Skip navigation

best malware detector for mac

23573 Views 48 Replies Latest reply: May 8, 2012 3:23 PM by MadMacs0 RSS
1 2 3 4 Previous Next
Curious_Mac Calculating status...
Currently Being Moderated
May 2, 2012 7:54 AM

I'm interested in providing additional protection for my iMac by installing an application that will detect various forms of Malware aimed at the Mac OS X system.

Since Mac's are beginning to raise the interest of the hacker community, I would like to stay one step ahead of the "crowd".

I keep my system up to date with the latest updates/patches and I am very careful of the web-sites that I visit.  But, one can never be too careful.

 

Are there any suggestions from the community?

iMac, Mac OS X (10.7.3), 21", i3@3.2 GHz, 16GB RAM
  • Klaus1 Level 8 Level 8 (43,430 points)
    Currently Being Moderated
    May 1, 2012 2:27 PM (in response to Curious_Mac)

    You will find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful:

     

    https://discussions.apple.com/docs/DOC-2435

     

     

    The User Tip (which you are welcome to print out and retain for future reference) seeks to offer guidance on the main security threats and how to avoid them, including how to prevent, detect and/or remove the Flashback Trojan.

  • etresoft Level 7 Level 7 (23,905 points)
    Currently Being Moderated
    May 1, 2012 2:50 PM (in response to Curious_Mac)

    Curious_Mac wrote:

     

    I'm interested in providing additional protection for my iMac by installing an application that will detect various forms of Malware aimed at the Mac OS X system.

     

     

    As far as I know, the only software that checks for that, and only that, is MacOS X itself. All of the anti-virus tools spend 99.9% of their time checking for Windows malware so you don't accidentally e-mail it to a poor, hapless Windows user.

     

    Since Mac's are beginning to raise the interest of the hacker community

     

    Nah. Theyve been trying to hack the Mac for decades. It is just that anything with the word "Apple" in the headline gets viewers and, consequently, advertisers. Contrary to what the anti-virus or Apple-basher crowds tell you, Mac's have never been, nor have their users ever claimed them to be, invulnerable. Macs are just practically invulnerable. The more 3rd party software you install, like Java, Adobe, especially any Peer-to-peer software, will increase the vulnerability.

     

    I keep my system up to date with the latest updates/patches and I am very careful of the web-sites that I visit.  But, one can never be too careful.

     

    Are there any suggestions from the community?

    You really don't need to do anything. Almost everyone impacted by the recent Flashback incident had never updated their systems.

     

    You can run additional anti-virus software if you want. I'm sure people will chime in with their own favorites. Which would you rather do? Scan your system 24x7 for 99.9% Windows viruses for the next ten years? Or take a less-than-1% chance of getting some weak trojan in the next ten years? Even if you do get that trojan, an Apple software update will get rid of it within a few days. If past events are any guide, this should all happen circa 2026, of course.

  • stevejobsfan0123 Level 7 Level 7 (30,500 points)
    Currently Being Moderated
    May 1, 2012 2:54 PM (in response to Curious_Mac)

    You don't need any. If you do, use ClamXav - not anything else. But you really don't need any.

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    May 1, 2012 4:22 PM (in response to etresoft)

    etresoft wrote: You really don't need to do anything. Almost everyone impacted by the recent Flashback incident had never updated their systems.

    1. How do you know that? 2. And it wouldn't have made any difference if you were fully updated or not if you had Java enabled. You know as well as I that Apple was 7 weeks late with the Java patch for the vulnerability that was exploited. This provided plenty of opportunity for infection. Apple only got its act together and provided a patch after this thing was running rampant and they were getting kicked in the behind because of very bad PR. Who knows how many other vulnerabilities Apple is typically being lackadaisical about patching.

     

    If past events are any guide, this should all happen circa 2026, of course.

     

    I wouldn't place a strong bet on past events being any guide any longer. I suppose you're going to resort to your usual "you've been suckered by the media hype."  I say your complacence (and compliance to the "Apple faith") is astonishing.

     

    A-V of some kind, given all its limitations, may prove to be one useful, if imperfect, tool.

  • etresoft Level 7 Level 7 (23,905 points)
    Currently Being Moderated
    May 1, 2012 4:40 PM (in response to WZZZ)

    WZZZ wrote:

     

    1. How do you know that?

     

    Based on published reports. I don't happen to believe them at all, but many people do.

     

    2. And it wouldn't have made any difference if you were fully updated or not if you had Java enabled.

     

    Sure it would have. If you didn't have Java enabled, or were a Lion user who had not installed Java, then you were always completely invulnerable.

     

    You know as well as I that Apple was 7 weeks late with the Java patch for the vulnerability that was exploited.

     

    Yes. Apple was 7 weeks late patching a 17 year-old exploit in someone else's code.

     

    Apple only got its act together and provided a patch after this thing was running rampant and they were getting kicked in the behind because of very bad PR.

     

    Yep. Bad PR was the whole point.

     

    Who knows how many other vulnerabilities Apple is typically being lackadaisical about patching.

     

    Apple has never been lackadaisical about security. All of the security bug reports I have filed, going back years, get immediate attention from Apple's dedicated security group. Even with the Flashback incident, Apple's performance on security has been #1 in the industry.

     

    Did I mention how Java was a 17 year-old mess of spaghetti code? There was a reason Apple stopped including Java in the operating system.

     

    I wouldn't place a strong bet on past events being any guide any longer.

     

    That's true. Mountain Lion will have much stronger safeguards.

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    May 1, 2012 5:28 PM (in response to etresoft)

    I won't bother to reply to all but the most nonsensical and unsupported of your points.

     

    2. And it wouldn't have made any difference if you were fully updated or not if you had Java enabled.

     

    Sure it would have. If you didn't have Java enabled, or were a Lion user who had not installed Java, then you were always completely invulnerable.

    You were the one who first said, "You really don't need to do anything. Almost everyone impacted by the recent Flashback incident had never updated their systems," effectively blaming the outbreak of infections on those who hadn't fully updated and suggesting that if you had been fully updated you would not have been at risk. I pointed out that this made no sense because being fully updated had made no difference to whether one was infected or not, since Apple had neglected for almost two months to patch a known vulnerability and this was what had created the opportunity for this malware to run rampant. You then take a completely illogical detour, changing the terms of your own premise  about users becoming infected from not being fully updated to those who were protected because they had Java disabled. So which is it? Being fully updated or happening to know, as some of us who were more fortunate did, that Java was a known attack vector and consequently kept Java disabled? Lion users weren't protected because they were fully updated. Many who were fully updated were infected, or they were just lucky if they didn't click on the first Applet they came across that asked them to enable Java. This is breathtakingly specious logic.

  • etresoft Level 7 Level 7 (23,905 points)
    Currently Being Moderated
    May 1, 2012 6:59 PM (in response to WZZZ)

    Java was removed from Lion. So was Flash. Apple was being proactive by removing, in advance, the two biggest security risks on MacOS X. Lion users who had not installed Java were always, from day one, immune.

     

    As for the two month delay - Java is an incredibly complex, 17 year-old language written by Sun Microsystems before it was purchased by Oracle. You can't just snap your fingers and update something like that. To suggest that Apple was lacadaisical or neglectful is just showing your ignorance. Apple takes security issues very seriously and has for many years. When submitting a bug report, the top item on the list is "Security", above everything else.

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    May 1, 2012 9:17 PM (in response to etresoft)

    Here's some inflamatory media hype. Obviously lying through their teeth only to increase A-V revenue.

    http://malware.cbronline.com/news/apple-10-years-behind-microsoft-on-security-ka spersky-250412

    http://www.cbronline.com/news/kaspersky-blames-apple-for-massive-flashfake-malwa re-breakout-11-04-12

     

    Oh, and yes, anything less than two months to patch what was patched for Windows would have been a finger snap. And pure coincidence that it was finally patched after 600,000 + users were infected.

  • etresoft Level 7 Level 7 (23,905 points)
    Currently Being Moderated
    May 2, 2012 5:42 AM (in response to WZZZ)

    WZZZ wrote:

     

    Here's some inflamatory media hype. Obviously lying through their teeth only to increase A-V revenue.

    http://malware.cbronline.com/news/apple-10-years-behind-microsoft-on-security-ka spersky-250412

    http://www.cbronline.com/news/kaspersky-blames-apple-for-massive-flashfake-malwa re-breakout-11-04-12

     

    Sadly, yes. You really think MacOS X is the same as Windows circa 2002?  Anyone old enough to remember Windows 2000 knows how ridiculous that statement is. Kaspersy in particular had been shown to be incompetent. Their "10 years behind Microsoft statement" has earned it only ridicule even from the Apple-bashers. Kaspersky's Flashback removal tool damaged people's computers to a far greater degree than the malware. You earn zero points for the Kaspersky link.

     

    Oh, and yes, anything less than two months to patch what was patched for Windows would have been a finger snap. And pure coincidence that it was finally patched after 600,000 + users were infected.

     

    Please understand. Sun refused to write Java for the Mac. They would only do it for Solaris, Linux, and then Windows. It was always Apple's responsibility to write Java for the Mac. Only when Apple gave up on Java completely did Oracle take over because MacOS X is now more important than Java is. There is no way that Apple, with only a handful of Java support engineers, can possibly update Java as fast as Oracle who employs the thousands of Java programmers who wrote Java in the first place. Apple's version of Java has always lagged behind because Apple always has to re-do the changes themselves. Software development takes time. It can't be done overnight. What you are branding malfeasance was actually Apple engineers working hard to release an updated Java faster than they had ever done before.

  • WZZZ Level 6 Level 6 (11,880 points)
    Currently Being Moderated
    May 2, 2012 7:03 AM (in response to etresoft)

    Kaspersky's Flashback removal tool damaged people's computers to a far greater degree than the malware. You earn zero points for the Kaspersky link.

    I had anticipated you'd say that, since you appear willing to resort to any kind of logical fallacy known to man, but I was too late to add the edit and too tired to create a new post: I had written something like "and please don't tell me Kaspersky's tool made a mess of things. I know that. That's like telling the judge who issues a guilty verdict his verdict must be wrong and he's incompetent  because he once got a parking ticket." This is pure noise. Either Kaspersky is right or wrong, but it doesn't hang on their badly written Flashback removal tool.

     

    The rest of what you say is typical Apple-can-do-no-wrong true believer nonsense. (I should point out, I'm neither knee-jerk against nor for Apple.)

     

    As far as Gatekeeper in Mountain Lion goes, we'll see how it goes, but it may not be much more than a veiled attempt by Apple, using the pretext of enhanced security, just like the App Store (we know how successful that's been in allowing in only fully vetted applications, to wit, MacKeeper, AKA MacKeeper911), to restrict software development and further assert its control, without much tangible benefit for security. Apple approved developers will get first crack at the market, so naturally many of them are happy with this development.

     

    Further, speaking of A-V giving users a false sense of security and intimidating less sophisticated users into not allowing completely decent apps, anyone with a $99 developer account can get to sign their app with their developer ID from their code signing certificate. But so what? Will the code in that app be fully vetted by Apple? If Apple already doesn't, as you say, have the resources to quickly write new code for Java (which I doubt), how will they possibly properly vet all those apps?

     

    Interesting take on this in Ars.

     

    Still, developers are nervous that Gatekeeper might simply be another stepping stone toward Mac App Store-only distribution down the line. "Even that middle ground, of App Store plus Apple-certificate signed apps, is providing Apple with more control than they have now," Kafasis said. "That's something worth considering."

    http://arstechnica.com/apple/news/2012/02/developers-gatekeeper-a-concern-but-st ill-gives-power-users-control.ars

  • etresoft Level 7 Level 7 (23,905 points)
    Currently Being Moderated
    May 2, 2012 8:20 AM (in response to WZZZ)

     

    WZZZ wrote:

     

    As far as Gatekeeper in Mountain Lion goes, we'll see how it goes, but it may not be much more than a veiled attempt by Apple, using the pretext of enhanced security, just like the App Store (we know how successful that's been in allowing in only fully vetted applications, to wit, MacKeeper, AKA MacKeeper911)

     

    Yes. This Flashback incident exposed a number of people who really didn't know what they were talking about. They had good reputations so I had no reason not to trust them. Once they exposed themselves as simply blog readers without the tecnical expertise to understand what is going on, I took another look MacKeeper. What I discovered, after trying it myself instead of relying on unsubstantiated reports, was that everything I had heard about MacKeeper being awful was completely false. Sure, it is typical over-the-top anti-virus scareware. But it uninstalls easily (and cleverly). Pretty much everything that had been written about it was false. I discovered this after looking at it myself instead of relying on blogs. You should try that sometime.

     

    Still, developers are nervous that Gatekeeper might simply be another stepping stone toward Mac App Store-only distribution down the line. "Even that middle ground, of App Store plus Apple-certificate signed apps, is providing Apple with more control than they have now," Kafasis said. "That's something worth considering."

     

    http://arstechnica.com/apple/news/2012/02/developers-gatekeeper-a-concern-but-st ill-gives-power-users-control.ars

    So, are you a developer or a blog reader? Let me take a guess.

1 2 3 4 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.