Previous 1 2 3 Next 33 Replies Latest reply: Apr 10, 2012 7:45 AM by thomas_r.
terifromwinchester Level 1 Level 1 (5 points)

I am reading that now Mac is getting more popular many macs are experiencing viruses, something we have been mostly free of up until now. What I got today recommended that we install a malware program. Any recommendations and a good malware program for Macs w/Lion?


MacBook Pro, Mac OS X (10.7.2)
  • nerowolfe Level 6 Level 6 (13,070 points)

    I recommend ClamXav which is available at the App Store and also here:

    http://www.clamxav.com/

    It is free.

    The App Store version is limited in its scope. I am using the full version.

  • Dancemanleo Level 1 Level 1 (0 points)

    There is some built in Malware protection on computers running snow leopard and up. you can go to the apple support website and look up HT4651 for more information.

     

    typically in cases where exploits are found (Flashback being a recent example) apple usually releases software updates to patch the issue.

     

    If you want an extra layer of protection you can always turn the firewall on in system pref.

     

    For the most part, never ever put in your password for something you didnt initiate and you should be fine. I have had my computer for 3 1/2 years with no extra protection and i have not noticed any issues

     

    I find the antivirus for mac to just be redundant givin what  your computer is actually doing for itself but if you want that peace of mind i would suggest looking in the app store or credible sites for suggestions.

  • Kurt Lang Level 7 Level 7 (34,835 points)

    That is not correct. There never have been, and still are no viruses which can affect OS X.  A virus self replicates from computer to computer, as does a worm. Everything that does affect OS X at this time are Trojans. And that includes the current Flashback problem. It can't search you out, it has to be installed by you, or by stumbling across an infected web site. On a Mac where Java has not been updated with the April 3rd patch, it can get on your system even without you supplying a password. But you still have to visit a loaded site to be infected. You won't just turn on your computer one day and find it compromised.

  • HACKINT0SH Level 5 Level 5 (5,755 points)

    I am reading that now Mac is getting more popular many macs are experiencing viruses, something we have been mostly free of up until now.

    You will find every stupid made-up thing on the internet, doesn't mean it's true.

     

    I have yet to find all these viruses, and I haven't even found one

     

    While I've met many people touting their horns on this forum how they know clear well there are viruses for Mac OS x, I have never seen one of these members ever produce any shred of evidence of this.

     

    I'm still waiting, maybe you know someone who can?

  • nerowolfe Level 6 Level 6 (13,070 points)

    You are confusing viruses with trojans and other forms of malware.

    We are discussing trojans here.

     

    There are two variants of the current trojan discussed on this very board that have infected user's computers.

    Have you not read anything here?

     

    Ignorance is not bliss, it is ignorance.

  • Kurt Lang Level 7 Level 7 (34,835 points)

    I'm still waiting, maybe you know someone who can?

    Nope, not me. To my knowledge, no one has ever produced a working virus in OS X.

  • petermac87 Level 5 Level 5 (6,105 points)

    Seeing as I have seen no signs of this flashback malware, I was just curious as to what symptoms one might be seeing to know that he has installed it.

     

    Thanks

     

    Pete

  • Topher Kessler Level 6 Level 6 (9,675 points)

    Dancemanleo wrote:

     

    There is some built in Malware protection on computers running snow leopard and up. you can go to the apple support website and look up HT4651 for more information.

     

    typically in cases where exploits are found (Flashback being a recent example) apple usually releases software updates to patch the issue.

     

    If you want an extra layer of protection you can always turn the firewall on in system pref.

     

     

    The XProtect feature in OS X only checks files downloaded by programs like Safari. XProtect does not scan active Java processes, so the exploit allows bypassing of XProtect.

     

    The patch that Apple released only closes the hole that allows for the exploit, and does not get rid of it on a system that has already been infected. To do this you will either need to remove it manually or use an updated malware scanner that can at least quarantine the malware: http://reviews.cnet.com/8301-13727_7-57410096-263/how-to-remove-the-flashback-ma lware-from-os-x/?tag=txt;title

     

    The firewall prevents incoming attacks, but will not protect against a process that is allowed to run on your system, as is the case with Java here, so it will not protect against this type of attack. The main purpose of the firewall is to prevent exploits of network protocols, open ports, and other direct communications aspects of the system (of which there are many in these days of ever-increasing connectivity).

  • Topher Kessler Level 6 Level 6 (9,675 points)

    The closest thing to a self-replicating malware was the Leap-A malware for iChat, but that was a worm and did not infect and piggy-back on files in the system.

  • Kurt Lang Level 7 Level 7 (34,835 points)

    I was just curious as to what symptoms one might be seeing to know that he has installed it.

    The Trojan tries to install itself two ways.

     

    The first is to pop up your admin password box. If allowed, it gets installed in a way that is hard to detect, or even notice when it's running. Which of course is the point. They don't want you to know personal data is being collected and sent to a remote server.

     

    If you cancel on the admin password, it takes the less desirable method and uses the Java flaw to run and download other components. These are known to make the system unstable enough to notice something isn't right. Wish I could find the article I read that explained some of the more obvious symptoms of this method.

  • Topher Kessler Level 6 Level 6 (9,675 points)

    While everyone here is calling this a trojan, this latest variant is in fact no longer a true "Trojan." The initial variants were downloaded fake Flash player packages and therefore were Trojan in nature, but the latest ones install without tricking the user, and have been more accurately described as drive-by-downloads.

     

    Unfortunately this is yet another term that the lay person will refuse to heed.

  • Kurt Lang Level 7 Level 7 (34,835 points)

    Yes, such a delivery is worse, but it still can't replicate on its own, such as a virus or worm does. It's still a Trojan in the respect that you have to seek it out, or have the unfortunate luck to run across an infected site. Even so, the first attempt on such a site is to try and get you to enter your admin password. Denying that, it then it resorts to the drive-by method.

  • Topher Kessler Level 6 Level 6 (9,675 points)

    True. It still performs the same functions once installed, but only breaks from the traditional "trojan" in how it gets installed. As such it is a nuance difference, but to me it is significant enough to separate it from a classic "trojan."

  • Kurt Lang Level 7 Level 7 (34,835 points)

    Oh! Sorry, Topher. Yes, that is a significant difference. Until now, there hasn't been a drive-by malware for OS X. This will trip up users who are accustomed to the notion that if you cancel on an admin password request, you're safe.

     

    Still, the best defense for this one, even on an unpatched system, is to simply turn Java off in your browser.

Previous 1 2 3 Next