Viruses On Os X

hey folks.
my fiancee has her intel mac in a mostly windows office.
i updated her from i think it was tiger to leopard, then the 10.5.6 update.
as she was sitting there on a sunday afternoon and being impatient, i didn't have time to fully test everything so i found out this morning her entourage and firefox were crashing. i had her remove her ancient expired norton antivirus (hate hate norton!) and reboot and no more complaints.

since she uses ms office for the mac and passes docs back and forth with some of the most clueless windows users i've ever met (i volunteered to help her office mate a few times, gave up) my only concern is she could get an infected document from one of her coworkers and pass it on. i'm thinking also the company most likely has a policy stating that machines must have some sort of protection. what would you kind folks recommend i have her install, something that would prevent her machine letting windows viruses and office macro type virus things pass thru?
thanks
 
If she must have antivirus software--probably a good idea if they make use of Office macros--I've heard good things about Intego's Virusbarrier. ** EDIT : I have heard that Office macros can affect OS X, though I have no first-hand experience with macro viruses. **

Bot
 
I have yet to see that happen, but I defer to the Guru's who deal with such matters. Here are two I have had recommended:

iAnitVirus

ClamXV

both which may be set to a "sentry" mode where it constantly watches your computer. They are also free--iAntiVirus has an upgrade for business use which he/she/it/not-sure-but-does-not-want-to-be-pressured-into-a-gender-or-species-role-thank-you probably does not need.

All in all, I have had them both catch one virus which affects PCs. Again, those who deal with the situation you are describing may have better advice.

--J.D.
 
lysergia said:
i had her remove her ancient expired norton antivirus (hate hate norton!) and reboot and no more complaints.
Click to expand...

Anything from Symantec/Norton tends to be of dubious quality.

lysergia said:
since she uses ms office for the mac and passes docs back and forth with some of the most clueless windows users i've ever met (i volunteered to help her office mate a few times, gave up) my only concern is she could get an infected document from one of her coworkers and pass it on.
Click to expand...

That's fairly easy to deal with. If she is using Office 2008, it's not a problem because Office 2008 doesn't include Visual Basic, so it can't run macros.

If she is using an older version of Office, you can protect yourself from a Word macro virus by disabling automatic running of macros in Word. In Word 2004, click Security, and then check the box for "Warn before opening a file that contains macros."

See here for instructions for the various versions of Word:
http://kb.iu.edu/data/agzk.html

lysergia said:
i'm thinking also the company most likely has a policy stating that machines must have some sort of protection. what would you kind folks recommend i have her install, something that would prevent her machine letting windows viruses and office macro type virus things pass thru?
thanks
Click to expand...

A while back I tested all of the major AV programs, and found Virus Barrier to be best. Macworld did the same:
http://www.macworld.com/article/42903/2005/02/antivirussoftware.html
One of VB's biggest pluses is that it doesn't sap your computer's performance, or get in the way of doing your work, while it sits in the background perpetually un-called upon. That said, a few people have reported software conflicts while running VB.
 
Doctor X said:
I have yet to see that happen, but I defer to the Guru's who deal with such matters. Here are two I have had recommended:

iAnitVirus

ClamXV
Click to expand...

I can't recommend either (unless you just want something that is free so that you can tell your boss that you have AV software installed.)

There was an interesting discussion about ClamAV and ClamXav on Macintouch, that I was a party to. (Both products use the same virus definition database. ClamXav is just a Mac front-end on ClamAV, which is a UNIX program.) There were several interesting revelations that came out of that discussion.

First, the ClamAV folks are not privy to the agreement that commercial AV software companies have amongst each other to share new malware finds. So it is unclear if the ClamAV folks are likely to *ever* see some particular examples of malware in order to dissect them and create an inoculating definition for them to put in their AV program.

Second, the ClamAV/ClamXav folks don't have anyone in particular who is routinely looking for and writing definitions for Macintosh-specific malware. What this means is that ClamAV does not have definitions for most of the Mac-specific Trojans that have popped up. It also is unclear whether the ClamAV folks have anyone who would write a definition to protect against a very malicious Mac-only virus should one show up. One hopes that they would, but there is no guaranty that it would happen.

You don't have to take my word for this. You can search the ClamAV database here:
http://clamav-du.securesites.net/cgi-bin/clamgrok
As a test, do a search for, for instance, for "Macintosh", or for one of the
known (though very rare) Macintosh Trojans, for instance: "Opener" or
"Renepo" or "iSight Trojan" or "Hovdy-A" and see if anything shows up.

As for iAntiVirus...they are huge liars, which makes me very wary of their product and what it might be doing. Here is their "Mac threat database", where they list all sorts of legitimate programs and utilities as threats:
http://www.iantivirus.com/threats/
Their product is free, and they are huge liars. (Usually you don't need to lie to push your product if it is free.) This makes me worry that their product itself might be a form of spyware. I don't have any evidence that this is the case, but things don't add up otherwise.
 
Randy Singer said:
You don't have to take my word for this. You can search the ClamAV database here:
http://clamav-du.securesites.net/cgi-bin/clamgrok
As a test, do a search for, for instance, for "Macintosh", or for one of the
known (though very rare) Macintosh Trojans, for instance: "Opener" or
"Renepo" or "iSight Trojan" or "Hovdy-A" and see if anything shows up.
Click to expand...

One would think one would want to search the ClamXAV site instead.

12. I know Opener/Renepo isn't a virus or even a trojan, but what IS it then?

It's little more than a proof of concept. A virus is a self-replicating malicious piece of software designed to destroy files and folders on a computer system. A trojan is a piece of software which pretends to be legitimate and useful but does in fact install other software (unbeknownst to you) which opens up a "back door" to your computer, allowing a hacker to have access to your files and theoretically your entire computer system. In this instance, Opener would be the "other software" � or you might call it the "payload".

Whilst "Opener" does in fact perform various tasks to open up "back doors" to your computer, you would have to physically and deliberately install Opener yourself. No-one should do this unless they're deliberately trying to find out what it does. If you (or some other admin user on your computer) don't make a deliberate effort to install Opener yourself, you will not have to worry about it. The key here, as you've probably guessed, is the word "deliberate". Opener/Renepo can not get onto your computer without your knowing about it. Hence, it is not a trojan.

Furthermore, it has no way to replicate itself to other computers, be it via email, CD or even the humble floppy. Hence it is not a worm. It doesn't destroy files on your computer and therefore is not a virus either.

However, that is not to say that it will never become a threat. As it stands, it is currently only a proof of concept, but don't be surprised to see someone at some point in the future using parts of it in their own trojan. Do be vigilant about watching for virus warnings on Mac news websites.

I still don't believe you!
Google for it then!

ClamXAV FAQ
Click to expand...

Some interesting threads on it on that site.

"And I have nothing more to say."

--J.D.
 
Whenever a threat exists in the wild, even a "concept" threat, it can be used as sort of a construction kit by other sociopaths to create a new, non-"concept" threat. That's how most of the OS 8/9 viruses came about. And it is even how at least one of the current non-concept Trojans for OS X came about.

I don't think that Macintosh users currently need to have AV software. However, if you are one of those folks that think that you do need it, I would presume that you would want AV software that actually works, and which actually works to protect you from potential threats. ClamXav isn't such a product. ClamXav does not protect you from either the existing threats to the Macintosh, or the potential ones. The only thing good about ClamXav is that it is free.

A good AV program, such as Virus Barrier, has a definition to protect you against Opener, and against Trojans that are very similar to Opener. ClamXav won't do a thing to protect you from such a Trojan.

At this point there are close to a dozen non-concept Trojans for OS X.

I've heard of:

ASthtv05 and AStht_v06
http://www.macworld.com/article/134084/2008/06/www.idgconnect.com
http://www.securemac.com/applescript-tht-trojan-horse.php

iSight Trojan
http://www.theregister.co.uk/2008/06/23/mac_trojan/

OSX/Hovdy-A
http://www.sophos.com/pressoffice/news/articles/2008/06/machovdyA.html

DNSChanger /OSX.RSPlug.A /OSX/Puper
http://www.dnschanger.com/

OSX.RSPlug.E (a variant of RSPlug )
http://www.intego.com/news/ism0808.asp

OSX.Lamzev.a
http://www.symantec.com/security_response/writeup.jsp?
docid=2008-111315-1230-99

Worm.OSX.Autostart
http://lowendmac.com/virus/worm.shtml

Leap-A
http://blogs.zdnet.com/Apple/?p=100

I don't know to what extent any of the above are duplicate names for
the same thing.

Check ClamXav's Web site, ClamAV's database, anywhere that you like. Does ClamXav protect you from any of these? Virus Barrier will protect you from all of them.
 
Choosing at random:

lapicide said:
The Trojan 'OSX.RSPlug.D' found on porn websites disguised as a codec required to play video files. The user has to download and install it himself.

The second one is called OSX.TrojanKit.Malez or OSX.Lamzev.A . It is " a hacker tool designed primarily to allow attackers to install backdoors in a user's system." It is not installed through internet traffic but a hacker has to have physical access to your computer to install it.

Details are found here.
http://news.zdnet.com/2424-9595_22-251586.html

Has anyone found them. If so they should upload it to clamAV database:
http://www.clamav.net/sendvirus/
and clamXav will tag them.
Cheers

ClamXAV
Click to expand...

Quod erat demonstrandum

"Cheery bye"

--J.D.
 
Now find me something that shows that there is actually anyone at the ClamAV project who can analyze Mac viruses and can write and include Mac viruse definitions in ClamAV.

I've already given you the link to the ClamAV project's AV database. Please find the Mac threats in the database for me.

Once again, ClamAV/ClamXav is worthless if you actually want protection from any Macintosh-specific threats. But if you want to kid yourself that it is protecting you...good luck.
 
Has anyone heard of the Facebook virus Koobface affecting a Mac?

Unfortunately a link got clicked and ever since, strange things have been going on - it feels as though someone has got some access to the computer - all through Safari - forums have been posted our my accounts without me being online, all trace of emails have disappeared, all birthdays in the calendar have moved by a few days and today, the normal online banking screen was replaced by a fake one.

Grrr..
 
Koobface can only affect Win32 machines -- so Mac OS X is unaffected by it (unless, of course, you're running Windows via BootCamp or via virtualization -- but even then, the worm would only cause trouble in your Windows partition or virtualized machine).

Your troubles must have come from another source.
 
I haven't heard of any Mac viruses that infect Facebook. In fact, I have yet to hear of an actual "virus" for OS X; though there are now about half a dozen Trojan Horses for OS X.

If you want a list of all OS X malware, check out:

http://www.sophos.com/security/analyses/search-results/?search=macintosh&action=search&x=0&y=0

http://search.securityfocus.com/swsearch?sbm=/&metaname=alldoc&query=macintosh&x=0&y=0

However, don't get excited when you read these pages. Most of what you see listed is for OS 8/9 and won't run under OS X.
 
closebeauty said:
Hi,
Is this viruses for os X?
Keylogger for Mac OS X
Click to expand...

Yes, it is for OS X.

But *no* it isn't a "virus"
http://en.wikipedia.org/wiki/Computer_virus
as it can't self-replicate.

In fact, you really can't even call it "malware"
http://en.wikipedia.org/wiki/Malware
as a keylogger isn't necessarily malicious, nor is it necessarily used against the wishes of the computer's user, as some folks have legitimate uses for keyloggers.

But assuming that someone wanted to use Mac Keylogger for malicious purposes, they would have to have physical access to a user's Macintosh to do so, as physical access is nominally required to install it. (Unless you have something like a malicious system administrator. Which is possible. Parents have been known to use keyloggers to keep tabs on what their children are doing on their computer.) There is no other surreptitious way to install this software, such as via the Internet or e-mail.

So, if you are concerned that this product is a threat to you or other Mac users...it really isn't. At least no more so than allowing someone physical access to your Mac without them being supervised.
 
Hi, Randy
Thanks very much.
It's very kind of you to explain it to me.
I think this application aobo mac os x keylogger should be spy software, no spyware.
 
closebeauty said:
Hi, Randy
Thanks very much.
It's very kind of you to explain it to me.
I think this application aobo mac os x keylogger should be spy software, no spyware.
Click to expand...

Well, it *can* be spy software, if you use it as spy software.

By the way, there are other key loggers for OS X. They aren't anything that is rare, new, or unheard of.

In fact, software for OS X designed for parents to spy on their children isn't uncommon either.

This isn't considered to be "malware" because it isn't considered to be "malicious" but rather to be a legitimate thing for parents to be doing. (However, I'm not saying that I personally approve of this.)
 
I hope this is the right place to post this. How do I find out if I have malware on my Macbook pro? I recently had a hotmail account hacked. I contacted them and they say it was from malware. I don't know how to find out if they are right. I do know my hotmail account was hacked into and spam sent to my contacts. I changed my password as soon as I found out. Nothing more happened since then. I feel like if it were due to malware, changing my password wouldn't fix everything, as it could then find out my new password. I don't really know though. Recently my laptop has acted odd in new ways. It freezes up for a bit and throws up the rainbowball fairly often and sometimes runs really slow. I also have had a few odd pop ups. One happened recently right as I opened FF, before going to any web sites. So maybe they are right, how do I figure this out?
BTW I am sure someone will tell me I deserve this for being a hotmail user, but I have had the account 10 years and have kept it because I resist change lol.
 
You must log in or register to reply here.
Back
Top