14 Replies Latest reply: Oct 13, 2012 5:53 PM by michaelsip4
michaelsip4 Level 2 Level 2 (300 points)

Personnally at times I get confused on malware, anti-virus and phishing with all the discussions I have seen on the forums as well as when I attempt to read product information at given sites eg: clamxav sophos iantivrus etc.....So please allow me to ask the following question, even though macs really dont get virus's

 

So assuming I have a mac in a pure mac environment what do these products actually do

(1) Clamxav  - does clamxav work as an antivirus   does it protect you from malware  does it protect you from phising  does it protect you from trojans/worms

(2) Sophos      same questions

(3) Iantivirus    same questions    

 

Now assuming that I have a mac in a windows shared environment, what does each of these products do with the win relationship existing

(1) Clamxav

(2) Sophos

(3) Iantivrus    

 

I have noticed that clamxav is recommended (why/what does it really do) and sophos primarily but i am seeing trending where Iantivrus works well to - but I never seem to find the answer to my question to make an informed decision to not use anything or to have something on my mac due to the fact that the product will protect me due to reason x...y...z.....and I feel it is the best product for myself.


iMac, OS X Mountain Lion, IOS5
  • 1. Re: Anti-Virus / Malware / Phishing Question
    babowa Level 7 Level 7 (23,295 points)

    Here is a good place to start:

     

    http://www.reedcorner.net/mmg/

  • 2. Re: Anti-Virus / Malware / Phishing Question
    michaelsip4 Level 2 Level 2 (300 points)

    thank you, but I think im meaning my question from the product perspective.   I discovered a site av-comparatives org    http://www.av-comparatives.org/comparativesreviews/mac-security-reviews/165-mac- security-review-oct-2012   and it doesnt have any of the three products listed (first and foremost - maybe they werent submitted for evaluation)  but Im still trying to get a handle on what these products actually do for the mac and do for a shared mac/win environment.

  • 3. Re: Anti-Virus / Malware / Phishing Question
    babowa Level 7 Level 7 (23,295 points)

    I have no idea what most of those products claim to do because I won't install them. That is one of the reasons why I have a Mac. I've run ClamXAV occasionally (once in two years maybe). I don't run Windows and do not open attachments from Windows users (fortunately, I am not in a work environment so I can afford the luxury of (not) doing that). I am also careful what and from which site I download (I choose not to use torrent sites or go to any site that WOT shows a warning for). I've read that the best precaution is to use your head.

     

    FWIW: nothing can protect you from a new threat - the AV software can be updated after the malware/virus has been released, but how could it know in advance?

     

    Hopefully some of our expert AV members will chime in here.

  • 4. Re: Anti-Virus / Malware / Phishing Question
    Linc Davis Level 10 Level 10 (117,990 points)

    This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an attacker who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.

    All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files. The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders. In most cases, there’s no benefit from any other automated protection against malware.

     

    Starting with OS X 10.7.5, there is another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications that are downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Applications certified in this way haven't actually been tested by Apple (unless they come from the Mac App Store), but you can be sure that they haven't been modified by anyone other than the developer, and his identity is known, so he could be held responsible if he knowingly released malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe. Note, however, that there are some caveats concerning Gatekeeper:

    1. It doesn't apply to software that comes packaged as an installer. Treat all third-party installers with caution.
    2. It can be disabled or overridden by the user.
    3. It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
    4. It only applies to applications downloaded from the network. Software installed from a CD or other media is not checked.
    For more information about Gatekeeper, see this Apple Support article.

     

    Notwithstanding the above, the most effective defense against malware attacks is your own intelligence. All known malware on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. If you're smarter than the malware attacker thinks you are, you won't be duped. That means, primarily, that you never install software from an untrustworthy source. How do you know a source is untrustworthy?

    1. Any website that prompts you to install a “codec,” “plug-in,” or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
    2. A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. [Some reputable websites did legitimately warn users who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.]
    3. “Cracked” copies of commercial software downloaded from a bittorrent are likely to be infected.
    4. Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.
    Java on the network (not to be confused with JavaScript, to which it's not related) is always a potential weak spot in the security of any operating system. If Java is not installed, don't install it unless you really need it. If it is installed, you should disable it (not JavaScript) in your web browsers. Few websites have Java content nowadays, so you won’t be missing much. This setting is mandatory in OS X 10.5.8 or earlier, because Java in those obsolete versions has known security flaws that make it unsafe to use on the Internet. The flaws will never be fixed. Regardless of version, experience has shown that Java can never be fully trusted, even if no vulnerabilities are publicly known at the moment.

    Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.

    Never install any commercial "anti-virus" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.

  • 5. Re: Anti-Virus / Malware / Phishing Question
    Linc Davis Level 10 Level 10 (117,990 points)

    I should add that if you're looking for a consensus, you won't find it here. Some people on this site, for example, advocate for Sophos, which I think is completely worthless, at best. All it will ever do is slow down and destabilize your computer.

  • 6. Re: Anti-Virus / Malware / Phishing Question
    Klaus1 Level 8 Level 8 (44,495 points)

    iAntivirus is a scam.

     

    Sophos is OK but may slow down your Mac.

     

    ClamXav is fine.

     

    There are many forms of ‘Malware’ that can affect a computer system, of which ‘a virus’ is but one type, ‘trojans’ another. Using the strict definition of a computer virus, no viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions. The same is not true of other forms of malware, such as Trojans. Whilst it is a fairly safe bet that your Mac has NOT been infected by a virus, it may have another security-related problem, but more likely a technical problem unrelated to any malware threat.

     

     

    You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful:

     

    https://discussions.apple.com/docs/DOC-2435

     

    The User Tip (which you are welcome to print out and retain for future reference) seeks to offer guidance on the main security threats and how to avoid them.

     

    More useful information can also be found here:

     

    http://www.reedcorner.net/mmg/

  • 7. Re: Anti-Virus / Malware / Phishing Question
    MadMacs0 Level 4 Level 4 (3,725 points)

    michaelsip4 wrote:

     

    Personnally at times I get confused on malware, anti-virus and phishing with all the discussions I have seen on the forums as well as when I attempt to read product information at given sites eg: clamxav sophos iantivrus etc.....So please allow me to ask the following question, even though macs really dont get virus's

     

    So assuming I have a mac in a pure mac environment...

    (1) Clamxav  - does clamxav work as an antivirus   does it protect you from malware  does it protect you from phising  does it protect you from trojans/worms

    Yes.

    Now assuming that I have a mac in a windows shared environment, what does... do with the win relationship existing

    (1) Clamxav

    Since ClamXav uses the cross-platform ClamAV scan engine, it does exactly the same job with respect to windows malware (which includes Trojans and worms) and phishing. I would encourage you to go to the ClamAV web site to learn more and if you have additional questions about it, I'll be happy to attempt to answer them.

     

    I have refrained from making any recommendations here, for reasons that will become obvious later, but I have responded to your questions because I have an intimate knowledge of it. I do have Sophos installed, along with Intego's Virus Barrier X5 and MacScan, but none of them are being used in an active mode, the VB X5 subscription was allowed to expire after the first yeae of use and I hardly ever use any of them except in a test mode. So I hesitate to comment on what Sophos does or does not do and I am unable to use the Symantec version of iAntivirus with my setup.

     

    Full disclosure: I do uncompensated Tech Support on the ClamXav Fourm.

  • 8. Re: Anti-Virus / Malware / Phishing Question
    thomas_r. Level 7 Level 7 (27,930 points)

    All three of those products will protect you against both Mac and Windows malware, though you should note that iAntivirus is sub-par in that area and I don't recommend it. (More on this in a minute...)

     

    ClamXav is a very low-impact app best used for scanning specific folders. You can set it to automatically scan any new files added to certain folders (like the Downloads folder), or you can use it for manual scans. It absolutely will not destabilize your machine, and it will detect everything in my malware collection at this time.

     

    Sophos is a more sophisticated app that does what is called "on-access scanning." This means that, when a file is interacted with in any way, it is scanned and, if it is deemed to be malware, that interaction is blocked. If you get a malware file of any kind on your machine, you will not be able to open it, move it, rename it, delete it (except through Sophos's quarantine), etc. This is accomplished through kernel extensions, and that is its main source of potential problems. Some people have reported that it causes kernel panics, usually around the time of major system upgrades, though very few have ever reported that to my knowledge and it behaved well in my testing. It had very no noticeable impact on performance. Sophos also detected everything in my malware collection.

     

    The lat time I tested the new iAntivirus, it did indeed catch most of what is in my malware collection.  Strangely, though, it reported finding more malware than I actually have in my collection.  Even more strangely, it apparently didn’t catch a few that were inside .zip files, so I’m a bit confused as to what it actually found.  Worse, the quarantine list only showed one item, so there was no way to find out what it found other than that one file.  I’m actually a bit mystified at what it did with most of my malware collection, which simply disappeared after the scan. Good thing I had my collection backed up, and good thing none of the things it found were false positives!

     

    One last consideration: any anti-virus software obtained through the App Store can only do manual scans of specific folders that you select. They cannot scan anything automatically. This is due to sandboxing restrictions applied to apps in the App Store, as a security measure, but it does limit the capabilities of such software. On the other hand, these restrictions also limit the potential for mayhem caused by bad anti-virus software (like iAntivirus). iAntivirus is only available through the App Store. ClamXav is available both in a feature-limited version through the app store and in a more feature-rich version through the ClamXav website. Sophos is only available through the Sophos website.

  • 9. Re: Anti-Virus / Malware / Phishing Question
    michaelsip4 Level 2 Level 2 (300 points)

    Gentlmen, first of all, all of you have helped me (apple only gave me two help me stars for points) so doing a top down I was unable to give mad macs points that way. So madmac had to give you the solved and thank you for the disclosure. 

     

    As for myself, my goal is keeping my computer safe as possible. I also get lost at times in all of the rhetoric and vendors/suppliers of AV's home/information pages looking for the magical key words of we will protect you from

    X Y Z we work with mac and we support win related virusus.   I find at times there is X number of mac viruses but I know there are XXXX win viruses. so I get lost in the grey areas (keeping it simple)

     

    I look on various websites for comparatives (product to product) and dependening on the web-site they slam one product and state another is excellant and on another site the opposite is true (which makes it difficult)  to ascertain what is true (leaning me to believe there is an affiliation of some type)

     

    madmacs, thank you and I understand more about everything in past posts we have both been in.  The same is true about everyone else (meaning that in a positive basis)

     

    Im just trying to find justified reasons to make an informed decision (like all of the other people making posts or asking questions along these lines....what protects me, how does it help me, what about windows stuff, do i really need it.

     

    * thomas, did not see your post until after I posted thank you

     

     

     

    Sidebar

     

    A wierd thing I noticed in the av-comparatives org links post was that mackeeper was rated fairly good yet it is consistantly slammed as well as other products on the forum which also confuses me......is it an inherint biass from mac 0s 8 or 9.   Is it substantiated, is it a continuation that spun a life of its own.... this also confuses me at times (which brings me back to product line questions) 

     

    I know I have used iolo on the win side in the past, which created problems for me because I did not have a complete understanding of the products options and functionality (what they really do - when I click ok) and Im wondering if some of the negativity i see is based on this

     

    granted cnet, pcworld and other areas people go to rate things good - when there posted on there sites for downloads and there not as we discover but it also adds to the confusion as a person trying to determin av or not.

  • 10. Re: Anti-Virus / Malware / Phishing Question
    michaelsip4 Level 2 Level 2 (300 points)

    thomas,

     

    thank you for your insights and disclosure. Have a better insight of the caveats that play into equation

    and overall stabilitiy is definantly a critical aspect (i also expereinced the Iantivrus where did it go

    disappearence one time)

     

    but speaking as a consumer, its norton it took care of it for me...your point of false positives is definantly

    mind opening in conjunction with the where did it go.

  • 11. Re: Anti-Virus / Malware / Phishing Question
    thomas_r. Level 7 Level 7 (27,930 points)

    I look on various websites for comparatives (product to product) and dependening on the web-site they slam one product and state another is excellant and on another site the opposite is true

     

    You have to be very careful that you're not looking at sponsored reviews. There's a lot of monkey-business going on in this industry, which is very competitive. There's a lot of anti-virus software out there, all competing for the same market, and there's a fair bit that's free. That makes the market very competitive, and increases the chances of advertising half-truths and exaggerations.

     

    A wierd thing I noticed in the av-comparatives org links post was that mackeeper was rated fairly good yet it is consistantly slammed as well as other products on the forum which also confuses me.....

     

    Zeobit (the company behind MacKeeper) is a very unethical advertiser. They have been known to buy domains similar to competition and put deceptive things there. They have also been known to buy positive reviews on sites like VersionTracker and C|Net, by offering free upgrades to customers who post there. They also will throw money at other reviewers... I was offered a consulting job by them out of the blue after writing a negative review of MacKeeper (Beware MacKeeper), and was basically told to "name my fee."

     

    So it's not at all surpising that there should be a disparity between different reviews of a product like MacKeeper. Avoid it, it's trash.

  • 12. Re: Anti-Virus / Malware / Phishing Question
    michaelsip4 Level 2 Level 2 (300 points)

    thank you, understood.

  • 13. Re: Anti-Virus / Malware / Phishing Question
    MadMacs0 Level 4 Level 4 (3,725 points)

    michaelsip4 wrote:

     

    A wierd thing I noticed in the av-comparatives org links post was that mackeeper was rated fairly good yet it is consistantly slammed as well as other products on the forum which also confuses me......is it an inherint biass from mac 0s 8 or 9.   Is it substantiated, is it a continuation that spun a life of its own.... this also confuses me at times

    I think a lot of this is due to first impressions. Their aggressive, in-your-face all the time advertising behavior was one reason. This is apparently a very successful technique on the Windows side of the house, but they ran into a huge outcry with it with their first introduction. In order to rush their product to market, they used as much of the code they already had with their Windows offering as they could and that was especially true with their A-V module which used Wine to run their PC code. When I was attempting to evaluate the application I was surprised to find that the file only contained a downloader that required Internet access to install the actual application code. That's a technique I had only previously seen with malware, so that raised my suspicions. Visiting their web site I discovered they had another office in the Ukraine and must admit to an immediate prejudice which I hope has not clouded my thinking. I don't believe I've ever said anything here that wasn't based on fact nor recommended against it's use, but have pointed out removal instructions to those who expressed a desire or frustration with doing so. Some MacKeeper supporters were initially disappointed that their life-time free updates were limited to v1.x.x and that in order to get the new 2012 version they would have to pay for it. Bait and switch? Of course when they were offered free updates in exchange for a review, most of them jumped at the chance. Thomas covered most of those issues. There was also the matter of trying to remove it. Initially there was no uninstaller. They would only tell people to call the 800 number where they tried to talk you out of doing so. Then they posted some instructions for manually deleting it, but users quickly found that the list was incomplete. Then they started using the built-in uninstaller that asked for your password and to give them a reason for wanting to delete it. That was also incomplete, which is why Phil Stokes' blog on the subject. 

     

    I was marginally involved when they purchased ClamXav.org with a big green download button that gave you MacKeeper, instead. They were very close to having to go to court to explain that one before they had their advertisers back off and add a smaller link to ClamXav, then eventually remove the big green button. I also observed them at Macworld 2012 handing out condoms with their logo on them, in one case to a thirteen year old daughter of an acquaintance of mine.

     

    Even if it wasn't for all of the above, I still would not have recommended it in view of all of it's non-malware functions, which I consider to be not only unnecessary but somewhat dangerous in the hands of the average user. The OS takes care of most all of that by itself and although things like cleaning cache can be useful at times, it's will often slow your Mac down for a period of time and should not be used in a routine manner. Things like stripping languages and codes can cripple some apps that don't like to be touched in that manner. I only made that mistake once with another app many years ago and it took two weeks of re-installation to repair all the damage.

     

    So where are we today. The advertisement has abated to some extent, although we still read about all the pop-ups people can't seem to get rid of. The A-V code has been totally re-written and is probably OK, but the article you pointed out is one of a hand-full that have tried to compare it to other offerings. I can no longer run the current version, so again I won't make any judgments on it's effectiveness and hope to see more labs take that job on, especially as concerns that other half dozen or so formerly Windows only A-V vendors that showed up in the Mac arena last Spring. The built-in uninstaller is now the preferred method of deleting it, but a few users still claim to have problems with it.

     

    Bottom line is that I think they suffer from an initial bad impression in the Mac market, similarly I think Symantec is in a similar situation based on it's ruining of Norton products after it took control of them. I don't think I will ever recommend a generalized "cleaner" app to Mac users.  Perhaps Consumer Reports will eventually evaluate Mac malware offerings. To date they have said it's not necessary for Macs. Until then I'm not sure I trust any of the reviews I've read to give me valid results of their tests. There are testing organizations that are paid by the vendor to rate their product, so I don't usually even bother to read their results.

  • 14. Re: Anti-Virus / Malware / Phishing Question
    michaelsip4 Level 2 Level 2 (300 points)

    MadMacs, appreciate your insights and opinions also thank you for taking time out for me so I can get my head around this...