Scan for spyware?

The best defense against viruses and the like is the Mac OS itself. While there have been malware attacks, there have been no viruses of the kind that you see in the Windows world. Please take a look at Thomas Reed's Mac Malware Guide.

Thomas recommends two different apps - ClamXav and Sophos. Feel free to use either one safely. Mr. Reed doesn't suggest any other av software and I have utmost trust in his views.

Good luck,

Clinton

This statement applies to malicious software ("malware") that circulates on the Internet and is installed unknowingly by the victim of the attack. It does not apply to potentially harmful software, such as keystroke loggers, that may be installed by an attacker who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.

OS X versions 10.6.7 and later have built-in detection of known Mac malware in downloaded files. The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders. In most cases, there’s no benefit from any other automated protection against malware.

The most effective defense against malware is your own intelligence. All known malware on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of trojans, which can only work if the victim is duped into running them. If you're smarter than the malware attacker thinks you are, you won't be duped. That means, primarily, that you never install software from an untrustworthy source. How do you know a source is untrustworthy?

1. Any website that prompts you to install a “codec,” “plug-in,” or “certificate” that comes from that same site, or an unknown site, merely in order to use the site, is untrustworthy.
2. A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim.
3. “Cracked” copies of commercial software downloaded from a bittorrent are likely to be infected.
4. Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.

Disable Java (not JavaScript) in your web browser(s). Few websites have Java content nowadays, so you won’t be missing much. This setting is mandatory in OS X 10.5.8 or earlier, because Java in those versions has bugs that make it unsafe to use on the Internet. Those bugs will probably never be fixed, because those older operating systems are no longer being maintained by Apple. Upgrade to a newer version of OS X as soon as you can.

Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.

Never install any commercial "anti-virus" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.

Linc -

Can you post this as a user tip, please? I would just copy and paste it and attribute it to you but it would be nice just to be able to reference a tip.

Thanks,

Clinton

Under Actions (top right hand side of this page) click on Bookmark this.

I am being tracked, I've known this for a while. I hired developers and they send me documents in word/excel. I spoke with the computer administrator at the company I work for and he says that my computers are certainly being tracked/traced/watched. He doesn't know how to deal with Apple products and told me to come here, do research and don't install Norton or anything like that, install something Mac specific. I've done the malware removal tools and this did not remove the Spy? files? Will ClamXav remove or will it also show me where it is so I can prevent this in the future ?

Thank you for your assistance.

This is extremely important and time-sensitive. Apologies if I step on the thread-starter's toes. I, too, am in a bind.

Thanks.

VoilaMagic wrote:

Will ClamXav remove or will it also show me where it is so I can prevent this in the future

Doubtful. As Linc has pointed out, spyware is not considered to be malware for OS X in that most of it is commercially develped or hacks that must be physically installed, so most A-V software ignores it, figuring it must be there on purpose.

The only one that specializes in that sort of thing is MacScan (Demoware) from SecureMac, and they list the Spyware, etc. they cover on the web site. One warning I would give you is that it is prone to producing "false alarms" so don't automatically isolate or delete something it claims to have found until you check it out.

Ok. I understand and I thank you. I'm running ClamXav from the App store, for free as written above. I set it all up and now I'm going to the App Store to look into MacScan.

I have several macs and they are all being traced. Understanding the reasons why OS X ignores is totally understandable. I've opened up my macs for internal networking, to really enjoy the Apple Experience, now that Mouintain Lion has opened up the real fun in cross-platform. i'm happy that we found a starting point with just a few clicks within apple.com. Being behind splendid firewalls and enterprise security software/hardware. it's just not good enough.

I appreciate you, I appreciate Linc. It's amazing that I just now had the "what do I do" discussion, 10 minutes before this was posted.

In the flow,

David

I prefer the version of ClamXav that you can get from their website as it includes ClamXav Sentry which the App Store version does not have. I use it to scan my Downloads and email folders.

Clinton

> I'm going to the App Store to look into MacScan.

I don't think you will find it there. Use the link I gave you.

It wasn't there. I found it from their site. It's running and scheduled for daily runs.

This is such an important thread. I understand why Apple would not want this widely "misunderstood". People really need to know about this. ClamXav was first to find as I installed it first. I'm waiting for it to complete, installing the version clinton perfers and running MacScan as added security. This certainly is what I needed, exactly when I needed it. <bowing to Mac'ers>.

p.s. Clinton, I'm from Mobile ! 😉 cheers.

VoilaMagic wrote:

ClamXav was first to find as I installed it first. I'm waiting for it to complete, installing the version clinton perfers...

Best of luck.

If you have any questions or issues with ClamXav, head for the ClamXav Forum where you'll find lots of info and somewhat faster answers to any questions or problems. Full disclosure: I do uncompensated Tech Support there.

VoilaMagic wrote:

ClamXav was first to find as I installed it first. I'm waiting for it to complete, installing the version clinton perfers...

[quote] MadMacs0 wrote:
Best of luck.

If you have any questions or issues with ClamXav, head for the ClamXav Forum where you'll find lots of info and somewhat faster answers to any questions or problems. Full disclosure: I do uncompensated Tech Support there.

[/quote]

I figured as much. That's ok with me. As long as it works and we are all secure, that is all I am here for ! I appreiciate all of your assistance.

~ D

Why should Java be dangerous - you are not allowed to make anything persistent in Java, everything stored must be on the server that initiates the session. Well except the well known host "127.0.0,1". Meaning someone has to place something that can act as a proxy and open a backddor on your own computer: Use netstat -a or network utility and discover the ports that are "LISTEN" ing.

Adobe Flash is a huge risk that you fail to mention - code can be included in all Flash - this is what allows the sophisticated graphics, but also where your key-logger is coded, and pulls down new scripts. Flash is stored locally on your disk, and will survive a reboot. Most important - "Automatic Updates" from sites that claim to be Adobe, and manage to trick the Update Utility to download a "newer" version than what you have of Flash. SO:

DISABLE ALL AUTOMATIC UPDATE

and ENABLE JAVA

Apple and Sun had a disagreement, and SMCC was right. Had all code on the net been Java, malware would be manageable.