Windows Security Center captured my iMac.

Question

Level 1

15 points

Windows Security Center captured my iMac.

I was browsing websites discussing WalMart batteries, and opened one purporting to be a discussion site, and a warning pane popped up saying Windows Security Center recommends you install System Security Antivirus. That pane sported an official looking Safari badge. Behind that pane was a window purporting to be from Windows Security Center, with a diagnostic menu claiming that I had a firewall and Safari security, but was lacking in anti-virus protection and should download their software. The thing is that those two windows took control of both Safari and my Mac and wouldn't let me close Safari, nor shut down my computer by command or power button. I regained control only by pulling the power cord. Anybody seen this sort of intrusion before?

2008 20" iMac, Mac OS X (10.5.5), 2.4 Ghz Intel Core 2 Duo, 1 GB 800 MHz

Posted on Mar 30, 2009 10:06 AM

Reply

Answer 1

Mar 30, 2009 10:11 AM in response to RCA2

Hi

Yes I've seen it posted here. However, rather than an "attack" or "virus", it's more about how the page is coded. I suggest you add OpenDNS server codes to your Network settings. In addition to facilitating page loading, the OpenDNS codes add a built-in fraudulent site check. .

Here's how to add the codes:

Go to the Apple Menu>System Preferences. Select the Network panel. Click on your internet connection - either Ethernet or Airport, then select "advanced". In the DNS panel copy/paste on separate lines the following OpenDNS codes: 208.67.222.222 and 208.67.220.220.
Select "OK", then "apply".

In the Network panel, if Ethernet or Airport (whichever you use) is not at the top of the list, click on the "gear icon" at the left bottom. Select "set service order". When the help box opens drag your connection type to the top of the list. Select "apply" when complete.

Restart Safari.

Reply

Answer 2

RCA2 Author

Level 1

15 points

Mar 30, 2009 4:28 PM in response to Hawaiian_Starman

H. Starman,

Thanks for the reply and suggestions and links. I plan to follow your advice later on tonight. A couple of questions if I may: 1) Do you think I lost control of my Mac as soon as I opened that website by clicking on it's entry on the Google search page, or after I tried to close it by clicking on the red [X] on the message pane, or any other part of the pane? As I recall, I read the panes, got alarmed, and tried to close Safari as my first command, before clicking on any part of the bogus messages. But how could I lose control so quickly?

2) Do you know how OpenDNS would have handled and protected me from this particular website?

3) Does Earthlink care that I will be using OpenDNS IP addresses that it didn't provide me, or does it consider them inconsequential alternatives?

4) If I some day lose internet access, as happened last month when SBC had a problem, will I have to experiment to find out whether the problem is an Earthlink problem or an OpenDNS problem?

Reply

Answer 3

Mar 30, 2009 4:34 PM in response to RCA2

1) Do you think I lost control of my Mac as soon as I opened that website by clicking on it's entry on the Google search page, or after I tried to close it by clicking on the red [X] on the message pane, or any other part of the pane? As I recall, I read the panes, got alarmed, and tried to close Safari as my first command, before clicking on any part of the bogus messages. But how could I lose control so quickly?

No, poor web coding, or insidious coding can lock down a program.

2) Do you know how OpenDNS would have handled and protected me from this particular website?

Probably redirected to a OpenDNS page warning you of a problem.

3) Does Earthlink care that I will be using OpenDNS IP addresses that it didn't provide me, or does it consider them inconsequential alternatives?

No issue ought to be raised with Earthlink. The DNS server codes supplement the network action.

4) If I some day lose internet access, as happened last month when SBC had a problem, will I have to experiment to find out whether the problem is an Earthlink problem or an OpenDNS problem?

You can simply remove the codes and try the internet again. I'd say in these types of instances, the problem usually lies with the IP.

Reply

Answer 4

RCA2 Author

Level 1

15 points

Mar 30, 2009 11:44 PM in response to Hawaiian_Starman

Well, it was easy enough following the instructions from the linked article about changing to Open DNS address numbers, but mention was made of a greyed out number (labelled earthlink.net, IIRC), and I don't have a router, just an earthlink-provided modem that it might belong to, and I let it be. The instructions said to remove all previous numbers that I could see. Did I do wrong in leaving the grey number, or can we not see a grey number?

I can no longer find the web page that froze up my machine, so I don't know how to test the validity of my alteration. But things are no worse, so I'll mark my question answered. Thanks, H. Starman.

Reply

Answer 5

Mar 31, 2009 12:39 AM in response to RCA2

Yes, the IP puts their own numbers in there. Just add the OpenDNS numbers to the mix.

As a rule, adding the DNS server numbers facilitates (read, "faster") page loads, or at least that's generally what happens.

Reply