Skip navigation

is apple security center safe?

30739 Views 158 Replies Latest reply: May 30, 2011 7:32 PM by babowa RSS Branched to a new discussion.
  • DMerz Level 1 Level 1 (20 points)
    Currently Being Moderated
    May 30, 2011 9:56 AM (in response to babowa)

    Hello babowa,

     

    Thanks for the reply and link to the article.  Please forgive my ignorance, I'm a new Mac user and overall not very tech with computers.  Glad these forums exist for inexperienced people like me! 

  • R C-R Level 6 Level 6 (13,825 points)
    Currently Being Moderated
    May 30, 2011 10:53 AM (in response to DMerz)

    DMerz wrote:

    Don't know if anyone from Apple corporate reads these forums?

    As a rule, only the moderators read the forums, & most of that is to check for violations of the Apple Support Communities Terms of Use, often for posts users report as potential "abuse" (which could mean problems other than actual abuse). The volume of posts is much too high for anyone to see them all. If you want to make suggestions to Apple, the official way is through the links at http://www.apple.com/feedback/.

     

    What is the consensus on a recommendation for a proper AV software?

    There is no consensus! You will get opinions that vary from "it is all useless and/or just as bad as malware" to specific recommendations for one or another product from some users that love it that other users warn will do bad things.

     

    That applies no less to my personal recommendation, which is Sophos Home Edition for Macs. I like it because it is totally free, based on industrial grade commercial products, well maintained, & has detected every variant of this malware I can find well before ClamXav has.

     

    ClamXav is probably the most commonly recommended A-V product for Macs. It is an open source effort & is also free. If you are looking for consensus among those that recommend such things for OS X, this is as close as you will get.

     

    The one thing that almost everybody (myself included) seems to agree on is to stay away from Norton A-V products.

  • R C-R Level 6 Level 6 (13,825 points)
    Currently Being Moderated
    May 30, 2011 11:05 AM (in response to babowa)

    babowa wrote:

    As far as I know, the only problem at the moment is the current threat of trojans; that is not a virus, so no AV software will protect you.{…} So, if nothing is installed, then how will AV software help?

    I know from firsthand experience that Sophos detects & warns you about the current variants of the MacDefender/Protector/Apple Security Center malware if & when it is downloaded, before you install it. From what I understand from others that use them, so does ClamXav & Intego VirusBarrier X6.

     

    That doesn't make these products a substitute for common sense & care, but they do add another layer of protection that some users find useful.

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    May 30, 2011 1:01 PM (in response to R C-R)

    R C-R wrote:

     

    That applies no less to my personal recommendation, which is Sophos Home Edition for Macs. I like it because it is totally free, based on industrial grade commercial products, well maintained, & has detected every variant of this malware I can find well before ClamXav has.

    Actually, Mark Allan and the clamav.net signature team (with help from this forum) beat both Sophos and MacScan to at least one version which was documented on the VirusTotal site, but in general you are correct.  It is difficult for a volunteer force that have "real jobs" to compete with commercial vendors who have 24/7 AV crisis centers working these things.

  • R C-R Level 6 Level 6 (13,825 points)
    Currently Being Moderated
    May 30, 2011 2:09 PM (in response to MadMacs0)

    Can I assume that you have read the warning at the VirusTotal site that it was not designed as a tool to perform AV comparative analyses, & why it is a bad idea to try to use it for that purpose?

  • RandypTulsa Calculating status...
    Currently Being Moderated
    May 30, 2011 3:17 PM (in response to Keith Jones5)

    Got this on Chrome the IP is http://178.xx.xxx.165/ < Edited by Host >

     

    It seems to have popped up after failing to connect to www.hydrogentoday.us.  I'm not sure it is related as I've been out for hours and returned to my Mac and see this in my tabs.  I'll read the thread but what's up with this?

     

    Mac Security.jpg

     

     

    iMac 10.6.7

    Chrome 12.0.742.60 beta

  • babowa Level 7 Level 7 (22,090 points)
    Currently Being Moderated
    May 30, 2011 2:52 PM (in response to RandypTulsa)

    That's exactly what you do NOT want. That is what it looks like. It wants you to download or is downloading something in the background. It wants you to install and give them your credit card number.

     

    Don't do anything. Get rid of the window. Check your download folder (if it's there, delete and empty trash), don't install anything and read this thread and the yellow sticky article from Apple at the top of the iMac and SL forums.

  • RandypTulsa Level 1 Level 1 (0 points)
    Currently Being Moderated
    May 30, 2011 3:00 PM (in response to babowa)

    Thanks babowa! I closed the window, checked my downloads; nothing there.  I also deleted an extension in Chrome I installed yesterday as I suspect it could have harbored the latent tab opening command.  I forgot the name of it but will post if it comes back to me.

  • babowa Level 7 Level 7 (22,090 points)
    Currently Being Moderated
    May 30, 2011 3:09 PM (in response to RandypTulsa)

    You should be fine then - I was the lucky recipient a couple of days ago......

  • RandypTulsa Level 1 Level 1 (0 points)
    Currently Being Moderated
    May 30, 2011 3:17 PM (in response to RandypTulsa)

    I have no idea if this is the source but the timeline in my history show that the Drudge Report having been left open and refreshes automatically was left open on my desktop while I when to visit my father in law at the VA.

    Check the timeline and what opened....

     

    Mac Security-1.jpg

    Is it logical that this is related? 

  • RandypTulsa Level 1 Level 1 (0 points)
    Currently Being Moderated
    May 30, 2011 4:01 PM (in response to RandypTulsa)

    The file downloaded is named "anti-malware.zip" and is a Trojan named Trojan-Downloader.OSX.Fav.A

    DO NOT OPEN anti-malware.zip!

     

    Scanned and identified by ClamXav

  • MadMacs0 Level 4 Level 4 (3,320 points)
    Currently Being Moderated
    May 30, 2011 4:28 PM (in response to RandypTulsa)

    RandypTulsa wrote:

     

    The file downloaded is named "anti-malware.zip" and is a Trojan named Trojan-Downloader.OSX.Fav.A

    DO NOT OPEN anti-malware.zip!

     

    Scanned and identified by ClamXav

    That is correct, it is the compressed version of a small installer package that will probably install a small application called avRunner in your Applications folder and automatically launch it.  That, in turn, will download an application called MacGuard in your Applications folder, launch it and delete the previously downloaded/installed files.  The fact that you still have it is good evidence that things went no further than that, but you might want to double-check if you haven't already.

  • babowa Level 7 Level 7 (22,090 points)
    Currently Being Moderated
    May 30, 2011 5:42 PM (in response to RandypTulsa)

    These people (IP address 178.xx) are infiltritating many websites - I got it by going to my open Yahoo Inbox tab (obviously, for now, I am logging in and out instead!).

  • laverne\'s mom Level 2 Level 2 (395 points)
    Currently Being Moderated
    May 30, 2011 6:19 PM (in response to babowa)

    Why would logging in and out make a difference?  It sounded like for some people, just going to a website got the thing started.  Why is it not safe once you have logged in safely the first time?  I must be missing something obvious.  Thank you,

     

    laverne's mom

  • babowa Level 7 Level 7 (22,090 points)
    Currently Being Moderated
    May 30, 2011 6:33 PM (in response to laverne\'s mom)

    Actually, I have no idea - it just seemed to make sense that if I got it while I was logged in (safely I thought), it would be better not to have  a tab open because that appears to be how they're getting there. Look at Randyp's post - he wasn't home but had tabs open and it took over a tab while he was gone and not actively doing anything. Of course, I may be wrong, but it makes me feel as though I'm being pro-active instituting preventive measures.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (2)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.