13 Replies Latest reply: Apr 11, 2012 12:17 PM by R C-R
TanyafromCA Level 1 Level 1 (0 points)

Is some type of virus protection necessary? I just had my aol email account hacked and it has really spooked me. I had a lot of previous issues with my former PC and this is one of the reasons I bought an Apple. But now I wonder if I need some type of protection.


iMac, Mac OS X (10.7.3)
  • 1. Re: Virus Protection
    Klaus1 Level 8 Level 8 (44,495 points)

    You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful:

     

    https://discussions.apple.com/docs/DOC-2435

     

     

    The User Tip (which you are welcome to print out and retain for future reference) seeks to offer some guidance on the main security threats and how to avoid them, including the Flashback Trojan.

  • 2. Re: Virus Protection
    laundry bleach Level 5 Level 5 (6,880 points)

    Apple also offers this article about the recent Flashback malware issue.

  • 3. Re: Virus Protection
    John Galt Level 8 Level 8 (36,415 points)

    Ars Technica has a link to a quick app that checks your system to determine the presence of this malware. Here is the link:

     

    http://arstechnica.com/apple/news/2012/04/checking-for-mac-flashback-infestation -theres-an-app-for-that.ars

     

    It is by no means foolproof and does not remove the malware if it is determined to be present, but it harmless and easy to use. In the meantime, Apple says they're working on a fix.

     

    Direct link to the app: FlashbackChecker 1.0

     

    If it determines "no signs of infection were found" then disable Java in Safari Preferences. Make yours look like this:

     

    Screen Shot 2012-04-08 at 10.10.53 PM.png

     

    If you are using other browsers like Firefox you will need to disable Java in them too.

  • 4. Re: Virus Protection
    WZZZ Level 6 Level 6 (12,225 points)

    The problem with that program, like a number of others, is it's based on F-Secure's earlier definition for the i version and not the K. The K also looks for infection in ~/Library/LaunchAgents, which this app won't.

  • 5. Re: Virus Protection
    noondaywitch Level 6 Level 6 (8,130 points)

    Not to mention that we appear to be up to version R and beyond already!

  • 6. Re: Virus Protection
    John Galt Level 8 Level 8 (36,415 points)

    They're all going to be behind the curve to varying extents For those reluctant or unwilling to do their own research it's better than nothing.

  • 7. Re: Virus Protection
    John Galt Level 8 Level 8 (36,415 points)

    OpenDNS has recently been improved to address the Flashback trojan:

     

    http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns /

     

    Another good reason to use it. Just use OpenDNS's DNS servers and you don't need to change a thing on your Mac.

  • 8. Re: Virus Protection
    mcbuffy Level 4 Level 4 (1,050 points)

    Hello,

     

    Virus has nothing to do with your AOL account hacked.

    For more information read that :

    How do I know if my account has been compromised (hacked)?

    help.aol.com/help/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=51 598

     

    Don't choose an easy password and only login on AOL website.

    Don't respond on email that look like AOL send it and ask you to login on a fake webpage that will send your login and password to a hacker.

    Don't download any files send to you by an unknown person.

  • 9. Re: Virus Protection
    R C-R Level 6 Level 6 (14,180 points)

    noondaywitch wrote:

    Not to mention that we appear to be up to version R and beyond already!

    Different A-V companies give different names to the same malware. For instance, what the Russian company Dr Web calls "FlashFake.39" appears to be pretty much the same thing that F-Secure calls the I & K variants of FlashBack & most likely includes what Intego calls FlashBack R.

     

    These companies typically change the suffixes whenever they find something they consider to be a significant change in the malware but that varies considerably from company to company.

  • 10. Re: Virus Protection
    WZZZ Level 6 Level 6 (12,225 points)

    John Galt wrote:

     

    OpenDNS has recently been improved to address the Flashback trojan:

     

    http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns /

     

    Another good reason to use it. Just use OpenDNS's DNS servers and you don't need to change a thing on your Mac.

    Well, I'm not sure I'd rely completely on that. They are saying it blocks connection to the C&C, but what if you're already infected and already connected? And what happens if you're already infected and,  never connected to the Flashback mothership, but OpenDNS goes off and you revert to your ISPs servers?

     

    But good to know.

  • 11. Re: Virus Protection
    John Galt Level 8 Level 8 (36,415 points)

    You can't rely completely on anything; there is no magic bullet. OpenDNS is just another defense, and has the advantage of being completely unobtrusive. If you already have Flashback, you have to get rid of it.

     

    If you believe your ISP uses a secure DNS then that's fine.

  • 12. Re: Virus Protection
    WZZZ Level 6 Level 6 (12,225 points)

    I was really responding to this in your post.

     

    Another good reason to use it. Just use OpenDNS's DNS servers and you don't need to change a thing on your Mac.

  • 13. Re: Virus Protection
    R C-R Level 6 Level 6 (14,180 points)

    WZZZ wrote:

    Well, I'm not sure I'd rely completely on that. They are saying it blocks connection to the C&C, but what if you're already infected and already connected?

    A blocked connection is a blocked connection, whether or not it previously was unblocked. It won't "undo" any damage done by or info passed to the C&C server prior to the block but it will stop anything new from getting through.

     

    And what happens if you're already infected and,  never connected to the Flashback mothership, but OpenDNS goes off and you revert to your ISPs servers?

    There is that, plus somewhat similar considerations for things like deleting preference files during troubleshooting, making sure all your Network Locations are set to OpenDNS IP addresses if you use more than one location, & so on.

     

    Because of all this, I use & recommend considering a multi-layer approach to malware protection, including using OpenDNS, A-V software, & above all keeping your software up-to-date. No one thing will protect you from everything but having more layers of protection gives you a better chance that one of them will.