1 2 3 4 5 6 Previous Next 85 Replies Latest reply: Feb 23, 2012 6:08 AM by Kurt Lang Go to original post Branched to a new discussion.
  • 30. Re: heard 2 days ago first mac virus
    woodmeister50 Level 4 Level 4 (3,745 points)

    With both malware and trojans, you actively accept

    what you have gotten and install it, and reaping the

    consequences.

     

    Some people which are way to trusting will blindly

    install something because some website says

    you need to.  These folks I do feel somewhat sorry

    for.

     

    But, those that get infected by installing something

    in an attempt to "beat the system", deserve what

    they get.

     

    Bottom line, if you didn't ask for it, don't accept it.

    And only install material from well known and trusted

    vendor sights, i.e. if a sight says you need Flash, go

    to Adobe and get it.

  • 31. Re: heard 2 days ago first mac virus
    Tycoon24 Level 1 Level 1 (15 points)

    I wonder if it's a difference of personal character between those who use torrent sites and those who do not. I've never understood why some people use torrent sites. I never have because I feel like its stealing. But I know there are some people who download software worth over $10k, and they do it for free. In that sense, I agree that if people use torrent sites and get infected with malware or viruses, its part of the risk they take and I have no sympathy.

  • 32. Re: heard 2 days ago first mac virus
    keith contarino Level 1 Level 1 (5 points)

    interesting you should mention Flash

     

    I can't get it to work. I've installed 3 times but it won't play anything

     

    any ideas?

  • 33. Re: heard 2 days ago first mac virus
    woodmeister50 Level 4 Level 4 (3,745 points)

    keith contarino wrote:

     

    There's nothing illegal about me making copies of something I've paid for.

     

    That is not entirely true.  Example, read the legal statements an any

    movie/TV show DVD or BluRay.  It is illegal to make ANY copy of

    these media for any purpose.  You may have a philosophical

    issue with this, but it is the law.

     

    Read the copyright notices on all material.  At most, for software

    disks, you may see that you are allowed to make ONE copy

    for back up purposes.  And most do not allow ANY copies to be

    made.

  • 34. Re: heard 2 days ago first mac virus
    thomas_r. Level 7 Level 7 (27,985 points)

    I hesitate to get involved in this thread, since you admit to using pirate bay and seem to think it is okay to give copies of purchased music to your friends, which it absolutely 100% is not.  Plus, getting involved with such activity is a great way to get malware, since you're downloading stuff from immoral thieves, and IMHO you get what you deserve in a case like that.  However, you're not the only person reading this and there is a lot of misinformation being spread here.  So, for the benefit of other people not engaging in illegal and immoral behavior:

     

    First, regarding the "first virus," that may be a reference to a new variant of the Flashback trojan, just discovered (or announced, anyway) by Intego on the 10th, which can use Java vulnerabilities to get installed with no user assistance whatsoever.  If you have kept up with system updates - which will include Java updates - then you are safe, as those vulnerabilities have already been closed.  If you have not installed Java in Mac OS X 10.7, which does not come with Java preinstalled, then you are also safe.  If you have an old version of Java, you may not be safe.  So update Java.  For more information, see Flashback using Java vulnerabilities.

     

    As to other malware, I refer everyone back to my Mac Malware Guide, which someone else mentioned earlier.

     

    (Note that my pages contain links to other pages that promote my services, and this should not be taken as an endorsement of my services by Apple.)

  • 35. Re: heard 2 days ago first mac virus
    Klaus1 Level 8 Level 8 (44,505 points)

    Your so-called PC friends are talking out of their collective posterior apertures.

     

    VIRUSES

     

    No viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions.

     

    It is possible, however, to pass on a Windows virus to another Windows user, for example through an email attachment. To prevent this all you need is the free anti-virus utility ClamXav, which you can download for Tiger from:

     

    http://www.clamxav.com/download.php#tiger

     

    and for Leopard, Snow Leopard and Lion from here:

     

    http://www.clamxav.com/

     

    Note: If you wish to uninstall ClamXav: keep a copy of the disk image from when you downloaded it, or download it again - the uninstaller is included with the application. To uninstall, quit ClamXav Sentry (if you use it) and make sure it's not set to launch at log in. The uninstaller will remove the engine and any schedules you've got set up, then just drag ClamXav.app to the trash.

     

    If you are already using ClamXav: please ensure that you have installed all recent  Apple Security Updates  and that your version of ClamXav is the latest available.

     

    Do not install Norton Anti-Virus on a Mac as it can seriously damage your operating system. Norton Anti-Virus is not compatible with Apple OS X.

     

    FAKE ANTI-VIRUS SOFTWARE and associated MALWARE

     

    Do not be tricked by 'scareware' that tempts computer users to download fake anti-virus software that may itself be malware.

     

    Fake anti-virus software that infect PCs with malicious code are a growing threat, according to a study by Google. Its analysis of 240m web pages over 13 months showed that fake anti-virus programs accounted for 15% of all malicious software. Examples include MacKeeper, MacDefender and iAntivirus, but there are others.

     

    Scammers trick people into downloading programs by convincing them that their PC is infected with a virus.

    Once installed, the software may steal data or force people to make a payment to register the fake product.

    Beware of PDF files from unknown sources. A security firm announced that by its counting, malicious Reader documents made up 80% of all exploits at the end of 2009.:

     

    http://www.computerworld.com/s/article/9157438/in which Rogue_PDFs_account_for_80_of_all_exploits_says_researcher

     

    TROJANS and RE-DIRECTION TO FAKE WEBSITES

     

    The appearance of Trojans and other malware that can possibly infect a Mac seems to be growing, but is a completely different issue to viruses.

     

    If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's  (that's you!)  DNS records stay modified on a minute-by-minute basis.

     

    You can read more about how, for example, the OSX/DNSChanger Trojan works (by falsely suggesting extra codecs are required for Quicktime) here:

     

    http://www.f-secure.com/v-descs/trojan_osx_dnschanger.shtml

     

    SecureMac has introduced a free Trojan Detection Tool for Mac OS X.  It's available here:

     

    http://macscan.securemac.com/

     

    First update the MacScan malware definitions before scanning. You can also contact their support team for any additional support - macsec@securemac.com

     

    The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.

     

    (Note that a 30 day trial version of MacScan can be downloaded free of charge from:

     

    http://macscan.securemac.com/buy/

     

    and this can perform a complete scan of your entire hard disk. After 30 days free trial the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.)

     

    A white paper was published on the subject of Trojans by SubRosaSoft, available here:

     

    http://www.macforensicslab.com/ProductsAndServices/index.php?main_page=document_ general_info&cPath=11&products_id=174

     

    Also, beware of MacSweeper and MacDefender (also goes under the name of MacProtector, MacGaurd, MacSecurity or MacShield) :

     

    These are malware that misleads users by exaggerating reports about spyware, adware or viruses on their computer in an attempt to obtain payment.

     

    Mackeeper is equally worthless and should also be avoided. Again, the developer seeks to obtain payment for an application that does nothing that free utilities do not also offer, and in many cases it will also mess up your system.

     

    You can keep up to date, particularly about malware present in some downloadable pirated software, at the Securemac site:

     

    http://www.securemac.com/

     

    HOW TO AVOID RE-DIRECTION

     

    Adding Open DNS codes to your Network Preferences, should give good results in terms of added security as well as speed-up:

     

    Open System Preferences/Network. Double click on your connection type, or select it in the drop-down menu, and in the box marked 'DNS Servers' add the following two numbers:

     

    208.67.222.222

    208.67.220.220

     

    (You can also enter them if you click on Advanced and then DNS)

     

    Sometimes reversing the order of the DNS numbers can be beneficial in cases where there is a long delay before web pages start to load, and then suddenly load at normal speed:

     

    http://support.apple.com/kb/TS2296

     

    There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac, and alternatives will probably appear in the future. In the meantime the advice is: be careful where you go on the web and what you download!

     

    WHAT TO DO IF YOU THINK YOUR MAC HAS BECOME 'INFECTED'

     

    If you think you may have acquired a Trojan, and you know its name, you can also locate it via the Terminal:

     

    http://theappleblog.com/2009/04/24/mac-botnet-how-to-ensure-you-are-not-part-of- the-problem/

     

    Although any content that you download has the possibility of containing malicious software, practising a bit of care will generally keep you free from the consequences of anything like the DNSChanger trojan.

    1. Avoid going to suspect and untrusted Web sites, especially p'orn'ography sites.

     

    2. Check out what you are downloading. Mac OS X asks you for you administrator password to install applications for a reason! Only download media and applications from well-known and trusted Web sites. If you think you may have downloaded suspicious files, read the installer packages and make sure they are legit. If you cannot determine if the program you downloaded is infected, do a quick Internet search and see if any other users reported issues after installing a particular program.

     

    3. Use an antivirus program like ClamXav. If you are in the habit of downloading a lot of media and other files, it may be well worth your while to run those files through this AV application.

     

    4. Use Mac OS X's built-in Firewalls and other security features.

     

    5.  Peer-to-peer sharing applications and download torrents (such as the now defunct LimeWire) supplying pirated software, movies etc are hotbeds of potential software issues waiting to happen to your Mac. Everything from changing permissions to downloading trojans and other malicious software can be acquired from using these applications. Similar risks apply to using Facebook, Twitter, MySpace, YouTube and similar sites which are prone to malicious hacking:  http://news.bbc.co.uk/1/hi/technology/8420233.stm

     

    6. Resist the temptation to download pirated software. They can contain Botnet Trojans.  SecureMac offer a simple and free tool for the removal of the iBotNet Trojan available here:

     

    http://macscan.securemac.com/files/iServicesTrojanRemovalTool.dmg

     

    YOUR PRIVACY ON THE INTERNET and the latest risks to look out for:

     

    There is the potential for having your entire email contact list stolen for use for spamming:

     

    http://www.nytimes.com/2009/06/20/technology/internet/20shortcuts.html?_r=1

     

    And if you are using iPhone Apps you are also at risk of losing all privacy:

     

    http://www.engadget.com/2010/10/03/hacker-claims-third-party-iphone-apps-can-tra nsmit-udid-pose-se/

     

    The advent of HTML5  may also be a future threat to internet privacy:

     

    http://www.nytimes.com/2010/10/11/business/media/11privacy.html?_r=1&hp

     

    Security of OS X generally:

     

    http://www.apple.com/macosx/what-is/security.html

     

    http://www.nsa.gov/ia/_files/os/applemac/I731-007R-2007.pdf

     

    Security Configuration for Version 10.5 Leopard:

     

    http://manuals.info.apple.com/en_US/Leopard_Security_Config_2nd_Ed.pdf

     

    NOTE: Apple's Snow Leopard and Lion operating systems silently update the malware protection built into Mac OS X to protect against a backdoor Trojan horse that can allow hackers to gain remote control over your treasured iMac or MacBook: Macs running Snow Leopard or Lion now check for new malware definitions daily, allowing Apple to quickly deploy protection from threats before they have a chance to spread.

    Few malicious titles actually exist for Mac OS X, and those that do rely almost entirely upon duping users to install software that pretends to be legitimate.

     

    http://www.sophos.com/blogs/gc/g/2010/06/18/apple-secretly-updates

     

    However, if you are running Lion Server:

     

    Apple's new server operating system -- OS X Lion -- is so inherently insecure that Stamos recommends keeping it off the network altogether and using Macs only as standalone machines connected to IP or Windows networks, not those designed for Macs.

    The Mac Server's networking protocols -- especially DHX User Authentication -- are designed for ease of use, not security. It is trivial, Stamos said, for hackers to set up a Mac user to download a file that will overflow the buffer protecting the heap segment of the server's memory, allowing the file's malicious payload to run uncontrolled in the server's memory and give itself whatever access rights it wants.

    http://www.macworld.co.uk/mac/news/index.cfm?newsid=3301796&olo=email

  • 36. Re: heard 2 days ago first mac virus
    softwater Level 5 Level 5 (5,370 points)

    Great, informative post, Klaus. Thanks for taking the time to put such a comprehensive reply together.

  • 37. Re: heard 2 days ago first mac virus
    HACKINT0SH Level 5 Level 5 (5,755 points)

    We should remind people that those who decide to place anti-virus software on their Mac, are at MORE a risk of getting harmful applications, than those who don't.

     

    I think that pretty much sums up the whole debate right there.

  • 38. Re: heard 2 days ago first mac virus
    thomas_r. Level 7 Level 7 (27,985 points)

    We should remind people that those who decide to place anti-virus software on their Mac, are at MORE a risk of getting harmful applications, than those who don't.

     

    You have data from a study that shows that definitively, do you?

  • 39. Re: heard 2 days ago first mac virus
    JoeyR Level 6 Level 6 (8,275 points)

    makes sense. I know Limewire and Bittorrent are loaded with problems but have never heard a problem with Pirate Bay.

    Guess you  are all right. I can watch at netflix and download at ABC, CBS etc

    PirateBay "is" a torrent site.  Limewire was a little different in the way it worked, but the results were essentially the same.  It just sometimes took a little longer for something to spread via LimeWire as it had to pass from computer to computer.  When something is posted to a popular torrent site (such as PirateBay) it can get distributed much more quickly.

     

    Mind you, I don't have an issue with respect to software distribution via torrents.  It takes a major bandwidth burden off of the developer (and can often be faster than a direct download).  However, the actual torrents are generally included in the developers page as an alternative download method.  I tinker around with different flavors of linux quite a bit and most of the major distros let you download them via torrents.  This is not the same as going to a torrent site where you're not getting something from a trusted source... or something which has been authorized for distribution.

  • 40. Re: heard 2 days ago first mac virus
    R C-R Level 6 Level 6 (14,180 points)

    Klaus1 wrote:

     

    However, if you are running Lion Server:

     

    Apple's new server operating system -- OS X Lion -- is so inherently insecure that Stamos recommends keeping it off the network altogether and using Macs only as standalone machines connected to IP or Windows networks, not those designed for Macs.

    That isn't exactly true. What Stamos said has often been quoted out of context, probably to make it seem more sensationalistic than it actually was. The Register's story is perhaps more complete than most, pointing out that the risk was proportional to the number of users on the network & the vulnerability is to what are called APTs (advanced persistent threats) typically associated with state sponsored hackers going after classified or proprietary info on government or corporate networks.

     

    Stamos himself added a comment to the Register article (post time: 8th August 2011 18:53 GMT) pointing out that a key part of the DHX vulnerability scenario assumes it is unreasonable to expect a network of thousands of users to never be infected via malware, & for that reason iSec Partners strongly recommends that its enterprise clients not use any of Apple's server technologies if they think they are "playing at the same level as the Aurora and Shady RAT victims."

     

    IOW, if you think China might be interested in compromising your servers, stay away from Lion Server. Personally, I'm not too worried about that.

  • 41. Re: heard 2 days ago first mac virus
    R C-R Level 6 Level 6 (14,180 points)

    Thomas A Reed wrote:

     

    You have data from a study that shows that definitively, do you?

    From a careful study of a crystal ball, perhaps?

  • 42. Re: heard 2 days ago first mac virus
    Tycoon24 Level 1 Level 1 (15 points)

    HACKINT0SH wrote:

     

    We should remind people that those who decide to place anti-virus software on their Mac, are at MORE a risk of getting harmful applications, than those who don't.

     

    R C-R wrote:

     

     

    Thomas A Reed wrote:

     

    You have data from a study that shows that definitively, do you?

     

    From a careful study of a crystal ball, perhaps?

     

    More like a fantastic notion from the air castle.

  • 43. Re: heard 2 days ago first mac virus
    softwater Level 5 Level 5 (5,370 points)

    Tycoon24 wrote:

     

    HACKINT0SH wrote:

     

    We should remind people that those who decide to place anti-virus software on their Mac, are at MORE a risk of getting harmful applications, than those who don't.

     

    R C-R wrote:

     

     

    Thomas A Reed wrote:

     

    You have data from a study that shows that definitively, do you?

     

    From a careful study of a crystal ball, perhaps?

     

    More like a fantastic notion from the air castle.

     

    This all seems a bit harsh. I assumed that what he was suggesting is that most? (don't get so pedantic about the quanitfiers) so-called 'AV software' appears to indicate that you have some kind of virus/trojan/malware when you first run it.

     

    You run the program, and oh look "I have a virus! And me-oh-my, look at all those other things on their 'Threats' page....cripes! I better buy the full plan."

  • 44. Re: heard 2 days ago first mac virus
    deggie Level 8 Level 8 (46,535 points)

    I did not get that impression at all.