is apple security center safe?

FWIW, Yahoo does not seem to be very good about keeping its ads free of exploits, according to this article from a year ago or so. It is mostly about stuff targeting windows, but the same sort of Javascript based techniques might be at work for this Mac trojan.

At least on Macs, you still have to install it….

This Apple Security Center popup appeared on my screen today. I'd read about these things, and realized it was a scam of some sort. But it dropped about seven ZIP files in downloads without my having done anything. I immediately dragged them to Trash and then emptied the trash, without opening or executing anything. Am I okay?

This is my first Apple computer and I love it. The MS Windows world always had problems with viruses, malware etc.

However, I think it is becoming very evident that these hackers/scammers are going after Mac's too. I'm glad that these forums here exist. When I bought my MacBook Pro in Dec. 2010, the Apple sales guys said over and over that no AV/malware software was needed. I spoke to a more "technical" Apple guy at my local Apple store, just recently, and he said the same thing.

Don't know if anyone from Apple corporate reads these forums? But if they do, it might be a good suggestion to not have your sales people "push" so strongly on new Mac buyers that they are invincible to the threats on the internet. Toning down that message, a bit, might be a good thing to do.

So, I asked this in a reply on another thread. What is the consensus on a recommendation for a proper AV software? I've heard about VirusBarrier X6, Norton IS etc. Anything with added firewall protection is desired too. Will sacrifice a little in performance for the sake of safety...

Thanks and look forward to your replies!

So, I asked this in a reply on another thread. What is the consensus on a recommendation for a proper AV software? I've heard about VirusBarrier X6, Norton IS etc. Anything with added firewall protection is desired too. Will sacrifice a little in performance for the sake of safety...

As far as I know, the only problem at the moment is the current threat of trojans; that is not a virus, so no AV software will protect you. The only thing that will is you: a trojan needs to be installed by you with your password. It may download without your knowledge, but unless you install it, no harm done - just delete it and empty the trash. I stopped mine before it downloaded. So, if nothing is installed, then how will AV software help?

You might want to spend some time reading this:

http://www.reedcorner.net/guides/macvirus/

Hello babowa,

Thanks for the reply and link to the article. Please forgive my ignorance, I'm a new Mac user and overall not very tech with computers. Glad these forums exist for inexperienced people like me! 😊

babowa wrote:

As far as I know, the only problem at the moment is the current threat of trojans; that is not a virus, so no AV software will protect you.{…} So, if nothing is installed, then how will AV software help?

I know from firsthand experience that Sophos detects & warns you about the current variants of the MacDefender/Protector/Apple Security Center malware if & when it is downloaded, before you install it. From what I understand from others that use them, so does ClamXav & Intego VirusBarrier X6.

That doesn't make these products a substitute for common sense & care, but they do add another layer of protection that some users find useful.

R C-R wrote:

That applies no less to my personal recommendation, which is Sophos Home Edition for Macs. I like it because it is totally free, based on industrial grade commercial products, well maintained, & has detected every variant of this malware I can find well before ClamXav has.

Actually, Mark Allan and the clamav.net signature team (with help from this forum) beat both Sophos and MacScan to at least one version which was documented on the VirusTotal site, but in general you are correct. It is difficult for a volunteer force that have "real jobs" to compete with commercial vendors who have 24/7 AV crisis centers working these things.

That's exactly what you do NOT want. That is what it looks like. It wants you to download or is downloading something in the background. It wants you to install and give them your credit card number.

Don't do anything. Get rid of the window. Check your download folder (if it's there, delete and empty trash), don't install anything and read this thread and the yellow sticky article from Apple at the top of the iMac and SL forums.

Thanks babowa! I closed the window, checked my downloads; nothing there. I also deleted an extension in Chrome I installed yesterday as I suspect it could have harbored the latent tab opening command. I forgot the name of it but will post if it comes back to me.

RandypTulsa wrote:

The file downloaded is named "anti-malware.zip" and is a Trojan named Trojan-Downloader.OSX.Fav.A

DO NOT OPEN anti-malware.zip!

Scanned and identified by ClamXav

That is correct, it is the compressed version of a small installer package that will probably install a small application called avRunner in your Applications folder and automatically launch it. That, in turn, will download an application called MacGuard in your Applications folder, launch it and delete the previously downloaded/installed files. The fact that you still have it is good evidence that things went no further than that, but you might want to double-check if you haven't already.

Why would logging in and out make a difference? It sounded like for some people, just going to a website got the thing started. Why is it not safe once you have logged in safely the first time? I must be missing something obvious. Thank you,

laverne's mom

Actually, I have no idea - it just seemed to make sense that if I got it while I was logged in (safely I thought), it would be better not to have a tab open because that appears to be how they're getting there. Look at Randyp's post - he wasn't home but had tabs open and it took over a tab while he was gone and not actively doing anything. Of course, I may be wrong, but it makes me feel as though I'm being pro-active instituting preventive measures.

that's true. I hadn't thought about that but my email tabs do refresh themselves when I'm not on them. what a pain! Just another one of things we have to learn to put up with, I guess. I'm going to probably have to start making some of the changes that I was putting off - switching to a standard account and other advice I have read much about. Since I am the only one who uses the mac, if anything goes wrong I am the only one I can blame!

thank you,

laverne's mom

🙂

interesting. I just checked and gmail is a secure site (https). do you think that makes a difference. the comcast email site isn't. just wondering what you thought about that.

Message was edited by: laverne's mom

interesting. I just checked and gmail is a secure site (https). do you think that makes a difference. the comcast email site isn't. just wondering what you thought about that.

I'm sure you could get a really good technical explanation to this question; my gut instinct (which has saved my bacon untold times throughout my life!!) is telling me to be extra cautious and don't trust anything at the moment. If they haven't found a way to infiltrate an https site, they probably will. As for Comcast, I have them but I try to avoid their website (email or anything else) at all costs - don't need them, takes too many clicks to check mail, and I have to endure ads (I am allergic to ads 😝 ).

I highly doubt they could affect a fully SSL compliant page without causing a certificate error. Plus, such pages are unlikely to use third-party components which would be vulnerable to cross-site shenanigans.

Partially SSL compliant pages (the ones that some browsers report as "secure with some insecure elements" or something similar) may be fair game, however...and unfortunately it's entirely possible that people may tend to trust pages reached via https more, regardless of whether it's entirely deserved.