1 2 Previous Next 19 Replies Latest reply: Jun 4, 2009 4:30 AM by lkrupp
moorekr9 Level 1 Level 1 (0 points)
I know everyone says that Macs don't need any antivirus, but I know that they can still get trojans, malware, etc. What is the best program to protect my Mac from those?

MacBook Pro 2009, Mac OS X (10.5.7)
  • 1. Re: Best malware/trojan protection
    Kappy Level 10 Level 10 (226,795 points)
    You might visit The XLab FAQs and read the FAQs on anti-viruses and malware protection.

    An excellent alternative is ClamXAV - VersionTracker or MacUpdate.

    But most trojans will be offered through web site downloads, so being careful not to download anything you know nothing about is likely as not your best protection.
  • 2. Re: Best malware/trojan protection
    nerowolfe Level 6 Level 6 (13,070 points)
    Welcome to Apple Discussions:
    The Clam database is years old. IMO, it's not very useful.
    Most A/V for Macs is unneeded and often problematical.

    Your best protection from malware is to follow Apple's advice and never use an administrator account for casual browsing, but rather create a standard account for this purpose. Use the administrator account only when performing real administrator activity.

    Most malware avoidance is common sense. Using bit-torrent stuff opens the machine to strangers and should be used with great care, if at all. Letting other people have access to your computer is not a good idea. Using an account without a password is a very bad idea, and IMO, using the autologon feature is also not a good idea.

    If you use WiFi, you must use WPA2. Everything else has been hacked and is essentially useless as far as security is concerned.
  • 3. Re: Best malware/trojan protection
    Kappy Level 10 Level 10 (226,795 points)
    Nero,

    Their database is frequently updated. It is not years old. The last update was ver. 9418 released on 03 Jun 2009 08:18 :0400.

    Otherwise, no disagreement here. I do use a single admin account but I have yet to be bothered with any viruses or malware on any of my computers. I don't use the firewall (although my router has its own firewall built-in.) I rarely use wireless but my airport network uses WPA2 security just in case - especially here in Vancouver since I'm in a condo building.
  • 4. Re: Best malware/trojan protection
    nerowolfe Level 6 Level 6 (13,070 points)
    Kappy wrote:
    Nero,

    Their database is frequently updated. It is not years old. The last update was ver. 9418 released on 03 Jun 2009 08:18 :0400.

    Thanks for the update. I had not checked in a while, but last time it was close to a year old.
    In that case Clam is OK, but I would still say that it's not necessary as long as the user is aware of all the possibilities and ways to avoid malware.

    Otherwise, no disagreement here. I do use a single admin account but I have yet to be bothered with any viruses or malware on any of my computers. I don't use the firewall (although my router has its own firewall built-in.) I rarely use wireless but my airport network uses WPA2 security just in case - especially here in Vancouver since I'm in a condo building.


    I agree with the firewall settings - I have mine turned off and rely on the router. Regarding running the computer casually as an administrator, I don't say what I do ; I only report what Apple recommends. We all have the freedom to do what we choose, as long as we know the possibilities and are willing to take the responsibility when "stuff" happens from misuse of the computer.
  • 5. Re: Best malware/trojan protection
    jla930 Level 1 Level 1 (85 points)
    nerowolfe wrote:
    Your best protection from malware is to follow Apple's advice and never use an administrator account for casual browsing, but rather create a standard account for this purpose. Use the administrator account only when performing real administrator activity.


    Besides my own admin account, there is already a "guest" account set up on my iMac. I don't remember setting it up. Does the iMac put it there by default? Is this the recommended account to use? Or should I set up a new Standard account?

    nerowolfe wrote:
    If you use WiFi, you must use WPA2. Everything else has been hacked and is essentially useless as far as security is concerned.


    In network preferences, I have changed "WEP Password" to "WAP2 Personal". But it automatically changed back to WEP. Am I missing something? I made sure to click the "Apply" button when I was done.
  • 6. Re: Best malware/trojan protection
    jla930 Level 1 Level 1 (85 points)
    jla930 wrote:
    I have changed "WEP Password" to "WAP2 Personal". But it automatically changed back to WEP. Am I missing something? I made sure to click the "Apply" button when I was done.


    Sorry, I meant WPA2, not WAP2.
  • 7. Re: Best malware/trojan protection
    Klaus1 Level 8 Level 8 (44,495 points)
    No viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions.

    It is possible, however, to pass on a Windows virus to another Windows user, for example through an email attachment. To prevent this all you need is the free anti-virus utility ClamXav, which you can download from:

    http://www.clamxav.com/

    However, the appearance of Trojans and other malware that can possibly infect a Mac seems to be growing, but is a completely different issue to viruses.

    If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's (that's you!) DNS records stay modified on a minute-by-minute basis.

    You can read more about how, for example, the OSX/DNSChanger Trojan works here:

    http://www.f-secure.com/v-descs/trojanosxdnschanger.shtml

    SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:

    http://macscan.securemac.com/

    The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.

    (Note that a 30 day trial version of MacScan can be downloaded free of charge from:

    http://macscan.securemac.com/buy/

    and this can perform a complete scan of your entire hard disk. After 30 days the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.)

    A white paper has recently been published on the subject of Trojans by SubRosaSoft, available here:

    http://www.macforensicslab.com/ProductsAndServices/index.php?mainpage=document_general_info&cPath=11&productsid=174

    Also, beware of MacSweeper:

    MacSweeper is malware that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland based computer security software company on January 17, 2008

    http://en.wikipedia.org/wiki/MacSweeper

    On June 23, 2008 this news reached Mac users:

    http://www.theregister.co.uk/2008/06/23/mac_trojan/

    More information on Mac security can be found here:

    http://macscan.securemac.com/

    The MacScan application can be downloaded from here:

    http://macscan.securemac.com/buy/

    You can download a 30 day trail copy which enables you to do a full scan of your hard disk. After that it costs $29.95.

    More on Trojans on the Mac here:

    http://www.technewsworld.com/story/63574.html?welcome=1214487119

    This was published on July 25, 2008:

    Attack code that exploits flaws in the net's addressing system are starting to circulate online, say security experts.

    The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details.

    In light of the news net firms are being urged to apply a fix for the loop-hole before attacks by hi-tech criminals become widespread.

    Net security groups say there is anecdotal evidence that small scale attacks are already happening.

    Further details here: http://news.bbc.co.uk/2/hi/technology/7525206.stm

    A further development was the Koobface malware that can be picked up from Facebook (already a notorious site for malware, like many other 'social networking' sites), as reported here on December 9, 2008:

    http://news.bbc.co.uk/newsbeat/hi/technology/newsid_7773000/7773340.stm

    You can keep up to date, particularly about malware present in some downloadable pirated software, at the Securemac site:

    http://www.securemac.com/

    There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac, and alternatives will probably appear in the future. In the meantime the advice is: be careful where you go on the web and what you download!

    As to the current 'Conficker furore' affecting Intel-powered computers, MacWorld recently had this to say:

    http://www.macworld.co.uk/news/index.cfm?email&NewsID=25613

    Although any content that you download has the possibility of containing malicious software, practising a bit of care will generally keep you free from the consequences of anything like the DNSChanger trojan.
    1. Avoid going to suspect and untrusted Web sites, especially *********** sites.

    2. Check out what you are downloading. Mac OS X asks you for you administrator password to install applications for a reason! Only download media and applications from well-known and trusted Web sites. If you think you may have downloaded suspicious files, read the installer packages and make sure they are legit. If you cannot determine if the program you downloaded is infected, do a quick Internet search and see if any other users reported issues after installing a particular program.

    3. Use an antivirus program like ClamXav. If you are in the habit of downloading a lot of media and other files, it may be well worth your while to run those files through an AV application.

    4. Use Mac OS X's built-in Firewalls and other security features.

    5. Stop using LimeWire. LimeWire (and other peer-to-peer sharing applications) are hotbeds of potential software issues waiting to happen to your Mac. Everything from changing permissions to downloading trojans and other malicious software can be acquired from using these applications.

    6. Resist the temptation to download pirated software. After the release of iWork '09 earlier this year, a Trojan was discovered circulating in pirated copies of Apple's productivity suite of applications (as well as pirated copies of Adobe's Photoshop CS4). Security professionals now believe that the botnet (from iServices) has become active. Although the potential damage range is projected to be minimal, an estimated 20,000 copies of the Trojan have been downloaded. SecureMac offer a simple and free tool for the removal of the iBotNet Trojan available here:

    http://macscan.securemac.com/files/iServicesTrojanRemovalTool.dmg
  • 8. Re: Best malware/trojan protection
    thomas_r. Level 7 Level 7 (27,960 points)
    nerowolfe wrote:
    Kappy wrote:
    Their database is frequently updated. It is not years old. The last update was ver. 9418 released on 03 Jun 2009 08:18 :0400.

    Thanks for the update. I had not checked in a while, but last time it was close to a year old.


    My understanding is that the Windows definitions in the clamXav database are updated quite frequently, but the Mac definitions are over a year old. This is based on a post here a few months ago, but which I have since lost track of, in which someone claimed to have tested clamXav against several of the known Mac trojans and it was unable to detect any of them.

    Of course, at this point, this is secondhand information, so if anyone has a definitive source, I'd love to hear it!
  • 9. Re: Best malware/trojan protection
    Barney-15E Level 8 Level 8 (35,295 points)
    The guest account is automatically created and is for your guests to use. None of the information that is entered in the account is stored except during the lifetime of the login.

    Since you've already started using your current account, it is easier to create a new account, make it admin, and then remove your admin privileges on your user account.

    For your second question, start a new thread as it doesn't really apply to the original question posted here.
  • 10. Re: Best malware/trojan protection
    jla930 Level 1 Level 1 (85 points)
    Barney-15E wrote:
    The guest account is automatically created and is for your guests to use. None of the information that is entered in the account is stored except during the lifetime of the login.

    Since you've already started using your current account, it is easier to create a new account, make it admin, and then remove your admin privileges on your user account.


    Thanks for the info and suggestion.

    Barney-15E wrote:
    For your second question, start a new thread as it doesn't really apply to the original question posted here.


    You mean network security settings have nothing to do with "best malware/trojan protection"? Did anyone explain that to Nerowolfe, since I was responding to HIS post?
  • 11. Re: Best malware/trojan protection
    bdmarsha Level 4 Level 4 (2,585 points)
    According to the documentation Cocktail <http://www.maintain.se/cocktail/index.php> will "Clear trojan horses and worms such as Astht (AplS.Saprilt, Hovdy), Inqtana, iServices, Leap (CME-4, Oomp), RSPlug (Jahlav), Lamzev, PokerStealer or other malwares that may harm your system in any way."

    bd
  • 12. Re: Best malware/trojan protection
    nerowolfe Level 6 Level 6 (13,070 points)
    Thomas A Reed wrote:
    nerowolfe wrote:
    Kappy wrote:
    Their database is frequently updated. It is not years old. The last update was ver. 9418 released on 03 Jun 2009 08:18 :0400.

    Thanks for the update. I had not checked in a while, but last time it was close to a year old.


    My understanding is that the Windows definitions in the clamXav database are updated quite frequently, but the Mac definitions are over a year old. This is based on a post here a few months ago, but which I have since lost track of, in which someone claimed to have tested clamXav against several of the known Mac trojans and it was unable to detect any of them.

    Of course, at this point, this is secondhand information, so if anyone has a definitive source, I'd love to hear it!

    I found this page, which affirms what Kappy wrote:

    http://www.clamav.net/
    http://www.clamav.net/download/cvd/
    Latest Stable Release
    Latest ClamAV® stable release is: 0.95.1
    Total number of signatures: 572235
    ClamAV Virus Databases:
    main.cvd ver. 51 released on 14 May 2009 10:28 :0400
    daily.cvd ver. 9418 released on 03 Jun 2009 08:18 :0400
  • 13. Re: Best malware/trojan protection
    Barney-15E Level 8 Level 8 (35,295 points)
    You mean network security settings have nothing to do with "best malware/trojan protection"? Did anyone explain that to Nerowolfe, since I was responding to HIS post?


    No, I mean that solving your problem of not being able to set your particular system to WPA2 has nothing to do with the OP's question.
  • 14. Re: Best malware/trojan protection
    moorekr9 Level 1 Level 1 (0 points)
    Since you've already started using your current account, it is easier to create a new account, make it admin, and then remove your admin privileges on your user account.



    How would you do that?
1 2 Previous Next