I am reading that now Mac is getting more popular many macs are experiencing viruses, something we have been mostly free of up until now. What I got today recommended that we install a malware program. Any recommendations and a good malware program for Macs w/Lion?
MacBook Pro, Mac OS X (10.7.2)
I recommend ClamXav which is available at the App Store and also here:
It is free.
The App Store version is limited in its scope. I am using the full version.
There is some built in Malware protection on computers running snow leopard and up. you can go to the apple support website and look up HT4651 for more information.
typically in cases where exploits are found (Flashback being a recent example) apple usually releases software updates to patch the issue.
If you want an extra layer of protection you can always turn the firewall on in system pref.
For the most part, never ever put in your password for something you didnt initiate and you should be fine. I have had my computer for 3 1/2 years with no extra protection and i have not noticed any issues
I find the antivirus for mac to just be redundant givin what your computer is actually doing for itself but if you want that peace of mind i would suggest looking in the app store or credible sites for suggestions.
That is not correct. There never have been, and still are no viruses which can affect OS X. A virus self replicates from computer to computer, as does a worm. Everything that does affect OS X at this time are Trojans. And that includes the current Flashback problem. It can't search you out, it has to be installed by you, or by stumbling across an infected web site. On a Mac where Java has not been updated with the April 3rd patch, it can get on your system even without you supplying a password. But you still have to visit a loaded site to be infected. You won't just turn on your computer one day and find it compromised.
I am reading that now Mac is getting more popular many macs are experiencing viruses, something we have been mostly free of up until now.
You will find every stupid made-up thing on the internet, doesn't mean it's true.
I have yet to find all these viruses, and I haven't even found one 😟
While I've met many people touting their horns on this forum how they know clear well there are viruses for Mac OS x, I have never seen one of these members ever produce any shred of evidence of this.
I'm still waiting, maybe you know someone who can?
You are confusing viruses with trojans and other forms of malware.
We are discussing trojans here.
There are two variants of the current trojan discussed on this very board that have infected user's computers.
Have you not read anything here?
Ignorance is not bliss, it is ignorance.
I'm still waiting, maybe you know someone who can?
Nope, not me. To my knowledge, no one has ever produced a working virus in OS X.
Seeing as I have seen no signs of this flashback malware, I was just curious as to what symptoms one might be seeing to know that he has installed it.
Thanks
Pete
Dancemanleo wrote:
There is some built in Malware protection on computers running snow leopard and up. you can go to the apple support website and look up HT4651 for more information.
typically in cases where exploits are found (Flashback being a recent example) apple usually releases software updates to patch the issue.
If you want an extra layer of protection you can always turn the firewall on in system pref.
The XProtect feature in OS X only checks files downloaded by programs like Safari. XProtect does not scan active Java processes, so the exploit allows bypassing of XProtect.
The patch that Apple released only closes the hole that allows for the exploit, and does not get rid of it on a system that has already been infected. To do this you will either need to remove it manually or use an updated malware scanner that can at least quarantine the malware: http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/?tag=txt;title
The firewall prevents incoming attacks, but will not protect against a process that is allowed to run on your system, as is the case with Java here, so it will not protect against this type of attack. The main purpose of the firewall is to prevent exploits of network protocols, open ports, and other direct communications aspects of the system (of which there are many in these days of ever-increasing connectivity).
The closest thing to a self-replicating malware was the Leap-A malware for iChat, but that was a worm and did not infect and piggy-back on files in the system.
I was just curious as to what symptoms one might be seeing to know that he has installed it.
The Trojan tries to install itself two ways.
The first is to pop up your admin password box. If allowed, it gets installed in a way that is hard to detect, or even notice when it's running. Which of course is the point. They don't want you to know personal data is being collected and sent to a remote server.
If you cancel on the admin password, it takes the less desirable method and uses the Java flaw to run and download other components. These are known to make the system unstable enough to notice something isn't right. Wish I could find the article I read that explained some of the more obvious symptoms of this method.
While everyone here is calling this a trojan, this latest variant is in fact no longer a true "Trojan." The initial variants were downloaded fake Flash player packages and therefore were Trojan in nature, but the latest ones install without tricking the user, and have been more accurately described as drive-by-downloads.
Unfortunately this is yet another term that the lay person will refuse to heed.
Yes, such a delivery is worse, but it still can't replicate on its own, such as a virus or worm does. It's still a Trojan in the respect that you have to seek it out, or have the unfortunate luck to run across an infected site. Even so, the first attempt on such a site is to try and get you to enter your admin password. Denying that, it then it resorts to the drive-by method.
True. It still performs the same functions once installed, but only breaks from the traditional "trojan" in how it gets installed. As such it is a nuance difference, but to me it is significant enough to separate it from a classic "trojan."
Oh! Sorry, Topher. Yes, that is a significant difference. Until now, there hasn't been a drive-by malware for OS X. This will trip up users who are accustomed to the notion that if you cancel on an admin password request, you're safe.
Still, the best defense for this one, even on an unpatched system, is to simply turn Java off in your browser.
I still don't recommend anything. This Flashback thing is totally overblown and over-hyped. From my perspective, it seems even smaller than DNS Changer or MacDefender. All of these will be stopped when Mountain Lion and Gatekeeper are ready. The Mac is getting more secure, not less.
I have created a user tip and malware checker/removal tool: https://discussions.apple.com/docs/DOC-3271
Malware
