed out from the net and attacked remotely—but that seems somewhat unlikely. Windows sharing is off in my virtual machine, and my home network sits behind a router that uses network address translation (NAT) to hide the specific machines’ IP addresses from the net. I really don’t have a clue how my Windows XP install was infected, though.

So what I have I learned from this? First, I’m glad I’m not a full-time Windows user, where it seems I really would have to worry about this stuff all the time. Second, I’m very glad that my virtual machine is a completely self-contained unit, so that anything malicious won’t be able to do something like erase the files it finds on a shared folder. Third and last, I guess I’ll need to go find some good anti-spyware/malware program and install it on my virtual machines, as it seems there really are things out there that can infect my machine—seemingly without any action on my part!

Subscribe to the Best of Macworld Newsletter

Comments