German Teen Admits Making the ‘Sasser’ Internet Worm:
A teenager in Germany confessed to creating a computer worm that
has crashed computers around the world in the past week… German authorities
and officials at the Microsoft Corp., whose Windows operating system was
by Sasser, [were tipped off] by acquaintances seeking a $250,000 reward
[offered by Microsoft].
The worm appeared a week ago and moved quickly across the Internet. Software experts have estimated it infected as many as a million computers, causing them to crash repeatedly.
-- Washington Post, Sunday, May 9, 2004
First, what’s a computer worm? Here’s how Wikipedia (http://en.wikipedia.org) distinguishes a worm from a virus:
Computer virus: executable program code that, like a biological virus, makes copies of itself and spreads by attaching itself to a host document or application.
Computer worm: a self-contained and self-replicating computer program that does not need a host to propagate itself.
In other words, in order to launch a virus attack on your computer, you must take some action, such as double-clicking on a document or an application, to launch the host and activate the virus. On the other hand, all you have to do to provide a worm an opportunity to do its dirty work is to leave your computer running and connected to the Internet, but without adequate protection against invasion from the outside.
Your computer’s odds of being invaded greatly increase if you’re running software on any one of Microsoft’s Windows operating systems that run on computers with a word size of 32 bits: Windows 95, Windows 98, Windows Me, Windows 2000, Windows NT, Windows Server 2003, or Windows XP.
While writing this article, I consulted Symantec’s latest Security Response page at http://securityresponse.symantec.com/ It listed as the then current top threats:
W32.Sasser.B.Worm May 1, 2004
W32.Sasser.Worm April 30, 2004
W32.Beagle.X@mm April 28, 2004
W32.Netsky.AB@mm April 27, 2004
W32.Beagle.W@mm April 26, 2004
W32.Netsky.Y@mm April 20, 2004
W32.Netsky.X@mm April 20, 2004
W32.Netsky.P@mm March 21, 2004
W32.Beagle.M@mm March 13, 2004
W32.Netsky.D@mm March 1, 2004
W32.Netsky.C@mm February 24, 2004
W32.Netsky.B@mm February 18, 2004
All these troublemakers are worms. The prefix “W32” means that the named code package can infect any Microsoft Windows operating system that is written for a 32 bit word machine, while none can infect any of the following operating systems: Linux, Mac OS 9 or Mac OS X, OS/2, UNIX, or Microsoft’s 16-bit-word Windows 3.x.
That same page also listed as the latest threats:
Backdoor.Sinups (Trojan horse)
It’s interesting to note that none of the most recent threats or top threats are viruses; nearly all are worms. Perhaps that’s an indication that a growing number of users have finally wised up to the fact that it is very risky to open up an email attachment of unknown origin or content.
It’s also interesting to check this Symantec page frequently; though the names change almost daily, those that appear are invariably plagues that make their attacks via one or more Microsoft products: an operating system, a mail application, or an Internet browser.
Clicking on a name in a list will provide you with an in-depth profile of that code package. Quoting from the introductions to some of these profiles:
W32.Sasser.B.Worm “is a variant of the W32.Sasser.Worm. It attempts to exploit a vulnerability described in Microsoft Security Bulletin MS04-011. This worm spreads by scanning randomly selected IP addresses for vulnerable systems.”
W32.Gaobot.AJD is a worm that spreads through open networks and six (!) different Windows vulnerabilities described in as many Microsoft Security Bulletins. “The worm also spreads through backdoors that the Beagle and Mydoom worms and the Optix family of backdoors install on Windows machines.”
What’s a “backdoor”? According to Wikipedia, it “is a method of bypassing normal authentication or obtaining remote access to a computer; it is intended to remain hidden to casual inspection. The backdoor may take the form of an installed program (e.g., Back Orifice) or a modification to a legitimate program.
W32.Donk.Q is a worm that “spreads through open network shares and attempts to exploit the Microsoft vulnerability described in Microsoft Security Bulletin MS03-026.”
Backdoor.Sinups is a Visual Basic Script (VBS)-based “backdoor Trojan horse. This Trojan gives an attacker full control of a computer that runs a Microsoft IIS Web server.”
What’s a “Trojan Horse”? Wikipedia says it is a “malicious computer program that pretends to have some innocent purpose but, when run, has an entirely different effect.” Since it can’t spread by itself, it needs to entice its victims to download and then activate its file.
Golo.A@mm “is a mass mailing worm that sends itself to all email addresses in a compromised user’s Microsoft Outlook address book.”
W32.Netsky.AB@mm “is a worm that scans for the email addresses on all non-CD-ROM drives on an infected computer. The worm then uses its own Simple Mail Transfer Protocol (SMTP) engine to send itself to the email addresses that it finds. The email's Subject, Body, and attachment vary. The attachment has a .pif extension.”
The reason for providing its own SMTP engine is that Microsoft has recently upgraded its Outlook mail program to be less vulnerable to threats that attempt to hijack its SMTP code.
W32.Beagle.X@mm “is a mass-mailing worm that attempts to spread using mail and file-sharing networks. The worm also opens a backdoor on an infected computer.”
Mass mailing worms and Trojan horses are the favorite tools of spam-authors who prefer to use the computers of unsuspecting others, which are connected to the Internet without proper protection against invasion, to do their dirty work.
It is reported that only a handful of viruses ever existed for Mac OS 9, and none have been reported so far that are directed specifically at Mac OS X users. So far, I’ve not seen any reports of worms that have successfully attacked Mac OS X systems. Until recently, I could have made that same statement about Trojan Horses that target Mac OS X users.
Note the distinction between attacks on users, versus attacks on systems. Viruses and Trojan Horses require human users to do something not hygienically wise, such as downloading an “interesting” file from a questionable source just to “try it out.” A relatively new company at selling protection software to Mac users, Intego, has recently become notorious for hyping Trojan Horse threats supposedly directed at Mac users.
Here’s what Pi member Jon Thomason had to say on the TCS about the
Menu >> Computing >> Internet Software >> New Report: Mac Trojan Horse
FROM: Jon Thomason
Wednesday, May 12, 2004
I find this part particularly compelling.
“Macworld has been able to acquire the file from Limewire…and has received confirmation from Internet security company Intego…that its contents appear to be malicious.”
“Intego was initially criticized for exaggerating the threat of…the concept Trojan Horse identified last month.”
Now, <ahem> I guess they've <cough> allegedly shown us!
I also like this statement: "The file unzipped, and to my delight the Microsoft icon looked genuine and trustworthy." :) I may be a misguided buffoon in 80% of my dealings in real life, but I feel I have enough basic sense not to just download random software that I've never heard of out of the LimeWire pool, and not take a moment to check it out with its ubiquitous parent company.
Folks, for the love of pete, don't take any wooden software. The file sharing networks are rife with trojan horses not because they're populated by pirates in the first place (though that's obviously part of it), but because there's no way of knowing where any of that junk has been. On the Windows side of the aisle, they've gone well past this sort of obvious goading fraud and proceeded into more believable hacks, taking legit software and monkeying with its gears.
Intego touched off a war here, and they should be ashamed of themselves as they start cashing all those tasty checks. Their claims about Mac OS X being unsafe don't even have measurable merits of their own after they've diverted attention away from the operating system itself and onto end-user confidence games.
We will never run out of con games: on any OS, or without computers at all.
P.S. This guy really thought he'd scored a copy of Word 2004 -- at 108KB? Wow! It's literally an AppleScript that says 'do shell script "rm -rf ~"', with a pretty green icon attached. If this guy really fell victim, I'm a supermodel.
However, worms are different: if the computer system itself is vulnerable to attack from the outside, say via the Internet, then the worm can find its way into your machine all by itself. There are significant differences between the way Microsoft has gone about producing its products and the way Apple has chosen to do it when designing Mac OS X that make worm attacks far more likely to succeed on the former.
That’s where software firewalls and hardware security routers come in. To find out more about these for the Mac, get thee to the TCS <http://tcs.wap.org/>, and particularly these message boards in the Computing Conference: Internet Software; Home Networking.
Another threat to Mac users may be macro-viruses written to run within an open Microsoft Excel or Word document. These may be capable of running within both the Windows and the Macintosh versions of these programs. I write “may,” because I have not run across any examples.
What’s a “macro-virus”? According to Wikipedia, “a macro-virus exploits applications which allow their associated documents to contain executable code known as a macro. For example, a spreadsheet program may enable the user to embed ‘macro’ commands in a document to automate certain operations; this makes it possible to use that same facility to program a virus into the spreadsheet that can attack users of that program.”
Got the message by now? If you are a user of a W32 operating system, mail application, or Internet browser written by Microsoft, consider your computer, your software, and yourself as prime targets of malicious software writers.
By having a growing list of vulnerabilities in its current software designs, which Microsoft continues to issue patches for on almost a daily basis, plus having the added attraction of being the market’s dominant provider of operating systems and Internet software, Microsoft products have become irresistible targets for the world’s malicious software authors.
This situation suggests that the world's overwhelming dependence on Microsoft is imposing high and often unrecognized costs of operation, especially from Microsoft’s own customers.
Why should Microsoft’s software be so vulnerable to such attacks?
The following is excerpted from a longer message thread on the TCS: Menu >>
Computing >> Mac Union >> Arlington Schools & Mac
FROM: Paul Chernoff
Friday, Mar 19, 2004
On the subject of viruses, I personally have a hard time accepting
that the operating system is the culprit. I understand that there
are just a lot more virus writers that target the Windows platform
and that's why we don't see as many on OS/X.
FROM: Jon Thomason
Saturday, Mar 20, 2004
Others are fully capable of expanding on the merits of open peer review toward validating/legitimizing any claims of security. [And Jon will argue this point, too, later in the article – ed.] So I'll focus on architecture.
In court briefs, Microsoft is adamant that its "operating system" spans beyond the traditional internal resource management, to include web browsers, media players... I'd stipulate also e-mail clients and word processors.
These applications are intentionally deeply integrated together through a vast and undocumented complex of hooks, or API's, in order to function as a single integrated package from the only vendor who knows where these hooks are and how to use them. They used to make a big deal out of this, as it explained why e.g. Microsoft Word would always by definition be the [only] word processor that fully leverages the Windows platform and vice-versa. They've stopped making a big deal out of this, at least publicly, because it suggests criminal intent in this country's corporate laws. And because of true security ramifications.
The trouble is, these separate components are all riddled with exposed private hooks in order for this integration to work. Just because they're proprietary and undocumented doesn't mean that smart people won't find them eventually. So smart people find these secret on-ramps, one by one, and announce their findings on the Internet. Then bad people take advantage of their findings by writing code that does something these hooks never intended or anticipated.
It's not the operating system, it's the design philosophy. And of course the legendary rush to market. For nearly its entire existence, Microsoft has been creating its own private software empire to build upon and leverage throughout the system. As if they had a special clubhouse, wherein everyone who knew the secret handshakes could reach in and access untold hidden capabilities of every host machine. In a lot of cases, they don't even use (or test) the openings they've built in -- some of these hidden API's are what we call dead code, left in just in case a future Microsoft product might need such a feature.
This design approach might have been largely unexploited and uncontroversial, except for the explosive growth of the Internet, which caught them off guard. On the one hand, they found all these new opportunities to explore. On the other, they'd left all these exposed nerve endings wholly unprotected.
Consider what they used to call ActiveX: this was their instinctive response to the Internet at first. Fundamentally, it was a new name and promotional blitz for the existing OLE technology that allowed Office apps to intermarry. But they thought it would be good to be able to download such software from the Internet and run it natively. As they pointed out, this would be faster than Java, and would allow for spellbinding expansion of their Office suite. They failed to mention, almost seemed to fail to realize, that it would also by nature hand full control of each user's machine over to complete strangers. (When called on this, they backpedaled and rushed to add and enforce an extra layer of code "certification" -- as an intractable patchwork afterthought.)
A lot of time has passed since then. Microsoft has learned a lot, and so have we. But the pressures of time-to-market haven't changed, and it'll be a long time if ever before they're able to go back and childproof all those exposed outlets they'd put in throughout their heyday. If they were to do it right, treating security as a design principle, they'd have to restructure and (at least internally) document and unit test all of the hidden features that make each of their deeply integrated products work together. They wouldn't just have to secure Windows, but in fact rewrite every application they produce. Supposedly they've begun that process with .Net. But it'll take untold years.
Guess who'll be footing the bill for that rebuilding effort. And ask yourself whether a substantial investment in today's Windows will really be applicable to anything should such a redesigned/rewritten/safe Windows start to catch on.
So yes, the problem is intrinsic to both the architecture and implementation of Microsoft Windows. And no, the market dominance (what biologists refer to as a susceptible monoculture) doesn't help. Windows can be improved, but it will take many years. Whereas the Internet today has a very immediate problem with a very simple solution: reduce the percentage of vulnerable Windows hosts in the global IP space, and the worms which thrive on the ubiquity of a single operating system will be unable to spread at these painfully astronomic rates.
Naturally, if Mac OS X represented 90% or more of the Internet IP space, and a vulnerability were found for that operating system, that weekend we'd see an explosion of Mac OS X virus troubles until the exposure was patched in a majority of machines. But A) the platform does not in fact command such a dangerous market presence and hopefully no operating system ever will in the future, B) the open source code review process assures that vulnerabilities are minimized and patches are near-instantaneous, and C) we could be running schools and businesses in the meantime if we weren't focusing on such nonsense.
Windows is -- today, at least -- inherently, desperately, unpatchably more vulnerable than is any other operating system in common use on the Internet. This has everything to do with the history of software design/implementation at Microsoft since the 1980's, and it has very little to do with market share.
Market share is merely the catalyst that turns these flaws into an incalculable financial and human burden on our governments, schools, and businesses.
Lawrence Charters added:
FROM: Lawrence Charters
Saturday, Mar 20, 2004
> On the subject of viruses, I personally have a hard time accepting
> that the operating system is the culprit.
OLE and Active X allow virtually any Windows process to talk to any other Windows process, or to the operating system itself. No other operating system permits such unrestricted "freedom," and the hundreds of patches to OLE and Active X over the past ten years have merely placed roadblocks to specific pathways; the highway is still there.
The Slammer worm, on the other hand, simply attacked an open port that should not be open. Straight out of the box, Mac OS X has nothing externally visible; straight out of the box, every version of Windows since Windows 95 looks like a Chinese menu of available open ports.
For the writer to say that he "personally [has] a hard time accepting" this is to confess that he personally hasn't looked very hard.
Incidentally, Microsoft briefings encourage their associates to stress the point that "there are more virus writers out there simply because Windows is more popular." By this standard, of the 60,000 viruses available on Windows, Mac OS X should have between 3,000 and 6,000. The actual number is zero. Half a dozen white papers have been written about Mac OS X viruses in a "lab" environment, but none of them passed peer review. In other words, the claim was false.
Jon replies to messages from Lawrence Charters (LC) and Richard Sternberg (RS):
FROM: Jon Thomason
Saturday, Mar 20, 2004
LC> No other operating system permits such unrestricted "freedom," and the hundreds of patches to OLE and Active X over the past ten years have merely placed roadblocks to specific pathways <LC
Actually Mac OS 9 permits more such cross-connectedness than Windows 2000 does. Windows NT and above at least have some memory protection in place, enough to require communication via messages, interfaces, and shared library linkage. Whereas Mac OS 9 allows any running software to rewrite any section of memory, patch any operating system API, access any hardware, write any disk block...
The difference is that Mac OS 9 isn't intertwined around a promiscuous e-mail client and web browser which invite in just any unwashed code to run directly.
But that's Mac OS 9 (and Windows 9x), and we're talking about Mac OS X and NT+. Mac OS X rigidly defines the application's allowed scope, based on conditions such as user permissions and manual authorization to perform additional tasks. This is enforced by the open source kernel, not by some bolted-on API layer, so these restrictions actually have teeth.
There's that, and that the PowerPC call stack builds upward while the Intel x86 call stack builds down. Down makes it easier to leverage a buffer overflow to perform remote intrusions, should a program fail to make all the proper checks.
RS> I recall studying the importance of disallowing inter-process communications. It was a fundamental notion that nothing running on the computer ought to be allowed to talk to anything outside itself except to make calls to peripherals or to access the memory assigned to it. <RS
Yah, I remember one crazy brilliant former Pi member explaining to me a golden rule of secure microkernel design: "assume the application is white noise." I was of course writing 8-bit software then, so had no concept of mainframes.
And as you say, this was well-established best practice and good sense, years before the personal computer revolution. Apple and Microsoft threw this stuff out the window for personal standalone machines. But once these machines were connected together in large numbers, Apple was already trying to steer those groups of machines onto Unix. Or onto something; they had many false starts.
Microsoft just shrugged it all off and kept running. They even sabotaged an opportunity to fix it: their OS/2 partnership with IBM that led to NT. They simply didn't value consumer safety. They only valued being first to market with all the gee-whiz bells and whistles. They really seemed to believe that they could close the barn door later, once they had wrapped up market share. Well, they can't. And even the press and ordinary people realize that now.
John Gilroy, the PC expert on WAMU’s Computer Guys radio show, which airs the first Tuesday of every month at noon, also writes a regular Q&A column in the Washington Post. This is what was printed in the May 9, 2004, edition of:
Ask the Computer Guy
by John Gilroy
Q: Is open-source code the answer for security?
A: This reader asks a question on many people’s minds: When anybody can inspect and edit the source code of a program, will bugs be found and fixed more quickly than they are in proprietary software? To me, the more useful argument is not open-source versus proprietary, but one versus many operating systems.
Instead of today’s monoculture, we would be safer to employ diverse systems that exchange information based on accepted standards. That works for the Web; why not word processing or spreadsheets, too? Washington Post, Sunday, May 9, 2004.
Gilroy’s answer is a good one, and the questioner also raises a good point.
Quite a bit of Apple’s Mac OS X operating system is based on open-source software that Apple refers to as “Darwin.”
What’s “open source” software? According to Wikipedia, “Open source refers generally to any computer software whose source code is either in the public domain or, more commonly, is copyrighted by one or more persons/entities and distributed under an open-source license…”
An essential idea behind the movement towards open-source software is to make the source code of software products publicly available to anyone interested in studying it and possibly using it. Certain restrictions apply to its use in other products, depending on the type of open-source license agreed to in each case.
What’s “source code”? According to Wikipedia, “Source code… refers to any series of statements written in some human readable computer programming language.” The point here is that anyone who is motivated enough has the opportunity to subject it to peer review and to discover exactly how some piece of software is constructed to make a computer do what it does. That’s a powerful notion when it comes to uncovering security weaknesses and fixing them.
Jon Thomason explained how Apple’s decision to embrace open-source code is paying off from the security point-of-view. You can see the message thread on the TCS here: Menu>> Computing>> Mac Union>> Security: Challenge and Response
FROM: Jon Thomason
Wednesday, Dec 17, 2003
You may have read in the past couple weeks about a security issue with Mac OS X involving the DHCP protocol, managed directories, and the possibility for someone on your local network (not from across the Internet) to trick your machine into giving them administrator privileges. I'll touch on that, and mention another.
THE SMOKING GUN?
There are two things that make the DHCP/LDAP issue unique, relative to the many security updates that Apple has put forth to date. First, not to split hairs, the DHCP issue is not the result of a programming error -- it's the result of a conscious decision about default settings, made before wireless networks and frequent roaming. The common usage has changed, so the defaults must now too.
Let me be clear: the way things are today, this is now an exploitable problem, and thus a serious issue needing to be addressed. My point is that it's not a programming error, so -this one- is a different beast from the buffer overflow patches that get corrected every few weeks in things like our optional web and remote login services. Not -at all- like the seemingly endless vulnerabilities that keep getting discovered in Microsoft's platforms and give rise to rampant, costly, high-visibility epidemics affecting everyone who uses the Internet.
The second difference is in how this was reported… [see the TCS thread for the rest of Jon’s argument on this point.]
THE BOTTOM LINE
In short, it would be silly to compare this to Microsoft's security apparatus of proprietary review and delivery often months after a weakness is exposed.
Instead, the course of this discovery took place in the typical Linux style: less than 24 hours after an obtuse warning hits the Web, the issue is already heavily researched, well-documented, patched, and solved by diverse individuals coming together from around the world.
And to go one step better: watch for Apple to distribute their own official fix within the next day or two, using their breezy and reliable Software Update mechanism for real people without engineering degrees to apply by themselves.
Just so you follow: this is how the open source movement directly benefits you. It's not the only way, but it's a tangible way, and it helps keep you safer.
Is Mac OS X 100% secure? of course not. It's Unix, and all the terms we now use to discuss computer security originated over decades of cat-and-mouse games on the Internet -- most of that time primarily on Unix systems. But it does benefit from lessons learned in every minute over those years, and from every individual who's ever examined the source code for education, work, or fun.
Is it more secure due to lower market share? Ulanoff [the author of the article that Jon labels yellow journalism] is willing to grant us that consolation, but I don't buy it.
First, did I mention the decades of public scrutiny and source code auditing in individual and formal settings? Clearly far more people are thoroughly versed on the strengths and weaknesses of the BSD [a particular version of UNIX] source code than have viewed any snippet of the Windows source code.
We just observed its market share is sufficient to launch a global bounty hunt for bugs -- and sufficient to benefit from their immediate capture and fix. The metrics change for open source: greater attention makes you stronger.
Second, the Internet's malcontents aren't motivated by market share so much as by making a splash: what's yet another widespread Windows worm…, when cracking the veneer of Mac OS X could provide you a far more visceral payoff?
No, the greater security of Mac OS X is due to good design, good components, and an overall healthy attitude toward acknowledging bugs and releasing fixes. Actual problems are rare and compartmentalized. None of these internal bugs could be weaponized and turned into a global epidemic as with Windows worms, because they can't be triggered machine-to-machine without explicit help.
So embracing Ulanoff's question, not his answer: how cocky are we, Mac elite? Do we simply enjoy using our computers more than having them use us? Or are we sneering at the ill-informed and making up crazy claims of 100% security?
One would hope that we're realistic in our expectations, and that we recognize the nature of the magic behind our good fortune. Others would be well-served to investigate this as we have, but they'll do so in their own time if at all.
For the time being, let's simply go forth and stay attuned to those periodic Security Updates that Apple releases.
Reports continue to come in from Mac users who are finding that the designers of some web sites disregard the standards of good website design and so deny them access to those sites. While this is probably due to laziness or ignorance on the part of those designers, and not malicious intent, the effect is to increasingly frustrate existing Mac users and to perhaps drive away other potential customers of Macintosh systems. For details, see:
A similar story can probably be told about users of other Internet software not written by Microsoft, but I have not researched this aspect.
In early April, I heard two tax advisors being interviewed on FM radio (WMAL); one was from the IRS and one was a professional tax advisor. They were giving advice to listeners on the use of computers to prepare their tax returns for 2003. Everything they had to say was based on their understanding of tax preparation software that runs on Microsoft’s Windows OS. They professed not to know anything about tax preparation software that runs on any other operating system.
When they were discussing how the IRS's program for on-line filing of tax returns using an Internet browser works — see http://www.irs.com/— the IRS representative stated that only browsers that run on Microsoft’s Windows would work with IRS's service provider sites. The professional tax advisor questioned that, but said he really didn't know.
In fact, I have successfully filed my federal and state returns the last two years using a Macintosh-specific Internet browser, Apple’s Safari, running on Mac OS X. The tax-filing service provider I used (TaxAct) is one of the many tax-filing service providers reached via the IRS’s website.
Though I haven't checked out all of these service providers, would more than a few be so dumb as to restrict their potential customers to Windows machines when there is no technical reason to do so? I am told that it is easy to write platform-agnostic software to securely exchange data and services over the Internet, so long as website designers avoid non-standard, Microsoft-specific, hooks and tricks.
This is just but one example of where the marginalization of operating systems and productivity software produced by anyone but Microsoft is so counter-productive for everyone.
My Macs are protected from invasion from the outside by a security router from Netgear, Inc., and I depend on Virex to daily scan my home folder for any threats. I also manually ask Virex to scan any file or folder that I might have a question about before I open it.
I never open any files or launch any applications from unknown sources or of unknown content. Suffice it to say, I have yet to be troubled with any kind of virus, worm, or Trojan horse, though I have raised questions on the TCS about suspicious router or modem activity from time to time. In every case so far, those turned out to be friendly.
A great tool for helping me observe and control what accesses to the outside world are attempted by software running on my computers has been this shareware utility: Little Snitch — http://www.obdev.at/products/littlesnitch/
If you want to know about what a “hardware security router” does
and where to get one, consult the TCS. Several informative message threads
on this subject have been archived there over the last couple of years. Here’s
a recent one:Menu >>
Computing >> Home Networking >> router brand to get
So far. in many months of checking, Virex has not found a single threat on any of my machines, with one exception: it is a virus-like test file that Virex’s manufacturer put on my hard disk to demonstrate that Virex is doing its job.
Virex is available at no extra charge from Apple if you are a “.mac” subscriber. For details, see http://www.mac.com/
If you want to know more about Virex for the Mac and how various Mac gurus are using it to good advantage, I have found Adam C. Engst’s TidBITS Talk a dependable source: firstname.lastname@example.org