Viruses, Trojans, Malware - and other aspects of Internet Security
DON’T PANIC! But be aware that the Internet is riddled with potential threats to the security and well-being of your Mac or iOS device. No computer system is completely immune from possible attack, but Apple’s OS X (being Unix-based) is less vulnerable than most, particularly the latest versions from Lion onwards. The following seeks to offer some guidance on the main security threats and how to avoid them. If you have further questions please post in the forum appropriate to your particular hardware or operating system.
There are many forms of ‘Malware’ that can affect a computer system, of which ‘a virus’ is but one type, ‘trojans’ another. Using the strict definition of a computer virus, no viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions. The same is not true of other forms of malware, such as Trojans. (The expression ‘malware’ is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software. Not all malware are viruses.) Whilst it is a fairly safe bet that your Mac will NOT be infected by a virus, it may have other security-related problem, but more likely a technical problem unrelated to any malware threat.
Since the introduction of Snow Leopard, Apple OS X has an anti-malware system built-in known as XProtect but officially called File Quarantine (see here: http://support.apple.com/kb/HT3662 ), which may alert you to, and prevent installation of, certain forms of malware. Later versions of OS X include further features to protect you, about which here: http://support.apple.com/kb/PH11432 and Apple also recommend that you take simple steps to protect your Mac as detailed here: http://support.apple.com/kb/PH10580
So what other anti-virus software do I need (or if I am still running Tiger or Leopard) ?
Whilst viruses designed to attack the Microsoft Windows operating system cannot affect Apple OS X, it is possible to pass on a Windows virus, which you may have received but not noticed, to a Windows user, for example through an email attachment. Many use the free ClamXav just to check incoming emails for this reason. Our resident expert Thomas A Reed offers excellent guidance on this subject here: www.thesafemac.com/mmg
Do not install Norton Anti-Virus on a Mac as it can seriously damage your operating system. Norton Anti-Virus is not compatible with Apple OS X.
Do not install MacKeeper or iAnti-Virus: See this User Tip: https://discussions.apple.com/docs/DOC-3022
FAKE ANTI-VIRUS SOFTWARE and associated MALWARE (To repeat: the expression ‘malware’ is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software.)
Do not be tricked by 'scareware', such as pop-ups on your browser, that tempts computer users to download fake anti-virus software that may itself be malware.
Once installed, the software may steal data or force people to make a payment to register the fake product. Examples include MacKeeper and iAntivirus, but there are others. Also, beware of MacSweeper and MACDefender* (also goes under the name of MacProtector, MacGuard, MacSecurity or MacShield): These are malware that mislead users by exaggerating reports about spyware, adware or viruses on their computer in an attempt to obtain payment for an application that does nothing that free utilities do not also offer, and in many cases will also mess up your system.
*(This malware is not to be confused with MacDefender, the maker of geocaching software including GCStatistic and DTmatrix. The company noted on its site it is not affiliated with the malware.)
Malware spreads through search engines like Google via a method known as "SEO poisoning." The sites are designed to game search engine algorithms and show up when users search for certain topics. It is always a good idea to Block Pop-ups in your browser preferences.
TROJANS and RE-DIRECTION TO FAKE WEBSITES
The appearance of Trojans and other malware that can possibly infect a Mac seems to be growing, but is a completely different issue to viruses.
If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's (that's you!) DNS records stay modified on a minute-by-minute basis.
(Adobe is aware of malware posing as its Flash Player and warns users to ignore any updates that didn't originate on its own servers. "Do not download Flash Player from a site other than adobe.com," said David Lenoe, Adobe's product security program manager, in an entry on Adobe Product Security Incident Response Team's PSIRT blog. "This goes for any piece of software (Reader, Windows Media Player, QuickTime, etc). If you get a notice to update, it's a good idea to go directly to the site of the software vendor and download the update directly from the source. If the download is from an unfamiliar URL or an IP address, you should be suspicious.")
Last, but by no means least, using Open DNS is the simplest way of preventing infection in the first place. Open DNS also protects against phishing attacks, re-directs, speeds up your internet connection - see below.
How to get it:
Java can present serious security threats: Users with Intel Macs running Snow Leopard OS 10.6 or later versions of OS X should ensure that they have downloaded and installed all the recent Java updates from Apple, which are designed to prevent infection and also remove any infection already present.
From the introduction of Lion onwards, new Macs do not have either Flash Player nor Java installed.
+++ OTHER ISSUES +++
HOW TO AVOID RE-DIRECTION
Adding Open DNS codes to your Network Preferences should give good results in terms of added security (phishing attacks, re-direction etc) as well as speed-up of your internet connection:
Open System Preferences/Network. Double click on your connection type, or select it in the drop-down menu, and in the box marked 'DNS Servers' add the following two numbers:
(You can also enter them if you click on Advanced and then DNS)
Sometimes reversing the order of the DNS numbers can be beneficial in cases where there is a long delay before web pages start to load, and then suddenly load at normal speed:
There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac, and alternatives will probably appear in the future. In the meantime the advice is: be careful where you go on the web and what you download!
GENERAL ADVICE ON HOW TO AVOID INFECTION IN THE FIRST PLACE:
1. Avoid going to suspect and untrusted Web sites, especially p'orn'ography sites.
2. Check out what you are downloading. Mac OS X asks you for you administrator password to install applications for a reason! Only download media and applications from well-known and trusted Web sites, i.e. the developers’ own web sites or the Apple App Store. If you think you may have downloaded suspicious files, read the installer packages and make sure they are legit. If you cannot determine if the program you downloaded is infected, do a quick Internet search and see if any other users reported issues after installing a particular program.
3. Use an antivirus program like ClamXav. If you are in the habit of downloading a lot of media and other files, it may be well worth your while to run those files through this AV application.
4. Consider using Mac OS X's built-in Firewalls and other security features.
5. Avoid Peer-to-peer sharing applications. Download torrents (such as the now defunct LimeWire) supplying pirated software, movies etc are hotbeds of potential software issues waiting to happen to your Mac. Everything from changing permissions to downloading trojans and other malicious software can be acquired from using these applications. Similar risks may apply to using Facebook, Twitter, MySpace, YouTube and similar sites which are prone to malicious hacking (see below): http://news.bbc.co.uk/1/hi/technology/8420233.stm
It has been estimated that one in six links posted on Facebook pages are connected to malicious software.http://www.bbc.co.uk/news/technology-12967254
6. Check for security updates from Apple using Software Update and install them!
YOUR PRIVACY ON THE INTERNET and the latest risks to look out for:
There is the potential for having your entire email contact list stolen for use for spamming:
And if you are using iPhone Apps you are also at risk of losing all privacy:
The advent of HTML5 may also be a future threat to internet privacy:
NOTE: Apple's operating systems since Snow Leopard silently update the malware protection built into Mac OS X to protect against a backdoor Trojan Horse that can allow hackers to gain remote control over your treasured iMac or MacBook.
+++++ MORE POTENTIAL ISSUES +++++
PHISHING AND POTENTIAL IDENTITY THEFT:
"Phishing" (also known as "carding" or "spoofing") refers to email that attempts to fraudulently acquire personal information from you, such as your account password or credit card information. On the surface, the email may appear to be from a legitimate company or individual, but it's not.
As a general rule, never send credit card information, account passwords, or extensive personal information in an email unless you verify that the recipient is who they claim to be. Many companies have policies that state they will never solicit such information from customers by email, and that includes your bank, credit card company, and Apple.
If you do receive email that you're not sure is valid, here are some tips that can help you determine its legitimacy:
Learn how to identify fraudulent "phishing" email:
How to report phishing scams to Apple:
via email to: email@example.com
If you discover that emails are being received by your entire address list which you didn’t send, it is possible that you have been infected by a Botnet. Simply put, a bot – which is short for robot – is an automated computer program that allows outside sources to control computers remotely without the users' knowledge. A botnet is a network of hundreds or thousands of computers infected with botnet malware that communicates covertly with a command-and-control (CnC) server run by a type of cybercriminal called a botmaster. Unbeknownst to the individual users, their computers are linked in a rogue network which the botmaster can utilize for a variety of nefarious purposes.
Detailed information here:
HOW SAFE IS YOUR SMARTPHONE?
Another source of malware, apart from sites like Facebook and Hotmail, is the Android Marketplace: more than 99% of Android phones are potentially leaking data that, if stolen, could be used to get the information they store online.
The data being leaked is typically used to get at web-based services such as Google Calendar.
The open nature of the Android platform is both a boon and a danger, and as Facebook have already discovered it is also a very attractive criminal playground: http://www.bbc.co.uk/news/technology-12633923
Several pieces of malware have also been found on iPhones, however only devices that had been "jailbroken" to bypass Apple's security were affected. The company's process of pre-vetting all new applications is believed to have spared its devices from a major attack.
LAST BUT NOT LEAST: BE GLAD YOU HAVE A MAC!
Some Windows PCs can be infected with viruses during the manufacturing process in the factories - in other words they can actually be purchased with viruses bundled with the operating system! Several new computers have been found carrying malware installed in the factory, suggests a Microsoft study. One virus called Nitol found by Microsoft steals personal details to help criminals plunder online bank accounts. Microsoft won permission from a US court to tackle the network of hijacked PCs made from Nitol-infected computers.
This does not happen with Apple computers!
OTHER POTENTIAL THREATS YOU MAY BE UNAWARE OF:
In reality of course, there is no such thing as total internet privacy: US and British intelligence agencies have successfully cracked much of the online encryption relied upon by hundreds of millions of people to protect the privacy of their personal data, online transactions and emails: http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
If you have a Facebook account, Facebook is surveilling every single moment you spend there. Moreover, much more importantly, every web page you touch that has a Facebook "like" button on it which, whether you click the button or not, will report your reading of that page to Facebook.
If the newspaper you read every day has Facebook "like" buttons or similar services' buttons on those pages, then Facebook or the other service watches you read the newspaper: it knows which stories you read and how long you spent on them.
Every time you tweet a URL, Twitter is shortening the URL for you. But it is also arranging that anybody who clicks on that URL will be monitored by Twitter as they read. You are not only helping people know what's on the web, but also helping Twitter read over everybody's shoulder everything you recommend.
And now ‘smart TVs’ are also adding to your loss of privacy: "Smart TVs" are bringing PC-style spyware and banner ads to the living room, collecting detailed logs of data that include every time the channel is changed and the names of every media file watched. In the case of sets from LG, data is being sent to the factory unencrypted, even after users attempt to turn the data collection off. Source: http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and. html
Since the issue became public it has emerged that Sony's PlayStation also collects data from every Blu-ray disc that is played.
"Antivirus Software On Your Mac: Yes or No?"
Other malware removal tip and malware removal software sites:
Note: if at all possible before trying to remove malware, do abackupof your data. While you may backup the virus as well, you can usually extract document files themselves which are uninfected from the backup in case the virus removal tool was too thorough. ZIP archives, applications, scpt files and .jar files should be considered infected if you don't know their source:
Malwarebytes for Mac — Mac Antivirus Replacement | Malwarebytes - note removal of this software itself can be done with Download CCleaner | Clean, optimize & tune up your PC, free! (this software also supports removal of system caches, which is NOT recommended).