Skip navigation
Currently Being Moderated

Viruses, Trojans, Malware - and other aspects of Internet Security

Somerset, UK
Level 8 Level 8 (43,300 points)
VERSION 11  Click to view user tip history Published
Last Modified:  Apr 15, 2014 6:23 AM

DON’T PANIC!  But be aware that the Internet is riddled with potential threats to the security and well-being of your Mac or iOS device. No computer system is completely immune from possible attack, but Apple’s OS X (being Unix-based) is less vulnerable than most, particularly the latest versions - Lion, Mountain Lion and Mavericks. The following seeks to offer some guidance on the main security threats and how to avoid them. If you have further questions please post in the forum appropriate to your particular hardware or operating system.

 

There are many forms of ‘Malware’ that can affect a computer system, of which ‘a virus’ is but one type, ‘trojans’ another. Using the strict definition of a computer virus, no viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions. The same is not true of other forms of malware, such as Trojans. (The expression ‘malware’ is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software. Not all malware are viruses.) Whilst it is a fairly safe bet that your Mac will NOT be infected by a virus, it may have other security-related problem, but more likely a technical problem unrelated to any malware threat.

 

Since the introduction of Snow Leopard, Apple OS X has an anti-malware system built-in known as XProtect but officially called File Quarantine (see here:http://support.apple.com/kb/HT3662 ), which may alert you to, and prevent installation of, certain forms of malware. Later versions of OS X include further features to protect you, about which here: http://support.apple.com/kb/PH11432 and Apple also recommend that you take simple steps to protect your Mac as detailed here: http://support.apple.com/kb/PH10580

 

So what other anti-virus software do I need (or if I am still running Tiger or Leopard) ?

 

Whilst viruses designed to attack the Microsoft Windows operating system cannot affect Apple OS X, it is possible to pass on a Windows virus, which you may have received but not noticed, to a Windows user, for example through an email attachment. Many use the free ClamXav just to check incoming emails for this reason, and our resident expert Thomas A Reed's excellent guidance on this subject can be read here: www.thesafemac.com/mmg

 

Many users also like the free application Sophos (although a few have mentioned that it can slow your system down):

 

http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-ed ition.aspx

 

 

Do not install Norton Anti-Virus on a Mac as it can seriously damage your operating system. Norton Anti-Virus is not compatible with Apple OS X.

 

Do not install MacKeeper or iAnti-Virus: See this User Tip: https://discussions.apple.com/docs/DOC-3022

 

FAKE ANTI-VIRUS SOFTWARE and associated MALWARE (To repeat: the expression ‘malware’ is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software.)

 

Do not be tricked by 'scareware', such as pop-ups on your browser, that tempts computer users to download fake anti-virus software that may itself be malware.

Once installed, the software may steal data or force people to make a payment to register the fake product.  Examples include MacKeeper and iAntivirus, but there are others. Also, beware of MacSweeper and MACDefender* (also goes under the name of MacProtector, MacGuard, MacSecurity or MacShield): These are malware that mislead users by exaggerating reports about spyware, adware or viruses on their computer in an attempt to obtain payment for an application that does nothing that free utilities do not also offer, and in many cases will also mess up your system.

*Malicious software dubbed MACDefender  takes aim at users of the Mac OS X operating system by automatically downloading a file through JavaScript. But users must also agree to install the software, leaving the potential threat limited.

 

*(This malware is not to be confused with MacDefender, the maker of geocaching software including GCStatistic and DTmatrix. The company noted on its site it is not affiliated with the malware.)

Malware spreads through search engines like Google via a method known as "SEO poisoning." The sites are designed to game search engine algorithms and show up when users search for certain topics. It is always a good idea to Block Pop-ups in your browser preferences.

 

TROJANS and RE-DIRECTION TO FAKE WEBSITES

 

The appearance of Trojans and other malware that can possibly infect a Mac seems to be growing, but is a completely different issue to viruses.

 

If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's  (that's you!)  DNS records stay modified on a minute-by-minute basis.

 

Mac users should always obtain their copy of Adobe Flash Player directly from Adobe’s official website and to disable the "Open 'safe' files after downloading" option in Safari Preferences/General to avoid automatically running files downloaded from the Internet. Also, do not turn on Java in Safari Preferences/Security. Few websites use Java. Javascript is something entirely different and should be left active.

 

(Adobe is aware of malware posing as its Flash Player and warns users to ignore any updates that didn't originate on its own servers. "Do not download Flash Player from a site other than adobe.com," said David Lenoe, Adobe's product security program manager, in an entry on Adobe Product Security Incident Response Team's PSIRT blog. "This goes for any piece of software (Reader, Windows Media Player, QuickTime, etc). If you get a notice to update, it's not a bad idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious.")

Last, but by no means least, using Open DNS is the simplest way of preventing infection in the first place. Open DNS also protects against phishing attacks, re-directs, speeds up your internet connection, and works for all users of OS X from Tiger upwards:

 

http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns /

 

How to get it:

 

http://www.opendns.com/home-solutions

 

Java can present serious security threats: Users with Intel Macs running Snow Leopard OS 10.6,  Lion OS 10.7 or Mountain Lion should ensure that they have downloaded and installed all the recent Java updates from Apple, which are designed to prevent infection and also remove any infection already present.

New Macs running Lion or Mountain Lion do not have either Flash Player nor Java installed.

 

+++ OTHER ISSUES +++

 

 

HOW TO AVOID RE-DIRECTION

 

Adding Open DNS codes to your Network Preferences should give good results in terms of added security (phishing attacks, re-direction etc) as well as speed-up of your internet connection:

 

Open System Preferences/Network. Double click on your connection type, or select it in the drop-down menu, and in the box marked 'DNS Servers' add the following two numbers:

 

208.67.222.222

208.67.220.220

 

(You can also enter them if you click on Advanced and then DNS)

 

Sometimes reversing the order of the DNS numbers can be beneficial in cases where there is a long delay before web pages start to load, and then suddenly load at normal speed:

 

http://support.apple.com/kb/TS2296

 

There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac, and alternatives will probably appear in the future. In the meantime the advice is: be careful where you go on the web and what you download!

 

GENERAL ADVICE ON HOW TO AVOID INFECTION IN THE FIRST PLACE:

1. Avoid going to suspect and untrusted Web sites, especially p'orn'ography sites.

 

2. Check out what you are downloading. Mac OS X asks you for you administrator password to install applications for a reason! Only download media and applications from well-known and trusted Web sites, i.e. the developers’ own web sites or the Apple App Store.  If you think you may have downloaded suspicious files, read the installer packages and make sure they are legit. If you cannot determine if the program you downloaded is infected, do a quick Internet search and see if any other users reported issues after installing a particular program.

 

3. Use an antivirus program like ClamXav. If you are in the habit of downloading a lot of media and other files, it may be well worth your while to run those files through an AV application.

 

4. Use Mac OS X's built-in Firewalls and other security features.

 

5.  Avoid Peer-to-peer sharing applications. Download torrents (such as the now defunct LimeWire) supplying pirated software, movies etc are hotbeds of potential software issues waiting to happen to your Mac. Everything from changing permissions to downloading trojans and other malicious software can be acquired from using these applications. Similar risks may apply to using Facebook, Twitter, MySpace, YouTube and similar sites which are prone to malicious hacking:  http://news.bbc.co.uk/1/hi/technology/8420233.stm

It has been estimated that one in six links posted on Facebook pages are connected to malicious software.http://www.bbc.co.uk/news/technology-12967254

6. Check for security updates from Apple using Software Update and install them!

YOUR PRIVACY ON THE INTERNET and the latest risks to look out for:

 

There is the potential for having your entire email contact list stolen for use for spamming:

 

http://www.nytimes.com/2009/06/20/technology/internet/20shortcuts.html?_r=1

 

And if you are using iPhone Apps you are also at risk of losing all privacy:

 

http://www.engadget.com/2010/10/03/hacker-claims-third-party-iphone-apps-can-tra nsmit-udid-pose-se/

 

The advent of HTML5  may also be a future threat to internet privacy:

 

http://www.nytimes.com/2010/10/11/business/media/11privacy.html?_r=1&hp

 

NOTE: Apple's Snow Leopard, Lion and Mountain Lion operating systems silently update the malware protection built into Mac OS X to protect against a backdoor Trojan Horse that can allow hackers to gain remote control over your treasured iMac or MacBook.

 

+++++ MORE POTENTIAL ISSUES +++++

 

PHISHING AND POTENTIAL IDENTITY THEFT:

 

"Phishing" (also known as "carding" or "spoofing") refers to email that attempts to fraudulently acquire personal information from you, such as your account password or credit card information. On the surface, the email may appear to be from a legitimate company or individual, but it's not.

As a general rule, never send credit card information, account passwords, or extensive personal information in an email unless you verify that the recipient is who they claim to be. Many companies have policies that state they will never solicit such information from customers by email, and that includes your bank, credit card company, and Apple.

If you do receive email that you're not sure is valid, here are some tips that can help you determine its legitimacy:

Learn how to identify fraudulent "phishing" email:

http://support.apple.com/kb/HT4933?viewlocale=en_US

How to report phishing scams to Apple:

via email to:  reportphishing@apple.com

If you discover that emails are being received by your entire address list which you didn’t send, it is possible that you have been infected by a Botnet. Simply put, a bot – which is short for robot – is an automated computer program that allows outside sources to control computers remotely without the users' knowledge. A botnet is a network of hundreds or thousands of computers infected with botnet malware that communicates covertly with a command-and-control (CnC) server run by a type of cybercriminal called a botmaster. Unbeknownst to the individual users, their computers are linked in a rogue network which the botmaster can utilize for a variety of nefarious purposes.

Detailed information here:

http://mac-internet-security-software-review.toptenreviews.com/how-do-i-know-if- my-computer-is-a-botnet-zombie-.html

HOW SAFE IS YOUR SMARTPHONE?

Another source of malware, apart from sites like Facebook and Hotmail, is the Android Marketplace: more than 99% of Android phones are potentially leaking data that, if stolen, could be used to get the information they store online.

http://www.bbc.co.uk/news/technology-13422308

The data being leaked is typically used to get at web-based services such as Google Calendar.

The open nature of the Android platform is both a boon and a danger, and as Facebook have already discovered it is also a very attractive criminal playground.

http://www.bbc.co.uk/news/technology-12633923

Several pieces of malware have also been found on iPhones, however only devices that had been "jailbroken" to bypass Apple's security were affected.

The company's process of pre-vetting all new applications is believed to have spared its devices from a major attack.

Additional reading:

"Antivirus Software On Your Mac: Yes or No?"

http://gigaom.com/apple/antivirus-software-on-your-mac-yes-or-no/

 

LAST BUT NOT LEAST: BE GLAD YOU HAVE A MAC!

 

Some Windows PCs can be infected with viruses during the manufacturing process in the factories - in other words they can actually be purchased with viruses bundled with the operating system!

 

Several new computers have been found carrying malware installed in the factory, suggests a Microsoft study.

One virus called Nitol found by Microsoft steals personal details to help criminals plunder online bank accounts.

Microsoft won permission from a US court to tackle the network of hijacked PCs made from Nitol-infected computers.

http://www.bbc.co.uk/news/technology-19585433

 

This does not happen with Apple computers!



Apple does not necessarily endorse any suggestions, solutions, or third-party software products that may be mentioned in this User Tip. Apple encourages you to first seek a solution at Apple Support. Any links in this user tip are provided as is, with no guarantee of the effectiveness or reliability of the information. Apple does not guarantee that these links will be maintained or functional at any given time. Use this user tip at your own discretion.
Comments (0)
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.