Trojan Gen 2 virus

That's assuming it's used correctly. In my experience, far too many users just approve whatever request pops up, making something like Little Snitch completely ineffective. I have nothing whatsoever against Little Snitch, and think it's a great tool, but I wouldn't recommend it for the average user.

Thomas A Reed wrote:

That's assuming it's used correctly. In my experience, far too many users just approve whatever request pops up, making something like Little Snitch completely ineffective. I have nothing whatsoever against Little Snitch, and think it's a great tool, but I wouldn't recommend it for the average user.

I think this is the best approach for the average user, and it shouldn't drive anyone crazy: always just deny first. Most programs, including Apple's apps and processes -- except, possibly, when updating or using Help -- do not need to phone home for any essential functions. LS will tell you which of Apple's are essential. You can always go back and allow, if really needed.

Or, slightly more advanced approach: investigate the URL before clicking deny or allow (problem with this is the LS popup hangs on the screen), or just deny, then investigate with Google, and see what's being said (I also see what comes up with WOT and Google Safe Browsing Diagnostic.) Then go back and allow, if absolutely necessary.

Message was edited by: WZZZ

Hi Thomas,

the guy (alan255) is a PC USER who obviously tries to confuse Mac users (onlinepcsavior.com)...

This is becoming more and more of an irresponsible position to take. Additionally they are not all "garbage" and can be useful in rooting out not only Mac threats but a number of Windows threats that can affect other systems that yours communicates with. I recommend people keep a good scanner on their systems, and keep them updated. While there is little need to keep an active or on-demand scan going, periodically doing it may be useful.

I don't agree that AV software should be recommended. OTOH, I agree that offhand dismissal of all AV software is extremely irresponsible. Education is the one and only requirement with regard to malware. AV software can go along with that, or not, but dismissal without details has no place in education.

Not speaking to the points you and Topher have made, which seem entirely balanced and reasonable. But many of the positions taken on either side of to AV or not, don't strike me as being particularly rational and seem, too often, to amount to not much more than religious conviction.

This is becoming more and more of an irresponsible position to take.

I'm sorry you feel that way. From what I've seen, the total amount of productivity lost to buggy, intrusive commercial "anti-virus" software is far greater than that lost to actual malware incidents that would have been prevented by the software. Most of the damage caused by the "MacDefender" outbreak took place before it would have been prevented, and since then, the built-in malware protection works just as well, or just as badly, as what the commercial products provide.

Additionally they are not all "garbage" and can be useful in rooting out not only Mac threats but a number of Windows threats that can affect other systems that yours communicates with.

I have this strange idea that Windows users should bear the cost of protecting their platform from threats directed against it. But that aside, as far as I can tell, ClamXav does just as good a job of detecting Windows malware as the commercial products, which is why I suggest it to those who want that capability. Not that I've ever seen a piece of Windows malware that wasn't instantly recognizable for what it was, without the need for a malware detector.

I recommend people keep a good scanner on their systems, and keep them updated.

I recommend that people keep a good brain inside their skull, and keep it updated.

While there is little need to keep an active or on-demand scan going, periodically doing it may be useful.

Then use ClamXav. Stay away from the commercial products with their trashy rootkits.

The only reason Mac users have not been attacked in proportions like Windows is because it has not been financially interesting - for the last 10 years and running?

It is utterly illogical to state or imply that the Mac platform is secure via obscurity only, and this will now change only because the community continues to grow.

Why would criminals not be interested in targeting the most affluent personal computer users - for the last 10 years and running? They just waited until there were even more users to make it worth their while and now this will drastically change?

Hogwash.

The idea that Windows' significant security woes exists because more people use Windows and that Macs have no or significantly fewer security problems because fewer people use Macs is simply not true.

The recent, ubiquitous Mac Defender outbreak is evidence of the growing attractiveness of Macs as a target. We had seen Trojans before, but nothing on this scale.

Still, I would imagine Trojans via social engineering will remain the preferred exploit, since I'm thinking it's much more difficult to write a successful Mac virus or rootkit with a worthwhile payload, especially for these mostly Eastern European crooks schooled on PC.

That said, even though writing a Trojan, I'm told, isn't that difficult, the SEO poisoning involved with the Mac Defender appeared to involve some very sophisticated skills.

BTW, I'm not going near Lion, but does the new Lion Safari still include "Open "Safe" files after downloading" as the default? If it does, that's incredible.

Amen

Allan

WZZZ wrote:

BTW, I'm not going near Lion, but does the new Lion Safari still include "Open "Safe" files after downloading" as the default? If it does, that's incredible.

Yes it does, so Job1 after installation is to uncheck that box 😮