I was wondering if anyone has any good resources on how to spot suspicious processes when using activity monitor. Maybe a list of "things to look out for" or something along those lines?
Also- can anyone recommend a decent freeware antivirus, or are they all garbage?
macmini, Mac OS X (10.6.6)
What makes you think there's something suspicious? I think you're looking for a problem that doesn't exist, as there are so many processes running at an given time, unless you' have smething specific to look for, you're wasting your time.
There are no viruses for Mac OS X, so you don't need anti-virus software. It will only feed your fear of a virus by giving you false-positive warnings, and slow down your system considerably. You don't need it.
Free ClamXav, highly recommended and, unlike many others, is fully compatible with Macs. Can be set to scan discrete areas of your drive, such as Applications or Mail, for example. Looking for suspicious processes is not the way to go, unless you already think you may have allowed something in and know what to look for.
http://www.clamxav.com/download.php
There are no viruses, but there is malware and there are browser exploits. That's why I use Firefox with the Add-on NoScript.
Don't fall for the line, "you have a Mac; there are no viruses for Macs, so you don't need to concerned."
Also some suggested reading on malware.
http://www.reedcorner.net/guides/macvirus/
Macs are not invulnerable. Best AV is to be 150% certain anything you are downloading is from a trusted source. Don't open unknown attachments in Mail.
There are no viruses, but there is malware and there are browser exploits. That's why I use Firefox with the Add-on NoScript.
Yes, there are a handful of malware items, but they can't be installed unless you (the user) provide your Admin password. Browser exploits are few and far between, and are quickly fixed when discovered.
Macs are not invulnerable. Best AV is to be 150% certain anything you are downloading is from a trusted source. Don't open unknown attachments in Mail.
I've never suggested Macs are invulnerable, but there are no viruses, so antivirus software cannot protect your from something that doesn't exist. You can make your Mac invulnerable to viruses very easily: stay off the Internet and never put any files or programs on it unless they came from the software developer. Of course, you'll lose the benefit of the Web, email, chat, etc., so that might be a little extreme for most people.
Yes, there are a handful of malware items, but they can't be installed unless you (the user) provide your Admin password. Browser exploits are few and far between, and are quickly fixed when discovered.
So what? Trojans, by definition, will trick a user into installing them. Just have a look at the numerous posts in these forums around the time of the MacDefender episode.
Here's a "handful" of OS X exploits. From the ClamX catalog:
daily.cvd not-OSX.Tored
daily.cvd OSX.Flashback-1
daily.cvd OSX.Flashback-3
daily.cvd OSX.Flashback-2
daily.cvd OSX.Flashback-4
daily.cvd Trojan.OSX.Miner
daily.cvd OSX.Defma
daily.cvd MacOSX.Revir-1
daily.cvd OSX.BlackHol
daily.cvd OSX.BlackHol-1
daily.cvd MacOSX.iMuler-1
daily.cvd Trojan.OSX.FlashBack.A
daily.cvd OSX.DevilRobber
main.cvd OSX.RSPlug
main.cvd Trojan.OSX.iservices.A
main.cvd Trojan.OSX.iservices.B
main.cvd OSX.DNSChanger.dmg
main.cvd OSX.DNSChanger.dmg-1
main.cvd Trojan.OSX.RSPlug.F.dmg
main.cvd Trojan.OSX.RSPlug.F.dmg-1
main.cvd Trojan.OSX.RSPlug.F.dmg-2
main.cvd Trojan.OSX.RSPlug.F.dmg-3
main.cvd Trojan.OSX.RSPlug.F.dmg-4
main.cvd Trojan.OSX.RSPlug.F.dmg-5
main.cvd Trojan.OSX.RSPlug.G.dmg
main.cvd Trojan.OSX.RSPlug.G
main.cvd Exploit.OSX.Safari
main.cvd Trojan.OSX.Cowhand
main.cvd Backdoor.OSX.BlackHole
main.cvd Trojan.Downloader.OSX
main.cvd OSX.Flashback
main.cvd Trojan.Downloader.OSX-1
main.cvd OSX.DNSChanger
main.cvd OSX.Trojan-2
main.cvd Trojan.OSX.Opener
main.cvd Trojan.OSX.RSPlug.C
main.cvd Trojan.OSX.RSPlug.D
main.cvd OSX.Tored
main.cvd OSX.RSPlug-2
main.cvd Trojan.OSX.OpinionSpy.B
main.cvd Trojan.OSX.OpinionSpy.A
main.cvd Trojan.OSX.MacDefender
main.cvd Trojan.OSX.MacDefender.B
main.cvd Trojan.OSX.MacDefender.C
main.cvd OSX.Defma-1
main.cvd OSX.Defma-2
main.cvd Trojan.OSX.MacBack
main.cvd Trojan-Downloader.OSX.Fav.A
main.cvd Trojan-Downloader.OSX.Fav.B
49 hits for 'OSX'
Browser exploits?
There are numerous exploits via JavaScript, Flash, Reader and Java or other Plug-ins: XSS, clickjacking, drive-by, ClearClick, Clickjacking, malicious pdfs.
Security and usage
NoScript blocks JavaScript, Java, Flash, Silverlight, and other "active" content by default in Firefox. This is based on the assumption that malicious web sites can use these technologies in harmful ways. Users can allow active content to execute on trusted web sites, by giving explicit permission, on a temporary or a more permanent basis. If "Temporarily allow" is selected, then scripts are enabled for that site until the browser session is closed.
Because many web browser attacks require scripting, configuring the browser to have scripting disabled by default reduces the chances of exploitation. Blocking plug-in content as well helps to mitigate any vulnerabilities in plug-in technologies, such as Java, Flash, Acrobat and so on. NoScript will replace these blocked elements with a placeholder icon. Clicking on this icon enables the element.http://en.wikipedia.org/wiki/NoScript#cite_note-cert-3
http://en.wikipedia.org/wiki/NoScript
If you want to be complacent, that's fine by me. Just don't advise everyone else to adopt that attitude and stick their heads in the sand. There are reasonable precautions to take. It may be fine to tell someone they won't install something without their admin pword, but they first need to be educated when not to give that. You are not always dealing here with people who have the benefit of your "vast" experience. And you might, in general, stop patronizing people who come here for advice, with your often rapid fire, ill-considered information.
If you want to be complacent, that's fine by me. Just don't advise everyone else to adopt that attitude and stick their heads in the sand. There are reasonable precautions to take.
Accusing others of being complacent is a rather broad bushstroke for someone who doens't have nearly the experience I do with computers. If you want to believe that people are sticking their heads in the sand, that's your issue, so don't project it onto others.
If the Internet was actually as dangerous as you choose to believe, and wish others to believe, than it's you who is being foolish and sticking your head in the sand. I've never come been affected by any malware or browser exploits on my system, and I visit far more web sites per day than you do. Multiply that by a few decades and it becomes clear that evil-doers are not around every corner.
Therefore, encouraging others to fear the unknown is an indication of your own paranoia.
Your "vast" experience nothwithstanding, we only have your information with which to judge the quality of your posts. If your information has merit, then it's worthwhile, otherwise it should be disregarded or qualified. That's all that counts. Fifty years experience doesn't cut it if you supply mediocre information and advice.
I visit far more web sites per day than you do.
And you know how many sites I visit? And how is that?
Your attitude again is typically patronizing and arrogant. You shouldn't take yourself so seriously as an "expert." I have a few other people around here to compare you to, and you are very far from being who you think you are.
You could start making much more worthwhile contributions here if you really stopped to think about your replies a little more, or if you did some research before quickly blowing them out based on your seeming assumption that whatever you say has merit. Maybe a little self doubt once in a while would do you some good.
By the way, do you or do you not have Snow Leopard in front of you? I have heard you say you have never owned an Intel computer, which would make that impossible. I'm curious to know why, if you aren't running SL, you spend so much time here.
Message was edited by: WZZZ
WZZZ wrote:
Free ClamXav […] Looking for suspicious processes is not the way to go, unless you already think you may have allowed something in and know what to look for.
FWIW, I subscribe to WZZZ's advice.
And think of this: Even if Mac OS X were impervious to any and all threats, you would still not want to pass along to Win users among your family, friends, or co-workers malware which wouldn't affect you, but would affect them. Some call this being a good neighbour, some call it having good manners. Perhaps it's just being a decent human being.
And you know how many sites I visit?
Indeed, kurt188. How do you know how many sites WZZZ visits per day?
I think, you're a little too definitive. Other guys only recommended precautions, they didn't promote fear.
Like you, I work and develop Mac software since 1991, and have NEVER experienced actual malware/virus on any of my own Macs. But -
Working in a cyber-security company for a year or so (as a Mac developer) I have been exposed to several very-nasty malware incidents on client Macs. Indeed they're not very widespread, but malicious and dangerous they are.
Many of those "Clean your Mac" software you download for free now - are really malware packages, that divert your networking connections, and exploit every possible thing on your computer for their benefit. Some of them even managed to receive Apple certification (although not deployed on the AppStore) and publish their malware as "Certified Mac Apps". They won't kill your computer - but they will make yourself something that's sold for profit, and will considerably slow down your Mac.
In general, if one person never experienced something, it doesn't mean much to others. The statistics are much more meaningful. Statistics will tell you that as Macs become abundant - so do Mac attackers. Indeed Apple does much better job at protecting the user than Microsoft (not to mention Google or LinuX), but it CANNOT beat each and every hacker on the planet. I know for a fact (worked on this project) that Mac CAN be penetrated by attacker, even without the user knowing or clicking any "OK" or giving any password. That's pretty advanced stuff, and most hackers do not know yet how to do it - but it is possible.
So - keeping your eyes open, is a good idea. Don't open phishing attachments. Do not allow software from unknown source to run. Avoid "Free" services, where YOU are the thing they sell for money. That's all.
There are a few free tools for finding and removing malware from your Mac. You can use them occasionally. No harm will happen to you.
When I opened my marc this morning there was a process called "warmain" pegging my processor.
Does anyone know what this is? I killed it immediately but from name alone I'm suspicious
Thanks
Well stated
Thank you
Suspicious processes in activity monitor
