Weekly output: Windows XP (x2), Google Docs

It really is extraordinary (or maybe just sick) that this past week saw me still writing about an operating system that debuted in 2001.

Yahoo XP story in IE 64/8/2014: Die, XP, Die! Why the Operating System from 2001 Won’t Go Away, Yahoo Tech

I’ve been looking forward to writing this column for several years, and when the end of Microsoft’s support for Windows XP finally arrived I found it strangely enjoyable to revisit stories I’d written five and 10 years ago about XP. I’ve since heard from a few readers who say they prefer XP to Windows 7 or 8 not just because they need to run legacy apps or don’t want to buy a new PC, but because XP is easier. I’m wary of questioning a reader’s subjective judgment, but… um, no.

(Screenshot shows how the story renders in a copy of Internet Explorer 6 in Windows XP. Don’t ask how I sourced that image.)

4/8/2014: Windows XP, WTOP

I talked for a few minutes about the end of XP support and what users of that fossilized malware magnet of an operating system could do to stay safe.

4/13/2014: Why your browser doesn’t like copy and paste, USA Today

To judge from the low number of Facebook and Twitter shares displayed next to this story, almost nobody read my attempt to concisely how the intersection of browser security models with Web apps that look and work like local ones can lead to dysfunctional results. I’ll try to find a more enticing topic next week.

A fix for strange search results

Something looked broken with Web search on my computer yesterday, and it took me only about 18 hours of detours to figure out the problem. To spare you all the trouble of repeating my troubleshooting, here’s how things worked out.

search redirect network activityEverything started when I was doing a routine search for a post I’d written last winter on CEA’s blog. I clicked on Google’s link, saw a random address appear and then another, and found myself looking at a sketchy page with ads for some casino instead of my analysis of exemptions to the Digital Millennium Copyright Act’s anti-circumvention provisions.

My first thought–both frightened and angry–was that I’d finally gotten hit with a virus like DNSChanger on my own computer. But the same hijacked search happened in another Mac and on the Chromebook I’d just reviewed.

Maybe my wireless router had gotten compromised somehow? I had covered one reader’s experience with that two years ago, and my fellow tech journalist Glenn Fleishman (I’d say he’s forgotten more about WiFi than I’ll ever know, but he forgets nothing) thought that was likely too.

But the router had nothing amiss with its domain-name-server settings. Meanwhile, doing the same search in the browser on an AT&T Android phone (another recent review) didn’t yield any spurious results. Two replies on Twitter also suggested this issue might be specific to Internet providers.

My last move before getting distracted by our daughter was to try the same search on other sites. At Bing, the result also got hijacked; at DuckDuckGo, it did not.

This morning, as I was using Safari’s Web Inspector to see if I could get any more insight on the mechanics of the hijack (and take the screengrab you see above), another Twitter reply suggested that it could be an issue with CEA’s installation of WordPress. There is a history of exploits for that popular blogging platform that target incoming referrers from popular sites to send those clicks elsewhere; see, for instance, this Q&A thread.

(WordPress.com, this blog’s host, is a commercial service that runs WordPress; one of its selling points is having professionals stay on top of patches and security so I don’t have to.)

Sucuri LLC’s malware-checking site didn’t find any malware at CEA’s blog. But when I e-mailed somebody at the Arlington, Va., trade association, they did find a malicious script on the site that’s since been removed. And now, my original search takes me to the right page.

So I guess reporting this counts as this week’s good deed for the Internet… and maybe a start on next weekend’s USA Today column. But before I do that: Have you run into anything like this? Were you able to get it resolved? What else would you like to know about search hijacking?

The market for Mac malware

Are malware makers finally ready to pay Apple the ultimate compliment by writing viruses and trojans that target Mac OS X?

Sure–they already have. For the past few years, Mac trojans have been surfacing that will screw with your machine in various ways. But they all require assistance from the unwise or the unwary: You not only have to download and install one of these malicious programs, you also have to authorize its operation by typing your Mac’s admin password. And these phony applications are so rare and so obvious that Mac users can comfortably get by without running anti-virus software.

That’s not the case in Windows (nor was it always the case with “classic” Mac system software). On Thursday, ZDNet’s Windows columnist Ed Bott suggested that Mac users were due to experience that sort of anxiety, citing the Mac’s increased market share, the history of remote exploits for Mac OS X and the arrival of the first Mac-specific write-your-own-virus toolkit:

My prediction is that the bad guys are still “testing market conditions,” and waiting for the right time for their grand opening. I think we’ll see a few more of these tentative probes—beta tests, if you will—before anyone unleashes a truly widespread attack.

The next day, Bott wrote about a new trojan, hidden behind a “poisoned” image page found in a Google search, that featured both Windows and Mac versions.

The problem with predicting an imminent wave of Mac viruses is that so many people have been wrong before–as Mac blogger John Gruber noted in a post Thursday, titled “Wolf!”, that quoted more than a dozen forecasts of Mac malware doom, going back to 2004. But this time could be different. Veteran Mac journalist Glenn Fleishman surprised a few people, possibly including himself, by repeatedly defending Bott’s analysis in conversations on Twitter.

(This is why you should follow more than one person covering a subject you care about; you’ll see this shop talk among competing reporters and analysts that you’d otherwise miss if you only followed one of those people.)

As a Mac owner and the primary source of tech support for two others (my mom and my mother-in-law), I’m not too worried about Mac trojans. I think Bott slightly oversells that risk, for two reasons.

One, every Mac trojan that I’ve seen so far requires you to type an admin password. Any Mac user with a few weeks of experience should recognize as an unusual sign, reserved only for things like system-software updates and installing printer drivers–other apps only require you to drag their icons to the Applications folder. This sets the Mac apart from Windows, in which almost every single program requires running an installer and authorizing that action by clicking through a User Account Control dialog. That said, recent Windows switchers could easily see a password request from a new OS X app as something normal.

Two, Apple’s Mac App Store provides a safe alternative (though I’m happy it’s not the only way to add third-party software to a Mac.) Somebody worried about getting hit with viruses from strange downloads can stick to that and should be safe. I wish Windows had an equally simple, obvious alternative–a few of my readers at the Post seemed unable to avoid downloading the trojan of the week and desperately needed such an option.

And yet: Over Easter, I expanded my usual troubleshooting of my mom’s iMac by installing the free, open-source ClamXav anti-virus program on that machine.

I’m much more concerned about zero-day exploits of vulnerabilities in OS X’s Internet-facing software. As contests such as the annual Pwn2Own competition have shown, it’s not all that hard to take control of a Mac remotely by luring a victim to a malicious site. The Mac’s growing market share–which Apple put as more than 20 percent of the consumer market in the U.S. back in October–gives malware authors an increasing economic incentive to target those flaws. And Apple’s sometimes-sluggish pace at shipping security fixes makes their job easier.

That’s my worry. I hope I’m wrong about it.