Malware and Anti-virus

Avoid Norton.

For some kinds of malware checks into your system there is ClamXAV, a freeware.
Since there are no active in the wild viruses, & few-to-no malware, they have you
barking up a Windows tree. - Unless you want to install something by yourself.

• Securing OS X 10.4: Tips
http://www.zdnet.com/blog/btl/securing-os-x-104-tips-from-apple-and-the-nsa/4706

Also, search google for 'Mac OS X Security configuration' manuals in PDF.
There are three main ones. Somewhere, I thought I had the web urls....

• Check here for links to get the security guides as pdf downloads:
http://discussions.apple.com/thread.jspa?messageID=11893563&#11893563

Most notices about Mac OS X regarding security issues with malware & anti-virus
where something was found or a hacker was able to infect a Mac in a contest, it
was due to the computer and often a user/admin password being available to the
person doing the hacking or infecting.

To be sure, there are a few genuine sources of risk; since the level of interest by
several different apparently disruptive groups is high enough to keep on trying,
it is a good idea to keep on top of whatever means may work for the general
system in a business or a government operation.

The shared files that a mac gets, could contain badware intended for a Windows
PC (or windows running on unprotected partition on Intel-Mac, elevating need of AV
or anti-malware protection) & be spread that way in a network otherwise thought to
be secure. If the servers, and all computers in the network, were Macs running OS
X and the known safe and secure methods of securing them were used, most of the
anti-virus and anti-malware software writers would be out of a job.

The better choices available appear to be the kind of scanning software you run to
see if any bad files exist relating to malware or known viruses. However, when no
known types of these exist in the wild, it is hard to have an AV or anti-malware tool
find and disable them for you.

Since I'm not in a position to (think I) need either anti-virus or anti-malware protection
the best I'd do for me is the +free checking tool+ from MacScan, and also ClamXAV.

While that may not suffice in a paranoid or actual under-siege environment, to do a
fair bit of *research before buying* into some commercial product which may cause
more harm to your computer (while not providing protections) is recommended.

anti-malware/av scans for mac:

MacScan:
http://macscan.securemac.com/

clamXav:
http://www.clamxav.com/

Perhaps a search into those sites where they aren't trying to sell you one over
another, as a cure for some kind of fear-related matter, rationally and without
a bias toward one commercial product's advertising claims over another, you
may find some facts in the matter of preventative realities some may provide.

A few times a month, I've read online of issues created by some kind of user
installed anti-malware or anti-virus software, that affect normal use of OS X.

Getting software from questionable sites, and installing it, is more a likely
cause of some malware infection; as you could use an Admin account to
install such a device directly & hoping to get a good deal, get dealt badly.
Some of the file sharing sites (illegal, too) will have infected files available.

So, it isn't really as simple as someone running in XP or Vista, or 7 may
have you believe. And there are interested parties making profit off fear.
Some of the concern is very valid, but one has to approach the matter in
a cost effective and practical method to prevent the problem.

Some of the retail products include ones by the name of VirusBarrier,
http://www.intego.com/virusbarrier/ or McAfee products, etc. Some
used to be fairly OK names under the old Mac OS 9.2 & before, but
there has been some question as to their purpose usefulness, etc in
saying they can protect when there is nothing out there, yet. So their
database does not include unknown viruses or malware affecting Mac.

Unless they have hired someone to create a problem; then supply cures.
One way to generate business, to create demand where none exists.

While that may be my opinion, I am certain that I read it somewhere
long before the hacking contests tried to mess up Macs, point blank.

There is a lot to research. Also, there are security documents for download
from Apple Support on how to secure your Mac OS X Tiger/Leopard/SnLpd.
They work on prevention and how to do make the systems more secure.
http://www.apple.com/support/security/guides/

Good luck & happy computing! 🙂

+{edited to no avail}+

A virus is a form of malware.

Scanning for one daily or during suspicious circumstances has never seemed very practical to me. Imagine a company. One person gets an e-mail virus and writes ten letters before removing it at the end of the day. Each of the other ten does the same. After a week, when recognized as a problem, as many as ten million computers have had their information copied to the Ukraine.

Standard Methods

The keystone of computer security is to place a sentry at every entrance and exit to your machine. Nothing untoward is allowed in or out. 'ClamXav Sentry', at least, is necessary in your case; for you would otherwise forward letters containing Microsoft malware, infecting your colleagues.

http://en.wikipedia.org/wiki/Clam_AntiVirus

On my home's proxy server, I use 'Henwen' and 'Snort', a network intrusion detection system for traffic by internet (browsers, iChat, &c) and drives (optical, flash, hard). However, this is too professional, and can be used to evesdrop on neighbors (if adjusted properly). Servers need several such programs.

On the Cheap

If you use mainly e-mail and a browser, it's simplest to replace Apple Mail and Safari with Thunderbird and Firefox. Adjust Thunderbird so you view HTML mail in text only; then click 'HTML view' if it's safe. (You'll be amazed how many images become hyperlinks to computers in Bolivia.)

Firefox has several, outstanding, security extensions

*Adblock Plus* is a blacklist of unwanted hyperlinks under photographs. You can add you own. A white area replaces them. This speeds browsing greatly.

NoScript is a whitelist of permitted JavaScripts, and it protects you from a massive number of web page tricks that permit Trojans to be installed.

WOT, Web of trust. Every hyperlink is marked with a colored ring, based upon evaluations by users. The single most important security extension.

WorldIP: Flag, country abbreviation, ip of web site, owner. An instant indication of phish.

*Toggle Private Browsing*. Same menu item as in Safari. Leaves no trace of session on computer.

Necessary Adjustments

Before doing any of the above, click the 'Sharing' pane in 'System Preferences'. I have no services clicked, and 'Network Time' (UDP allowed through port 123) is my only clicked Firewall hole. Firewall is on, internet sharing is off.

Bruce

Another idea, is to never use company servers for private email;
and if you can, use an outside party for your own, where it is not
downloaded constantly into the computer. I use gmail primarily.
To a second browser and not a Mail application.

And scanning on rare occasion for malware does not make sense;
in that once it is in the computer (by whatever means, usually user)
it may be never found unless one is looking for it.

You state some fine choices; and to hope that a portable computer
with the company's trade secrets on its hard disk drive, never gets
stolen, lost, or accessed by someone while it's sitting unattended.

Good luck & happy computing! 🙂

No viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions.

It is possible, however, to pass on a Windows virus to another Windows user, for example through an email attachment. To prevent this all you need is the free anti-virus utility ClamXav, which you can download for Tiger and Leopard from (on no account install Norton Anti-Virus on a Mac running OS X):

http://www.clamxav.com/

The new version for Snow Leopard is available here:

http://www.clamxav.com/index.php?page=v2beta

( Note: ClamAV adds a new user group to your Mac. That makes it a little more difficult to remove than some apps. You’ll find an uninstaller link in ClamXav’s FAQ page online.)

However, the appearance of Trojans and other malware that can possibly infect a Mac seems to be growing, but is a completely different issue to viruses.

If you allow a Trojan to be installed, the user's DNS records can be modified, redirecting incoming internet traffic through the attacker's servers, where it can be hijacked and injected with malicious websites and pornographic advertisements. The trojan also installs a watchdog process that ensures the victim's (that's you!) DNS records stay modified on a minute-by-minute basis.

You can read more about how, for example, the OSX/DNSChanger Trojan works here:

http://www.f-secure.com/v-descs/trojanosxdnschanger.shtml

SecureMac has introduced a free Trojan Detection Tool for Mac OS X. It's available here:

http://macscan.securemac.com/

The DNSChanger Removal Tool detects and removes spyware targeting Mac OS X and allows users to check to see if the trojan has been installed on their computer; if it has, the software helps to identify and remove the offending file. After a system reboot, the users' DNS records will be repaired.

(Note that a 30 day trial version of MacScan can be downloaded free of charge from:

http://macscan.securemac.com/buy/

and this can perform a complete scan of your entire hard disk. After 30 days free trial the cost is $29.99. The full version permits you to scan selected files and folders only, as well as the entire hard disk. It will detect (and delete if you ask it to) all 'tracker cookies' that switch you to web sites you did not want to go to.)

A white paper has recently been published on the subject of Trojans by SubRosaSoft, available here:

http://www.macforensicslab.com/ProductsAndServices/index.php?mainpage=document_general_info&cPath=11&productsid=174

Also, beware of MacSweeper:

MacSweeper is malware that misleads users by exaggerating reports about spyware, adware or viruses on their computer. It is the first known "rogue" application for the Mac OS X operating system. The software was discovered by F-Secure, a Finland based computer security software company on January 17, 2008

http://en.wikipedia.org/wiki/MacSweeper

On June 23, 2008 this news reached Mac users:

http://www.theregister.co.uk/2008/06/23/mac_trojan/

More on Trojans on the Mac here:

http://www.technewsworld.com/story/63574.html?welcome=1214487119

This was published on July 25, 2008:

Attack code that exploits flaws in the net's addressing system are starting to circulate online, say security experts.

The code could be a boon to phishing gangs who redirect web users to fake bank sites and steal login details.

In light of the news net firms are being urged to apply a fix for the loop-hole before attacks by hi-tech criminals become widespread.

Net security groups say there is anecdotal evidence that small scale attacks are already happening.

Further details here: http://news.bbc.co.uk/2/hi/technology/7525206.stm

A further development was the Koobface malware that can be picked up from Facebook (already a notorious site for malware, like many other 'social networking' sites like Twitter etc), as reported here on December 9, 2008:

http://news.bbc.co.uk/newsbeat/hi/technology/newsid_7773000/7773340.stm

You can keep up to date, particularly about malware present in some downloadable pirated software, at the Securemac site:

http://www.securemac.com/

There may be other ways of guarding against Trojans, viruses and general malware affecting the Mac, and alternatives will probably appear in the future. In the meantime the advice is: be careful where you go on the web and what you download!

If you think you may have acquired a Trojan, and you know its name, you can also locate it via the Terminal:

http://theappleblog.com/2009/04/24/mac-botnet-how-to-ensure-you-are-not-part-of- the-problem/

As to the recent 'Conficker furore' affecting Intel-powered computers, MacWorld recently had this to say:

http://www.macworld.co.uk/news/index.cfm?email&NewsID=25613

Although any content that you download has the possibility of containing malicious software, practising a bit of care will generally keep you free from the consequences of anything like the DNSChanger trojan.
1. Avoid going to suspect and untrusted Web sites, especially p'orn'ography sites.

2. Check out what you are downloading. Mac OS X asks you for you administrator password to install applications for a reason! Only download media and applications from well-known and trusted Web sites. If you think you may have downloaded suspicious files, read the installer packages and make sure they are legit. If you cannot determine if the program you downloaded is infected, do a quick Internet search and see if any other users reported issues after installing a particular program. A recent example is of malware distributed through innocent looking free screensavers: http://www.zdnet.com/blog/security/malware-watch-free-mac-os-x-screensavers-bund led-with-spyware/6560?tag=nl.e589

3. Use an antivirus program like ClamXav. If you are in the habit of downloading a lot of media and other files, it may be well worth your while to run those files through an AV application.

4. Use Mac OS X's built-in Firewalls and other security features.

5. Stop using LimeWire. LimeWire (and other peer-to-peer sharing applications and download torrents) are hotbeds of potential software issues waiting to happen to your Mac. Everything from changing permissions to downloading trojans and other malicious software can be acquired from using these applications. Similar risks apply to using Facebook, Twitter, MySpace, YouTube and similar sites which are prone to malicious hacking: http://news.bbc.co.uk/1/hi/technology/8420233.stm

6. Resist the temptation to download pirated software. After the release of iWork '09 earlier this year, a Trojan was discovered circulating in pirated copies of Apple's productivity suite of applications (as well as pirated copies of Adobe's Photoshop CS4). Security professionals now believe that the botnet (from iServices) has become active. Although the potential damage range is projected to be minimal, an estimated 20,000 copies of the Trojan have been downloaded. SecureMac offer a simple and free tool for the removal of the iBotNet Trojan available here:

http://macscan.securemac.com/files/iServicesTrojanRemovalTool.dmg

Also, there is the potential for having your entire email contact list stolen for use for spamming:

http://www.nytimes.com/2009/06/20/technology/internet/20shortcuts.html?_r=1

NOTE: Snow Leopard, OS 10.6.x, offers additional security to that of previous versions of OS X, but not to the extent that you should ignore the foregoing:

http://www.apple.com/macosx/security/

Apple's 10.6.4 operating system upgrade silently updated the malware protection built into Mac OS X to protect against a backdoor Trojan horse that can allow hackers to gain remote control over your treasured iMac or MacBook.

http://www.sophos.com/blogs/gc/g/2010/06/18/apple-secretly-updates

Finally, do not install Norton Anti-Virus on a Mac as it can seriously damage your operating system. Norton Anti-Virus is not compatible with Apple OS X.

+You state some fine choices; and to hope that a portable computer+
+with the company's trade secrets on its hard disk drive, never gets+
+stolen, lost, or accessed by someone while it's sitting unattended.+

This is a huge subject: long security cables, having your computer write home after being stolen, encrypted business account, locked screen when buying coffee and scones, inability to restart computer from MacOS 9.1 disc and read the hard drive, etc. Health has kept me inside; but this physical security raised by K. Shaffer must not be ignored.

Bruce