Adventures in Mac Adware Removal/Security

I have, for some time, been frustrated by a browser redirect affecting my ability to navigate to seamless.com. It is the strangest thing. It only affects that one site, and sends me to seamless-uk.co.uk/business.

It really seems the problem lies with my ISP, rather than my computers (it affected the ubuntu and windows partitions of my other machine), because it doesn’t happen when I’m using my computer on other networks and the router has been reset. Interestingly Mozilla was completely unaffected – although all of my other browsers on the machine, the ping command, and other computers exhibited the same behavior when directed to go to seamless.com. This leads me to believe it is an ISP issue –tripple platform malware would be pretty impressive– and to rule out dns hacking I reset my router, checked my hosts file, and switched DNS servers. So I’m fairly cetain it’s not a system thing.

However, trying to solve this ongoing mystery has led me to read up a lot on system security. A lot of intersting things today.

Certificate Authority Servers Were Completely Messed Up

Firefox was using untrusted certificate servers including Diginotar. That would still not explain why updated Firefox has sudddenly become vulnerable to this redirect, beause it’s been doing that for a long time–but that was definitely an eye-opener. And so I began my descent into the rabbit hole.

Firefox Has Gone Downhill

Certificates are, in fact, central to the issue here. Firefox used to use CLR data to improve security while browsing–they were a holdout on that matter– but deprecated support after 29.0… which is exactly when my Firefox became vulnerable to the redirect – I had been using 29 forever (because I prefer chrome and only used it for ordering lunch). And I only just updated. At any rate, the specifics of this are somewhat beyond me, to be totally honest, but it seems that OSCP has taken over the game from more certificate-focused security systems, due to performance issues and the size of files needed to keep CLR lists etc. The More You Know

Browser Hijacking on Macs is a Real Thing Now

In my research I did find two nifty free programs, which are available to fight the growing menace of Apple Adware: Bitdefender and AdawareMedic. Bitdefender Adware Removal for Mac found and destroyed Genio. AdawareMedic, which I ran ran first, caught two different programs hidden in /Libraries/Application Support whose names are lost to history, because these programs don’t seem to have log files like their more sophisticated PC counterparts.

ClamAV is Actually Useful!

Not having done so for a long time, I updated and ran ClamAV. It has never found a virus before, so it was kind of whimsical of me to do this. But finding redirect software made me say “why not?” Well, I’m glad I did. Today it found several viruses, including a java exe file (no idea how that got there) and no less than nine files downloaded by Mail (all sent over a three day period in 2011) which I recently downloaded, while archiving my email for offline viewing.

Ghostery Rocks Socks

I installed Ghostery, which is awesome software. Basically ad-block, on steroids, with a popup that tells you what is being blocked, and an easy toggle to unblock those things. This is a much more elegant solution than Adblock. Say you want to comment via disqus, sometimes, but you don’t want to be tracked every time you read an article? That’s very easy to make happen.

comments powered by Disqus