Can ClamXav detect Trojans and other spyware?

http://www.reedcorner.net/guides/macvirus/

To answer your subject line, that's exactly what ClamXav is for. However, to answer all the rest of your post, see my Mac Malware Guide.

Also, note that there has been a new development today. You should update Java ASAP, if you have it installed. See Flashback using Java vulnerabilities.

(Note that my pages contain links to other pages that promote my services, and this should not be taken as an endorsement of my services by Apple.)

Thomas, I read your article but you didn't state what the latest version of Java is. I did as you suggested and opened Java Preferences which reports my Java version as 1.6.0_29-b11-402. Do you know if this is the secured version? Software Update says my system is up-to-date.

Just to clarify, it detects trojans and malware for both OSX and windows?

Yes.

Thomas, I read your article but you didn't state what the latest version of Java is. I did as you suggested and opened Java Preferences which reports my Java version as 1.6.0_29-b11-402. Do you know if this is the secured version? Software Update says my system is up-to-date.

Yes, I don't have Java, so I wasn't able to check what's on my machine, but from what I've been able to determine, that's the most recent version available through Software Update. Of course, there are beta versions of a newer Java out there, and Intego was quite vague. Their article did not identify which versions of Java are vulnerable. So I'm guessing you're probably okay, but it's too soon and the information is not good enough to be 100% sure.

I'm not certain that you received a direct answer to this question...

> trojans have to be installed through the admin password. Is that true?

Although that has been true for most all Trojans to date, there have been recent varieties of FlashBack that do not. One showed up over a month ago that required the user's permission, but not an admin password and now this most recent one that Thomas alerted you to that can use a vulnerable Java, but can still install itself with your permission even if you have the patched Java.

From the Mac Security Blog, Intego did mention which versions of Java are secure: "[T]he current version of Java for Mac OS X has patched the vulnerabilities that are being exploited."

Current Java version:

Based on what is mentioned there, it seems reasonably safe to assume if you have Java, and there are no updates available in Software Update, then you're ok, at least for the Java vulnerabilities (but not the self-signed certificate).

Yes, it's reasonably safe to assume that, but I don't like having to make assumptions in this area. I believe that a security company should, when describing an exploit that takes advantage of a vulnerability, be precise about which versions of the software in question have and do not have the vulnerability. It's unlikely but possible that they are considering the latest beta release the "current version." Though I have since been informed that there are no new security fixes in the latest Java beta release that aren't in 1.6.0_29-b11-402, so that pretty well clinches it... but I'm still a stickler for specifics!

Tycoon24 wrote:

From the Mac Security Blog, Intego did mention which versions of Java are secure: "[T]he current version of Java for Mac OS X has patched the vulnerabilities that are being exploited."

Which is fine if you are running an Apple supported Mac OS X, but for those still on Legacy systems before 10.6, there won't be any more Apple updates. I was looking forward to Oracle taking responsibility for that, but have not seen any progress on that front. Apple was always slow with Java updates.

With Mac OS X 10.5.8 I see I have J2SE 5.0 v1.5.0_30-b03 and S2SE 1.4.2 v1.4.2_22 (disabled by default). I need to do some homework to see if Oracle has done an update, but it would also have been nice for Intego to tell us if either of these have that vulnerability. In any case, there is currently no way for Mac users to update either of these.