# Viruses On Os X



## Captain Code (Feb 26, 2005)

I've noticed quite a few questions about people thinking that they might have a virus on OS X.  Everyone should know that, so far, there are absolutely NO viruses for OS X.  There are a few hundred for OS 9, but NONE for OS X.

Strange things occuring with applications are usually the fault of that application.

There are virus scanners for OS X such as Virex and Norton but they are only scanning for Windows viruses and the old OS 9 viruses, so there is not much use for them unless you want to take it upon yourself to protect PCs if you forward strange emails to people.


----------



## ElDiabloConCaca (Feb 26, 2005)

Agreed.  I think it should also be mentioned that if you think you're experiencing some sort of "spyware" or virus activity to take a look at the environment you're operating in.  If you're at work and are being "served" the internet through a Windows server (like a proxy server or similar computer-based router) then the problem more than likely is originating from the server, not your Macintosh.

Application crashes, like Captain Code said, are almost never linked to malicious spyware or virus activity, and there are lots of things (like bad RAM, hard drive problems, external peripherals, system haxies, and system add-ons) that would be more likely than a virus/spyware to be causing system instability.


----------



## chevy (Feb 26, 2005)

There is a complete article about security on MacOS X in the March issue of MacWorld
http://www.macworld.com/2005/02/features/macsecurityhome/index.php

Statements:
1) Virus may also come on MacOS X, even if currently there is no known virus infection on our plateform. Therefore it is not a bad idea to have antivirus SW on your Mac with uptodate definitions.
2) If you use VPC you are vulnerable to Windows viruses.
3 _my statement_) There are other risks... the first one being the risk to lose your data due to hardware problems. Therefore it is a very good idea to backup your data on a regular basis.


----------



## ElDiabloConCaca (Feb 26, 2005)

chevy said:
			
		

> 2) If you use VPC you are vulnerable to Windows viruses.


...it should be noted that any Windows virii/spyware that you get in VirtualPC will be limited to the VirtualPC operating system, and cannot, in any way, damage or affect your Mac OS X system.  At the worst, your Virtual OS will be kaput and will have to be deleted and re-installed, but OS X and your hardware will be absolutely fine.


----------



## chevy (Feb 26, 2005)

ElDiabloConCaca said:
			
		

> ...it should be noted that any Windows virii/spyware that you get in VirtualPC will be limited to the VirtualPC operating system, and cannot, in any way, damage or affect your Mac OS X system.  At the worst, your Virtual OS will be kaput and will have to be deleted and re-installed, but OS X and your hardware will be absolutely fine.



The virus can also attack any file that can be accessed from the VPC environment, and this can be your whole Mac if you open it to VPC. Of course the virus will not reproduce on MacOS, but it still can delete files.

Another "agonstic" virus type is made of the M$ Office macro viruses. These are based on Office and not on the underlying OS.


----------



## chevy (Feb 26, 2005)

You may also considere this article about Mac security
http://www.informit.com/articles/article.asp?p=335882



> Macintosh security is built in, not added as an afterthought. The design of Mac's OS X made security a top priority and achieved it in many different ways. Larry Loeb gives you an update on some of the ways security has been implemented.


----------



## Captain Code (Feb 26, 2005)

You can get the same Windows viruses in VPC but I'd consider that a really rare occurence.  For the useage that VPC gets, there's a lot less risk of infection.  You don't normally use it all day surfing the net, checking email etc.  The usual usage pattern of VPC is to run some niche program for a few hours at a time.

So, the risk is really small.

You can spread the Word macro viruses, but I don't think they are actually harmful on the Mac.  From what I've heard they don't usually do anything at all on the Mac.


----------



## powermac (Feb 27, 2005)

I downloaded a small clip from a joke web site once, a friend put as a link in an email. I went to the site, pressed the url for the particular video, and Virex popped up, and said it has contained a virus, do you want to delete the file. It was a weird experience. I further investigated to find out it was a windows virus.


----------



## perfessor101 (Feb 27, 2005)

Captain Code said:
			
		

> The usual usage pattern of VPC is to run some niche program for a few hours at a time.
> 
> So, the risk is really small.
> 
> You can spread the Word macro viruses, but I don't think they are actually harmful on the Mac.  From what I've heard they don't usually do anything at all on the Mac.


I am not as sanguine as you about the scope of risk using VPC. Ifyou read email, download files, or cruise the internet in VPC your risk is *exactly the same* as it would be running a hardware PC. Once the copy of Windows in VPC is infected, the files on the Mac VPC has access to are vulnerable to damage any time VPC is running. That does not mean VPC can "infect" the Mac, but some of the more malicious virii that delete or trash files could potentially wreak havoc. So unless your use of VPC is *very* limited, it is probably best to have a Windows Anti-Virus program installed and running in VPC and unless VPC is sharing the Mac internet connection, you should have a Windows firewall running as well. (If you are sharing the Mac internet connection VPC takes control of the Mac's ipfw firewall.)

I have frequently seen claims of the possibility of damage from Word or Excel macro Virii, but I have never seen reports of any damage having actually happened. I have no explanation why, it is just an observation.


----------



## Captain Code (Feb 27, 2005)

perfessor101 said:
			
		

> I am not as sanguine as you about the scope of risk using VPC. Ifyou read email, download files, or cruise the internet in VPC your risk is *exactly the same* as it would be running a hardware PC.




Yes, but how many people actually do that.  There's not really any reason to load VPC to check email or browse the internet.  I'm just going on my usage, but I can't see that most people would use it for stuff you could use the Mac for at a greater speed.


----------



## ElDiabloConCaca (Feb 27, 2005)

For VPC to infect a Macintosh outside of the VPC Shared Folder, the virus would have to be specifically written to handle UNIX-style directories -- something that Windows virii are not written to do.  The first time that virus tried to "backslash" its way into another directory, it would fail.  The Macintosh, outside of the Shared Directory, is completely inaccessible to any Windows virus.


----------



## perfessor101 (Feb 27, 2005)

Captain Code said:
			
		

> Yes, but how many people actually do that.


 I was addressing the issue of vulnerability and Windows running on VPC is every bit as vulnerable as Windows running on Pentium hardware. To say otherwise is, to my way of thinking, inviting the uninformed to take unnecessary risk. 


			
				ElDialoConCaca said:
			
		

> For VPC to infect a Macintosh outside of the VPC Shared Folder, the virus would have to be specifically written to handle UNIX-style directories


 I haven't tried this lately so I don't know for certain this is still true in Windows 2000 and XP, but in Windows 98 and NT, when addressing a networked drive, Windows automatically translated a "\" to "/" for network compatibility purposes. Since VPC sees accessible volumes on the Mac as network drives and since Windows XP running on VPC can easily drill down through multiple layers of folders on accessible Mac volumes I have to believe that is still true. Therefore I have to believe slash vs. backslash would present no barrier at all.


----------



## ElDiabloConCaca (Feb 27, 2005)

Well, I tried doing some googling and some searching on Microsoft's site for an answer but came up with nothing definitive about this.

If we really wanna find out, I have a spare machine here with OS X 10.3.8 on it as well as VirtualPC 7 with Windows XP and 2000.  I think I even have a licensed Windows Me disk around here somewhere.  If we can dig up a Windows virus that is known to propagate and damage files across network shares, I'd be willing to be a guinea pig on finding out if it's possible or not... 

I still don't think a virus could propagate or do damage outside of the Shared Folder, simply because it does appear as a network share to the virtual OS, with all the restrictions of a network share.  I don't think it's possible that a virus could even "look" outside of the Shared Folder, simply because VirtualPC is limited in that way -- you can't do an "ls" or a "dir" or change directories to anything outside of that Shared Folder -- it's like a dead-end road.  It could circle and circle inside of the Shared Folder all it wants, but since the Shared Folder appears as the "root" directory to the virus and to VPC, there's no way to go "up" the hierarchy and "get out of" that Shared Folder.  Sure, it could recursively go deeper, but that would only affect files and subfolders inside of the Shared Folder.


----------



## fryke (Feb 27, 2005)

ElDiabloConCaca said:
			
		

> For VPC to infect a Macintosh outside of the VPC Shared Folder, the virus would have to be specifically written to handle UNIX-style directories -- something that Windows virii are not written to do.  The first time that virus tried to "backslash" its way into another directory, it would fail.  The Macintosh, outside of the Shared Directory, is completely inaccessible to any Windows virus.



Not true. The Windows virus might attack a path with \ in it, but that's automatically parsed by VPC to /. So actually the virus running in VPC can attact all the files under the path shared to VPC. If you're dumb enough to let VPC access the root of your Mac OS X file system, the virus can, theoretically, delete any file VPC has the right to delete. While this is far less dangerous than a 'real' Mac OS X virus/rootkit combo, it's still a drag.

However, I don't think people are likely to share folders they don't really want to share.


----------



## macco (Mar 4, 2005)

chevy said:
			
		

> There is a complete article about security on MacOS X in the March issue of MacWorld
> http://www.macworld.com/2005/02/features/macsecurityhome/index.php



Good article.

I just wanted to add that indeed there are no viruses that can use any OS X vulnerabitity (at least non one that I have heard of), but there are trojan horses that are mainly  Unix scripts and that affect the OS X. In fact one that pops in my mind is /MW2004 that comes as a soft  called "Microsoft Word OS X Web install", and in fact deletes all  the user's files. AND it is rather new May 2004. anyway virex finds it.  

Intrestingly enough this trojan affects only OS X and not OS 9.

 Probably there are more trojans out there as it is not so difficult writing one. So the best idea probably is to shield up anyway.


----------



## TommyWillB (Mar 5, 2005)

Captain Code said:
			
		

> Yes, but how many people actually do that. There's not really any reason to load VPC to check email or browse the internet. I'm just going on my usage, but I can't see that most people would use it for stuff you could use the Mac for at a greater speed.


For years the only way for me to connect to work was though a Windows VPN. I used that through VPC, and reguarly surfed the web, etc.

...in fact that copy of VPC was completely trashed by Code Red. Luckily it's very easy to copy/restore VPC "images. So I was back up and running in 30 minutes.


----------



## TommyWillB (Mar 5, 2005)

ElDiabloConCaca said:
			
		

> For VPC to infect a Macintosh outside of the VPC Shared Folder, the virus would have to be specifically written to handle UNIX-style directories -- something that Windows virii are not written to do. The first time that virus tried to "backslash" its way into another directory, it would fail. The Macintosh, outside of the Shared Directory, is completely inaccessible to any Windows virus.


WRONG!

Virtual PC takes care of this translation to make the mounted volume look like a normal Windows mapped drive.


----------



## ex2bot (Mar 25, 2005)

I just use one of the free Windows security programs (can't remember which at the moment - probably Zone Alarm) to completely block access to and from the Internet for VPC. All my Internet surfing, downloading, emailing is done with OS X. Haven't had any problems  yet.

I don't use VPC for anything except for fun (I'm fascinated by emulators), so I'm not going to buy an Internet security program to protect a virtual machine.

Also, I only share a single subfolder. 

Doug


----------



## WeeZer51402 (Apr 3, 2005)

With all this talk of viruses I'm trying to look into a decent anti-virus scanner.  Right now I'm using clamXav, last night it found 8 viruses in my home folder, obviously windows viruses. However just because there aren't any OS X viruses yet it could be possible to create one.  What I'm looking for is a good virus scanner.  What I would like is something that can scan the entire startup disk, one of clamav's downfalls is that it can't.  Also I would prefer a cocoa app.  If it could be free that would certainly help. What has everbody else had good luck with?


----------



## MBHockey (Apr 3, 2005)

I run intego virusbarrier scans once a month when the new definitions are released, but i have yet to find one virus


----------



## ex2bot (Apr 4, 2005)

Virus scanning for OS X? Me? No. Not until one actually appears.

Doug


----------



## WeeZer51402 (Apr 4, 2005)

Well my concern is not protecting against an OS X virus, as I am aware that such a virus does not exist. What I am trying to avoid is passing one on to some unfortunate windows user.  Also it doesn't hurt to have a mechanism in place in the case that a virus is ever created for OS X.


----------



## Captain Code (Apr 4, 2005)

My view is it's pretty hard to pass on a windows virus to windows users unless you are deliberatly forwarding strange emails to people.

I don't see why I should slow down my computer by running resource sucking AV software if I don't have to.


----------



## Lt Major Burns (Apr 4, 2005)

how impossible is it to create a virus for osX - _someone_ can hack everything. osX is hackable - how hackable?


----------



## Tetano (Apr 5, 2005)

create a virus isn't impossible... at the moment it's easier for windows for the presence on-line of virus-building tools which provide the necessary codes for every virus part... recently i haven't read of any new vulnerability in osX, but, for example, the latest update for iTunes was released to fix a potential security hole, with an exploit available on-line


----------



## Andrew Adamson (Apr 5, 2005)

I realize there is a huge difference between a virus/trojans/worms that target the OS and those that target specific applications and services, but the vast majority of users don't care about what kind of virus they have once they realize their MP3s have all been overwritten or that their hard drive has become an FTP drop box for pr0n. They will undoubtedly blame the operating system since the virus doesn't affect Windows. Given the huge range of 'web enabled' applications running on the Mac, I see a day soon when 'OS X viruses' do start to appear. The obvious efforts of Apple to simplify the firewalling process give me little confidence, given that I have yet to see one outgoing request get stopped by it.

For example, on my own Mac, I have PHP 4.3.10 installed and running -- in fact it was running from the day I bought this machine (along with Perl and Python, and probably several other scripting languages I don't use or care about). If you are a budding programmer, this is amazing since it means you don't have to compile or install a thing. But this version of PHP still has 'multiple vulnerabilities' according to Secunia.org. As a PHP programmer, I know the risks are tiny, since I do all of my own coding and I don't use my box to serve anything to the web. But I can imagine lots of other users loading all sorts of self-installing web applications onto their boxes without the slightest awareness that they are exposing their machines to danger. Load on PHPNuke or some other OSS content management system, you have added another layer of vulnerabilities. Add some extenstion and you are down another layer.

As for OS X's 'inherently stronger' permissions... Every week I read more about Linux exploits that 'escalate permissions' or install 'rootkits', phrases I had never heard of before I moved to Unix. "Stronger" is not "impervious".  Yes, Windows is a much bigger target. Yes, it significantly easier to attack. And, yes, it takes little more than a cut and a paste to build a virus that can take down a few thousand Windows machines. But I am willing to wager there are a few serious crackers out there working on breaking your Mac right now, just for the credit of being able to say, 'I was the first.'

Don't get me wrong. I left Windows *specifically*  because of Microsoft's half-baked approach to security (the GDIPlus.dll vulnerability was the straw that broke my camel's back). I feel immeasurably happier and safer with the Mac. But to suggest even for a moment that OS X is 'safe' in any concrete sense is to speak words that will surely come back to haunt you.


----------



## ex2bot (Apr 5, 2005)

I don't believe it is safe, only safer. Nor do I believe it is completely secure, only more secure. 

As for protecting Windows users from a virus, I don't forward attachments. I understand that viruses could be spread via email in ways other than as an attachment. But that's what _their_ virus checkers are for, right?

Doug


----------



## TommyWillB (Apr 9, 2005)

Andrew Adamson said:
			
		

> ...For example, on my own Mac, I have PHP 4.3.10 installed and running -- in fact it was running from the day I bought this machine (along with Perl and Python, and probably several other scripting languages I don't use or care about)...


That's not true.

OSX does not ship with Apache/PHP running!

If it was running "from the day (you) bought" it, that's because YOU turned it ON while exploring your new machine!

Besides, its pretty d#*n hard to exploit PHP if you don't actually have PHP scripts in your docroot... And Apple absolutely does not ship OS X with any PHP scripts active.


----------



## Andrew Adamson (Apr 9, 2005)

TommyWillB said:
			
		

> That's not true.
> 
> OSX does not ship with Apache/PHP running!
> 
> ...



Excuse me. Did I say Apache? Go to the command prompt and type 'php', you get PHP. I sure do. That is what I am talking about.

My specific issue with PHP (and Perl, Python, &c) is this. First, I am not that concerned that some anonymous cracker can connect to the user's machine to do nefarious things in PHP because at the moment I don't think they can (at least not without the user's help). The firewall seems to me to be pretty solid and will stop inbound anonymous traffic, and without Apache running as a service, there is no easy way to contact PHP from the outside world -- without my help. Fine. We're on the same page on this one. My first problem is that they have installed an extrememly powerful, scriptable language that has documented vulnerabilities, including techniques (certainly in Linux) to ESCALATE permissions to root, and which the VAST majority of users aren't aware of and won't use (you can argue for leaving Python installed because a lot of installers are written in it, but PHP???). The second is that they, at least at present, do not seem to be offering any patches to bring it up to the present release through the automatic update process. The third is that the firewall does not appear to stop OUTbound traffic of any kind, and does not alert the users to any new traffic patterns AND (from what I can see) does not stop inbound responses to that traffic. Install BitTorrent, it works just fine without tuning the firewall. Install a PHP Spambot, it works just fine too, I reckon.

So, again, my worries are 1) known vulnerabilities, 2) no automatic patching to current builds, 3) no way to warn users of new processes or stop outbound traffic.


----------



## Satcomer (Apr 10, 2005)

Andrew Adamson said:
			
		

> So, again, my worries are 1) known vulnerabilities, 2) no automatic patching to current builds, 3) no way to warn users of new processes or stop outbound traffic.



1) I know the Mac probably has some kind of vulnerability. Please show us ANY computer (especially one that connects to a network) that doesn't any vulnerability. It is an arms race between the makers of software/hardware and the ones trying to break codes.

2) There is a way to track most all outbound traffic (and you WILL BE surprised) called Little Snitch. It will notify you of most all outgoing traffic.


----------



## TommyWillB (Apr 10, 2005)

Andrew Adamson said:
			
		

> Excuse me. Did I say Apache? Go to the command prompt and type 'php', you get PHP. I sure do. That is what I am talking about...


Okay... I understand your point about PHP command line (Apple did not originally have that enabled) vs. over HTTP, but I'm still confused as to why this is such a big concern.

You yourself admit: 





			
				Andrew Adamson said:
			
		

> ...I am not that concerned that some anonymous cracker can connect to the user's machine to do nefarious things in PHP because at the moment I don't think they can (at least not without the user's help). The firewall seems to me to be pretty solid and will stop inbound anonymous traffic, and without Apache running as a service, there is no easy way to contact PHP from the outside world



So if you are worried about novice users, what's the issue... It's not like they are going to install some PHP script that does all of the network conenction issues you talk about.

If you're advanced enough to do things like that, then you're responsible for proceeding at your own risk. Nothing Apple can do about that.


Ragarding the patching, Apple has done several updates to PHP... They don't do them as fast as they are released, but a hell of a lot faster than other OS's are updated.


----------



## TommyWillB (Apr 10, 2005)

Satcomer said:
			
		

> ...2) There is a way to track most all outbound traffic (and you WILL BE surprised) called Little Snitch. It will notify you of most all outgoing traffic.


I agree. Little Snitch is great.

I use it. I love it. I too would like to see Apple add someting like it to the base OS X install.


----------



## lurk (Apr 11, 2005)

I am curious what kind of local root exploits are there in PHP?  You have made a big accusation that I find hard to believe as it implies a fundamental failure in the basic structure of the OS (both Linux and Darwin).


----------



## Andrew Adamson (Apr 12, 2005)

lurk said:
			
		

> You have made a big accusation that I find hard to believe as it implies a fundamental failure in the basic structure of the OS (both Linux and Darwin).


I wouldn't say 'fundamental failure' of the OS. If you regularly visit Secunia.org, you'll see that exploits like this are pretty routine. Specifically, regarding PHP and permission escalation, see http://secunia.com/advisories/13481/. There are plenty more if you dig.

I guess I should point out that I am not a security wonk. I am a programmer. Because I write things with my client's security in mind, the security of the products I use is important to me. So I try to keep my eyes and ears open about vulnerabiilties. Also, I live in Japan, while I maintain banking and credit card accounts in Canada -- so a key logger or rootkit could pretty much ruin my day. As a result, I regularly visit Secunia, I watch the processes that are running, I read my logs. I try to be safe.

I guess, regarding TommyWillB's comments, all I can say is that 'novice users' 'installing things' was the chief reason Windows is the security nightmare it is (in my opinion). Simply saying that 'it's your fault; if you installed it, you should have known what you were doing' is not enough for Microsoft users, so it shouldn't be for anyone else. Furthermore, certain vulnerabilities can mean things get installed without the user's help. So, leaving things like PHP installed when the overwhelming majority of Mac users don't know what PHP is and certainly would never use it, is dumb enough. Leaving it installed when vulnerabilities exist now and will probably exist for some time to come is dumb and risky. And leaving it installed when vulnerabilities in other products might be used to run PHP scripts locally, dumb and VERY risky. 

I'm real sorry for saying this, but I get the impression that I am beating a dead horse here. Just because 'Product X' (PHP, iTunes, AppleScript...) is cool, just because it's been around forever, just because everyone and their cousin uses it, doesn't mean it is secure. Before you say something is secure, you should first try to find out if it is not. Otherwise, assume it is not.


----------



## Tetano (Apr 12, 2005)

lurk said:
			
		

> I am curious what kind of local root exploits are there in PHP?



you may check in this forum....


----------



## HomunQlus (Apr 25, 2005)

*People, it's done. It's true. There's the first trojan known to me for OS X. It puts in some entries into the start up files and opens some back doors that allow intruders to run commands on root level.*

*http://www.sophos.com/virusinfo/analyses/maccowhanda.html*


----------



## Lt Major Burns (Apr 25, 2005)

so... er, what do we do? none of us have anti-virus software


----------



## HomunQlus (Apr 25, 2005)

On the link I posted, I think on the bottom, they give you instructions or tool of some sort to remove it. Have to check that out either


----------



## Lt Major Burns (Apr 25, 2005)

i assume it's a patch for Sophos antivirus - it's just not a recognised file


----------



## HomunQlus (Apr 25, 2005)

Hmm.... maybe they release something for OS X in particular, some sort of removal tool. We can also watch the Apple download sites, maybe they're aware of that also and provide something


----------



## Andrew Adamson (Apr 25, 2005)

I see nothing in the Sophos advisory about it running things at root level. Maybe I'm blind, but if someone can quote anything that says "root" or "privilege" or "escalation", I'd appreciate it. Perhaps it was removed. Please remember that without escalation, the damage to your system is limited to your data or any programs that you installed without providing the system password. That sucks, but it won't rob you of a working computer. If a virus or trojan can escalate itself, through a vulnerability in the OS (or by you providing it with the system password), everything on your system is at risk. 

Also, this is a trojan. A trojan needs you to install it before it can do a single thing to your system. If you don't install it, you won't get infected. If you install lots of public scripts or use warez, this sort of trojan should worry you. But then again, you should probably have always been worrying if you installed such things. Sophos, being an anti-virus company, says absolutely nothing about how this trojan has been distributed so far. None of this worries me.

Also, this is not the first trojan for OS X. Search Sophos for "Renepo". 

Also, according to Sophos, this is a proxy trojan -- that is it can be used by its author to turn your computer into a gateway to launch attacks on other systems while hiding his/her identity. This sort of infection has a LONG history in UNIX. I would frankly be surprised if there weren't more of these in the wild. If the author really wanted to be a dick, its payload could be much worse.


----------



## Captain Code (Apr 25, 2005)

It doesn't say how it gets installed or what it does.  Doesn't say anything about running as root or how it does this.

They list it as a low priority.


----------



## bobw (Apr 25, 2005)

Use a Folder Action to notify you if anything tries to put something in the Startup Items.

A safeguard is to keep an eye on two OS X folders: Library/StartUp Items and System/Library/StartUp Items. You can check them manually or you can use one of the Folder Action scripts provided by Apple as part of OS X. Using a folder action will automate the process and help you keep an eye on future additons to the folders.

 Here is how to do it:

1. Go to Library/Scripts/FolderActions.

2. Locate Enable Folder Actions.scpt.

3. Double-click the script.

4. Click the "Run" button and close the script window. Now you can run folder action scripts on your Mac!

5. Go to Library/StartUp Items.

6. Control-click the folder icon and choose Attach a Folder Action from the drop-down menu.

7. In the dialog box find and select Library/Scripts/Folder Actions/add-new item alert.scpt.

8. Go to System/StartUpItems.

9. Repeat steps 6 and 7.

Now whenever anything new is added to either of the folders you will automatically get an alert.


----------



## RGrphc2 (Apr 25, 2005)

Now that there is a Trojan on OS X   what is the best anti-virus software out there?  Sophos, Norton, or Virex?  I currently have norton installed on my laptop. 

Is there any free ones like Avast for the PC?

I can see it now, all the PC user's i know will be like there's a Trojan for the Mac!   ::ha:: Yea, but it's only 1 compared to how many on the PC?


----------



## ElDiabloConCaca (Apr 25, 2005)

Norton's is probably the worst of the three.  Get rid of anything on your hard drive that bears the name "Norton" -- it's worse than the virus itself!

I also don't see anything mentioned about the level of access that trojan provides to the remote user.


----------



## mw84 (Apr 25, 2005)

http://www.pure-mac.com/virus.html

ClamXav? Has anyone tried it


----------



## ex2bot (Apr 25, 2005)

Take anything Sophos says with a healthy grain of salt!

They seem to have trouble with the subtlies of truth.

Doug


----------



## RGrphc2 (Apr 25, 2005)

Here's the WiredNew's Article on the Worm



> (Editor's note: This story corrects an earlier report that stated that the Macintosh operating system had become a target of a malicious Trojan Horse.)
> 
> Security experts on Friday slammed security firm Intego for exaggerating the threat of what the company identified as the first Trojan for Mac OS X.
> 
> ...



Intego probably said it was a threat just to get their sales up...


----------



## Captain Code (Apr 25, 2005)

Is this really the latest one they're talking about?  It sounds a lot like that other proof of concept released a long time ago.


----------



## ElDiabloConCaca (Apr 25, 2005)

It's an older article about the old "Ha ha!  I hid a trojan in an MP3 file that requires you to double-click the MP3 to launch the trojan, then enter your administrator password!" proof-of-concept.  Nothing (yet) has come of it.

The virus mentioned at the beginning of the article is different.


----------



## HomunQlus (Apr 26, 2005)

Anyways, I don't think we need to worry. Viruses will - in my opinion - be very very rare for OS X, if there will ever be more viruses.


----------



## WeeZer51402 (Apr 26, 2005)

Well its interesting because in order to get a working trojan installed you would need to fool the user in to authenticating because its a privillaged operation...well thats not a very good trojan at all!!!  I have read about something called xover but it requires the user to install it and doesnt seem to need authentication.  Anybody heard anything about this?


----------



## rbuenger (Apr 28, 2005)

WeeZer51402 said:
			
		

> you would need to fool the user in to authenticating because its a privillaged operation...



Why doesn't anybody read the security sites bevor writting such things. This is simply not true. I DON'T NEED ANY PASSWORT FROM THE USER TO GET ROOT.

Actually you just have to start the trojan (or whatever). And it's VERY easy to do this. I bet I can fool you in 2 seconds to doubleclick my 'folder'. And the best is that the script is so fast that it creates some files in /tmp, remove the faked folder, create a new folder, copy content in it and use AppleScript to open this created folder. You doesn't even notice that there was anything other than this folder. It just take 10ms longer to open. Would YOU realise this? Do you check every file/folder bevor clicking on it?

And than I just have to wait and monitor the logfile until the user install anything else or need sudo for an other application. I can just 'hijack' this sudo without ever noticed by a normal user. 

There is simply no need to ask the user to authentificate. You just have to wait 
And there is no possibility for a user to spot any of these activities if they don't how to use the shell.

Hopefully Apple will change the sudo behavior to log in a 'only root can read' log and bind sudo to the session and not global for x minutes. But if you don't have the latest update I can just use mRouter to get root what's even more easy 

I don't wanne say that OS X is unsecure or so. In my opinion it's in the top 3 or so of the most secure systems. But the 'normal' user should be aware that it isn't 100%. 
And if ppl always say 'Don't worry. OS X is safe' they just do that: don't worry. And in 2 years we'll have 1000 viruses as all these users get fooled because they just open anything because 'Im using OS X, I'm safe'.

We should tell them that it's VERY easy to create a virus/trojan.. even for OS X. Actually we're just no target. And if users watch out we will stay there. But if they open everytding and the scrippt kiddies see that it's easy to fool a mac user they will switch. So better start worry today than complain next year about viruses.


----------



## WeeZer51402 (Apr 28, 2005)

How exactly do you go about hijacking sudo?


----------



## HomunQlus (Apr 28, 2005)

rbuenger said:
			
		

> Why doesn't anybody read the security sites bevor writting such things. This is simply not true. I DON'T NEED ANY PASSWORT FROM THE USER TO GET ROOT.



I do not believe this is true. We are on a Unix system here - every priviliged operation requires the root password. On my Macs, I can do a sudo on the console and it actually asks for the password, however, none of my passwords lets me through. So I believe it is pretty impossible to get root permissions without anybody knowing or noticing.


----------



## ElDiabloConCaca (Apr 28, 2005)

You don't.  He's simply referring to a program that runs constantly, waiting for you to authenticate for something (a program install, etc.).  It then reads your password you enter, and uses it for whatever.

A clunky virus, if ever I heard of one.  Still, it's possible to write this kind of virus fairly easily, but the hard part would be getting it onto a machine.  It certainly wouldn't replicate very well -- even if it were disguised as another kind of file, the word would get out fast enough to stop it without it wreaking too much havoc.

Until I see it in action, I'm going to deem it not much of a threat.


----------



## Captain Code (Apr 28, 2005)

Well, it's somewhat true, at least with Terminal.  Open one console window and sudo something like 'sudo pico'.  Then open a new window and so 'sudo pico' again.  It doesn't ask you for your password in the second terminal after you have entered it in the first one.

Now, I don't know if this is just because the Terminal gets root for the default amount of time or if you issued a shell command from a program other than Terminal if it'd work without a password.


----------



## WeeZer51402 (Apr 29, 2005)

Heres the sudo fix for ya'll


----------



## rbuenger (Apr 30, 2005)

Just for the case you don't wanne disable syslog you can replace the Defaults:ALL !syslog   with Defaults:ALL syslog=authpriv
And in my opinion that would be a thing Apple should have change long ago. And the statement that an admin user should know this is imho just stupid. Than Apple should stop giving the first user admin rights! Every gamer out there with an iMac.. is admin as this is Apples default for these users. 99% out there is playing with admin rights. And Apple can't expect that all these users get interested in Unix and security and fix this on their own.

And I never said that this would be a good virus or so. I just mentioned that you don't need the user to type a password and that they have to watch what they install. I know that nobody does this (  ) but maybe someone try downloading a software using p2p. And it's very easy to let the user download there something he doesn't want. Of cause this isn't a virus but I bet the user is complaining that the harddisk is empty after installing this download.

And in my opinion many users won't use/install such software carelessly if they know what's possible. But because they get told again and again that OS X is safe and every app needs a password... they just install it. Ok it's not my problem but why not just tell everyone that it would be very easy to write such software and it doesn't need a password.

And remember: There are many Windows 'viruses' that also need a user to execute an attachment. It's a stupid 'virus' but it's working great as one can see it distributing around the world. And why should Mac users be better there ( especially if they everywhere get told that can't happen with OS X ).


----------



## Andrew Adamson (Apr 30, 2005)

WeeZer51402 said:
			
		

> Heres the sudo fix for ya'll


Thank you Weezer. Now I understand what the problem is. There are a few basic settings concerning sudo that can be combined by an attacker to screw you. rbuenger has pointed out a way that an attacker can launch process without your knowledge. Yes, it will run with your basic permissions and can't do anything really nasty yet. Yet. But, because of the way OS X ships:
1) any process (whether root or not) can see /var/log/secure and the time it was last updated. This file logs each attempt to run SUDO. When you run it, its timestamp changes.
2) when you run sudo, by default, you get to continue running sudo without a password for five minutes. This means an attacker has a window of at least five minutes from the time /var/log/secure is modified to the time a password must be re-entered.
3) if you run sudo in one window, all other windows automatically inherit the right to execute sudo without the need for a password. This one strikes me as an obviously stupid oversight on Apple's part, but it is the key to a successful hijack.

This apparently has been around since the beginning of OS X and as I now read about it, a LOT of UNIX engineers have been complaining about it. Kind of surprises me how Apple has got away with this. I presume Tiger still has this weakness. Perhaps someone can confirm....


----------



## Scottfab (May 1, 2005)

WeeZer51402 said:
			
		

> Heres the sudo fix for ya'll


what exactly would I type into Terminal for this? sorry, I'm no UNIX guru. all I know is that sudo is a powerful command.


----------



## bg47 (May 2, 2005)

Since Norton Anti-virus 9 doesn't seem to work in tiger is there any anti-virus program that does? Should i forget about anti-virus?


----------



## Scottfab (May 8, 2005)

Soo... anybody try that sudo fix?


----------



## Andrew Adamson (May 8, 2005)

Yep. Seems to do the trick. I think that just doing the one line that does away with the 5-minute timeout is all you really need to do. No harm in doing the rest. It means that you have to "sudo ls /var/log/secure" if you ever want to /see/ the secure log, but that's fine. 

There are comments on that page that explain how to actually enter the text in "visudo" now. Helps if you don't know vi. I decided to go the emacs way when I learned Unix, so it is a dark corner of the universe indeed for me.


----------



## MBHockey (May 8, 2005)

haha...yeah i went the vi way.

Fix seems to work


----------



## Scottfab (May 8, 2005)

heh, I cant speak Unix. I would need to know exactly what to type in terminal.


----------



## mkwan (May 8, 2005)

someone made a post at the site indicated there was a security concern for sudo versions before 1.6.8p2...should we be concerned with that


----------



## Andrew Adamson (May 8, 2005)

mkwan said:
			
		

> someone made a post at the site indicated there was a security concern for sudo versions before 1.6.8p2...should we be concerned with that


If you administer computers that have users on custom sudo permission settings, yes. If yours is a single-user machine or if all users have the same unrestricted access to sudo, probably not. The workaround is sufficiently easy that you might consider doing it anyway. 

According to http://www.courtesan.com/sudo/alerts/bash_functions.html, someone with (limited) sudo access can run off-limits commands by making changes to the bash environment variables.





> Wordaround:
> The administrator can add a line to the sudoers file:
> 
> Defaults	env_reset
> ...


I'm personally not going to do this because I have a single-user machine and that single user (me) has unrestricted sudo access already. I am going to check my linux server now, though....


----------



## mkwan (May 9, 2005)

thanks Andrew


----------



## CharlieJ (Jun 3, 2005)

Why would virus makers make one because 1% of the uk have got a mac thats not just osx thats macs in general


----------



## ex2bot (Jun 3, 2005)

> Why would virus makers make one because 1% of the uk have got a mac 

Think about that argument--because there are so few people using Macs in the UK, no one would want to write a virus for it.

The Amiga had viruses way back in 89! Let me tell you something, there were _not_ very many Amigas around.

There are puhlenty of Macs out there worldwide. What? 25 million? 

Silly argument repeated over and over and over and over.

Doug


----------



## vina_melody (Jun 12, 2005)

Hi.. i've just now take a little bit concern about virusses that works in mac os x, well i haven't installed any of them. which one should i purchase? or better? 

thanks


----------



## chornbe (Jun 12, 2005)

You want to purchase a virus?


----------



## ex2bot (Jun 12, 2005)

Again, why buy a virus checker for Mac OS (with the exception of mixed-platform companies, perhaps) when there are _no viruses for OS X_? None. Not one. 

You can save yourself from trojans by not downloading them!

Doug


----------



## chornbe (Jun 12, 2005)

Good point - many people assume virus = trojan. They are not the same.


----------



## ex2bot (Jun 12, 2005)

Right, chornbe!

 It _amazes_ me that some people almost have a fit when I ask this question. "Well, you're gonna be sorry when your machine gets infected." 

Yeah. Um. . . When that first virus comes out, depending on the severity and method of propogation, I'll go out and buy myself a virus checker. It's going to take x amount of time for the antivirus companies to issue updated signatures anyway!

Doug


----------



## mkwan (Jun 13, 2005)

are you saying you want to get some antivirus programs for the mac os x?
there are a few of them out there Norton Antivirus, Virusbarrier, Virex(.mac subscription)


----------



## vina_melody (Jun 14, 2005)

mm... i mean which antivirus is the best.... some said norton is the worst??
 i know trojan is different from virus, however it is better to prevent isn't it...


----------



## mkwan (Jun 14, 2005)

personally, I had troubles with Norton SystemWorks(at least the early versions for Mac OS X).  I am using Virusbarrier on my mac


----------



## albtross (Jun 19, 2005)

I am currently using the latest version of Norton Anti Virus on my 2001 G4 QuickSilver 1.47Ghz (OWC), 1.5GB RAM, 580GB HDD, OS 10.4.1.  I am not having any problems whatsoever.  That being said, I also do not use ANY other Symantec products on my system.

NAV regularly catches Macro Viruses thru email, and on one occasion several years ago, also caught a Mac virus when a friend brought a resume on floppy disk from a publishing company he had been to.  Wanted my help editing the resume, but before we even got started, NAV to the rescue, and the Mac virus was gone.

I tend to agree with others in this forum, MacFixIt Forums, and Apple Forums: I do actually have friends who own Windows PCs. I do NOT relish playing the role of Typhoid Mary, passing some deadly virus or trojan to others, simply because they didn't choose an O/S as safe as mine is.  I consider that being responsible, and helping to stop the flow of malware around the world, instead of just being a conduit for it all.

Okay, I've put on my flame-retardant Nomex suit.  I'm ready for answers about those of us who actually protect our Macs against infection, or refuse to pass on the malware of less sophisticated operating systems.

     Regards,

          Albert


----------



## Scottfab (Jun 19, 2005)

I had Virex before. I stopped using it because it was killing my CPU and not Tiger-ready.


----------



## chrisjasper (Jun 20, 2005)

Virex 7.6 does kill the cpu, I took it straight off, but Virex 7.2 is okay, I now use that and have no problems with it.


----------



## ex2bot (Jun 20, 2005)

I wouldn't flame anyone for using a Mac antivirus program.

But, as I understand it, there are NO Mac viruses that affect OS X. The pre-OS X viruses would require Classic if they worked at all. And they'd have to be well behaved (no protected memory violations, for example) or they'd crash and burn. Does anyone have experience with pre-OS X viruses in OS X?

As far as Word macro viruses, well, don't use the macro unless it's from a trusted source. And Word is set for macro virus protection by default.

I haven't run antivirus software since I sold my Compaq _four_ years ago. And I haven't used anti-spyware software for the Mac at all. Anyone know the best anti-spyware software for OS X? (wink, wink, just a joke)

Doug


----------



## Lt Major Burns (Jun 20, 2005)

and now it's $200 only program, as .mac doesn't support it anymore, officially


----------



## HomunQlus (Jun 22, 2005)

Here's some more detailed information. There have been viruses on Unix, however, due to the restrictions, viruses on Unix are far less possible.

http://cybersoft.com/whitepapers/papers/print/networks_print.html
http://cybersoft.com/whitepapers/papers/plausibility.shtml


----------



## FlashMac (Jun 23, 2005)

I used to run Virex 7 on start-up, but after a year of habitually quitting it as soon as I logged in, and only bothering to get the definitions about once every three months, I figured I might as well remove it. I remember once it found one suspicious object and I looked it up and it was about as worrying as being threatened with a water pistol.


----------



## sirstaunch (Jun 23, 2005)

I used Virex on OS9 and it kept crashing Eudora so I gave up.

As for reasons of having AntiVirus apps to protect Windogs friends when forwarding email is a point. I am lucky as my ISP is covering that with their own antivirus scanning for incoming and outgoing mail. But I guess they've probably over looked scanning any MacOS files but couldn't really say if they do or not. (I should ask them I guess)

A Windogs traitor friend keeps telling me if Microslop losses the market and Apple and Linux takes the leed, then we'll be the targets. (it's one of those PC's are easier to get parts for arguments, never ending thing) But anyhow we seem to have more control of what can happen to our computers. Anything that wants installing or unstuffing, it needs our permissions first. And that's cheaper then buying a $200 a year subscribtion to antivirus programs. So in the long run PC's are disadvantaged in that way.

But to deny a Mac Virus is not right. It's possible and the most damage it could do is the system, and that's why we have system install discs isn't it? To recover from system damage and how long does it take to reinstall? Not long aye. You could download a legit program from macupdate or somewhere and it may cause havoc in your sytem so you simply remove it. So any Virus, as long as you can locate it, you could move that too.

I love the Mac in it's many easy ways of not spending hours fixing problems like those "other" computer users do. It wasn't important for me to update from 10.4 to 10.4.1 immediately, but XP users they run to the update page as soon as they've done a reinstall to get their security patches and updates and then their antivirus and spyware apps. I did my Tiger update when I wasn't doing much else on the net

Well that's my 2 cents


----------



## contoursvt (Jul 5, 2005)

I personally dont think there is much of a point using antivirus on a Mac just yet. I'm a PC user and only really started using antivirus in '2000 when things really started to spread. Until there are enough Mac viruses floating around, I wouldnt bother.

Also for Sirstaunch, I have to say that I've been using a G3 B&W as my second box for some time...had OS9 and then I went to 10.2 then 10.3 and now its up to 10.3.9. I have to say that I actually find maintaining a windows box and repairing any problems easier. Usually for me, any repairing might have to do with a Word Template problem... or possibly a Codec problem but never the system itself. I think as long as one knows how to use the computer (what ever platform) well, then you can take care of any problems fairly easily as well.


----------



## furedman (Jul 17, 2005)

at first my comp wouldn't go to sleep, so i reset, then it started and desktop image was gone, my documents folder contents are gone and my dock icons some have ? marks.- now my comp goes about 10,000 slower than normal- it has the blue screen during start up- but like an hour later it loads osx and goes mad slow like tandy 1000 slow. It also likes to make loading noises. There are no hardware poroblems with my computer- i checked.- 


(my comp imac snow g3 550* power pc- 500 mhz.)* - running partition os9 and jaguar, was using adobe software last. - jared


----------



## nixgeek (Jul 17, 2005)

furedman said:
			
		

> at first my comp wouldn't go to sleep, so i reset, then it started and desktop image was gone, my documents folder contents are gone and my dock icons some have ? marks.- now my comp goes about 10,000 slower than normal- it has the blue screen during start up- but like an hour later it loads osx and goes mad slow like tandy 1000 slow. It also likes to make loading noises. There are no hardware poroblems with my computer- i checked.-
> 
> 
> (my comp imac snow g3 550* power pc- 500 mhz.)* - running partition os9 and jaguar, was using adobe software last. - jared



Try creating a new user account and login as that account and see if the same things happens.  You might have to repair permissions as wel as run Disk Utility or something like Disk Warrior or TechTool Pro to repair any hard drive problems.  WHATEVER YOU DO, DON'T USE NORTON PRODUCTS!!!

Good luck.


----------



## ex2bot (Jul 18, 2005)

furedman,

If you actually have a Mac OS X virus, you might soon be famous, because at this point, none has been discovered.

You may possibly have a permissions problem. If you can get to /Applications/Utilities (click on the desktop / Finder and press Apple-Shift-U), run Disk Utility. Select your boot drive from the left pane and press the "Repair Permissions" button near the bottom middle.

Also, check to see how much available hard drive space you have available.

Let us know what you discover.


----------



## Tetano (Jul 26, 2005)

Also, are you using Filevault? I remember about many problems from people using that tool...


----------



## claire_elis (Aug 5, 2005)

what about this 'Mac/Cowhand" trojan?  im having some porblems with my mac that would make me think I might be the victim of this....  Any suggestions on how to do a manual fix?  (ie: remove the offending files?)  

I tried to follow along with the posts up to now, but alot of them are too tech for me.  Explanation in layman's terms pls??


----------



## ex2bot (Aug 5, 2005)

It appears unlikely anyone is affected by the Mac/Cowhand. 

1. Check your Startup Items first:

Click the Apple Menu, click System Preferences, and then click Accounts. If you're using OS X 10.4, click the lock icon at the bottom of the window and type in your password. Then click the "Login Items" tab and look at each program in the list to see if you find anything unfamiliar.

For example, I have my printer program (HP), the Microsoft database daemon (for MS Office), the iTunes Helper, and System Events.

2. Check your Preferences folder:

The problem here is that I'm not sure what you'd look for. From what I can find, Sophos is the source of this announcement (and they tend to be sensationalist and to stretch the truth), and they haven't divulged filenames. I guess look for anything that does not have a file extension of ".plist" (without the quotes).

To see filenames, you'd have to go to Finder, click the Finder menu at the top of the screen and click Preferences. Make sure "Show All File Extensions" is checked.

**My opinion: Skip both 1 and 2. At least skip #2. This is another "Sophoax."***


Sophoax = Sophos + hoax = an instance where Sophos "warns" Mac users about a new security threat that turns out to be no threat at all

I made that up! 

Doug


----------



## ElDiabloConCaca (Aug 5, 2005)

claire_elis said:
			
		

> what about this 'Mac/Cowhand" trojan?  im having some porblems with my mac that would make me think I might be the victim of this....


What kind of problems, specifically?  99.9% of Mac problems aren't due to viruses... what kind of specific problems are you having that lead you to believe you are the victim of a virus/trojan?


----------



## mambopanda (Aug 16, 2005)

Not to be a buzzkill on the abscence of Virii from our humble world of Macdom, but with the comming x86 based systems, we are going to become vulnerable to all of the low-level memory resident virii out there. The ones that don't need an operating system to run. 

Also, in theory, if you have DarWINE installed, and a windows virii is written to use just those libraries that DarWINE implements, it could in fact cause a problem, at least I think it could.


----------



## fryke (Aug 16, 2005)

Hm. What are "low level memory resident viri out there" which "don't need an operating system to run"? In my not so humble opinion, those don't exist, really. And to catch one, they'd still have to "attack" OS X in the first place.


----------



## ElDiabloConCaca (Aug 16, 2005)

No kidding -- plus, any virus meant to wreak havoc with a Windows partition simply will not work, since, even though we'll be using the same processor, the format on the hard drive will be completely different.

Viruses are *very much* dependent on an operating system -- that's what they're written to cause harm to: operating systems.  The only way around this is to use a PC's BIOS to infect the computer, and, unless the virus can teleport itself into the BIOS, needs an operating system in order to be able to install itself.  Show me a virus that can exist and infect a computer without the help of an operating system, and I'll show you a forum member eating his leather belt.

The truth is that this neither opens Mac OS X on Intel up for more viruses nor makes it more prone to getting a virus.  People may be more enticed to write a virus after we gather a few more percentage points of market share, but that doesn't make us less secure.  Why doesn't Linux have more viruses written for it, then?  It's been running on x86 hardware for a decade or more and commands a decent share of the market -- possibly more than OS X.  I think it's just proof that viruses are written specifically for operating systems by exploiting shoddy coding (which Windows has a lot of) and would be useless without an operating system -- after all, they _are_ software, and require an OS to execute.


----------



## Shanda (Aug 21, 2005)

Ok, I know there are no known viruses but my iBook is exhibiting what I was alwats told were the classic symptoms of a virus attack. The icons on my desktop constantly rearrange themselves and in the last couple of days I've noticed that the icons on my files have been changing - so basic txt file now display a photo of my cousins birthday cake among others.

I installed and ran Virex but with no known viruses it came up with 4 noncritical errors and that was all.

I used my install disk to run disk utility - which claimed there was nothing wrong with any of my partitions.

I have just noticed that when I empty the trash can the normal message icon (for 'Do you really want to empty - can't undo' message) that the icon has been replaced with the garage band file picture.

Has anyone else ever experienced similar issues?


----------



## MBHockey (Aug 21, 2005)

just either relaunch the Finder or reboot.  I have never seen this on 10.4, but also experienced similar problems with the Finder confusing icons on 10.3 and earlier


----------



## ElDiabloConCaca (Aug 21, 2005)

Swapped images/icons are not indication of a virus, at least in this case.  More likely a corrupt preference file or setting somewhere.


----------



## perfessor101 (Aug 21, 2005)

ElDiabloConCaca said:
			
		

> Swapped images/icons are not indication of a virus, at least in this case.  More likely a corrupt preference file or setting somewhere.


 Most likely either the Launch Services database or possibly the Whatis database. Cocktail can rebuild both databases and I am sure there are other utilities as well as Unix commands that can do that as well.


----------



## Shanda (Aug 22, 2005)

Cool. Thanks. Will have a look at that. Will see how it goes.


----------



## BlackFlag (Sep 15, 2005)

I got my first Mac (an iMac) about four years ago.  I knew there were no viruses for OS X at the time, but I thought it would only be a matter of time before they started to get developed and so I got myself a copy of Norton AntiVirus so that I was prepared.  Within a month of installing it I had more than one kernel panic!   

I then bought a Powerbook about three years ago and installed NAV on it.  I haven't had any problems or conflicts with it.

I originally bought NAV because in reviews it appeared to be the most efficient at picking up viruses and trojans.  I guess it's a balancing act though as quite a few people have had problems as a result of installing it.



			
				Shanda said:
			
		

> Ok, I know there are no known viruses but my iBook is exhibiting what I was alwats told were the classic symptoms of a virus attack. The icons on my desktop constantly rearrange themselves and in the last couple of days I've noticed that the icons on my files have been changing - so basic txt file now display a photo of my cousins birthday cake among others.


I get that!  I'm currently running 10.3.8, and I've only had that problem since upgrading to 10.3.


----------



## elocin (Oct 3, 2005)

I'm not gunna read through all these replies to see if this has been discussed or not, but wasn't "Opener" a virus for OS X?


----------



## elocin (Oct 3, 2005)

vina_melody said:
			
		

> Hi.. i've just now take a little bit concern about virusses that works in mac os x, well i haven't installed any of them. which one should i purchase? or better?
> 
> thanks



 ::ha::


----------



## symphonix (Oct 3, 2005)

Both Opener and Cowhand are not viruses. They cannot attach themselves to files, they cannot spread, they have no *natural* means of propogating from one computer to another. The only way your computer can be *infected* with Opener or Cowhand is:
- Wannabe hacker downloads the tool.
- Wannabe tryhard hacker deliberately installs it onto your computer, which requires an administrator password.
- Wannabe hacker feels big because they can now access your computer through a "back door". And all they needed was a "front door" administrator password to do it. Whoop de doo.

Seriously, though, Opener and Cowhand are not viruses. They do not exploit any security vulnerability, but rely on someone with administrator access to deliberately install. They do not spread. They do not exploit weaknesses in Mac OS X.


----------



## bobw (Oct 3, 2005)

http://www.macintouch.com/opener.html


----------



## Lt Major Burns (Oct 3, 2005)

that was nearly a year ago.  whats the relevence now? is it still a threat?


----------



## bobw (Oct 3, 2005)

Just added the link forhttp://member.php?u=53353 elocin


----------



## g/re/p (Oct 3, 2005)

bad link?


----------



## bobw (Oct 3, 2005)

Link works for me.


----------



## ex2bot (Oct 3, 2005)

Apparently, Tiger will alert you of changes in StartupItems, where Opener apparently attempts to copy itself. I installed Broadband Optimizer, a simple hack that installs itself in /System/Library/StartupItems/ and when I rebooted I got a message that permissions had changed on said directory (oops, bad Broadband Optimizer!) and then another alert asked me if I really trusted said newly installed utility. I clicked  'yes' and was on my way.

Anyone know if I'm right about that? Does 10.4 check StartupItems for potentially bad things?

Someone (PC journalist of some ? sort) described Opener as a defective worm--defective due to bugs in the script. I haven't seen the whole script and I'm not a programmer. So, again, can anyone verify that it really is a defective worm?

Doug


----------



## ex2bot (Oct 3, 2005)

For people still wondering if Opener is considered a virus or a worm, it's important to note that if the program cannot infect your computer and reproduce itself, it's not a virus or worm. Opener can do neither.

As I understand it, a virus attaches itself to an existing program and, importantly, reproduces itself. A worm is a self contained program that can infect and reproduce.

Doug


----------



## Thank The Cheese (Oct 3, 2005)

i found this the other day where a guy has attempted to once and for all prove that there is currently no virus for OS X by offering $500 to anyone who can give evidence of one in existance:

http://wilshipley.com/blog/2005/09/mac-os-x-viruses-put-up-or-shut-up.html


----------



## elocin (Oct 3, 2005)

Thank The Cheese said:
			
		

> i found this the other day where a guy has attempted to once and for all prove that there is currently no virus for OS X by offering $500 to anyone who can give evidence of one in existance:
> 
> http://wilshipley.com/blog/2005/09/mac-os-x-viruses-put-up-or-shut-up.html



I read that, and its apparently been posted on different sites with headlines like "Man offers $500 for first Mac virus" like wtf.. he's not offering you $500 to make a virus, he's offering it to you if you can prove that there WAS one.. but people have, of course, taken it wrong and now there are idiots who think they can make one and get $500. I still think he'll keep his money though.


----------



## bobw (Oct 4, 2005)

> Apparently, Tiger will alert you of changes in StartupItems



Not sure if this is automatic in Tiger or not.

I've been using a Folder Action to alert me anytime anything is added to any Library folders, Startup Items folders, System, etc, at least since 10.3.


----------



## ex2bot (Oct 5, 2005)

Yeah, folder actions are cool.

Check out PC Magazine's review of .Mac. In it they mention--with a hyperlink!--that there are a few Mac viruses. They are disappointed that Vireo is no longer included. The hyperlink points to Macworld.com, I think. It took me to a blank page (admission of guilt???).

Technically, I guess they would be correct. Office is susceptible to macro viruses. But does anyone know what exactly a malicious macro virus would be able to to in an OS X version of MS Office?

IMHO, virus checkers for OS X are as useful as that program that shows eyes following your mouse pointer.

Doug


----------



## symphonix (Oct 6, 2005)

It kind of reminds me of a funny article ... 

http://os.newsforge.com/article.pl?sid=05/01/25/1430222&from=rss


----------



## luciole (Oct 19, 2005)

I am really worried. Something really odd started to happen 2 hours ago. Everytime I try to open google.com or gmail.com, well anything with a rewrite with google.com in it, I get redirected to mediaplex.com !!! That sounds very much like the horrible mediaplex thing you get on the PCs. 

I cannot access the google pop or smtp either. It's only focused on google for now but I am sure it's only a question of time before it spreads or something horrible happens.

I downloaded the Macsecure beta2 thing, but it's not working. I am told it has expired...

I cannot find any other spyware remover anywhere. 

Can anyone help me ? I am freaking out. 

Luce


----------



## nixgeek (Oct 19, 2005)

luciole said:
			
		

> I am really worried. Something really odd started to happen 2 hours ago. Everytime I try to open google.com or gmail.com, well anything with a rewrite with google.com in it, I get redirected to mediaplex.com !!! That sounds very much like the horrible mediaplex thing you get on the PCs.
> 
> I cannot access the google pop or smtp either. It's only focused on google for now but I am sure it's only a question of time before it spreads or something horrible happens.
> 
> ...



The address for GMail is http://gmail.google.com.

I just did it on my Mac (google.com that is) and I got Google.  It's possible that your browser for some reason is going to the cache for Google.com and gmail.com.  Try and empty your cache, quit out ,and then relaunch your browser.  Incidentallly, what browser are you using?

BTW, I just tried gmail.com and it sent me to the proper place.

So that you know, there aren't any spyware apps on the Mac currently.  Most spyware companies take advantage of the ActiveX controls in IE in order to "compromise" a Windows system.  They also fool people by making browser windows like like an actual Microsoft Windows Explorer window.  Unsuspecting people click on it and it allows for the site to push down ActiveX controls for spyware apps in Windows.

Since Mac OS X is a UNIX-based system, it is currently very difficult if not impossible to have spyware or viruses installed unless the user VOLUNTARILY installs the maliscious software.  This would have to be some installer that masqueraded as a video file or some other document that would be attractive to the unsuspecting user, not necessarily a webpage that says "You might have spyware!"

Remember that UNIX based systems are built with security in mind (UNIX is a 30 year old technology that has proven to be very secure in its lifetime).  Windows, because of its design and ActiveX as well as Microsoft's negligence of vulnerabilities in their system when they are discovered, is unfortunately not as secure as Microsoft would like to make you think.


----------



## luciole (Oct 19, 2005)

nixgeek said:
			
		

> The address for GMail is http://gmail.google.com.



I know this, but it doesn't make any difference...



			
				nixgeek said:
			
		

> I just did it on my Mac (google.com that is) and I got Google.  It's possible that your browser for some reason is going to the cache for Google.com and gmail.com.  Try and empty your cache, quit out ,and then relaunch your browser.  Incidentallly, what browser are you using?
> BTW, I just tried gmail.com and it sent me to the proper place.



I have tried all this before posting here. It stays the same.
I am sure you got gmail.com... if your computer is not in any trouble. 
I get the same crap with Netscape, mozilla, safari and I have not tried IE because I don't have it !



			
				nixgeek said:
			
		

> So that you know, there aren't any spyware apps on the Mac currently.



This is why I am asking here...



			
				nixgeek said:
			
		

> Since Mac OS X is a UNIX-based system, it is currently very difficult if not impossible to have spyware or viruses installed unless the user ....etc....



I know some of that too... I actually run most of the time on X11 as most of my softwares come from gnu. Before buying a mac, I only owned linux machines...

Thanks for your comments, though. I am not trying to alarm people stupdily, I did try a "few" things before posting this. 

Luce


----------



## WeeZer51402 (Oct 19, 2005)

post your /etc/hosts file please, that may contain the answer...


----------



## sourcehound (Nov 19, 2005)

Captain Code said:
			
		

> I've noticed quite a few questions about people thinking that they might have a virus on OS X.  Everyone should know that, so far, there are absolutely NO viruses for OS X.  There are a few hundred for OS 9, but NONE for OS X.
> 
> Strange things occuring with applications are usually the fault of that application.
> 
> There are virus scanners for OS X such as Virex and Norton but they are only scanning for Windows viruses and the old OS 9 viruses, so there is not much use for them unless you want to take it upon yourself to protect PCs if you forward strange emails to people.



While there are no known viruses that affect OS X on a binary level, there are increasing issues with both Word and Excel Macro viruses. These can cause severe problems even in all-Mac companies, as they cause Word to crash and prevent Mac users from successfully emailing their documents to people they do business with. Over the last nine months, the rate of macro virus infection has been on the rise in the customers we support. The only way to deal with it is to purchase a commericial virus protection program (we won't endorse one over the other). ClamAVX is a good open-source alternative, but as it only identifies which files are infected, it's not very useful. ***Sigh***

Sourcehound, author of Mac HelpMate: http://www.machelpmate.com


----------



## ex2bot (Nov 20, 2005)

Sourcehound, doesn't Word have macro virus protection enabled by default? 

Are the viruses getting by this somehow. The comment text for this option says that if you open a file with a macro, Word will give you the option of opening it with or without the macro. 

OTOH, I suppose if they make heavy use of macros, there might be no way of knowing if the macro is legit or not.

Doug


----------



## mersyone (Nov 22, 2005)

whats cool about the MAC is it remains completely neutral to .EXE executable files (PC).  If you download alot, then it's safest on a Mac.  So those pesky viruses (.exe) that decide to run themselves are completely handicap in Mac's Operating Systems.  I LOVE MY MAC!   I HATE MY PC!


----------



## contoursvt (Nov 22, 2005)

mersyone said:
			
		

> whats cool about the MAC is it remains completely neutral to .EXE executable files (PC).  If you download alot, then it's safest on a Mac.  So those pesky viruses (.exe) that decide to run themselves are completely handicap in Mac's Operating Systems.  I LOVE MY MAC!   I HATE MY PC!



Well its not that its neutral to .exe files. It just cannot run executable files that are from the x86 platform. Its like if I put a photoshop CD in my PC and try to install it. It wont work. Same thing the other way. Although the end result is that youre safe from PC execatable viruses.


----------



## mosx86 (Nov 22, 2005)

luciole said:
			
		

> I am really worried. Something really odd started to happen 2 hours ago. Everytime I try to open google.com or gmail.com, well anything with a rewrite with google.com in it, I get redirected to mediaplex.com !!! That sounds very much like the horrible mediaplex thing you get on the PCs.
> 
> I cannot access the google pop or smtp either. It's only focused on google for now but I am sure it's only a question of time before it spreads or something horrible happens.
> 
> ...



Luce-

Do you notice any odd applications running when you do a top command or list all of your processes?  Also, you might try looking in the Activity Monitor.

Does the redirect only happen when you try to go to google or for other websites as well?  You might double check the proxy setup in Network.

Also, if you have multiple accounts on the machine, does this also occur in those accounts?  And/or have you tried creating a new account to see if this occurs?


----------



## slur (Dec 1, 2005)

The previous post is the best advice. Make a new account, try different browsers, etc.

Also, it may not be your Mac, but your cable or DSL modem that's been hacked. Or the DNS server you connect to might be poisoned. Do all computers have the same problem at your location?

I don't remember whether or how the Mac caches DNS, but it should be pretty much like BSD does. Also, do you see any weird entries if you look in NetInfo Manager, in the "Machines" section? That's one place where such redirects can be set.

Finally, you can try doing an Archive/Install of your system - preserving Accounts and Network settings, which although it may take a while, is a reasonable step if all else fails.


----------



## Porce (Dec 5, 2005)

I have a copy of Norton AntiVirus 9.0 that came free with my iBook (currently running 10.4.3).  The iBook is my main computer but I occasionally use a USB drive to go between two other computers, one WinXP and one WinME.  Obviously there are no Mac OS X viruses, but I got it free, so I was about to install it (I've had the iBook since July, but just found the disc again today), but I read some anti-Norton comments in this thread- what's wrong with NAV?


----------



## g/re/p (Dec 5, 2005)

Norton Antivirus should be OK, but Norton System Worksor any other Norton maintenance apps should be avoided at all costs.  

My advice, however, would be to download
ClamXav at http://www.clamxav.com/ instead.


----------



## perfessor101 (Dec 6, 2005)

Porce said:
			
		

> what's wrong with NAV?


 *NAV 9 is not compatible with OS X 10.4.x*. You will have to purchase the NAV 10 upgrade for Tiger compatibility. There have been reports of application conflicts and kernel panics caused by NAV 10, but I cannot verify the accuracy of those reports.

Symantec has stopped all development of Mac products other than NAV and there is no Tiger compatible version or upgrade for any of the other Norton products.


----------



## powermac (Dec 7, 2005)

Recently, a friend of mine (windows user) got a virus, the one that got on AIM and sent messages to people on his buddy list. It would send a message to you like he was starting a chat. Then it would have a link to view some pictures. So I figured it was something wrong, I pressed the link anyway. It opened a browser window with non-sense symbols and at the top is had something about can't find DOS mode or something. Come to find out, he spread this virus to his windows friends, who had to reformat and reinstall to get it off.


----------



## Lt Major Burns (Dec 9, 2005)

here is proof of audacity doing sneaky things.  this is a small box that normally resides WAY off screen (it takes time to arrive into exposé) labelled "invisble"

it is not possible to click it, as it rushes off back to where it came but appears to be blank.  why is there? what is it doing?  is it malware?


----------



## slur (Dec 9, 2005)

You can locate this window probably using Activity Monitor. Choose in the popup menu at the top "Windowed Processes" and look at the items contained within the list. One of those processes spawned that window. Try quitting some of them and see what happens. If the window goes away you've found your culprit.


----------



## devilsapprentic (Dec 9, 2005)

I'm in the unfortunate position in which the IT dept are demanding an Antivirus/Spyware/Firewall program is put on the macs, but having read many many reviews  on all of them am now terrified about which one to use. I have read that Symantec's causes so many problems and it is not compatible with Panther, I have read bad reviews of Mcafee & Sophos's software, and the IT guys aren't happy with ClamXAV as it is a freeware. 
What I'm trying to say is HELP!!!
I am aware of the lack of virii & spyware for mac, but it is a mixed mac/pc network and they don't want us accumilating a library of virii that is ready to attack the rest of the network. 

Any ideas which antivirus might be of any use? Otherwise its byebye ethernet cable!!


----------



## rei1974 (Dec 13, 2005)

Yes I think you should be safe using Mac OS X. No viruses, is actually quite fun compared to the Windows world...


----------



## fryke (Dec 13, 2005)

devilsapprentic: Since you're aware that you won't probably get any Mac viri on your Macs, simply decide for one product. There's no antispyware for Mac, but a Firewall is integrated already and you can choose any antivirus software you want, in order to make those guys happy.


----------



## mosx86 (Dec 13, 2005)

devilsapprentic said:
			
		

> I'm in the unfortunate position in which the IT dept are demanding an Antivirus/Spyware/Firewall program is put on the macs, but having read many many reviews  on all of them am now terrified about which one to use. I have read that Symantec's causes so many problems and it is not compatible with Panther, I have read bad reviews of Mcafee & Sophos's software, and the IT guys aren't happy with ClamXAV as it is a freeware.
> What I'm trying to say is HELP!!!
> I am aware of the lack of virii & spyware for mac, but it is a mixed mac/pc network and they don't want us accumilating a library of virii that is ready to attack the rest of the network.
> 
> Any ideas which antivirus might be of any use? Otherwise its byebye ethernet cable!!



I've had no issues with either Norton v10 or Sophos (though I haven't used Sophos with Tiger).  There is a built in firewall on the Mac and I don't know of any anti-spy ware utilities.


----------



## rei1974 (Dec 14, 2005)

Surely the fact that Mac is built upon unix makes it much more safer to spyware, trojan, etc...


----------



## inibico (Dec 14, 2005)

Virus on MAC?? A time ago I had a strange problem with my new Powerbook G 4: after starting up a while and working 5 minutes, there came a strange sound from the loudspeaker like fried eggs- and then strange sounds from interior relais and the computer broke down. After restart, the HDD was not recognized. I heard, that "viruses" exist on PC machines, causing the same problem. We also thought it was a thermal breakdown. It was resolved by the LIMA Mac Service by reinstalling the OS X and we had no problems- only with Final Cut Express that crashes constantly with this MAC.


----------



## fryke (Dec 15, 2005)

Definitely sounds rather like a hardware problem than a virus-related one, inibico.


----------



## Randy Singer (Dec 21, 2005)

sourcehound said:
			
		

> ClamAVX is a good open-source alternative, but as it only identifies which files are infected, it's not very useful. ***Sigh***


ClamXav is a little less than "not very useful" in my estimation.

ClamXav is an OS X port of ClamAV, which is a UNIX server anti-virus application for use with Windows networks.  The problem is that ClamXav uses ClamAV's anti-viral database, with no additions in consideration of the Macintosh.  
You can search the ClamAV database here:
http://clamav-du.securesites.net/cgi-bin/clamgrok
As a test, do a search for, for instance, "Macintosh", or "Opener", or "Renepo" and see if anything shows up.
What this means is that ClamXav doesn't look for anything that is Macintosh-only, or even anything just because it is Macintosh-related.  

In addition, if a Macintosh-only virus were to appear in the wild, there is no indication that the ClamAV database would be updated to deal with it.  As far as I can tell, no one is writing and adding virus definitions to the ClamAV database for Macintosh malware.  (The developer of ClamXav has admitted that not only has he not contributed any such definitions, but that he doesn't know how to write such definitions.)  In other words, ClamXav is practically worthless for use with the Macintosh, and worse, I fear that it lulls Mac users into a false sense that it is protecting them, when in fact it doesn't protect them from much at all.  (It does provide protection from cross-platform Word and Excel macro viruses.)

Since ClamXav does not scan for Macintosh-only viruses, if you use Classic, ClamXav does not protect you from any OS 9 viruses, which can also infect Classic.  It also does not scan for the three known OS X Trojans in the wild, or the "Concept" Trojan (which is not a real, or malicious, Trojan, but it does sort of provide a model for someone who wants to create one, so it would be nice if your anti-viral software identified derivatives of it.)

Also, ClamXav does not disinfect infected files and software.  It can only flag such software for you.  You then have to delete such software to be rid of the virus.

ClamXav also does not scan files interactively.

ClamXav *is* good at scanning for, and detecting Windows viruses on your Macintosh, but that is of questionable value, as these are harmless on the Mac, and they are easy to detect and just trash.  (Usually they manifest themselves as gibberish e-mail attachments.) A Macintosh is highly unlikely to spread Windows viruses to Windows users, so software to detect Windows viruses resident on a Mac is of little value.

I simply don't see ClamXav as being a substitute for a commercial anti-virus program. (Assuming that you feel that you need one.) 

The gentleman who has ported ClamAV to the Mac, and who is providing ClamXav for free, is to be commended for providing a free product to the Macintosh community.  However, even though he does not disagree with any of what I have said above (this all came up on Macintouch), he also doesn't clearly state it on his Web site.  So folks are lured into thinking that their Macs are completely protected, and will be in the future in the event of a very serious threat, when they aren't. That does the Macintosh community a very serious disservice.


----------



## ex2bot (Dec 21, 2005)

I still don't see a NEED for ANY antivirus software on a Mac. It all comes down to why???

We didn't see antivirus software on Windows before there were any viruses, did we? The lame excuse that Mac users should "avoid infecting Windows machines with Win viruses" is silly--Windows machines (should) have their OWN AV software. The ONLY reason people are buying and installing this garbage is because of widespread ignorance. And rigid thinking.

I'll install antivirus software when there is an actual problem.

A few notes:

1. Did you notice Secunia's report of an "extremely critical" vulnerability in Norton's AV? On both platforms! I haven't read the report yet, but it sounds like a good reason NOT to install useless software.

2. I also read today that someone is coming out with ant-spyware software for the Mac. On their page where they list the threats, it lists . . . NONE. It says something like "To be updated after the beta test." Sounds like they're stalling for time.

In fairness, I did find ONE piece of commercial spyware, a keystroke logger, for OS X. So, I suppose if you have reason to believe someone with admin privileges has installed a keystroke logger, you might need anti-spyware software.

But, come on. Symmantec et al are making money on ignorance. 

Doug


----------



## Randy Singer (Dec 21, 2005)

dktrickey said:
			
		

> I still don't see a NEED for ANY antivirus software on a Mac. It all comes down to why???


 Most Mac users do without anti-virus software, and for most users that is what I would recommend. However, the threat from Macintosh malware is not zero. And users who use their Macs in a business context may prefer to be protected from a threat that is currently miniscule, or from a future threat. (A good anti-virus program can recognize virus-like activity and block it.)

There are *zero* viruses that can infect OS X itself. There is no
spyware that can be installed remotely on a Mac running OS X. There is
no adware that works by being resident on a Mac running OS X.

However, there *is* some malware that targets the Mac. There are hundreds
of Word and Excel macro viruses that are cross-platform, some of which are very seriously malicious. (While you can block these in Word and Excel by setting "Macro Virus Protection", this feature doesn't tell you whether a macro virus is legitimate or malicious...a problem if you frequently receive Office documents with legitmate macros). There are two
or three Trojans, though they are very rare (because they are not
self-propogating),

http://www.sophos.com/virusinfo/analyses/maccowhanda.html
http://www.macintouch.com/opener02.html
http://securityresponse.symantec.com/avcenter/venc/data/macos.mw2004.trojan.htm
http://www.macworld.co.uk/news/index.cfm?NewsID=8406
http://www.intego.com/news/pr41.asp
http://www.securityfocus.com/archive/1/395107/2005-04-03/2005-04-09/0

and the handful of viruses that could infect OS 8/9
can still infect Classic running under OS X, but they have become very
rare also, and are mostly non-malicious.

Note that Apple's security updates have never included anti-virus abilities.

Also note that in some business contexts, not having anti-virus software is considered to be below minimal standards of due care.  If a malicious virus were to hit, your liability exposure could be huge.  Good anti-virus programs have an auto-update feature, and registered users will be protected as soon as a new virus is identified, not after a number of folks have been infected. 

About a year ago I tested all of the then-available popular anti-virus software programs, and I found Intego's Virus Barrier to be far superior to all of the others. It extracts no performance penalty, it never makes your mac unstable, and it never interrupts your work with a virus scan. It is entirely seamless.

There is an extended discussion about the need for Macintosh anti-virus software at:

http://db.tidbits.com/getbits.acgi?tlkthrd=2795
http://emperor.tidbits.com/TidBITS/Talk/640/


----------



## Randy Singer (Dec 21, 2005)

dktrickey said:
			
		

> 1. Did you notice Secunia's report of an "extremely critical" vulnerability in Norton's AV? On both platforms! I haven't read the report yet, but it sounds like a good reason NOT to install useless software.



It certainly is a reason to avoid Symantec Norton products.  But I think that anyone who has been frequenting Macintosh discussion lists already knows that.



			
				dktrickey said:
			
		

> 2. I also read today that someone is coming out with ant-spyware software for the Mac.



There are already several anti-spyware programs for the Macintosh:

Little Snitch
http://www.obdev.at/products/littlesnitch/

MacScan
http://macscan.securemac.com/

Internet Cleanup
http://www.allume.com/mac/cleanup/index.html



			
				dktrickey said:
			
		

> On their page where they list the threats, it lists . . . NONE. It says something like "To be updated after the beta test." Sounds like they're stalling for time....
> 
> In fairness, I did find ONE piece of commercial spyware, a keystroke logger, for OS X. So, I suppose if you have reason to believe someone with admin privileges has installed a keystroke logger, you might need anti-spyware software.


I know of about four spyware programs for the Macintosh.  They are all quite effective, but none of them can be installed without administrative priviledges.  However, it isn't very hard to get around that.

I'd give you a list of the spyware that is available, and where to find it, but for obvious reasons I don't think that is a good idea.

One of the legitimate Trojans for OS X attempts to install spyware.  No one knows yet if it is capable of doing so successfully.  But we do know that there are folks trying to make it work.



			
				dktrickey said:
			
		

> But, come on. Symmantec et al are making money on ignorance.


No they aren't.  If you work for the government, there are government standards that require that users have anti-virus software installed.  If you are using your Mac in a business context, as a business practice you have to protect your data from any threat, no matter how small, or any potential threat that that might develop in the future.  If you are a professional you are required to take all reasonable steps to protect client records and information. The threat right now may be miniscule, so small that home users don't even need to think about it, but business users don't have that choice.  

By and large anti-virus software companys do an excellent job.  Peruse one of their sites and check out the meticulously maintained virus tracking archives they have.  Note how quickly they have consistently identified every new threat.  This isn't easy to do.  These folks aren't fly-by-nights who have just cobbled something together.  A ton of work goes into their products.  Every one of their products aren't as good as each other, but that's why competition is a good thing.


----------



## ex2bot (Dec 22, 2005)

I think your argument is sound, in theory. Certainly installing a decent Mac antivirus app would allow a business to be ready for a future virus threat. At that point, an update would be all they would need to do to protect their Macs.

Now that I think about it, I wouldn't laugh at someone for taking such preventative measures in a business or academic setting, since there is a (very small) chance that installing the antivirus software would protect the business from the first Mac virus or worm.

In practice, though, the risks/reward considerations are not that clear-cut.

A couple points:

--Antivirus software companies  _have not_ had an incredible amount of success with predictive algorithms. I imagine they're getting better, but I wouldn't count on my antivir software protecting me from an unknown threat before that first update.

--The first Mac virus/worm (I'll just write "virus" from now on) will likely be the ONLY Mac virus for awhile and will spread rather slowly. This will give Mac users plenty of time to install suddenly-useful antivirus apps. Even in settings with lots of machines.

--_Any_ software has the potential to destabilize the machine (cf. Symmantec. In fact, I think "Symmantic" is a synonym for "destabilize"). And installing software that doesn't (yet) do anything . . . Does it make sense?

--Four + years of OS X, zero viruses. I know, I know. They're coming. Any day now. Any day now.

--Opener requires root. The "fake iTunes file" malicious app [Edit: called MP3 Concept] is a trojan but is not in the wild. And there's now a certain amount of protection built into the OS to protect against apps masquerading as files.

--You said you could list the spyware that's out there but don't want to for security purposes. Tell us how many confirmed apps you know of. I know of one commercial keystroke logger. That's it. I'd be surprised if you could round the number of confirmed apps to anything other than 0.

-----
BTW, I forgot about Allume's Internet Cleanup. I wonder what exactly it  cleaned up when it first came out? Cookies? Oh boy! $30 for that? Does it actually search for the known keystroke logger? I'd hope so.

Little Snitch seems cool. It's not exactly an antispyware app. It's an enhanced firewall. Of course, spyware would likely "phone home" and be caught by L.S. I know what you meant.

The antispyware I read about today was Mac Scan. As I said, according to their website, it's actually effective against . . . um, they didn't say. They'll let us know later. Any day now.


Doug


----------



## sirstaunch (Dec 22, 2005)

Seen what .mov can do, you start to play them and they open up your browser and take you to a web site, guess this what this article is getting to

http://news.com.com/iTunes+and+Quic...3-6004635.html?part=rss&tag=6004635&subj=news


----------



## Randy Singer (Jan 3, 2006)

Please go back and read what I said very carefully.  I said that I don't recommend anti-virus software for most users, but many business users have no choice, they *have* to have anti-virus software for business reasons.  I also said that the malware threat to OS X is miniscule, but it is not zero.  That's true, no matter how you spin it.  

You could end up just as unhappy if you open a Word document with a malicious macro virus, or if you get a malicious OS 9 virus in Classic, as you would be if there was an OS X-specific virus and you were infected by it.  Its true that it is easy to avoid both occurances, but that doesn't mean that they don't exist, or that they aren't a potential threat.



			
				dktrickey said:
			
		

> --You said you could list the spyware that's out there but don't want to for security purposes. Tell us how many confirmed apps you know of. I know of one commercial keystroke logger. That's it. I'd be surprised if you could round the number of confirmed apps to anything other than 0.


I know of three very serious spyware applications for the Macintosh.  However, as I said, none of them can be installed via the Web or via e-mail.  At least not yet.

However, of much greater interest is the fact that these spyware apps are the product of active hacker groups devoted to hacking the Macintosh (you can easily find their Web sites by doing a Web search) who are trying very hard to perfect their spyware applications.  Sort of like an open source community, but with nefarious goals instead of noble ones.  That fact alone means that, at some point, there will be a very serious threat to the Mac.



			
				dktrickey said:
			
		

> Little Snitch seems cool. It's not exactly an antispyware app. It's an enhanced firewall. Of course, spyware would likely "phone home" and be caught by L.S. I know what you meant.


Little Snitch is a "reverse firewall." That is, it keeps programs on your Mac from contacting the outside world without your permission.  How important that is to you depends on how paranoid you are.  Lots of applications, even those from big respected companies, phone home and send who knows what information back to the mothership.  The recent Sony CD debacle shows that even huge respected companies are willing to put malicious software on your computer.  Are you concerned about what information Microsoft Office may be sending back to Microsoft about you?  I'm not, but a good number of folks aren't at all happy about applications that phone home.

Of more interest is the fact that software connecting to the Internet in the background puts a substantial hit on CPU use.  Is your Mac significantly slower than it was when new?  It may be that several very common applications accessing the Internet for "legitimate" reasons in the background are slowing your Mac down substantially.  Little Snitch can prevent them from doing this.

Speaking of slowing your Mac down, the argument that anti-virus software always makes your Mac slower and/or that it makes your Mac unstable is an uninformed one.  Try VirusBarrier and tell me if you notice a slowdown or instability caused by it.  (If you do, I won't believe you.    I tested all of the major anti-virus programs personally.)  That is what competition in the marketplace is all about, and why its good that there are a bunch of anti-virus apps for the Mac to choose from.  And why it is good to have someone like me to test them all for you and tell you which one is best.


----------



## ex2bot (Jan 3, 2006)

I don't really see much that we disagree about. As I wrote before, your first (I think) message got me thinking about what I would do were I in charge of a Mac business / gov / ed installation. I might be concerned about Word viruses at this point. Less so about spyware that requires root. Why, though, does David Pogue write that Word macro viruses don't work properly in OS X? He effectively dismisses them as nothing to worry about in Mac OS X: The Missing Manual (Tiger edition). 

I didn't suggest that "anti-virus software _always_ makes your Mac slower . . . and / or unstable." I wrote that any software ***has the potential*** to do so. I'm glad to hear VirusBarrier is reliable and efficient. I'll keep that in mind when I'm shopping for Mac antivirus software. In 2009. 

I'm also familiar with "reverse firewalls." I didn't know until recently that that's what people were calling them. Any Windows firewall worth anything polices outgoing traffic thanks in part to Steve Gibson (www.grc.com). I followed along on his site as he showed how the free Zone Alarm initially put the (commercial) Norton Personal Firewall to shame because Zone Alarm had "reverse firewall" capabilities and Norton initially didn't. 

We do appreciate the work you and others have done writing about OS X. I've heard good things about The Macintosh Bible. 

Doug

Incidentally, a recommendation for anyone interested and concerned about computer security, check out Steve Gibson and Leo Laporte's podcast "Security Now!" (available at twit.tv or on Steve's website above). It can get a bit technical but still very interesting. I also highly recommend  "This Week In Tech" a more general tech news podcast with some of the former TechTV people.


----------



## Randy Singer (Jan 4, 2006)

dktrickey said:
			
		

> Why, though, does David Pogue write that Word macro viruses don't work properly in OS X? He effectively dismisses them as nothing to worry about in Mac OS X: The Missing Manual (Tiger edition).


I can't find that in his book.  What page is it on?

It's hard to believe that is true.  If Word macro viruses don't work in OS X, then one would have to assume that all Word macros don't work properly in OS X, which I know isn't true.

Or you may read about the "Macro Virus Protection" feature in Word.  Which stops *all* macros from running.  That's great, unless you are someone who needs to run macros in documents sent to you.  The "Macro Virus Protection" feature in Word doesn't tell you if a macro is malicious or legitimate.  Only a good commercial anti-virus program can tell you if an embedded macro is malicious or legitimate, and can strip out a malicious macro and leave the underlying document intact.


----------



## ex2bot (Jan 8, 2006)

You know, I was idly leafing through the book at Barnes & Noble. I bought the 10.1 version (of the Missing Manual) back in 2001 when I got my first Mac. I was impressed at the time by the book's clarity and details and Pogue's excellent style.

So . . . anyway, I don't know what page it's on. It specifically said something to the effect that "Word macro viruses don't work properly in OS X." Looks like he is mistaken.

Doug


----------



## Randy Singer (Jan 8, 2006)

dktrickey said:
			
		

> So . . . anyway, I don't know what page it's on. It specifically said something to the effect that "Word macro viruses don't work properly in OS X." Looks like he is mistaken.


Or you were mistaken that he said that.  I have the Tiger Edition of his book right here, and I can't find anywhere in the book that he says anything like that.

Which doesn't surprise me, because its not true.  Cross platform Word macro viruses (unfortunately) run just fine in OS X.


----------



## ex2bot (Jan 10, 2006)

Well, it said _Mac OS X: The Missing Manual (Tiger edition)._ It's possible, though highly unlikely that ANOTHER David Pogue wrote an identically titled book with different information. 

Just like it's possible, though unlikely, that I read it wrong. I'm pretty sure about what it said. And it's a big book. Look again.  I don't have that luxury. I'm not about to go out and buy it.


Doug


----------



## Randy Singer (Jan 13, 2006)

dktrickey said:
			
		

> Well, it said _Mac OS X: The Missing Manual (Tiger edition)._ It's possible, though highly unlikely that ANOTHER David Pogue wrote an identically titled book with different information.
> 
> Just like it's possible, though unlikely, that I read it wrong. I'm pretty sure about what it said. And it's a big book. Look again.  I don't have that luxury. I'm not about to go out and buy it.


I just checked again in Mac OS X The Missing Manual Tiger Edition.  It doesn't say that in the indexed section that deals with "viruses" and it doesn't say that in the indexed section that deals with "Microsoft Word."

I can't find it anywhere else in the book.  I'm sure that it doesn't say it, because it isn't true.  Visit your favorite virus reporting site and you will see that Word macro viruses run perfectly well under OS X.

However, I just had a look at the Panther Edition of TMM, and it says this on page 694:

"You still need to be careful with Word and Excel macro viruses, of course."

I don't think that it is Pogue who is mistaken.


----------



## ex2bot (Jan 16, 2006)

Jeez, Randy. You have the book in front of you. I don't. I don't really know. You're going to goad me into going over to B&N and looking it up, aren't you? Well, maybe I will. After all, I have no life. 

Doug


----------



## aidren (Jan 24, 2006)

I have been looking at the previous posts in this thread to bring myself up to date with the virus/spyware issues. To give you a brief background -- I have been trying to convince a friend, who is a professional counsellor with sensitive client files on her system, to use an AV app. The response I get continually is the ever common -- "I don't need AV protection -- I own a Mac". Recently, she has mentioned that she has noticed other applications launching by themselves and is also having some slowdown issues. Could this  be the MP3Trojan I have read about?

Also, regarding spyware, I use a small Freeware calendar app called PandoCalendar. Some time ago I was at a website that advertises workshops. Several days after visiting this site I discovered their Workshops had been planted in my calendar app -- and I guarantee you -- I did not put them in there myself. Would you consider this a spyware? or what? And can you suggest an application to scan my system -- ie. will VirusBarrier pick this up?

Both systems I have mentioned are running Panther.

I am very much looking forward to responses on this.

Thanks 

Aidren


----------



## Randy Singer (Jan 24, 2006)

aidren said:
			
		

> I have been looking at the previous posts in this thread to bring myself up to date with the virus/spyware issues. To give you a brief background -- I have been trying to convince a friend, who is a professional counsellor with sensitive client files on her system, to use an AV app. The response I get continually is the ever common -- "I don't need AV protection -- I own a Mac".



You should better inform her.  Not having AV software on her machine could be a big deal if one day she finds that those client files are gone (for any reason.)  Not having AV software installed could be considered de facto professional negligence in any subsequent disaplinary hearing or court action regarding the loss of client files.



			
				aidren said:
			
		

> Recently, she has mentioned that she has noticed other applications launching by themselves and is also having some slowdown issues. Could this  be the MP3Trojan I have read about?



The MP3 Trojan was a "concept" Trojan.  That is, it didn't do anything malicious, it was just created to show that it could be done.

There are a couple of other Trojan's out there for OS X, but unless she has been downloading files from file sharing services, or someone has purposely given her a Trojan, it is highly unlikely that she has one.

On the other hand, files launching themselves is very unusual, and I don't have any theories for what would cause that to happen.



			
				aidren said:
			
		

> Also, regarding spyware, I use a small Freeware calendar app called PandoCalendar. Some time ago I was at a website that advertises workshops. Several days after visiting this site I discovered their Workshops had been planted in my calendar app -- and I guarantee you -- I did not put them in there myself. Would you consider this a spyware? or what?


If you have encountered spyware that can install itself via a Web site, then, as far as I know, you are the first OS X user to encounter such a thing.  I know of spyware for OS X, but none that can install itself via the Web or via e-mail.  

However, once again, I have no theory on how such a thing got into your calendar.  You may want to contact one or more of the virus tracking companies and consult with them about this.

McAfee: http://vil.mcafee.com/
Symantec: http://www.symantec.com/avcenter/ 
F-Secure: http://www.f-secure.com/virus-info/

You may also want to contact the developers of Pando Calendar and get their take on this.  They may have seen this before, or they may know whether or not it is at all possible.



			
				aidren said:
			
		

> And can you suggest an application to scan my system -- ie. will VirusBarrier pick this up?


VirusBarrier should pick up any and all known malware that might exist on your Mac.  However, if you have something new, until you, or someone else, reports it to one or more of the virus tracking agencies, and it is tracked down and analyzed, nothing will scan for it.


----------



## aidren (Jan 24, 2006)

Thanks so much for the timely reply. I will pass your information on.

Aidren


----------



## panosm_78 (Jan 31, 2006)

Hello everyone, and here is my problem: Lately my mac G5 dual with Mac OSX when I connect to internet after 5-10 minutes nothing seems to work OK.
I cannot open Final Cut or my Photoshop not even safari. Everything stacks.
I belive it might be a virus but I 'm not sure. Any ideas?

Panagiotis


----------



## nixgeek (Jan 31, 2006)

panosm_78 said:
			
		

> Hello everyone, and here is my problem: Lately my mac G5 dual with Mac OSX when I connect to internet after 5-10 minutes nothing seems to work OK.
> I cannot open Final Cut or my Photoshop not even safari. Everything stacks.
> I belive it might be a virus but I 'm not sure. Any ideas?
> 
> Panagiotis



(Mods, can this be moved into it's own thread if necessary?  Thanks! )

Doubtful there's a virus as there aren't any out there in the wild taking advantage of holes in the Mac yet.  Which model exactly is it that you have?  it's possible that you need a firmware upgrade.  See the link below regarding the particular firmware upgrade for your particular Mac (if there exists one).

http://docs.info.apple.com/article.html?artnum=86117


----------



## sirstaunch (Feb 3, 2006)

A friend informed me she heard on the radio about a Worm expected to spread out (she said tonight Aussie time but don't understand how they can predict a time though) and she said the radio announcer said 'and don't go Ha, I'm on a Mac' something about we're not safe from it either

I did a google for Virus Alert Mac and googled Worm Alert Mac

Found quite a few articles which were old news but nothing recent and nothing about a recent Mac threat

But I did find there was an issue with QuickTime 7.0.3 which had some security issues to consider. And I do remember that in Tiger I've probably had about 3 security patches updated and installed but never seem to read why they were needed.

Sorry if this was mentioned anywhere else, i did a quick look through this thread but couldn't see any mention. But just by reading this article it seems things are possible even on OSX and apple are pretty quick to fix.

Getting back to the .mov subject that direct you to a web site, the files are usually only a few hundred kb in size, when I seen one of these open on a Windows Platform, their AntiVirus alert was set off. So being unaware on the Mac could possibly be a threat somehow. I've had movies that not even VLC or MplayerX could not play and I wonder the possibilities of it being some Trojan or Virus.

So while a percentage of us are running around in circles saying No Viruses on OSX, are we really prepared if something big does come our way?

Like my friend said, the radio said don't say ha, I'm on a Mac


----------



## MBHockey (Feb 3, 2006)

The guy on the radio is in fact wrong.  That worm that is scheduled to delete office-related files on the third of every month is in fact, Windows-only.

Why do windows people love to spread FUD?


----------



## jellison (Feb 3, 2006)

jellison-----  Well, The Posting above answer my Questions relating to the    
 --( Kamasutra Worm ) that all the News Media is buzzing around this Morning ( Fri --3rd of Feb 06 ). But I do have a related Question. When I found out that OS X (mine is 10.3.9 ) was imune to Virusus & Spyware, I went to alot of those NO NO sites on the Web with Safari (alot of them).       
     So I'm curious if I might have picked up any Spyware oriented to Mac platform, or not to worry about it. This eMac is fine, so it's just a Thought and probably some re-enforcement from you Experts, for i'm still only an infant with this Apple, but was avid with my Windows PC on running & updating Anti-Virus (AVG) & Spyware Removal (Ad-aware SE).   THANKS      
  jellison    Oregon.


----------



## ex2bot (Feb 3, 2006)

No Mac viruses exist. However, Microsoft Word macro viruses can cause problems. Randy says Intego's Virusbarrier is the best choice for Mac antivirus software if you depend on Word macros. Otherwise, word defaults to blocking ALL macros and you can let Word itself protect you from the macro viruses.

Doug


----------



## xxbabygurl87xx (Feb 7, 2006)

Yesterday my emac was working fine! Turned it on today , entered my password as usual but it won't log me in! The log in page looks different thought and my little icon is not the same as it was yesterday. Noone has been on my computer to  change the password. Any ideas whats wrong. . .?


----------



## nixgeek (Feb 7, 2006)

xxbabygurl87xx said:
			
		

> Yesterday my emac was working fine! Turned it on today , entered my password as usual but it won't log me in! The log in page looks different thought and my little icon is not the same as it was yesterday. Noone has been on my computer to  change the password. Any ideas whats wrong. . .?



You might get more help if you posted this in its own thread that way more people can see what your problem is from the title you give the thread.  Just a thought.


----------



## ex2bot (Feb 7, 2006)

xxbabygurl87xx, 

If you can't get into your computer, you can reset the password by inserting your system disc that came with your computer. If you have further troubles, let us know.

Doug


----------



## Tschuppart (Feb 10, 2006)

Hi All, I discovered by accident that through my ISP's security package my mac gets a free anti-vius check-up as long as its running when I do my virus scan from the PC. My mac is a mapped drive and the PC checks all connected drives whenever I run the anti-virus software. It came up with PC virus files on the mac and I just selected the "delete" option.


----------



## SatCure (Feb 11, 2006)

> It came up with PC virus files on the mac and I just selected the "delete" option.


That's no fun. I'd like a "Send to a PC user" option.


----------



## MAbans (Feb 16, 2006)

All good things must come to an end.

http://news.yahoo.com/s/macworld/20060216/tc_macworld/oompa20060216


----------



## ra3ndy (Feb 16, 2006)

MAbans said:
			
		

> All good things must come to an end.
> 
> http://news.yahoo.com/s/macworld/20060216/tc_macworld/oompa20060216



Yeah, though a thorough reading of several articles about that one has revealed that the code is poorly written and doesn't successfully install anything.  

It only reproduces by sending itself to your buddy list in iChat, assuming you have iChat open.

And it's hardly a subtle attack.  It launches Terminal and shows you what it's trying to do!

Plus, it requires authentication to open unless you're logged in as admin.

Plus, it's already been removed from the forum where the it originated.  

Even still, it's a proof of concept that people will download just about any kind of file and open it (honestly, a .tgz?!) without thinking about it.  I guess Mac users can be dumb, too.  

It's nothing more than an failed first gen attempt.  I'm sure it means it'll be refined, but i forsee a bit of time before anything truly dangerous could be bred.


----------



## Captain Code (Feb 16, 2006)

It's really a trojan and not a virus because it requires the user to be tricked into opening it.  That said, it doesn't do a whole lot either.


----------



## pds (Feb 17, 2006)

Wasn't this the proof of concept thing that some security company "revealed" over a year ago? It is kind of lame - mostly just FUD and negative spin to bring attention to the security company.

I can't find the link I originally followed to this (from osviews I think), but there was a sentence in there that said something like "Security experts _admit_ that there is much less virus protection software available for Macs than there is for Windows." It was written to make it sound like a really bad thing for Macs - not as well protected as those Windows Boxes. Yeah, right!

Still - ClamXav is on my dock and gets run regularly.


----------



## Lt Major Burns (Feb 17, 2006)

at the end of the day, it still needs you to make it work.  you have to unpack it and then execute it to work... so it's not a virus.


----------



## nixgeek (Feb 17, 2006)

Yahoo has done a poor job of informing the public about what this really is.  If you check out the discussions regarding the news topic, almost everyone there is saying that Yahoo got the story wrong.  This is a trojan and basically works by fooling the user into opening the file and requiring administrative authentication to even run.  Just like the Dvorak "Apple Dumps Mac OS X for Windows" article, it's all crap.


----------



## RacerX (Feb 17, 2006)

Also I don't think this can be called the first of it's kind for Mac OS X. I seem to recall that someone had created a Trojan that looked like the installer for MS Word v.X that was on some wares servers a few years back.

The idea of using social engineering rather than pure technical ability to attack Mac OS X isn't new... and has always been the _path of least resistance_ in attacking any platform.


----------



## ex2bot (Feb 17, 2006)

Some are saying, and I think it makes sense, that this trojan has virus/worm-like elements. It does reproduce itself, sorta, through iChat if it's open.

We're doomed! Or not.

Doug


----------



## Captain Code (Feb 18, 2006)

It only sends itself to Bonjour buddies.  Why, I don't know but most people don't use the Bonjour chat anyways.


----------



## pds (Feb 18, 2006)

Captain Code said:
			
		

> It only sends itself to Bonjour buddies.  Why, I don't know but most people don't use the Bonjour chat anyways.



Probably because anyone near enough to use Bonjour chat probably doesn't want to talk to me anyway.


----------



## Jim W (Feb 18, 2006)

This was a big story on my local news last night. lol

I waited to see how they reported it and it was the typical "the sky is falling". "All you Mac users that thought you were safe......blah blah blah" They ran various clips of the Mac plant....packing those older iMacs, the little apple shaped colored ones. lol Then all they said is affects users of iChat, if you get a link to a file called (can't recall), dont open it.....next story.

But you know, the less educated part of the community was on the phone the next day screaming at whoever sold them that vulnerable machine. lol


----------



## Trip (Feb 23, 2006)

Possibly the first true virus... I've been having troubles with my HD for a few days now. Today finally, it reached the point of no return... where files started to get deleted, I can't edit my HD or accounts, it seems hopeless. I have no idea what's going on... I've got to make another quick thread about it. Read more there.


----------



## ElDiabloConCaca (Feb 23, 2006)

Doubtful -- these "viruses" are simply proofs-of-concept.  One is malicious in the sense that it has a bug in the virus code that causes certain applications not to launch.

You'd also know you got one of these viruses because you would have to download a certain file, double-click it, and possibly authenticate.


----------



## Lt Major Burns (Feb 24, 2006)

Trip said:
			
		

> Possibly the first true virus... I've been having troubles with my HD for a few days now. Today finally, it reached the point of no return... where files started to get deleted, I can't edit my HD or accounts, it seems hopeless. I have no idea what's going on... I've got to make another quick thread about it. Read more there.



i suspect you are running out of space.  there are no virus' on the Mac.


----------



## ElDiabloConCaca (Feb 24, 2006)

Well, technically, there are two viruses on the Mac now, but neither work correctly.

Also, as of now, you cannot be mysteriously and unwittingly infected with a virus -- these viruses require user interaction in the form of clicking, double-clicking, authenticating, or a number of other user actions in order to try to do any damage (and they don't do any meaningful damage anyway).

The point is: you can't "get" infected.  You must infect yourself presently by direct user interation with these viruses.  You'd know if you got infected the minute you got infected.  It's not going to be a situation where your computer starts to act a little funky one day... you'll know it the minute it happens.


----------



## eliezer (Mar 6, 2006)

http://www.itworldcanada.com//Pages...ID=idgml-34aa4c8a-e752-4fcd-afc4-7065ca04fdf3

Here it says that there is a worm for mac os x 10.4


----------



## perfessor101 (Mar 6, 2006)

If you have installed Apple's "Security Update 2006-001 PPC" you are covered. It isn't much of a worm anyway and according the Symantec, Sophos, and others the risk was very very low, its spread was minimal (I believe 2 sites), and ease of removal was a piece of cake.


----------



## lbhammond (Mar 9, 2006)

Is it possible to migrate a virus from OS9 to OSX when data transferring? 
(please refer to my posting for macOSXsystems-it will show my myriad of symptoms that may have come from my imac.OS9-to-ibkG3.OSX1.-to-ibkG4.OSX3.-to-ibkG4.OSX4.)
-lbhammond


----------



## SatCure (Mar 9, 2006)

I've been using Macs since 1987 and I've never seen a Mac OS9 virus. The chances of acquiring one now are infinitesimally small. It just won't happen. And they won't run on OSX. I doubt they'll even run under Classic.


----------



## lightsabre (Mar 12, 2006)

all this talk of viruses...the only virus like activity ive ever had was from once being on shithouse proxy server windoze based, that screwed with all my video settings and stuff


----------



## xris (Mar 14, 2006)

I seem to be gettting another message from appletalk.com.au
they have a number of 'headlines' regarding virus attacks and hacking into Mac OS X.
>>Even Matt Drudge got into the game, with headlines on his heavily-trafficked Drudge Report Web site that screamed: "Two Viruses Target Apple's Macintosh."<<
>> One piece of malicious software was dubbed Leap-A. It masqueraded as Jpeg images of screen shots of the next version of Mac OS X.<<
>>The other one, known as OSX.Inqtana.A, was designed to spread through a vulnerability in Bluetooth wireless technology that was patched by Apple eight months ago.<<
>>A third vulnerability -- this one a potential chink in the armor, rather than a piece of naughty software -- was disclosed early this week. Apple's Safari Web browser has a feature that lets you open downloaded files that are considered safe as soon as the download is complete>>

According to the Hacker 'gwerdna', the hacked Mac could have been better protected, but it would not have stopped him because he exploited a vulnerability that has not yet been made public or patched by Apple.


----------



## fryke (Mar 15, 2006)

hm. that's from last week, i believe. we discussed this in another thread, and it's been discussed widely. "gwerdna" (Andrew G) had local access. It's like inviting a thief into your house and showing him where the safe is, then leaving him alone with all his tools. So: Forget about it.


----------



## xris (Mar 15, 2006)

Very good analogy and I guess it really sums it up, and once again highlights the hysteria the press is renowned for causing by subjective reporting.  
That's where forums like this really come in handy, 
I'm glad I joined and I'm grateful for your insights.


----------



## trigg2020 (Mar 27, 2006)

Man I'm still stuck on my os 9. I can't ge back to X


----------



## SatCure (Mar 28, 2006)

The point is that even if there were three active viruses for Mac "in the wild" (there aren't) you have to see that in the perspective of some thirty THOUSAND viruses for Windows. The risk for Mac users (even if there were three) would be incredibly low. As there are currently NONE there is no risk at all. My advice is "ignore it till it happens". When it does happen it's a million to one that it will happen to you and you'll have plenty of time to take any necessary steps.


----------



## Satcomer (Mar 28, 2006)

Stinz12 said:
			
		

> When I was at the mac store getting my ibook G4 I was assured that there would be no viruses on it.



There are no is no active virus on OS X right now. The last thing was more malware/trojan. Apple plugged that hole and with some common sense by turning off Safari's automatic opening of downloads. Also use the Finder's Preferences->Advance tab then check mark "Show all file extensions" and you will always see if an icon is an application or not.


----------



## PeteZZZ (Apr 4, 2006)

Hi
I am using MS OfficeX on a Mac running OSX Tiger 10.4.5. 
The virus W97M/Thus.gen keeps appearing in Word files. 
I know it's not harmful to Macs but it is to people I send these documents to, who use PC !! 
I still have Virex 7.2 and it seems to work and the virus definitions are up to date. (I reverted from 7.5 which didn't work on Tiger) 
If I create a new Word file, type anything and save it. Then scan with Virex 7.2 it shows this W97M/Thus.gen virus !! 

Someone said I have to delete ALL Word files including the "Normal" template in MS Office folder but this would be very inconvenient for me as I have a lot of backed up files. 

any suggestions ? 

thanks 
Pete 
London 
UK
_________________
Mac G4 
OSX 10.4.5


----------



## SatCure (Apr 4, 2006)

As a general guide I would avoid using WORD and I certainly wouldn't send a WORD document to anyone else. Send as PDF instead.

Sorry this doesn't answer your current question but, as a Mac user, I know nothing about this WORD worm.


----------



## ex2bot (Apr 4, 2006)

PeteZZZ,

Welcome to MacOSX.com! 

(Please forgive me if any of this is too simplistic.) 

W97M/Thus.gen is a Word Macro virus. It's nothing to mess around with. First I'd check to see if your macro virus protection is on. 

1. Run Microsoft Word.
2. Click on the Word Menu.
3. Click Preferences.
4. Click General from the list.
5. Look to see if "Macro virus protection" is checked. If it isn't, click the box to activate it. This will, I believe, prevent macros from running. If you depend on macros, then this is not a good thing. But if your files are infected with a virus, I'd say it's probably a good idea to enable the macro virus protection until you can fix the problem.

Now, the latest version of Virex is 7.7. You might look into upgrading to that, although if I remember correctly McAfee might have really upped the price. 

If you can update Virex, it may be able to remove the virus from your Word files. I don't know. If you can't upgrade Virex, you may want to consider buying Intego's Virusbarrier.

http://www.intego.com/virusbarrier/

I don't know if Virusbarrier will be successful removing the virus from your files. 

Here's how this thing works, as I understand it (and I'm not a security expert): A virus reproduces itself by attaching itself to a file on, say your hard drive. Word Macro viruses are written in Word's macro language and attach themselves to as many of your .doc files (Word document files) as they can. Every time you load one of these files into Word, it runs the macro. 

(Macros are little programs that can save time. You could use a macro to do any kind of repetitive task you don't want to do over and over.) When Word runs macro that contains a virus, they usually try to copy themselves to any other documents you work on. They may also do bad things like delete files. You can, as you mentioned, infect others' documents too.

And, apparently, some of these macros will function on your Mac. I don't know if W97M/Thus.gen will do anything.

Good luck.

Doug


----------



## b16ef8300 (Apr 25, 2006)

check this link:

http://seattlepi.nwsource.com/local/6420AP_CA_Apple_Security.html


----------



## SatCure (Apr 25, 2006)

Yeah, old news and still no viruses for OSX in the wild. Let me know when there's a virus that affects 100,000 Mac users in a day (as with Windoze) and I'll start to worry a little.

There's always going to be "spyware" and "trojans", and "worms" that run in applications like MS Word, but there's unlikely to be anything that does serious damage to lots of Macs before word gets around. I'm not being complacent but right now the odds of winning the lottery are better.


----------



## PeteZZZ (Apr 25, 2006)

The cure was to disinfect the 'NORMAL' template file in Word App folder
then to disinfect all word docs on my system


----------



## Jim W (May 1, 2006)

So what do you guys think of the latest "scare".

http://www.msnbc.msn.com/id/12537279/

**Cliff notes, a person clicked a link from a pop-up, that stated there was an unreleased update to his OS available for download....hahahahahhaah...sorry. 

Somehow I'll bet this is as lame as the last "virus", entering the admin password to run it ect.... lol

Jim


**also for the record, I am no Mac expert and I am also not a "blinders on Mac user", as was so cleverly stated in the article I am sure there are flaws and exploits of this OS, but the media seems to be on a witch hunt here with these stories. Until I see some real proof of an problem, I can only sit back and chuckle. 1 user out of how many millions?


----------



## pedz (May 2, 2006)

Hey,

A friend just called me and told me about a TV commercial she saw on ABC.  (I don't have a TV so I'm out of touch with commercials.)  She said that some business looking guy is the PC and a 20ish kid is the Mac.  The PC guys is sneezing or something and warns the Mac kid to stay back.  The Mac kid says "oh thats o.k.  I'll be fine".  Eventually the PC guy falls backwards and crashes.

Has anyone else seen this?  I'm trying to find a version of it on the internet so I can watch it.

I've been wondering any Apple doesn't start advertising this more.  I guess they read my thoughts.


----------



## ElDiabloConCaca (May 2, 2006)

Uhhh... these videos are posted prominently on Apple's web page right now. 

http://www.apple.com


----------



## bobw (May 3, 2006)

New Apple Ads


----------



## CharlieJ (May 17, 2006)

HEHE, I love windows (NOT!)


----------



## DarkAngel_x (Jul 3, 2006)

Do you think that it would be wise to get Norton Personal Firewall for Mac?  Or Norton Solutions?  I'm just wondering if the firewall is good enough.  xD


----------



## MBHockey (Jul 4, 2006)

Absolutely not.  Norton software for Mac has always done a lot more harm than good.


----------



## pedz (Jul 4, 2006)

My own personal opinion: 

1) Norton is a fraud.  I have never bought something from Norton that even passed the simplest of my requirements.

2) Most of Mac stuff is based upon either BSD or open software implementations.  Maybe, maybe, if you bought a $2000 router from Cisco or someone like that, it would have better firewall abilities but I question even that. (I'm not talking a $10 router from Cisco -- the extra $1990 is not just cause its in a bigger box.)

It could be that Apple is not taking full advantage of the software that they have but I doubt even that.  Security just isn't that hard if you had security as a priority during the entire lifespan of the product.  Unix was created to be multitasking, multi-user.  It has always been relatively secure.  There may be a bug or two but generally it is very secure.

Here is the deal: the whole attack into the system starts with an open port.  Its like a door into your house.  If your house has only two doors and those doors are locked, you are secure.  If you house has 99,000 doors, you will never be secure.  Simply turn off the services, close the ports, remove the doors, and your safe.  Its really very simple.

For a simple small personal system, I can't see why you would have any services running; thus no ports open; and hence, no doors.  The Mac stuff, essentially comes that way and you must conscientiously turn on each service and, straight out of the box, there are not that many to enable.  And those that are there open to very robust implementations like Apache's HTTPD which is as good as it gets.


----------



## symphonix (Jul 4, 2006)

Yeah I'd steer clear of the Norton / Symantec stuff if I were you. My work provided me with a copy of Symantec Antivirus for Mac. I installed it, and it caused quite a few problems with performance. I uninstalled it, and now it runs fine. In the case of Symantec, the cure is worse than the disease.

The Mac ships with a perfectly functional firewall and has never had a recorded virus, ever.


----------



## Rhisiart (Jul 4, 2006)

symphonix said:
			
		

> Yeah I'd steer clear of the Norton / Symantec stuff if I were you. My work provided me with a copy of Symantec Antivirus for Mac. I installed it, and it caused quite a few problems with performance. I uninstalled it, and now it runs fine. In the case of Symantec, the cure is worse than the disease.


Try installing Intego's Virusbarrier to test your sanity (see this thread).


----------



## Beaner Bug (Jul 5, 2006)

O.K., SO I need help with a couple of things:
1: So what is the best software protection for the money out there?
Or what do you suggest that I use to protect my system? I have a couple of Macs, & I want to make sure that I am protected in the best way! I have been kind of out of the "whole" tech loop for  while, & NEED to get back into it!

#2 I'm suppose to use a older DOS based database & phone dialing system. I'm suppose to set it up on my old PC (Which I bought used, & then never used.... due to the fact that I LOVE my MACS so much!  

But, that is what they are currently using... ANYWAY... I am wondering if I can use one of my older MACS instead! AND... if anyone knows how easy it would be to convert their DOS program over to a FILEMAKER datebase?  You wouldn't think that it would be all that difficult! But I have never tried to convert one! What do you guys think? Looking for some "pro" or "techie" ideas, info or where to go to get info! Got any suggestions?

3: LAST BUT NOT LEAST... I have an Titanium 500 MHz, Power PC G4 laptop, that happens to be the model that has that little  I have the model that has that little tiny fan that kept burning out. When I had it under warranty they replaced it, I think it was actually TWICE! I ALWAYS have a cooling fan running under it & when I'm at home... [Which in the last few years this is the ONLY way that I use it! - Hence, the Question "why do I still have this one!!"  I take off the laptop key board & connect a different external one.] Got any ideas of how to fix it? Best place to get used parts? &/or where is the BEST place to to sell it?

THANKS For any HELP offered on any of these topics that I can get! 
I Really appreciate it!  Thanks!!


----------



## symphonix (Jul 5, 2006)

Beaner Bug said:
			
		

> 1: So what is the best software protection for the money out there?



ClamAV is open-source, free and updated regularly. Virex is a commercial program that doesn't install anything resident, and seems to be pretty trouble-free. You can get Virex free with .Mac membership.



> #2 I'm suppose to use a older DOS based database & phone dialing system. I'm suppose to set it up on my old PC (Which I bought used, & then never used.... due to the fact that I LOVE my MACS so much!



What software is it? Perhaps you could just use VirtualPC with an MS-DOS image to run the software. That way you won't need to use a second computer at all. Plus, it would be easier than trying to re-write an old database program, which would frankly be a pain in the neck.

No idea for point 3 I'm afraid. An Apple Service Centre would be my first port of call.


----------



## ex2bot (Jul 6, 2006)

Beaner Bug: 

If you must run an antivirus, go with Intego's Virusbarrier (see messages above).

You can get free DOS emulators. Search Google for "Radnor" which is a front-end for the open-source DOSBox. It may or may not give you acceptable performance on your TiBook. Probably not. The $100 VirtualPC (without an operating system) may be even slower. 

Your best bet would probably be to find an old DOS-compatible PC. I can't imagine you'd have to pay much more than $30.

Doug


----------



## stoffa (Aug 10, 2006)

Just wondering if anyone know of any free website in which i could download some sort of firewall protection for my Mac, just basically want it as added proctection. I know its probably not really necessary but it would be nice to have some sort of protectioin anyway..
Many thanks in advance


----------



## eric2006 (Aug 10, 2006)

stoffa said:


> Just wondering if anyone know of any free website in which i could download some sort of firewall protection for my Mac, just basically want it as added proctection. I know its probably not really necessary but it would be nice to have some sort of protectioin anyway..
> Many thanks in advance


Your mac comes with a firewall. Just go into Sharing, and you should see a tab for it.


----------



## SatCure (Aug 10, 2006)

MacOSX has its own firewall.

Apple Menu --> System Preferences --> Sharing --> Firewall


----------



## earltash (Oct 20, 2006)

Turn on the firewall, and get this:
http://www.unmetered.org.uk/clamXav/ClamXav_1.0.4.dmg

Keep it updated.
Set up the prefs to scan the hard drive contents.
You'll be all set........


----------



## tristan j thoma (Dec 18, 2006)

hope that your mac computers will not be infected by these vuries


----------



## earltash (Dec 18, 2006)

I been downloading and saving PC Viruses for 4 years now and not a problem as of yet..................
Just a hobby.........


----------



## ars123 (Dec 28, 2006)

hi,
yes the virus is active on mac os x 3.9. the virus attach on urs mail application from microsoft entrouge but u can remove this one with antivirus name is virus barrier its problem was come 4 to 5 mounth ago if any body found problem in the entrouge scan with this anti virus and problem will be solved.
me
im_imran525@yahoo.com


----------



## SatCure (Dec 28, 2006)

I didn't understand that. May I have the English version, please?


----------



## ars123 (Dec 28, 2006)

which think u want i also don't understand what u want plz write me
me
im_imran525@yahoo.com


----------



## SatCure (Dec 28, 2006)

I think you are typing in mobile phone "txt-spk" which I don't understand. Could we stick to plain English with normal words and punctuation, please?


----------



## ars123 (Dec 28, 2006)

plz come online which thing you requried live chat with me
me
im_imran525@yahoo.com


----------



## anerki (Jan 31, 2007)

I still have a wild collection of nVir B and nVir A infected files on my Floppy disks somewhere. Though the only thing that ever did was a) be near impossible to exterminate and b) say beep every couple of hours, so I was never really bothered  Those were the days though! I'm trying to recall the virus scanner I used to get em off, but it's so long ago ...Yay for the System 7 and earlier days!


----------



## nixgeek (Jan 31, 2007)

Ars123, it could be that the virus you have is mainly an MS thing since you mentioned Entourage (kind of like a Word macro virus infecting Word documents in all versions of MS Word).  Don't know if it would affect the system as a whole, but it's not impossible.


----------



## nixgeek (Jan 31, 2007)

Since we're on the topic of malware on the Mac, here's something from Low End Mac that I thought was fitting... 

How to Infect a Mac with a Virus or Other Malware


----------



## djbrennan (Feb 3, 2007)

I have been experiencing a weird proble for a few days. When I try to access my Menubar menus, if I click the menulist flashes at me but I can't "hold" the focus to allow me to choose an option. Eventually, after some time, I find I cannot use teh Apple menu to shut down/restart and have to power the machine off an dthen on. Typically it will take a few such forced restarts to "clear" the problem but after a while it reappears. Does anyone have any ideas?

Regards,

Denis


----------



## SatCure (Feb 3, 2007)

Denis, you should start your own post with an appropriate heading like "Menu bar strange behaviour OSX 10.4.8 on Powerbook (PowerPC)", since it has nothing to do with this virus discussion.


----------



## junkboyoh (Apr 10, 2007)

MBHockey said:


> Absolutely not.  Norton software for Mac has always done a lot more harm than good.



This is not just true for macs.  Part of the reason that I finally switched to a mac was out of frustration with Symantec.  Antivirus software is needed for a PC, but Norton actually affects your system much like a virus since it would take all of my CPU to run.  I constantly had to get updates and the program would stop working every couple of weeks.  I had to call the company about twice a week to keep my computer working.  Norton sells the most antivirus software but it is horrible.  Also in the time I was running it I have 5 tracking cookies and a work make it through.  After 2 months of it, I finally gave up  and bought the mac I wanted for a while.

The question I have with Clamav is that since it is freeware is it still updated regularly?


----------



## isacneo1 (May 29, 2007)

junkboyoh said:


> This is not just true for macs.  Part of the reason that I finally switched to a mac was out of frustration with Symantec.  Antivirus software is needed for a PC, but Norton actually affects your system much like a virus since it would take all of my CPU to run.  I constantly had to get updates and the program would stop working every couple of weeks.  I had to call the company about twice a week to keep my computer working.  Norton sells the most antivirus software but it is horrible.  Also in the time I was running it I have 5 tracking cookies and a work make it through.  After 2 months of it, I finally gave up  and bought the mac I wanted for a while.
> 
> The question I have with Clamav is that since it is freeware is it still updated regularly?



same here i switched to a mac to avoid symantec


----------



## ÐÑÑÐ¸Ñ (Sep 4, 2007)

I never had to use antivirus for Mac OS X. It always worked consistent.


----------



## harpboy (Sep 19, 2007)

I was suprised last week one of my clients complained that she was getting bounced messages back from her clients saying it contain a virus.  Now in her office there are 4 macs and 1 pc.  I figured the pc must have picked up a virus. But that was not the case. Two of the macs had a macro virus that had infected word on the 2 ibooks.   

they were now generating the w97 virus.   The way to fix it was to delete a virus script that was embedded into the macro document.

Once that was removed the mac no longer generated any virus. 

This was a real eye opener for me as I thought Macs could not generate viruses but could only carry them inside microsoft documents.

So yes your mac version of word can be infected with a macro virus. So anyone using macs with microsoft word should install anti virus software and also check these settings in Word.

Tools-->Macros-->Visual Basic Editor.

Then  expand the disclosure triangle next to   'Normal' and expand 'Microsoft word objects. Then double click 'This Document'

Then you will see an edit window show the virus script. Delete all the text and save the document.

then quit word.

Then run your AV software and clean all the w97 viruses from your mac and that should do it.  If you don't then as soon as you open another infected word document it will reinfect youl.
The double click the document


----------



## eric2006 (Sep 19, 2007)

harpboy said:


> I was suprised last week one of my clients complained that she was getting bounced messages back from her clients saying it contain a virus.  Now in her office there are 4 macs and 1 pc.  I figured the pc must have picked up a virus. But that was not the case. Two of the macs had a macro virus that had infected word on the 2 ibooks.
> 
> they were now generating the w97 virus.   The way to fix it was to delete a virus script that was embedded into the macro document.
> 
> ...



Just a note - This "virus" spread from MS Office, to MS Office. It will do no harm to your system. Bad things would happen if this infected a PC. The extent of the damage to your system was bounced emails. Apple can't make sure every third party app is totally secure, but they have done a good job of making sure that those apps can't do much damage if they do mess up.

EDIT: sorry, this was old thread


----------



## harpboy (Sep 19, 2007)

that is not the point that it wont harm the mac, in most organizations there are macs and pc on the same network.  So the network is 1 system.  Therefore if mac has that virus in ms office it may infect the pc's and that would bring the network down.

You say the extent of the damage was bounced emails.  However that is also is not the point. The damage is the image of the company.  The client of mine who had this problem is a very high profile recruitment agency in the heart of london UK who find candidates for JP morgan, BBC, C4, City Bank, PAs for musicians and actors and many more very high profile companies.  How do you think it looks if they are sending out virus with the CV's attachments.  That kind if image damage can cost a company thousands of pounds.

I am not knocking macs I love them but don't be fooled that they are not immune from virus's.  the w97 may not be able to delete files on macs as they can on pc's but the damage goes beyond missing files on computers.

Therefore anybody who thinks they should not use anti virus software on macs in commercial environments has been lulled into a falls sense of security.

It is unfortunate that the w97 can infect a Microsoft product on a mac but is is the word processor of choice in most mac commercial environments. 

Personally I have don't have any  Microsoft products installed on any of may macs in my office or at my home.


----------



## Captain Code (Sep 19, 2007)

Simply install a virus scanner on your email server and you don't have to worry about the Macs sending out macro viruses as much.  If a company isn't doing that then they really should be because as you say the image of the company is at stake.  I don't think it's necessary to run anti virus on all the Macs though.  Macro viruses are really old and I don't believe they are actively being written much any more so it's enough to have virus scanning on outbound emails at the server level.


----------



## tomdkat (Dec 11, 2007)

Have you guys heard about the Trojan:OSX/DNSChanger?

Your thoughts?

Peace...


----------



## Randy Singer (Dec 11, 2007)

earltash said:


> Turn on the firewall, and get this:
> http://www.unmetered.org.uk/clamXav/ClamXav_1.0.4.dmg



ClamXAV is free, which is, of course, very attractive.  However, the 
product is  misleading.  ClamXav is an OS X port of ClamAV, which is a 
UNIX server anti-virus application for use with Windows networks. (For instance, ClamAV comes with Mac OS X Server.) The problem is that ClamXav uses ClamAV's 
anti-viral database, with few additions in consideration of the 
Macintosh.  
You can search the ClamAV database here:
http://clamav-du.securesites.net/cgi-bin/clamgrok
As a test, do a search for, for instance, for "Macintosh", or for one of the 
known (though very rare) Macintosh Trojans, for instance: "Opener" or 
"Renepo," and see if anything shows up.  (Nothing will.)
What this means is that ClamXav doesn't look for much in the way of 
Macintosh-specific malware.  Sometimes free isn't a good deal.

In addition, if a Macintosh-only virus were to appear in the wild, there is no indication that the ClamAV database would be updated to deal with it.* (The developer of ClamXav has admitted that not only has he not contributed any Macintosh definitions to the database, but that he doesn't know how to write such definitions.) *Note that all of the commercial anti-virus program developers aggressively seek out new malware threats and share collected examples of these threats, allowing them to quickly push out an update to their software that will protect users.* There is no one from the ClamAV project that is doing this for the Macintosh.* So, the ClamAV folks might never get an example of a new Macintosh Malware threat, and even if they did, there is no indication that there is anyone who would update ClamAV to recognize that threat.

In other words, ClamXav is practically worthless for use with the Macintosh, and worse, I fear that it lulls Mac users into a false sense that it is protecting them, when in fact it doesn't protect them from much at all.  (It does provide protection from cross-platform Word and Excel macro viruses.)

Since ClamXav does not scan for Macintosh-only viruses, if you use Classic, ClamXav does not protect you from any OS 9 viruses, which can also infect Classic.  It also does not scan for the three known OS X Trojans in the wild, or the "Concept" Trojan (which is not a real, or malicious, Trojan, but it does sort of provide a model for someone who wants to create one, so it would be nice if your anti-viral software identified derivatives of it.)

Also, ClamXav does not disinfect infected files and software.  It can only flag such software for you.  You then have to delete such software to be rid of the virus.

ClamXav also does not scan files interactively.

ClamXav *is* good at scanning for, and detecting Windows viruses on your Macintosh, but that is of questionable value, as these are harmless on the Mac, and they are easy to detect and just trash.  (Usually they manifest themselves as gibberish e-mail attachments.) A Macintosh is highly unlikely to spread Windows viruses to Windows users, so software to detect Windows viruses resident on a Mac is of questionable value.

I simply don't see ClamXav as being a substitute for a commercial anti-virus program.* Admittedly, you probably don't need any sort of anti-virus program to begin with, but if you feel that you do, you probably want one that is actually going to protect you from conceivable threats.

The gentleman who has ported ClamAV to the Mac, and who is providing ClamXav for free, is to be commended for providing a free product to the Macintosh community.  However, even though he does not disagree with any of what I have said above (this all came up on Macintouch), he also doesn't clearly state it on his Web site.  So folks are lured into thinking that their Macs are completely protected, and will be in the future in the event of a very serious threat, when they aren't. That does the Macintosh community a very serious disservice.

If you feel that you need a program to protect you from Macintosh malware, I recommend that you purchase a good commercial product that can actually do this.  ClamXav cannot.


----------



## kiral (Dec 21, 2007)

Thought I'd post about one type of virus that does effect Mac computers, I actually caught this one- Macros virusus.  

This is the best application for finding and quarantining viruses for Mac. Clam Xav http://www.pure-mac.com/downloads/clamxavdl.html
It's free I use it all the time.  If you trade files with PC users believe me you'll probably get at least one infected file in your lifetime.  You need to go to Preferences and select "quarentine infected files" and choose a location if you want to actually take action on fixing them.

Macros virusus are probably the most common.  They get into your system through applications that use Macros (Microsoft Word is probably the most popular).  So step one is obvious: never enable Macros on a file, never.  Still some virusus are quick tricky and can still embed themselves even if you deny enabling Macros

Most infect your templates, since formatted templates often utilize Macros functions, and then continue to populate your system as you use that template.

As a user you might experience frequent crashes, strange errors on saving (like stupid childish messages such as "Are You Surprised" and so forth).  More than likely you will have absolutely no idea you have a virus.

Macros virusus are easy to code so they are abundant but luckily pretty easy to kill.  

1) Locate the default template file for the application infected with the Macros virus and delete it.  The templates are usually packaged with the application in a folder called user data or something similar- you can search for "template" and you should find it easily.

3)Any infected files can be disinfected by copying and pasting the text into a new document.  If you seem to keep that virus in the copy save as plain text (import into text edit, go to format> make plain text then save as plain text).  There's zero places for a Macros virus to hide in a plain text file but you do loose your formatting.

PS: SHAME on the person who posted to the user that they shouldn't get rid of the virus just because it doesn't effect Mac!!!  First off it does, and will, second any documents that Mac user makes and sends to their PC friends will wreck havoc on their PCs.  So always disinfect your computer- don't propogate virusus.


----------



## Rhisiart (Dec 22, 2007)

kiral said:


> .....This is the best application for finding and quarantining viruses for Mac. Clam Xav .....


kiral, did you read the previous post before yours? I am not saying Randy is right, but the two posts seems at odds with each other.

By the way, here his Intego's explanation of VirusBarrier:

_VirusBarrier ....... does not scan for all 60,000 or so Windows viruses and variants ...... it does scan for the latest ones and all of the Office Macro viruses [which] can affect the Mac version of Microsoft Office as well as the Windows versions ......... VirusBarrier is not a comprehensive tool for eradicating Windows viruses._

Just worth bearing in mind that relying on VirusBarrier to prevent passing on virii to PC users is not as reliable as one might hope.


----------



## Randy Singer (Dec 31, 2007)

rhisiart said:


> kiral, did you read the previous post before yours? I am not saying Randy is right, but the two posts seems at odds with each other.



Obviously he didn't, and he doesn't really know what he is talking about.  There is quite a bit of misinformation about this topic being spread around, and it would be nice if folks didn't disseminate FUD (Fear, Uncertainty and Doubt) without really having a clue what they are talking about.



rhisiart said:


> By the way, here his Intego's explanation of VirusBarrier:
> 
> _VirusBarrier ....... does not scan for all 60,000 or so Windows viruses and variants ...... it does scan for the latest ones and all of the Office Macro viruses [which] can affect the Mac version of Microsoft Office as well as the Windows versions ......... VirusBarrier is not a comprehensive tool for eradicating Windows viruses._



None of the anti-virus programs for the Mac scan for all of the *over 180,000* (not 60,000)
http://vil.nai.com/vil/default.aspx
Windows viruses.  They only scan for those Windows viruses that are spreadable to Mac users via e-mail, or as Word and Excel macro viruses.  It is extremely unlikely tht Mac users will see other Windows viruses show up on their machines.  

In any case, as I said, Windows users need to be responsible for protecting themselves from Windows viruses.  Windows viruses are not Mac users' responsibility, and Mac users, unless they are are absolutely clueless, aren't going to be speading any Windows viruses.  No anti-virus software is necessary to protect Windows using colleagues.

One note, to avoid all Word and Excel macro viruses, all that you have to do is turn on "Macro Virus Protection" in Preferences in Word and Excel.  You don't need anything else for this.


----------



## SatCure (Dec 31, 2007)

Kiral - just a note on English. The verb to "effect" means to "bring about" or "make happen". The verb you need is to "affect". Using the wrong verb doesn't help your credibility and I agree with Randy - especially since I've been using Macs since 1987, been on-line since 1995, and I have *never* seen a single macro, trojan or virus that would affect my Mac. In the early days I did receive a few suspicious attachments that could have been Windows viruses but I simply trashed them with a single click. I don't need software to do that for me!

Now you might say "you've been lucky" but, if so, I have a lot of friends in the Mac community who have also been "lucky".


----------



## bluehaze24 (Jan 8, 2008)

I downloaded an update that was to prevent virus through Microsoft word and now my Word is gone. How do I get it back?


----------



## SatCure (Jan 8, 2008)

Which rather proves the point that so-called "virus protection" for MacOS can do more harm than good, unfortunately.


----------



## Randy Singer (Jan 8, 2008)

bluehaze24 said:


> I downloaded an update that was to prevent virus through Microsoft word and now my Word is gone. How do I get it back?


I've never heard of an "update" (to what, to Word itself?) for this purpose.   Where did you get this update?  How was it installed?

Have you done a Spotlight search for Word?

Do you still have the original CD-ROM that Microsoft Office came on so that you can reinstall it?


----------



## bluehaze24 (Jan 9, 2008)

It was a normal update that my computer prompted me to DL.  Normally I just download them.  This time it erased my Word.


----------



## Randy Singer (Jan 9, 2008)

How about the other questions that I asked?


----------



## bluehaze24 (Jan 9, 2008)

I dont have the disk becuase I got office from a friend.  I tried to use spotlight and it found the test version that comes with the computer.  I will have to find somebody else with the disk to re-install word.

It was installed like every other update.


----------



## HarryO52 (Feb 19, 2008)

Absolutely agreed.  There was a posting on one of my MacOSX mailing lists that quoted, and I don't know the exact source's name, but it was a large software firm, that viruses are non-existant for OSX.  Malware is out there, but you have to search for it, and it's very easy to avoid it if you do find it.

Harry


----------



## HarryO52 (Feb 19, 2008)

I'm afraid I replied the above to the wrong thread....sorry.

Harry


----------



## Jemma (Feb 20, 2008)

So having read all these threads I'm wondering if my mail issue is virus or application related. I started having problems on Valentines day last week; after downloading security update from Apple. Now I keep receiving emails I sent last week, there are copies and copies of the same email being created and stored in my drafts folder, and friends are irritated because they are receiving the same email 35 times. I'm using iMail. I contacted by Internet Service Provider/Cable company and they assure me it's not their end. 

Anyone got any ideas?

I installed Avast Virus software and that shows no viruses.....


Stumped!


----------



## pedz (Feb 26, 2008)

A bit off topic but one thing I do not like (this is going to be hard to describe) is the pop up that says "Foo changed and is requesting permission to access your keychain".  The message varies.

If I just updated Foo, then the message is great.  I appreciate it.  But I've had them pop up out of the blue and I honestly could not tell if it was valid or not.  Maybe the solution is for all those pop ups to happen just after install... some how.

I like how I'm quized about running something I just downloaded.  I've been worried about Trojan horses (e.g. something that looks like a jpeg but is actually an application) but this makes it harder for that to happen.


----------



## ziomatrixacs (Mar 12, 2008)

Hello, I have a few questions..kinda new to Macs. I know there are very few viruses for OS X 10.4... I think the iPhone's popularity has caused a few viruses to pop up but they technically shouldn't effect a computer right?
I have an iBook G4 and I use it in a college that is entirely Macintosh based, so I am concerned about file sharing and security from hackers. I have noticed there is a firewall in system preferences > sharing and I would like to know if it is potent? I know that stock PC firewalls are a joke but Mac is more serious about safety, so is it better? 
Are there any free firewalls and virus protection available that does the job well? I need to get a few parts for the computer but virus protection is defiantly on the list..I know the stuff you pay for is better than the free stuff but I just want some thing that will work for now.


----------



## Satcomer (Mar 13, 2008)

ziomatrixacs said:


> I know the stuff you pay for is better than the free stuff but I just want some thing that will work for now.



ClamAV

Mac viruses (two of them) need your permission to be installed. One of the OS X virus is a concept called the Newton Virus (but it is a joke trojan). Here is a video of it Newton Virus.

The second is installed by one going to an obscure porn site and it ask you to install a QuickTime plugin to view a porn movie. You can read about it at Macworld. the article will tell a user how to clean his DNS settings where it attacks.


----------



## ziomatrixacs (Mar 13, 2008)

Thats it? only two? 
I dont use those kinds of sites, but does that mean any quick time plug in could be a virus?


----------



## Satcomer (Mar 14, 2008)

ziomatrixacs said:


> Thats it? only two?
> I dont use those kinds of sites, but does that mean any quick time plug in could be a virus?



Yes only two. The security level for Unix (BSD Unix is the core of OS X) requires your permission to install stuff where it could affect the system. Hence the different levels in the Mac Finder. Top level for the entire system, User level for YOU. 

The second answer is No. It pretends to be a QuickTime plugin.

To protect you self go into Safari (or ant browser's preferences) and turn off automatic unpacking/installing. In Safari is is Preferences and then uncheck "Open safe files after downloading".

Lastly a little web commonsense can go real far in protecting yourself, on any computer platform. 

Note: If you really want to be safe go to OpenDNS and use there DNS. Then go back to the site and create a free account. Then in that free account you will be able to block known phishing sites with adding additional software bloat to your computer. You also can block custom sites too. One added benefit using OpenDNS is many users (including me) saw quicker web site loading after using their DNS. That is way I recommend the service almost every chance I get.


----------



## ziomatrixacs (Mar 14, 2008)

Eh, I was downloading programs and I got one called Podview a week ago from versiontracker.com It asked me for my password and I pput it in ...Doh! It didnt say why but I thought it was to allow my ipod to send info back into the computer. The pprogram works and i havnt noticed any ill effects. I also took all of the @ symbols out of my adress book..I know windows version is very dangerous.. kinda assumed the same concept could be applied to a mac.


So that open DNS thing would make my internet run faster but all of my info would pass through them?


----------



## Satcomer (Mar 14, 2008)

ziomatrixacs said:


> So that open DNS thing would make my internet run faster but all of my info would pass through them?



Yes. It is a simple case that most ISPs really have no clue on DNS. They don not keep up on the ever changing net. 

Now if you really want piece of mind on a Mac then you get a program that monitors you connections outbound. That program (that I use) is shareware and it is called Little Snitch. You will be really surprised how many programs call home way beyond simple updating cues. Using the program seems overwhelming but the more you use it the less you notice it.


----------



## ziomatrixacs (Mar 15, 2008)

Interesting.. so I am using dial up right now, if I were to use OpenDNS, would I notice a substantial increase or just a moderate increase in speed? I noticed that I only get 46-49kb/s instead of the 56kb/s rate that dial up is advertised. Of course everything computer is jacked up a bit like advertising a 200gb hard drive before formating it, so i could imagine that its no different with internet.
..Not sure if I want all of my info passing through them though.

Little snitch is interesting, it looks like it can block outgoing connections right? Brings back windows XP memories of going into CTRL ALT DELETE control panel and then going into processes and seeing my RAM being taken up by alot of ominous sounding things with .exe at the end of them. Looks like it tells you where the connection is trying to go, not what it does. I would be worried about blocking something vital yet completely user accessible like those ominous .exe files in XP.


----------



## Satcomer (Mar 15, 2008)

Oh you still on dial up, that makes a difference. Then Little Snitch and OpenDNS is a little overkill on a dial up.


----------



## CaribbeanOS-X (Mar 20, 2008)

Chevy:

I wanted to get back to that link you posted above but no go... i just opened up a you tube video and a sketchy flash player msg popped up?  Asking me to update a plug-in... No thanks!  closed out of FF and wanted to check those setting i read about in your post but the i am getting an Apache Error msg from the forum?  Did you happen to copy the terminal instructions?


----------



## ziomatrixacs (Mar 20, 2008)

Well, I use dial up at home and wireless DSL when I am intown..which is often actually.
I might get the DNS, don't know if I need little snitch though.


----------



## runeblade (Mar 31, 2008)

A word of caution...some virus protection software is worse than a virus itself. I have to reinstall my OS this week because of an install of Intego Virus Barrier X5 that F*****ed up my Macbook and can't be fully removed.


----------



## Rhisiart (Apr 12, 2008)

runeblade said:


> A word of caution...some virus protection software is worse than a virus itself. I have to reinstall my OS this week because of an install of Intego Virus Barrier X5 that F*****ed up my Macbook and can't be fully removed.


Did you let Intego know? In my experience their customer support is generally pretty good. They will often provide a patch pretty quickly.

However, do you really need virus protection software anyway? Given that there are no viruses for Macs and that VirusBarrier won't stop you passing on most Windows viruses to PCs, what is it for?


----------



## Rhisiart (Apr 12, 2008)

Given my problems with a very sick iBook, I have given thought to getting a low cost Dell PC laptop (I just can't afford a new iBook at this time).

Now having read this article, I've changed my mind.

The latest edition of the Symantec report covers the second half of 2007 during which time the security firm detected 499,811 new malicious code threats. This figure was up 136% on the first six months of 2007.

Throughout 2007 Symantec detected more than 711,912 novel threats which brings the total number of malicious programs that the security firm's anti-virus programs detect to 1,122,311.

The report notes: "almost two thirds of all malicious code threats currently detected were created during 2007."

The vast majority of these viruses are aimed at PCs running Microsoft Windows and are variants of already existing malicious programs that have proved useful to hi-tech criminals in the past.


----------



## nixgeek (Apr 12, 2008)

Rhisiart said:


> Given my problems with a very sick iBook, I have given thought to getting a low cost Dell PC laptop (I just can't afford a new iBook at this time).
> 
> Now having read this article, I've changed my mind.
> 
> ...



Well, if you were to still purchase that Dell laptop, you could do one of two things.  One, you could set up a certain type of system that rhymes with "Macintosh" that we're not allowed to talk about in here , or you could install Ubuntu Linux on it.  I've got it installed on my new work laptop, a Dell Latitude D630, and it runs incredibly well.

Still, I would much rather have the iBook.  Of course, the geek in me would probably dual boot it with Ubuntu/ppc anyways.


----------



## Rhisiart (Apr 12, 2008)

nixgeek said:


> ....you could install Ubuntu Linux on it.  I've got it installed on my new work laptop, a Dell Latitude D630, and it runs incredibly well.


Thanks nixgeek. That's a very good suggestion. I shall look into it.


----------



## slimeyapple (May 26, 2008)

ClamXAV.com (Mac OS X) and Clamwin.com (for windows OS) are both free. I keep antivirus software since I have a mixed-network. While the viruses that ClamXAV has discovered were Windows viruses, it prevented them from infecting any part of my network. 

While they won't hurt your computer, a Windows virus could spread (your Mac as a carrier.)


----------



## symphonix (Jun 27, 2008)

I just thought I'd bring a couple of new Trojans to the attention of the MacOSX.com community. http://www.f-secure.com/weblog/archives/00001461.html

*Backdoor.Mac.Hovdy.a* apparently isn't in the wild yet, but the source code for it is circulating, meaning it is only a matter of time. Being a trojan, it still requires user intervention or social engineering to spread. 



> PokerStealer.A heavily relies on social engineering. It comes with the filename PokerGame.app (180Kb), sounds interesting, right? ... However, once executed, it will prompt the user for a password.



I'd just like to remind the forums that we aren't immune to social engineering, and a good deal of common sense, along with a suspicion of any app from an unknown source, will save you a lot of trouble.


----------



## Satcomer (Jun 27, 2008)

Well Macworld just released an article called The ARDAgent security hole: What you need to know that people might take a look at.


----------



## Captain Code (Jun 27, 2008)

The threat is low.  Don't open email attachments from people you don't know, and don't download strange programs from strange websites.  If you follow that you are OK.


----------



## dlbk (Jul 2, 2008)

I'm not sure if this is the place to post, but tonight I got home from work, opened my e-mail and when I try to open any mail in my in box, the field stays blank and it appears it's working to open, but at the bottom of the page where the connection script is running, up pops: js.worthathousandwords.com and nothing opens. This was at one yahoo address, yet another is working fine. Would this mean it's definitely a Yahoo issue? Or do I have an OSX bug?

Thanks,
Deb


----------



## dlbk (Jul 3, 2008)

I tried the same mail address at work this morning and there's no issue, no getting stuck with a blank page, so should I assume there's a bug on my iMac @ home? 
Does anyone have any recommendations I could follow to fix the problem?

Thanks,
Deb


----------



## Doctor X (Oct 4, 2008)

A *He Who Must be Obey'd* suggested "add to the existing thread" rather than start a new one.  I prefer that, but some boards get "touchy" over 
	

	
	
		
		

		
			





 thread.

Ran into more than one person with a Mac complaining about slow internet connections.  Noticed a few threads asking the same thing.  Recommended DNS Changer Removal Tool fixed problems.

The creator of the DNS CRT advertises a program to hunt down more Trojans, vira, and the like.  I researched that about a year ago in a fit of paranoia--found this thread--and learned it does not really remove anything save, perhaps, parts of programs that check for updates.

So . . . any update on the nature of security threats for Macs?

--J.D.


----------



## fryke (Oct 4, 2008)

The DNS Changer trojan is the only threat I've found on any Mac in recent years (!), and it was only on _one_ customer's iMac (and not a MacBook he's using in the same local network). Since the DNSChangerRemovalTool works fine eliminating the threat, I'd say the risks of living the Mac life online are still on quite a comfortable level.


----------



## Doctor X (Oct 4, 2008)

Thanks, allow me to ask what may be a stupid question.  In my many PC _versus_ Mac I have had a PC user claim that Macs are "just as" potentially insecure.  Obviously he does not know what he is writing about--he found a virus for . . . System 6!

Obviously, the guy does not know what he is writing about; however, he cited "evidences" that the Mac has more "security problems."  The actual data shows otherwise; nevertheless:











what are these "vulnerabilities" and "criticalities?"

--J.D.


----------



## Rhisiart (Oct 4, 2008)

I have always understood that the main reason for Macs' excellent security record is that Apple has too small a share of the global computer market (currently 8.2%) to be attractive enough for hackers to spend the time and effort to target them. Of course Apple's robust system operating system plays a factor too.

I understand that these days hackers are generally more interested in criminal activity that just hacking for fun and corporate PC systems are still the most lucrative market.

Perhaps if Apple reached > 15% of the global market, the situation may change. Then the MACOSX may be tested to the full.


----------



## fryke (Oct 4, 2008)

The market share part is only an excuse by Windows users. 8% is more than enough market share for exploits to be used. The thing about most of the really scary Windows-security stuff is how multiple exploits can be used together. Of course the scale _does_ play a certain role, but the fact that most issues on the Mac actually need the user to install something fishy kinda makes them "critical" only to - sorry to say this - rather naïve users.


----------



## Rhisiart (Oct 4, 2008)

fryke said:


> The market share part is only an excuse by Windows users. 8% is more than enough market share for exploits to be used. The thing about most of the really scary Windows-security stuff is how multiple exploits can be used together. Of course the scale _does_ play a certain role, but the fact that most issues on the Mac actually need the user to install something fishy kinda makes them "critical" only to - sorry to say this - rather naïve users.


If the market share does rise, it will inevitably harvest more naive users (perhaps like myself). However, I take your point fryke.


----------



## ElDiabloConCaca (Oct 4, 2008)

Also, bear in mind that in pre-OS X days, Apple wrote their own operating system and it was much like Windows 95/NT/95/Me/XP in that it was primarily written as a "single-user" operating system with multi-user capabilities bolted on as an afterthought.

Apple doesn't write their own operating system anymore.  It's now based off of FreeBSD (with portions of Next/OpenSTEP, which was also UNIX-based), which has been in development for decades, and, in turn, is based off of the original UNIX operating system which is more than 30 years old.  UNIX was originally written as a multi-user operating system, and part of the mind-set behind such operating systems is sheer paranoia, and that no one should be trusted with any more capabilities than they need.

People have been trying to hack UNIX for 30 years.  The operating system itself is one of the most secure in the world.  It is simply not true that because Mac OS is not as popular as Windows or as widespread that interest in "hacking" it is lower than interest in hacking/exploiting Windows.  People are very interested in hacking UNIX, and have been for decades.

More people hack Windows simply because it is more hackable, plain and simple.  Exposure may play a part in that, but a small one -- Windows is, inherently, more insecure than Mac OS X (ie, UNIX).

Also, the trojan(s) that appear on Mac OS X take advantage of social engineering instead of security flaws in the operating system in order to wreak havok.  The DNSChanger trojan requires that the user actually take action (double-clicking the installer) and provide their password in order to operate -- which is much different than the way most exploits work on Windows.  In short, someone actually has to be sitting in front of their Mac, logged in, and take action for anything to actually infect the computer, and they must explicitly install the malicious software themselves... whether or not this happens by trickery is beside the point and pretty much out of anyone's hands.  With Windows, this is not true.  You can leave an internet-connected Windows machine sitting by itself at the login screen and you could be 5,000 miles away and it could still become infected.

You're going to kill me Fryke, but here goes another simile: explicitly being tricked into launching a trojan program and supplying your password is like handing over your house keys to a stranger then acting surprised when you've been burgled.  The burglar couldn't have done anything to the inside of your house without tricking you into handing over your keys (ie, your password).  While measures can be taken to prevent trickery, it is ultimately up to the computer owner/user who and what they allow to run on their machines.  If you're easily tricked into thinking you need some new QuickTime codec to view questionable videos on the internet (which is how the DNSChanger trojan works), then the computer becoming infected is nobody's fault but the user's.

Naivete is no excuse to blame Apple or make claims that Mac OS X is insecure, just as not knowing the speed limit is no excuse for exceeding it and getting a ticket.  It is up to the user to know who to trust and who not to, and, like I said earlier in the post, UNIX is set up as a "trust no one" operating system.

The internet is out to get you, but it cannot do so with Mac OS X without your explicit permission.  If someone is tricked into compromising their system, then they have only themselves to blame.  There are warnings posted everywhere (like Firefox's phishing warnings), just like there are speed limit signs, yield signs, curvy road warnings and falling rock warnings posted everywhere along the roads you travel.  If you choose to ignore these warnings, then you're on shaky ground and are taking unnecessary risks and putting yourself in harm's way.  It is completely the user's responsibility to pay attention and observe street signs, the same as it's the user's responsibility to know what they're letting happen on their computer.  If they're unsure about anything, the only reasonable and excusable action is to not do it.


----------



## Doctor X (Oct 4, 2008)

Thanks!

Next time a PC'r starts the "if Mac was t3h popular" or "it is all user responsibility" I will cite that post.

The particular user claims to have "never had a virus or Trojan"--though he regularly runs proprietary anti-virus software.  "Only an idiot gets a virus."  So I asked him, being a "genius," why he bothers to pay for anti-virus software if he is, you know, so smart and stuff and his PC is "just as secure" as a Mac.

I am sure you have all heard this fallacious analogy: _Why do you lock your front door?_

I reminded him that he lives in a trailer next to a crack house whereas I live on my private island surrounded by sharks and candiru so, no, I do not lock my door.  For some reason, he became very upset. . . .

--J.D.


----------



## ElDiabloConCaca (Oct 4, 2008)

I have to admit that on my Windows machines, I have never been the unwitting suspect of a virus or trojan -- the one time I did get infected was when I was explicitly asking to get infected and allowed myself to get infected.  Of course, I was running anti-virus software and had the system locked down behind a firewall, and I basically gave permission for the virus to enter my system.

I kinda just wanted to see what happens.

At any rate... Macs ARE popular.  Dare I say even more popular than Windows.  But let's not confuse "popular" with "widespread."  Electric cars are more "popular" than gasoline-powered cars, but there's not more of them -- they just get more attention.

Mac OS X has had over 30 years of security hardening done to the underlying OS framework by some of the gooberiest, nerdiest, geekiest, mathematically-inclined minds -- Windows has about 15 (the current incarnation of Windows we use today started with Windows 95, even though there are major differences in the underlying structure of the operating system).

And, you can throw that "it is all user responsibility" fallacy right back at your friend -- Mac OS X cannot become infected simply by sitting on the internet.  Windows can.  If it were all the user's responsibility, that wouldn't happen.

http://www.techworld.com/security/news/index.cfm?newsid=5535

http://news.zdnet.com/2100-1009_22-137900.html

http://it.slashdot.org/article.pl?sid=05/07/01/0218209&tid=172&tid=220&tid=218

Mind you, those articles are at most 5 years old, and security patches have been made available so that compromises don't happen so quickly.  I saw no articles about Mac OS X systems being compromised at all.

Hell, I'd even be willing to set up a test site if someone would like to take a stab at compromising a Mac OS X system.  I'll set up a default Mac OS X 10.4 Server, bring it up-to-date, expose the whole damn thing to the internet (no hardware firewall, software firewall disabled, in my router's DMZ), give out the administrator user name that I choose, and publish my IP address.  I'd be willing to bet money that no one could gain any meaningful access to it in a week and that it would be humming along just fine for months without being compromised.


----------



## Doctor X (Oct 4, 2008)

Funny.  I was going to just leave the "thanks" then a self-proclaimed PC "expert" posted that basically all of that information is suspect because it come from a "Mac Guru."

She also posted a "roll-eyes" smiley.

Damn!  How does one rebut the "roll-eyes" smilie?!11!  It is t3h D34dly!!11!

So, I will post your invitation.  

See if she puts her money where her mouth is.

--J.D.


----------



## ElDiabloConCaca (Oct 4, 2008)

What "Mac Guru?"  Sophos was the author of one of those articles, and they are renown for their cross-platform anti-virus software.  If they're labeled as a "Mac Guru," then they must also be labeled as a "Windows Guru" as well as a "Linux Guru."  So, with them being a "Windows Guru," then by her own reasoning and logic, their word must be taken as a truth, right?


----------



## Doctor X (Oct 4, 2008)

Exactly.

She will not take your challenge and recommends we all "Google" "Mac Hacks" and attend a BlackHat conference!

To quote Sanjuro in _Yojimbo_: "Can't help fools."

--J.D.


----------



## ElDiabloConCaca (Oct 5, 2008)

I've read all about the Mac Hacks at the BlackHat conference, and there's holes or "gotchas" in every one of their tests:

http://www.newswireless.net/index.cfm/article/2932

It seems that you have to be using special hardware that is not included with standard Mac configurations, among other things.

And why does this have to be a "Mac vs. PC" thing?  I know Macs _extremely_ well, and I know Windows machines _extremely_ well.  I also have a bachelor's degree in Linux and UNIX programming, security and administration.  I don't think that one platform is "better" than another, and it pains me when people "take sides."  It's ridiculous.  Just open your mind, learn all of the operating systems, and use whichever OS suits your needs at the moment.  Being so blindly loyal to one operating system doesn't make you cool or give you the right to slam other operating systems -- it makes you a closed-minded, bull-headed, stubborn fool.  It's almost like admitting you haven't the mental capacity to learn how double-click on an icon in more than one environment.  After all, under Windows, Linux, most UNIX and Mac OS X, it's all just clicking and double-clicking... how freaking hard is that?

Call me a fanboy; call me a Mac-lover; call me whatever.  I use Macs more than I use any other operating system, but I would bet money (or even a limb) that my knowledge and skills with Windows extends far beyond anyone who uses solely Windows and dismisses Macs sheerly out of some sort of far-fetched prejudice.

To quote a horrible cheerleader movie: Bring it.  I'll school you with Macs, and I'll make you feel like a 3rd grader with Windows computers.  Quit being such a stubborn idiot and expand your horizons.  You may just like what you see if you go into the situation with an open mind.  Just because you like Windows doesn't mean you need to hate Macs.


----------



## Doctor X (Oct 5, 2008)

Indeed.

I simply prefer Macs for reasons I am sure you have heard enough times from ease of use to better security.  However, there is never a "perfect" system nor a "perfect" computer.  I think Macs are "better" made  . . . _some_ of them.  It is easier, in my opinion, to secure a Mac.  It is also possible to screw up.  Leave your doors open, your keys in the ignition, in a "bad neighborhood," do not complain if your metaphor gets stolen like a car. . . .

Beyond the "joke partisanship"--which is how the argument started--there are those who take this very very seriously.  It is like sports fans.  I have a friend who is a Yankees fan.  We have relatively civil discussions.  However, too many revert to the "Yankees suck!" "A-rod is Gay!" "Red Sox suck" level of sports analysis.  That is "fan-boy" speak, and it is useless and pathetic.

Thus with Mac _versus_ PC.  

The "PC Fanboys and Fangirls," in question, had no response to your posts.  If they have something of substance--rather than "Macs r useles!" and profanity, I will inform them of your response.  One asked, "how do you define pc and mac?"  I am not going to waste time with that.

That being written, I have converted far more PC users to Macs than I have encountered Mac users who have converted to PC . . . 

. . . and I know quite a few who use both . . . OMFG!!!11!!

*Back to the Topic*

So are there any more things a Mac user should worry about?  

--J.D.


----------



## fryke (Oct 5, 2008)

Just slightly off-topic: ElDiablo - I won't kill you for metaphors that work.


----------



## LABachlr (Dec 2, 2008)

So, almost 4 years after the original post of this thread, are there still no known viruses for OS X?  Why is Apple suggesting that we have "multiple antivirus utilities" on our system?

http://support.apple.com/kb/HT2550

Is it still just to protect our PC user friends, or has the Mac OS been compromised?  I'm going to guess it's the former, but please do advise.

Thanks.


----------



## Randy Singer (Dec 2, 2008)

Apple is suggesting that you use anti-virus (AV) software because they are covering their asses.  That way if, god forbid, a tremendously virulent piece of malware were to suddenly appear, they could say "we *told* you to use AV software" and they would be absolved from blame.

Of course, they say just the opposite in this television commercial:

<http://movies.apple.com/movies/us/apple/getamac_ads1/viruses_480x376.mov>

or

http://comapple.notlong.com

Note that while Apple suggests using AV software, they don't mention any specific threats.  That's because there are no really serious threats currently.

If a malicious virus shows up for the Macintosh (and we all know that it is imminent, because we have been told that it is imminent by Windows apologists and "security experts" for 8 years now) it will be all over the press, and they will be telling you specifically what it is you have to protect yourself from. 

For now, there are malware threats to the Macintosh, but they are incredibly rare, and you can protect yourself against them without the need for AV software.

There are a few malicious Trojan Horses for the Macintosh.  However, they are so rare that if you purposely went looking for them, you probably couldn't find them.

Trojan Horses do not self-propagate.  That being the case, they are only disseminated from venues where the origin is anonymous and you can be easily tricked into installing something questionable.  These are usually either peer to peer file sharing networks (i.e. where folks are pirating software and/or music) or questionable Web sites, such as pornography sites.

So, if you don't engage in any risky computing behavior, and if you don't install software from questionable sources, you should be quite safe.  There is no reason to be worried.  The press likes to blow this topic out of proportion and insinuate that a Trojan Horse is the same thing as a virus.  They aren't.  Trojans are very difficult to disseminate, and they tend to dissappear after they are discovered because once the site that is spreading them is closed down, there is no other source to spread them.

The only other significant malware threat to the Macintosh are Word and Excel macro viruses.  These are no threat at all if you don't use Microsoft Office products (or NeoOffice or OpenOffice).  And they are no threat to MS Word users if they are using Word 2008 which does not include Visual Basic.

A Word macro virus can be a a part of a Word document and when opened and run can cause mischief.  But you can protect yourself from a Word macro virus by disabling automatic running of macros in Word.  In Word 2004, click Security, and then check the box for Warn before opening a file that contains macros.

See here for instructions for the various versions of Word:
http://kb.iu.edu/data/agzk.html

If a document has a macro in it, and you weren't expecting it to have one, you can choose to disable the macro until you determine if it is a legitimate or malicious macro.


----------



## ElDiabloConCaca (Dec 2, 2008)

LABachlr said:


> So, almost 4 years after the original post of this thread, are there still no known viruses for OS X?  Why is Apple suggesting that we have "multiple antivirus utilities" on our system?


For the same reason your homeowners association recommends putting locks on your doors.  While a break-in isn't going to happen today, or this week, or this month, or this year, you can't fix the damage _after the fact_.  Putting locks on your door _after_ you've been broken into doesn't do squat.

Apple recommending anti-virus software is not an admission that there are threats in the wild that affect Mac OS X, the same as putting locks on your doors is not an admission that your home will be broken into tonight.

...the same as putting on a seatbelt doesn't mean you're getting into an accident tonight.

...the same as putting on a condom doesn't mean the girl you're with has an STD.

...the same as giving heartworm medicine to your dog doesn't mean the next mosquito that bites him/her is carrying heartworm eggs.

...the same as calling 911 when you hear gunshots doesn't mean someone's been shot dead.

...the same as turning off your computer during a storm doesn't mean you will inevitably will have a power surge.

...need I go on?


----------



## VirtualTracy (Dec 2, 2008)

While surfing last night I was presented with this dialogue window ...







I tried to close the Tab and saw this window:






I opted to _"Force Quit"_ Safari rather than clicking the OK button ...

Then I relaunched Safari and from the menubar chose "History" then _"Reopen all Windows from last session"_.

I made sure I quickly closed the Tab which showed me the above dialogue.

I guess the moral is that if you are careful you stand a greater chance to avoid catching the webs nasties ..


----------



## Randy Singer (Dec 2, 2008)

ElDiabloConCaca said:


> For the same reason your homeowners association recommends putting locks on your doors.
> 
> ...the same as putting on a condom doesn't mean the girl you're with has an STD.



There is a slight flaw in your analogies, though.  Thieves do exist.  So do STD's.

There are no OS X-specific viruses yet. 

So installing anti-virus (AV) software isn't protecting you from something that is unlikely.  There is nothing, yet, to be protected from.

Also, most good AV software requires the developer to write a definition to ward off a known virus threat.  When such a definition has been written, everyone's AV software needs to be updated with that definition.  So,  if you install AV software now, it will be useless against any future threat until it is updated.  That update won't be forthcoming until any new threat is generally known.  So, theoretically, you can wait to purchase AV software until when and if there is a threat.  Macintosh users who have relied on this have saved themselves the expense of AV software for the past 8 years (since the introduction of OS X.)


----------



## ElDiabloConCaca (Dec 2, 2008)

Randy Singer said:


> There is a slight flaw in your analogies, though.  Thieves do exist.  So do STD's.
> 
> There are no OS X-specific viruses yet.


Nope, you're right.  There are no OS X-specific _viruses_ yet...

...but there are trojans.  Two, to be exact.  Plus rootkits have existed for UNIX for 30 years or more now, and since OS X _is_ UNIX, it is susceptible to the same security flaws that UNIX is.



> So installing anti-virus (AV) software isn't protecting you from something that is unlikely.  There is nothing, yet, to be protected from.


Untrue.  In addition to the trojans that are Mac OS X-specific, you will also be protected from UNIX rootkits and exploits as well as _all_ Windows viruses, so you don't pass them on.  Kind of like never exhibiting any symptoms of herpes, but being a carrier of the virus.  (Sorry to be so graphic!)  Think that girl will be so happy to hop in the sack with you when you tell her, "Hey, I got no viruses that are compatible with me, but I may carry a virus that's compatible with _you._"



> Also, most good AV software requires the developer to write a definition to ward off a known virus threat.  When such a definition has been written, everyone's AV software needs to be updated with that definition.  So,  if you install AV software now, it will be useless against any future threat until it is updated.


Not true at all... virus software employs advanced and complex heuristics to defend against unknown threats.  Antivirus software can scan not only the known virus activities, but can detect "virus-like" behavior that can protect you against a virus that is not currently in the virus definitions file.

The good thing about being protected from a known threat is that then the damage can potentially be reversed.  However, using virus behavior heuristics, you can _prevent_ infection from an unknown threat.



> So, theoretically, you can wait to purchase AV software until when and if there is a threat.  Macintosh users who have relied on this have saved themselves the expense of AV software for the past 8 years (since the introduction of OS X.)


Sure (unless you're the first person to be infected by it, which is quite possible -- people _do_ win the lottery), but what if that virus deletes your home folder?  What if it renders your system unbootable?  "After-the-fact" virus protection doesn't help there at all, especially if you fly-be-the-seat-of-your-pants and don't keep backups (as we know many, many, _many_ users here still do).

I'll have to defend my analogies and say they're pretty spot-on.  Catching a virus on your computer is extremely similar to catching an STD in real-life -- you can't tell from outward appearances whether they're "infected" or not, so being safe up front is the best protection you can take.



> There are a few malicious Trojan Horses for the Macintosh. However, they are so rare that if you purposely went looking for them, you probably couldn't find them.


Also not true at all.  Ask any member here how many threads we've had recently about the DNSChanger trojan -- it's more widespread than you're making it out to be, and not everyone has the sense of mind to read any popups that occur before blindly clicking "OK" and saying "Sure, I _do_ want the updated Quicktime codec to view some obscure movie that I didn't request!"

Just to set the record straight and clear any confusion: I do not have any virus protection installed on my Macintoshes.  However, I am an educated network and security engineer, and I know _everything_ that my systems do and have access to.  I'm not recommending that everyone do the same as I do, and not to sound arrogant, but I've been around the block since the original IBM PC was released and I know what to do and what not to do.  I'm not trying to convince anyone to either run or not run anti-virus software on their Mac -- I'm just backing up Apple's position in saying that virus protection is recommended.  My virus protection is knowledge of my systems... for those that don't have such in-depth knowledge, you may need virus protection to cover the bases that you can't cover.


----------



## Doctor X (Dec 2, 2008)

Well, it is sort of like this thread and the concerns I raise--many of the public, like myself, are not computer security experts.  Any day I can get into a "Mac _vs._ PC" fruitless debate that recapitulates many of the myths exposed in this thread: bottom line is people believe them.

So you will hear that basically, at any moment, a virus _will_ be developed or once the Mac reaches that critical market share all t3h 3v1l virus creators will turn their attention to Mac OS.  I think a scroll will be unraveled and a cow will try to mate with an avocado when that happens.

I think Apple is responding to that--the criticism that some day Apple will "need" anti-virus protection.  That is not a bad approach.  However, I also think it _really_ recognizes the problem that Mac users may have with passing a PC virus or getting one if they use Parallels/Bootcamp.

On that note, I got my "First Official Virus" this week when I googled for a picture--a normal picture, not a porn picture!--clicked on the picture, and got a warning that the page went to a "bad page"--then my Sophos immediately alerted me to a virus that was downloaded on my computer!!11!



Now my Mac could not "read" the file if I wanted to activate it.  It sat on my desktop with Sophos asking me if I wanted to trash it, which I did.  So was I "infected?"  I do not run P/BC, but if I did I doubt it could _do_ anything unless I tried to open it--myself!--under those or attached it to an e-mail and sent it to a PC using friend with the "oh just go ahead and enable it!"  The e-mail antivirus would have probably got it.

Nevertheless, I assume that non-event is far more common to other users, and I am sure many immediately get on the phone with Apple demanding to know why their Apple is "infected."

--J.D.


----------



## Randy Singer (Dec 2, 2008)

ElDiabloConCaca said:


> as _all_ Windows viruses, so you don't pass them on.



Well, first, no true Macintosh AV program looks for *all* Windows viruses.  At most, they look for the Windows threats that are likely to show up on a Mac via e-mail and the Web.

In any case, Macs simply do not spread Windows viruses and there is no sound reason why Mac users need to be concerned about protecting Windows users from 
viruses.

Windows viruses usually show up in one of two ways on a Macintosh.  First, they can show up as an e-mail attachment to a message sent out by a Windows virus on a Windows computer.  In this case, the attachment won't run on your Macintosh and it will open (if at all) as just a mess of code.  Since a Window virus can't run on a Mac, it cannot re-e-mail itself out from a Macintosh (i.e. it cannot be self propagating).  Such a virus will be easy to spot and just trash.  There is little to no chance of spreading such a virus to a Windows using colleague.

The second common way to get a Windows virus on your Mac is to receive a Word or Excel macro virus as part of a Word or Excel document that someone sends you.  You should have "Macro Virus Protection" turned on in the preferences of both of those applications, which will keep any unidentified macros from running.  Documents with unidentified macros should never be sent to others.

So, if a Mac user exercises the slightest amount of care, the likelihood of a Mac user accidently infecting a Windows-using colleague with a virus is ridiculously low.   No virus detection software is required to protect Windows-using colleagues.

In any case, any Windows user who isn't running good, meticulously updated anti-virus software to protect _themselves_, deserves any viruses they get.  There are literally over 180,000 Windows viruses!
http://vil.nai.com/vil/default.aspx
Windows users should protect themselves.  They shouldn't have to rely on Mac-using colleagues to use AV software to protect them from the miniscule possibility of receiving a Windows virus from a Mac user.  Windows viruses are Windows-users' responsibility.


----------



## Randy Singer (Dec 2, 2008)

ElDiabloConCaca said:


> Not true at all... virus software employs advanced and complex heuristics to defend against unknown threats.  Antivirus software can scan not only the known virus activities, but can detect "virus-like" behavior that can protect you against a virus that is not currently in the virus definitions file.



Modern (read: "good") AV software for the Mac doesn't do this.  First, AV programs that did this in the past were notoriously problematic, causing incompatibilities with one's programs and creating general performance issues.

In fact, that's one of the reasons that most Mac users don't want to use AV software.  It has a history of being more of a problem than actually having malware.

Second, they didn't work.  Malware authors found it to be very easy to get around such programs.

Macworld's highest rated anti-virus program, Intego's Virus Barrier, goes strictly by definitions.  That's why it is so highly rated.  It is non-obtrusive, it doesn't slow down your computer, and it doesn't cause incompatiblities.


----------



## Randy Singer (Dec 2, 2008)

ElDiabloConCaca said:


> Also not true at all.  Ask any member here how many threads we've had recently about the DNSChanger trojan -- it's more widespread than you're making it out to be,



I don't count paranoia as an indication of how prevelant viruses are.

I'm the head of a Mac user group with overe 7,000 members.  I'm the resident "mentor" (my actual title) with another user group with over 7,000 members.  I'm on about a dozen discussion lists encompasing many thousands more Mac users.  I don't think that you are going to find anyone who is more in touch with a larger number of actual, ordinary Mac users.  if lots of folks were encountering Trojans, I'd know it.  They aren't.  No matter how much you would like to stir people up.



ElDiabloConCaca said:


> Just to set the record straight and clear any confusion: I do not have any virus protection installed on my Macintoshes.  However, I am an educated network and security engineer



Oh, good...a "security expert."  One of my favorite types of people.  You wouldn't be inclined to tell folks that they need to be worried about malware when they really don't need to be, would you?  Just because your job depends on your doing so...?


----------



## Randy Singer (Dec 2, 2008)

Doctor X said:


> I also think it _really_ recognizes the problem that Mac users may have with passing a PC virus or getting one if they use Parallels/Bootcamp.



At first the concept that one is as susceptable to getting a virus as any Windows user is if you use Parallels/Bootcamp seems to make sense.  But in actual practice, I've never personally known it to happen to anyone.  Not once.

Why?  Because most folks who use virtualization to run Windows do so to run one or two Windows programs that don't exist for the Mac.  They don't open themselves up to receiving Windows malware by surfing the Web or getting their e-mail under Windows.  They use the Mac OS for that.  Without a vector for encounter Windows malware, there is no problem, and no need for Windows AV software.

Is running Windows AV software a good idea if you are using Windows on your Mac?  Probably, since the potential threat is huge.  But if you are careful you can also get along fine without it.


----------



## Doctor X (Dec 2, 2008)

I will note I composed my screed over the time that *Randy* and *El Diablo* were posting without refreshing, so I defer to them.

--J.D.


----------



## Doctor X (Dec 2, 2008)

I am enjoying this discussion since, as I indicated, I get drawn into these things at the peasant level, so it is nice to have these interesting things known as "facts."

So, *Randy* do not take this as a personal criticism but "sauce for the goose."  When you write:



Randy Singer said:


> I don't count paranoia as an indication of how prevelant viruses are.
> 
> I'm the head of a Mac user group with overe 7,000 members.  ["Snip!"--Ed.] They aren't.  No matter how much you would like to stir people up.



You are merely citing an extensive anecdote.  I raise that because, on this board, there have been a number of posters who have come down with that Trojan.  I can cite a few randomly selected Mac users I have encountered in cafes and the like who had had the Trojan.  Now, those are _also_ anecdotes.  I would suggest your users are more sophisticated than the random slob I trip over on my way to my mocha of course, but the point is users _do_ get it even if it does not infect Mac users to the extent PC trojans have and do.

The bottom line is it exists and people get it and even if it is _minor_ or even an insignificant threat, people talk about it.



> Oh, good...a "security expert."  One of my favorite types of people.  You wouldn't be inclined to tell folks that they need to be worried about malware when they really don't need to be, would you?  Just because your job depends on your doing so...?



Can we dispense with the _argumentum ad hominem et Poisoning the Well_ with a dash of _ad veritatem obfuscandam_?  He could just as well place your "head of a Mac user group with overe 7,000 members" in quotation marks . . . like . . . that . . . and then mock you and your user groups--claim you are just trying to sell a book or something.

Not that he would, but you see how equally fallacious and useless it would prove?

You both have your experience which, I presume, you can back up with facts as you _have_ both been.

Thank you.

--J.D.


----------



## LABachlr (Dec 2, 2008)

Great.  Thanks everyone.


----------



## ElDiabloConCaca (Dec 2, 2008)

Randy Singer said:


> Oh, good...a "security expert."  One of my favorite types of people.  You wouldn't be inclined to tell folks that they need to be worried about malware when they really don't need to be, would you?  Just because your job depends on your doing so...?


My job has nothing to do with "security" -- I actually do GIS and database work as a "job," and am only _educated_ as a Linux and UNIX security expert... so your assumption that I somehow needle people into false senses of paranoia in order to further my own career and salary is completely unfounded and downright stupid.  I don't make a damn bit of money, nor do I get any "props" for shoving people into believing anything they don't need to believe, nor buying software they don't need to buy.  Don't assume anything about me.

I would be willing to put my knowledge of Linux, UNIX and Mac OS X up against anyone who wants to pigeonhole me into some stupid, incorrect stereotype.  I think my reputation on this forum reflects that -- I know what the hell I'm talking about.

The fact that your 7,000-strong Macintosh-using congregation hasn't gotten the DNSChanger trojan doesn't change the fact that more than one user here has gotten it.  Like I said, people _do_ win the lottery, and when messing around with viruses, statistics downright stink.  Tell that to the guy who won a million dollars, and tell that guy who got the DNSChanger trojan that you don't believe him because 7,000 other people didn't.

The bottom line is that we have differing opinions on the matter of virus protection on OS X.  You seem to think that whomever contracts a virus deserves it (at least on the Windows side) -- I, on the other hand, seem to think that people should be educated on the matter ("feed a man a fish vs. teach a man to fish").  If they attain the education level where they're comfortable running OS X without virus protection, all the better.  If they know not what's out there and are paranoid, virus protection is good.  I, for one, am not under the assumption that I shouldn't be worried about passing viruses on to my Windows friends... I have many Windows-using friends that are not "technologically advanced" and don't know what to look out for.  While they're always learning, it's ridiculous to think that we should just toss them to the sharks and let them fend for themselves.  I just recently donated an old Windows computer to a semi-friend to help him get into the "technological revolution" that is the internet.  To point fingers and laugh in his face when he tries to look up some porn in a lonely moment and contracts a virus would be downright mean, not to mention judgemental.  Just because a Windows user contracts a virus doesn't mean they deserved it, especially those who are new to the whole computer-internet thing.

And you're right -- paranoia is no indication of a conspiracy... but hard evidence is, and by the scientific method, one instance of evidence to the contrary disproves the idea.  The fact that one person on this forum has been the victim of the DNSChanger trojan is evidence that it's "out there" and that there is a possibility of infection... am I saying that everyone should run out and get virus protection on their Mac?  No, most definitely not.  Am I inciting paranoia to further my own well-being and career?  Nope.  Am I backing up Apple in saying that virus protection may not be a bad idea?

You betcha.

But that's up to the user to decide -- not you or I.  I never said people should run virus protection -- I recommended it for those who _are_ paranoid and/or worried.  You, on the other hand, have decidedly suggested to ignore this information and evidence and suggest that _no one_ should run virus protection on their Macs... which I wholeheartedly disagree with.  Neither you nor I know _every_ Mac user, and neither you nor I know what's best for them, and it's presumptuous, arrogant and downright dumb to pretend so.

With that being said:


> In any case, Macs simply do not spread Windows viruses and there is no sound reason why Mac users need to be concerned about protecting Windows users from viruses.


Absolutely wrong.  There are many reasons Mac users should be concerned about their Windows brethren.



> Windows viruses usually show up in one of two ways on a Macintosh. First, they can show up as an e-mail attachment to a message sent out by a Windows virus on a Windows computer. In this case, the attachment won't run on your Macintosh and it will open (if at all) as just a mess of code. Since a Window virus can't run on a Mac, it cannot re-e-mail itself out from a Macintosh (i.e. it cannot be self propagating). Such a virus will be easy to spot and just trash. There is little to no chance of spreading such a virus to a Windows using colleague.


Wrong, wrong, wrong.  Parallels, Fusion and VirtualBox all allow you to run Windows on your Mac, and if you have shared folders enabled in any of these programs, your chance of infecting your virtual machine (and then having the virus spread to other Windows colleagues) is very real and very possible.  Sure, you can stop it in the virtual machine with anti-virus software, but you could potentially stop it earlier on the Mac side.



> The second common way to get a Windows virus on your Mac is to receive a Word or Excel macro virus as part of a Word or Excel document that someone sends you. *You should have "Macro Virus Protection" turned on in the preferences of both of those applications, which will keep any unidentified macros from running.* Documents with unidentified macros should never be sent to others.


Really?  Does grandma know that?  Does the guy who just bought his Mac know that?  Do those people even know what a "macro" is?  It's a big mis-step to assume that everyone is on a level playing field in terms of computer knowledge.



> In any case, any Windows user who isn't running good, meticulously updated anti-virus software to protect _themselves_, deserves any viruses they get. There are literally over 180,000 Windows viruses!
> http://vil.nai.com/vil/default.aspx
> Windows users should protect themselves. They shouldn't have to rely on Mac-using colleagues to use AV software to protect them from the miniscule possibility of receiving a Windows virus from a Mac user. *Windows viruses are Windows-users' responsibility.*


While I know you hate my analogies by now, saying that is like saying that the person getting mugged in the back alley should protect themself and you shouldn't be bothered to make a phone call or do anything about it.  Pure laziness.  You're on the internet, and as much as you'd like to believe that there is nothing but Macs on the internet and we're just in this little, tiny corner of the internet where no other operating system can permeate, that simply isn't the case.  Insinuating that you could possibly, _willingly_ pass on a Windows virus and the next guy in line should be the one to catch it and deal with it is just pure laziness and goes against the whole "global community" mindset that the internet embodies.


----------



## VirtualTracy (Dec 2, 2008)

Randy Singer said:


> I'm the head of a Mac user group with overe 7,000 members. I don't think that you are going to find anyone who is more in touch with a larger number of actual, ordinary Mac users.



I must admit I'm suprised that with the above _'credentials'(which to me personally are both impressive & meh-ish at the same time)_,  that you would ever attempt to deliver what could be construed by a good many forum folk as a _"below the belt"_ blow:




Randy Singer said:


> Oh, good...a "security expert."  One of my favorite types of people.  You wouldn't be inclined to tell folks that they need to be worried about malware when they really don't need to be, would you?  Just because your job depends on your doing so...?


----------



## Randy Singer (Dec 3, 2008)

ElDiabloConCaca said:


> The fact that your 7,000-strong Macintosh-using congregation...



Actually, if you go back and read what I said, you will find that I am in constant contact with somewhere in the tens of thousands of Mac users.  I'm not trying to be vainglorious in pointing that out, I just don't want it said that my experience with Mac users isn't significant.  I believe that I am in a really good position to know what is happening among Mac users, and to be able to authoritatively made generalizations about it. 




ElDiabloConCaca said:


> hasn't gotten the DNSChanger Trojan doesn't change the fact that more than one user here has gotten it.  Like I said, people _do_ win the lottery, and when messing around with viruses, statistics downright stink.



The fact that one person has experienced something doesn't mean that anyone else is likely to.

I once heard on the news in Florida that a man was eaten by an alligator on the way to work.  Yet I don't propose that anyone needs to carry alligator repellant with them on the way to work.  Even though it once *did* happen.




ElDiabloConCaca said:


> Tell that to the guy who won a million dollars, and tell that guy who got the DNSChanger Trojan that you don't believe him because 7,000 other people didn't.



Who said that I don't believe him?  I didn't.  I believe him, even without having read his post(s).

But then again, I've only ever heard first-hand of two people having encountered this Trojan.  Two out of let's say tens of thousands is pretty long odds.

Since Trojans don't self-propagate, and since disseminating one can land you in prison, the sociopaths who spread them around have to do so in an anonymous environment where folks are willing to download things knowing that they aren't safe.  Usually this is on a peer to peer file-sharing network, downloading pirated software, but it has also been known to occur sometimes on an anonymous Web site.

The thing is, once one person encounters a Trojan, the avenue through which they encountered it is usually quickly closed.  Usually the offending Web site is shut down, or the file/user is removed from the peer to peer network it came from. Also, users are alerted as to how this Trojan is disseminated, and they learn to avoid it.  That means that the Trojan in question no longer has any means of spreading. The Trojan's creator, if they are at all smart, then lay low to avoid capture.  As a result, instead of becoming more and more prevalent, like a virus, the Trojan usually quickly disappears.  

So, given an initial tiny distribution, and the lack of ability to self-propagate, how likely is it that another Mac user will encounter a given Trojan?  Infinitesimal.  Some Trojans infect less than a dozen users before they disappear and are never seen again.



ElDiabloConCaca said:


> The bottom line is that we have differing opinions on the matter of virus protection on OS X.  You seem to think that whomever contracts a virus deserves it (at least on the Windows side)



No...I didn't say that.  That's an egregious distortion.

What I said was that any Windows PC user who does not protect themselves by using AV software deserves what they get.  There are over 180,000 Windows viruses.  Anyone who isn't living in a cave knows that viruses are a huge threat to Windows PC's.  Most new PC's even come with AV software installed.  Vista includes it.  Salesmen are dying to sell it to you.  You fail to run AV software on a Windows PC at your own peril.  There is no reason for Mac users to have to be concerned about Windows malware, it is every Windows user's responsibility to protect themselves.  When someone shirks their responsibility, what do they expect will happen?




ElDiabloConCaca said:


> I, on the other hand, seem to think that people should be educated on the matter ("feed a man a fish vs. teach a man to fish").  If they attain the education level where they're comfortable running OS X without virus protection, all the better.



I agree wholeheartedly.   People should be educated about Mac malware.  They should be told that they don't need AV software and that they can easily avoid malware targeted at the Mac and they should be told how to do so.  "Educating them" that they need AV software is simply spreading FUD.
(Fear, Uncertainty, and Doubt.)  That is contrary to the way Mac users do things.  



ElDiabloConCaca said:


> If they know not what's out there and are paranoid, virus protection is good.



No, *paranoia* is bad.  I prefer to help Mac users get past being paranoid by educating them to the fact that there is no reason to be paranoid.  You seem to prefer to tell them to purchase expensive software that they don't need to assuage their paranoia.  I don't consider that to be doing them a favor.




ElDiabloConCaca said:


> I, for one, am not under the assumption that I shouldn't be worried about passing viruses on to my Windows friends... I have many Windows-using friends that are not "technologically advanced" and don't know what to look out for.



Unlike Mac users, Windows users don't need to look out for anything.  They simply need to run AV software.  As I explained above, they can't miss the need for this.  Newbies and even backward users can't miss this.

If every Mac user in the world started using AV software, it wouldn't make even a tiny dent in the malware threat to Windows computers.

If a Windows user goes without AV software, they are going to be infected with viruses, no matter what Mac users are doing.


Infected In Twenty Minutes
http://www.securityfocus.com/columnists/262

Over 91% of computers running Windows are infected with Spyware! 
(According to a study by the National Cyber-Security Alliance.)
http://phx.corporate-ir.net/phoenix.zhtml?c=104920&p=irol-newsArticle_pf&ID=613958&highlight=


The reality is that Windows users *have* to use AV software.  Given that they should be protecting themselves, why do Mac users have to be protecting them too, and from a virtually non-existent vector of infection?  And especially when there is no other significant threat for which Mac users need to purchase AV software?   Purchasing AV software to protect Windows users simply doesn't make sense.




ElDiabloConCaca said:


> To point fingers and laugh in his face when he tries to look up some porn in a lonely moment and contracts a virus would be downright mean, not to mention judgemental.



Another ridiculous distortion of what I said.  (And a rather disturbing one.)

Want to know what's mean?  It is mean of you to tell your friend that he needs to purchase AV software for about $100, when you should instead be telling him that he simply needs to avoid downloading video codecs offered by such Web sites, to remain safe.



ElDiabloConCaca said:


> And you're right -- paranoia is no indication of a conspiracy... but hard evidence is, and by the scientific method, one instance of evidence to the contrary disproves the idea.



One instance of a person coming into contact with a specific Trojan Horse, by the scientific method, does not indicate that any other person, *ever* will come into contact with that Trojan.

You can disseminate all the FUD that you like, but that doesn't mean that there is any significant threat.  When you can provide evidence that out of 30 or 40 million Mac users out there, that more than a tiny handful of them have come in contact with this Trojan, or that after a certain point in time *anyone* has come in contact with this Trojan, then I might concede that users need AV software to protect themselves from it.

Otherwise you are just talking about the need to carry alligator repellant with you on your way to work.



ElDiabloConCaca said:


> The fact that one person on this forum has been the victim of the DNSChanger trojan is evidence that it's "out there" and that there is a possibility of infection...



As I said previously, there are a small number of Trojans for the Mac.  But I also said that they are incredibly rare, and I'm sticking by that.

Feel free to check with any of the malware tracking services and tell me which Trojans have more than a tiny distribution...

http://secunia.com/product/96/#advisories

McAfee:   http://vil.mcafee.com/

Symantec: http://www.symantec.com/avcenter/

F-Secure: http://www.f-secure.com/virus-info/
http://www.f-secure.com/v-descs/

Sophos Virus Analyses:
http://www.sophos.com/virusinfo/analyses/
http://www.sophos.com/virusinfo/

Symantec Enterprise Security Response:
http://securityresponse.symantec.com/avcenter/venc/data/

SecurityFocus: http://www.securityfocus.com/archive/




ElDiabloConCaca said:


> am I saying that everyone should run out and get virus protection on their Mac?  No, most definitely not.



Exactly.



ElDiabloConCaca said:


> Am I inciting paranoia to further my own well-being and career?  Nope.  Am I backing up Apple in saying that virus protection may not be a bad idea?
> 
> You betcha.



An intelligent person would ask some questions before taking this "advice."

- Why is Apple suggesting this?
- Has Apple referenced a specific threat that I need to be concerned about?
- What specific threats are there?
- How common are these threats?
- Is there a downside to running AV software?
- What advantage in the here and now will I gain from running AV software?
- How often have other Mac users encountered malicious malware?

I believe that the answers to these questions would lead most ordinary Mac users to the conclusion that they don't need AV software at this time.




ElDiabloConCaca said:


> But that's up to the user to decide -- not you or I.  I never said people should run virus protection -- I recommended it for those who _are_ paranoid and/or worried.



How stupid do you think that Macintosh users are?  I think that they tend to be pretty bright.  The Macintosh Way is for Macintosh users to educate and help each other.  I don't think that there are any Mac users who are too stupid to understand the simple ways to avoid the tiny and very rare amount of malware that is out there.  Why not just do so instead of telling them to get expensive AV software that they don't need?  (In fact, even if they are rank newbies, I think that it is still incredibly unlikely that Mac users will encounter any malware, ever.)  If they are so stupid that they can't be educated, maybe they shouldn't be using a computer at all?  Because its just not that hard.



ElDiabloConCaca said:


> You, on the other hand, have decidedly suggested to ignore this information and evidence and suggest that _no one_ should run virus protection on their Macs... which I wholeheartedly disagree with.



Where did I say that "no one" should be using AV software?  I said that ordinary Mac users didn't need AV software.  I believe that several users should have it.

People who run a business where their client files, or their data, is extraordinarily important and who might incur liability if it was lost or damaged, should run AV software, if for no other reason than that it would look bad not to. (e.g. doctors, lawyers, financial consultants, etc.) I run AV software for just this reason.  (Imagine being sued and telling a jury that you lost your irreplaceable files because your computer is a Mac and it doesn't need AV software.  Even grandmas on a jury have heard that all computers get viruses.)

Network servers should have AV software as a best practice.

People who regularly engage in risky computing practices with impunity should probably consider AV software.  (Pirating software can expose you to pirates.  Engage in immoral acts and you will often be exposed to other immoral people who don't have your best interests at heart.  That's how life works.)

But this is a very short list...because the threat just isn't there to justify the need.




ElDiabloConCaca said:


> Wrong, wrong, wrong.  Parallels, Fusion and VirtualBox all allow you to run Windows on your Mac, and if you have shared folders enabled in any of these programs, your chance of infecting your virtual machine (and then having the virus spread to other Windows colleagues) is very real and very possible.



I was concerned about this when virtualization first became available on Intel-based Macs.  So I asked some experts, like the Parallels folks, and others.  They said that it isn't a problem.  They must have been right.  I've never heard of a Mac user's Mac side infecting their Windows side.  (Show of hands...who here has had this happen?

That's just more FUD.




ElDiabloConCaca said:


> Really?  Does grandma know that?  Does the guy who just bought his Mac know that?  Do those people even know what a "macro" is?  It's a big mis-step to assume that everyone is on a level playing field in terms of computer knowledge.



Does grandma use Office?  Why did she purchase Office when she could have purchased iWork for half the price?  iWork may have even come on her new Mac for free.  

Does grandma expect to learn to use Word and Excel without training?  If so, that won't work very well.  I expect grandma to have to have some training to learn to use Office before she can use it at all.  When she learns how to use Office, I expect her to learn about macros and macro viruses as it becomes relevant to her.

Sending grandma out with a new copy of Office, with no training, and telling her that purchasing AV software will make it all safe, instead of just telling her to turn on Macro Virus Protection in Word and Excel's preferences, is...um...unconscionable.  Is this really what you are arguing for?




ElDiabloConCaca said:


> While I know you hate my analogies by now, saying that is like saying that the person getting mugged in the back alley should protect themself and you shouldn't be bothered to make a phone call or do anything about it.  Pure laziness.



Actually, to use your analogy...I would not only call the police, I would go and physically assist the person being mugged.

But later, after it was all over, if I find out that this person was walking all by themselves, at night, down a dark alley, in a bad section of town, I would, of course, say "What the heck did you expect?"

A better analogy would be that this person went for a walk, at night, in a bad section of town, down a back alley expecting that they would be safe because everyone else in the world should be watching after them to protect them.  The world doesn't work that way.  You have to be intelligent and protect yourself.  Just as Windows users should be protecting themselves. 

Let me give you an analogy of my own.

In a perfect world we would all wear facemasks to protect everyone else from the possibility of our spreading airborne germs.  We would also carry around our own porta-potties, to make sure that no fecal-oral transmission of disease (a very common vector) could occur by using shared bathroom facilities.  Transmission of communicable disease would drop significantly if we did this.

But we don't do that.  We are willing to accept some level of risk to trade off against making others (and ourselves) endure some inconvenience and expense.




ElDiabloConCaca said:


> You're on the internet, and as much as you'd like to believe that there is nothing but Macs on the internet and we're just in this little, tiny corner of the internet where no other operating system can permeate, that simply isn't the case.  Insinuating that you could possibly, _willingly_ pass on a Windows virus and the next guy in line should be the one to catch it and deal with it is just pure laziness and goes against the whole "global community" mindset that the internet embodies.



I'm very impressed by your desire to protect our Windows brothers.  Really.  It's nice.

Now let me ask you...do you wear a facemask to protect your spouse and children from the possibility that they might get a cold, or nasty flu, from you?  Wouldn't you feel just horribly guilty if they got sick because of you?

You don't wear a facemask at home, do you?  Why not?  I'll tell you why.  Because we put just about everything that we do through a risk/benefit analysis.  You have decided that wearing a facemask all the time around your loved ones is too much of an inconvenience.  You are willing to expose them to your germs, and maybe a nasty cold or flu, or worse, that you are a carrier of, just for a minor advantage in comfort.

And you know what?  The chances of your transmitting a disease to your family is quite a bit higher than you using your Mac and giving a virus to a Windows user.  In fact, I'd be willing to bet anything that you have done the former many times, and that you have never done the latter.

Purchasing AV software to protect Windows users doesn't even come close to meeting a risk/benefit test.  AV software is expensive, it can slow your Mac down, it can cause conflicts or instability, it is currently unnecessary to protect Mac users against any significant threat, and Windows users should be protecting themselves.  Recommending that Mac users need AV software to protect Windows PC users is indefensible. There is no logical argument that makes it so.


----------



## Randy Singer (Dec 3, 2008)

VirtualTracy said:


> I must admit I'm suprised that with the above _'credentials'(which to me personally are both impressive & meh-ish at the same time)_,  that you would ever attempt to deliver what could be construed by a good many forum folk as a _"below the belt"_ blow:



Sorry, you may be right.  

Some background.

First, I absolutely HATE IT when folks spread FUD among Mac users.  I'm a very long-time Mac user and maybe I'm an anacronism, but I still remember when Mac users all went out of the way for each other and we were a tight-knit community.  Computers are scary enough to most people, they don't need to hear folks spread pernicious untruths about about their computer on top of that.

I really don't like to see folks spreading falsehoods, even if they are pro-Macintosh falsehoods, to Mac users about the Mac.  I think that Mac users should have the unbiased-as-possible facts.  (In Mac vs. PC debates I'm always quick to point out that the PC has several huge advantages over the Mac.  In malware discussions I'm always quick to point out that there *is* malware for the Mac, even though many Mac users stubbornly cling to the belief that there is absolutely none.)

Second, I've seen an influx into the Macintosh press lately of "security experts."  These folks claim to be Macintosh enthusiasts, but like anyone who has been trained in a particular field, they tend to see their specialty as having a big place in any landscape.

So I've been reading articles by security experts in Macworld and TidBits that Mac users all need to have AV software installed.  And I'm wondering which actual Mac users these idiots talked to?  While the subject of viruses comes up all the time in discussion groups and in user groups (mostly because switchers from Windows have a hard time letting go of their paranoia about viruses), no one has reported encountering any malware.

The only time that anyone ever reports encountering malware is when a newbie switcher has a corrupted preference file, or the like, and they just assume that they must have gotten a virus.

Obviously, with the huge influx of new Mac users these past couple of years, mostly former Windows users, the Mac world has changed.  Where most users previously would have networked their Macs themselves in just a few minutes, there are now computer consultants telling Mac users that it would be too hard to do themselves.  Where most users would have previously been happy using a Macintosh application, with a Mac interface, to do things, now many users are being told that a Windows application running in Parallels is the "standard."

In short, there is a huge amount of Windows FUD that is creeping into the Macintosh world.  I guess that I could sit back and just watch as people buy AV software for no reason, hire expensive consultants to do something that a nine year old could do in a few minutes, and run Windows programs with their ugly interfaces without even looking at the elegant Macintosh offerings.  

But I guess that I'm too old-fashioned to sit by silently and accept this.

By the way, I'll be speaking on the topic of Macintosh malware at next January's Macworld Expo.  January 6 at 1PM in the User Group Lounge.  No extra charge to attend.  Please come by and say hello if you are attending MWX, even if you dont intend to stay for the presentation.


----------



## Randy Singer (Dec 3, 2008)

ElDiabloConCaca said:


> Am I backing up Apple in saying that virus protection may not be a bad idea?
> 
> You betcha.



Apple has removed the support page (in which they recommended using AV software) cited recently in the press, saying it was 
old and inaccurate.

http://www.macworld.com/article/137267/antivirusremoved.html


----------



## fryke (Dec 3, 2008)

You spammin'? I mean: This discussion is going quite out of hands, I find.


----------



## Rhisiart (Dec 3, 2008)

The debate is becoming a bit acrimonious. Having a passionate viewpoint is one thing, but it has become a little too personal. Randy, ElDiabloConCaca has contributed much to this forum over the years and I am sure many users (like VirtualTracy and myself) are a little disappointed by your personal attack on him.

Putting that aside, it is interesting to read both of your contributions. I use anti-virus software because I am paranoid. Period. Even if there is a tiny risk of being exposed to a Trojan (and I don't surf porn sites) I think something like Intego's Netbarrier is worth the cost (I hope I am not spamming here!).

I agree with Randy's view that Windows users should at least understand that PCs require anti-virus programmes, that are updated regularly. That seems to be a very basic requirement of using a PC at home. However, I doubt many users understand macros.

I used to be a Boy Scout and our motto was 'Be Prepared'. At the risk of sounding gloomy, I suspect Mac viruses are on their way (but when?). Better to be safe than sorry.

Yours truly,

Rhisiart "Paranoid" Jones of Wales


----------



## fryke (Dec 3, 2008)

(I didn't mean "spamming" the way one usually does, i.e. to promote a product. Rather I meant he was "spamming" the thread with lots and lots of messages. Three posts in a row? Just edit the first one if you have something to add.)


----------



## Doctor X (Dec 3, 2008)

Unfortunately when a fact over-turns a premise--the "infinitesimal" risk of contracting the DNS Changer Trojan . . . when a simple search of just _this_ site will find a rather larger number than "infinitesimal" it destroys the claims made based upon that faulty premise.

Add in the various _argumenta ad hominem_ and I am afraid "Too Long Did Not Read" is appropriate.

Pity.

Unfortunately, some live up to their stereotypes--that Mac users are arrogant self-important egotists.

--J.D.


----------



## Randy Singer (Dec 3, 2008)

Rhisiart said:


> The debate is becoming a bit acrimonious. Having a passionate viewpoint is one thing, but it has become a little too personal. Randy, ElDiabloConCaca has contributed much to this forum over the years and I am sure many users (like VirtualTracy and myself) are a little disappointed by your personal attack on him.



No problem.  I'll recuse myself from contributing here.  I joined in the discussion because someone sent me a personal e-mail asking for my input. If my contribution isn't valued than I won't waste your or my time.


----------



## Doctor X (Dec 3, 2008)

It is not that the contribution is undervalued but the attitude which is unnecessary.

One can discuss and debate far more effectively with decorum than with rancor.

Upon this subject much myth and paranoia abound.  For "gentlemen not skilled in this work," it proves rather difficult to determine who provides sagacity and who shovels bovine excrement.  I find it rather helpful to see different views given with calm and evidence.

When one descends to fallacious tactics one rather undercuts one's position. One appears like another crank tossing out wild theories and prejudices.

Best never to assume the motivations of another over Al Gore's Interwebs.

Best to just concentrate on the premises and arguments.

--J.D.


----------



## tomdkat (Dec 15, 2008)

You know, I've read these kinds of debates over the years and the one question that has always popped into my head that I've never asked is:  _what does it mean to be infected_?

To some, "infection" appears to mean simply having a virus or malware infected file present on their system.  To others, it means the virus or malware actually "hooks in" to the underlying OS or OS environment and actually executes to do some harm.

I tend to fall into the latter camp but I was curious as to what others here thought.  I wouldn't consider a Mac with a ZIP file containing a file infected with a Windows virus to be "infected" with anything.  Doctor X, in the example you state about the photo you clicked, I wouldn't consider your Mac to be "infected" with anything even though something malicious was downloaded.  However, I do agree with you that others would probably think their system _had_ been infected by virtue of something being downloaded.

So, does the education of users people talk about also include defining what constitutes an actual "infection" of some kind?

Peace...


----------



## ElDiabloConCaca (Dec 15, 2008)

I take "infection" to mean that the virus is active and doing whatever it's supposed to be doing on your system.  For some viruses, this means propagating via your email client... for others, it means opening backdoors and entry points that you normally have closed off... yet for others it means deleting files or trying to infect other files so that you, yourself propagate the virus when you distribute those files to others.

In this case, the "file" or "files" that contain the virus would be "infected," but your Mac would not be infected.

For Macs, this means that they _cannot_ be infected with Windows-specific viruses, since Mac OS X is not Windows, and it's basically like trying to run a Windows .exe file inside of Mac OS X -- not going to happen. Of course, there are the gray areas of Crossover, Parallels, VirtualBox and Fusion -- but these programs are _not_ Mac OS X -- they are true-blue Windows, and normally, the virus cannot escape the "bottle" of the Windows virtual machine and can do not harm to your Mac.

Maybe it would be best to refer to files that carry viruses as "infected" files, and computers that have viruses actively and maliciously doing things to them as "affected (by the virus)."

So... can Mac OS X be "affected" by an "infected" Windows-specific virus?  Nope.


----------



## Doctor X (Dec 15, 2008)

Well, sticking with the terminology, to be "infected" means you have a propagating "Wee Beastie" in your system.

If it is not propagating and just sits there--and particularly if you are immune to it in that it will not unleash an infection--you are merely a carrier.  

So, as in my example, my Mac was, at best, a "carrier."  To infect another computer I would have had to go through some hoops--just as I would have to do--to extend the analogy--infect someone with my Herpes Zoster.  All of us who have had "chicken pox" are carriers of the virus.  It sits dormant in the sensory ganglia, waiting to return should you become immune compromised or listen to Country Western music.

"Infection" implies, as you both note, an active propagation and affect of your computer.

--J.D.


----------



## dens (Jan 22, 2009)

I began looking at this thread because when I tried recently to open System preferences from the Dock (iMac 17") I had a 'drop-down' appear which said my SPs had been changed by an application. Well, not by me, so I thought possibly an incoming - what? Trojan, virus? & had to force quit to get out of it. Anyway I then found that I could open SP from the Apple menu, so what was this all about - any ideas? & should I be worried? Thanks. Dennis.


----------



## Doctor X (Jan 22, 2009)

You can check to make sure you do not have the DNS Changer Trojan.

--J.D.


----------



## dens (Jan 22, 2009)

DrX,
How do I do that? Dennis


----------



## Satcomer (Jan 22, 2009)

dens said:


> DrX,
> How do I do that? Dennis



DNSChanger Removal Tool

Also consider using OpenDNS.com. They have a step-by-step video on using this free service. IMHO it is all true and really makes your surfing faster & safer without installing anything on your computer. It really shows how local ISPs are not keeping up with modern DNS.


----------



## Doctor X (Jan 22, 2009)

For what it is worth, I took the advice on Open DNS and have not had a problem.

--J.D.


----------



## Satcomer (Jan 22, 2009)

To give everyone a warning you must read the article Pirated iWork '09 installer may contain trojan horse. 

I guess you must keep yourself honest to prevent this one.

Updated Note: There is now a free removal tool called iWorkServices Trojan Horse Removal Tool for Mac OS X Free PSA - OSX.Trojan.iServices.A.


----------



## Doctor X (Jan 22, 2009)

Yet another reason to have *Little Snitch*.

--J.D.

P.S. Though one of the commentators to that article posted states:



> *kirkmc*: I've read that Little Snitch can't detect this, because the packets aren't the kind it detects. (I don't have Little Snitch and can't test it, but have read this on several forums.)









Very good comments--particularly with the hijack of your computer to take part in DOS attacks.  This is how these [*CENSORED*--Ed.] make their money--not by seeing if you have goat porn on your hard drive!--by making you part of their "bot-net."  This is something that really affects PC users, and it is affecting Macs as well.


----------



## ex2bot (Jan 22, 2009)

Dens,

It is possible that your system is infected by the OSX.RSPlug.A trojan, a DNS changing Trojan horse as Dr. X mentioned.  My suggestion is to Google for "DNS change Trojan os x". One of the first (or the first) entries is a Macworld article about the Trojan and how to get rid of it. Unfortunately, the directions are a bit technical. Let us know if you have further questions. 

If you do suspect you have the trojan, don't type in your credit card or visit banking sites until you get rid of it. Better safe than sorry, right?

Bot


----------



## dens (Jan 23, 2009)

Thanks for all this. I am a bit mystified since I have not downloaded anything or given the admin password to anything. I have a problem in accessing the network in system prefs since it is this page which has the drop down telling me that it has been changed by an application. 
Since writing this I have run DNS changer tool scan & it came up with nothing. Any more ideas? Thanks.


----------



## icemanjc (Jan 23, 2009)

Satcomer said:


> To give everyone a warning you must read the article Pirated iWork '09 installer may contain trojan horse.
> 
> I guess you must keep yourself honest to prevent this one.



I saw this on MacRumors and I started laughing. People go everywhere looking for a torrent for iWork then waiting a year for it to download, when Apple pretty much gives it away for free on their site.


----------



## Satcomer (Jan 23, 2009)

dens said:


> Thanks for all this. I am a bit mystified since I have not downloaded anything or given the admin password to anything. I have a problem in accessing the network in system prefs since it is this page which has the drop down telling me that it has been changed by an application.
> Since writing this I have run DNS changer tool scan & it came up with nothing. Any more ideas? Thanks.



Well did you pirated iWork and get that brand new Trojan? Did you read the article and check yet?


----------



## Doctor X (Jan 23, 2009)

Satcomer said:


> Well did you pirated iWork and get that brand new Trojan? Did you read the article and check yet?








"Mr. *Satcomer*? I'm not here to talk about the past."



I am "glad" this information is coming out.  I do not claim to be a Guru in computer security [He thinks his computer has little piXies running it.--Ed.] but I heard a few rumors about a year ago when I lurked on some boards regarding things like "Storm" and other attacks.  Interesting stuff that is probably not new to Gurus.  A PC Guru mentioned that Macs had been part of the "botnet" during one of our discussions on this very subject of vira, PCs, Mac, and all of that.

Said Guru and other PC-ers would rant about how much of the DNS attacks from "Vlads" and the like were the result of end-users simply not taking precautions.  As a Happy Mac User [Tm.--Ed.] I could sit smug to some extent, though I figured it was a mere matter of time.  Vira are one thing; Trojans another.

Not to sound "panic" but if Vlads can attach this to pirated software, they can conceivably attach it to others.  Granted, they are more likely to keep up distribution on the "darker side of the net"--not like it is going to be attached to your "Flip4Mac" download or downloads from other reputable places.

A warning to be safe.

--J.D.


----------



## dens (Jan 24, 2009)

No, have not downloaded any pirated editions. Have noticed that when opening an emailed attachment (newsletter) that the icon has some text (not sharp enough to read properly) about a boy & a small coloured pic of child in lower RH corner. Is this relevant to a specific virus/trojan/whatever? Dennis.


----------



## fryke (Jan 24, 2009)

How about a screenshot?


----------



## dens (Jan 24, 2009)

Fryke,
I can 'grab' a shot, but don't know how to get it to the thread. Dennis.


----------



## fryke (Jan 24, 2009)

Simpy do a Cmd-Shift-4 which will save a picture of the selected area to the Desktop folder. You can upload the picture to the thread.


----------



## dens (Jan 24, 2009)

Fryke,
OK, I'm thick. I can get a snapshot on to the Desktop, but do not know how to upload to the thread. Thanks. Dennis.


----------



## fryke (Jan 24, 2009)

Don't post a quick reply, instead click on "Go Advanced". There you can "Manage Attachments". Just try it.


----------



## dens (Jan 26, 2009)

frike,
I have tried that twice, but when I try to download the snapshots the display says please wait & nothing appears to be happening. Thanks for your patience I guess I''ll just have to give up live with the problem. Dennis.


----------



## Satcomer (Jan 26, 2009)

Here is a new article called Two new trojan horses threaten Mac software pirates.

Note; another article shows a geek way to Identifying and Removing the iWork09 Trojan.


----------



## ex2bot (Jan 28, 2009)

So, anyway, it is quite unlikely your system has been compromised by malware. There's just not enough of it out there. Tom's Hardware wrote that there are only about 200 pieces of malware out there for OS X. I don't know where they got that number. Perhaps they're counting the old "classic" Mac viruses that don't affect OS X. 

The number as I have been keeping track is surely a dozen or less. There have been claims of spyware, but no firm documentation that I've seen. That's why I think MacScan is nutters.

Bot
Mac Fanbot


----------



## dens (Jan 29, 2009)

ex2bot,
Thanks. On MacFixit someone has suggested my problem has arisen from downloading an Apple Security update. I think I have 'fixed' it, at least so long as I keep the padlock closed! Sad if true.


----------



## lysergia (Feb 23, 2009)

hey folks.
my fiancee has her intel mac in a mostly windows office.
i updated her from i think it was tiger to leopard, then the 10.5.6 update.
as she was sitting there on a sunday afternoon and being impatient, i didn't have time to fully test everything so i found out this morning her entourage and firefox were crashing. i had her remove her ancient expired norton antivirus (hate hate norton!) and reboot and no more complaints.

since she uses ms office for the mac and passes docs back and forth with some of the most clueless windows users i've ever met (i volunteered to help her office mate a few times, gave up) my only concern is she could get an infected document from one of her coworkers and pass it on. i'm thinking also the company most likely has a policy stating that machines must have some sort of protection. what would you kind folks recommend i have her install, something that would prevent her machine letting windows viruses and office macro type virus things pass thru?
thanks


----------



## ex2bot (Feb 23, 2009)

If she must have antivirus software--probably a good idea if they make use of Office macros--I've heard good things about Intego's Virusbarrier. ** EDIT : I have heard that Office macros can affect OS X, though I have no first-hand experience with macro viruses. **

Bot


----------



## Doctor X (Feb 23, 2009)

I have yet to see that happen, but I defer to the Guru's who deal with such matters.  Here are two I have had recommended:

*iAnitVirus*

*ClamXV*

both which may be set to a "sentry" mode where it constantly watches your computer.  They are also free--*iAntiVirus* has an upgrade for business use which he/she/it/not-sure-but-does-not-want-to-be-pressured-into-a-gender-or-species-role-thank-you probably does not need.

All in all, I have had them both catch one virus which affects PCs.  Again, those who deal with the situation you are describing may have better advice.  

--J.D.


----------



## Randy Singer (Feb 23, 2009)

lysergia said:


> i had her remove her ancient expired norton antivirus (hate hate norton!) and reboot and no more complaints.



Anything from Symantec/Norton tends to be of dubious quality.



lysergia said:


> since she uses ms office for the mac and passes docs back and forth with some of the most clueless windows users i've ever met (i volunteered to help her office mate a few times, gave up) my only concern is she could get an infected document from one of her coworkers and pass it on.



That's fairly easy to deal with.  If she is using Office 2008, it's not a problem because Office 2008 doesn't include Visual Basic, so it can't run macros.

If she is using an older version of Office, you can protect yourself from a Word macro virus by disabling automatic running of macros in Word.  In Word 2004, click Security, and then check the box for "Warn before opening a file that contains macros."

See here for instructions for the various versions of Word:
http://kb.iu.edu/data/agzk.html



lysergia said:


> i'm thinking also the company most likely has a policy stating that machines must have some sort of protection. what would you kind folks recommend i have her install, something that would prevent her machine letting windows viruses and office macro type virus things pass thru?
> thanks



A while back I tested all of the major AV programs, and found Virus Barrier to be best.  Macworld did the same:
http://www.macworld.com/article/42903/2005/02/antivirussoftware.html
One of VB's biggest pluses is that it doesn't sap your computer's performance, or get in the way of doing your work, while it sits in the background perpetually un-called upon.  That said, a few people have reported software conflicts while running VB.


----------



## Randy Singer (Feb 23, 2009)

Doctor X said:


> I have yet to see that happen, but I defer to the Guru's who deal with such matters.  Here are two I have had recommended:
> 
> *iAnitVirus*
> 
> *ClamXV*



I can't recommend either (unless you just want something that is free so that you can tell your boss that you have AV software installed.)

There was an interesting discussion about ClamAV and ClamXav on Macintouch, that I was a party to.  (Both products use the same virus definition database.  ClamXav is just a Mac front-end on ClamAV, which is a UNIX program.)  There were several interesting revelations that came out of that discussion.

First, the ClamAV folks are not privy to the agreement that commercial AV software companies have amongst each other to share new malware finds.  So it is unclear if the ClamAV folks are likely to *ever* see some particular examples of malware in order to dissect them and create an inoculating definition for them to put in their AV program.

Second, the ClamAV/ClamXav folks don't have anyone in particular who is routinely looking for and writing definitions for Macintosh-specific malware.  What this means is that ClamAV does not have definitions for most of the Mac-specific Trojans that have popped up.  It also is unclear whether the ClamAV folks have anyone who would write a definition to protect against a very malicious Mac-only virus should one show up.  One hopes that they would, but there is no guaranty that it would happen.

You don't have to take my word for this.  You can search the ClamAV database here:
http://clamav-du.securesites.net/cgi-bin/clamgrok
As a test, do a search for, for instance, for "Macintosh", or for one of the
known (though very rare) Macintosh Trojans, for instance: "Opener" or
"Renepo" or "iSight Trojan" or "Hovdy-A" and see if anything shows up.

As for iAntiVirus...they are huge liars, which makes me very wary of their product and what it might be doing.  Here is their "Mac threat database", where they list all sorts of legitimate programs and utilities as threats:
http://www.iantivirus.com/threats/
Their product is free, and they are huge liars.  (Usually you don't  need to lie to push your product if it is free.)  This makes me worry that their product itself might be a form of spyware.  I don't have any evidence that this is the case, but things don't add up otherwise.


----------



## Doctor X (Feb 24, 2009)

Randy Singer said:


> You don't have to take my word for this.  You can search the ClamAV database here:
> http://clamav-du.securesites.net/cgi-bin/clamgrok
> As a test, do a search for, for instance, for "Macintosh", or for one of the
> known (though very rare) Macintosh Trojans, for instance: "Opener" or
> "Renepo" or "iSight Trojan" or "Hovdy-A" and see if anything shows up.



One would think one would want to search the *ClamXAV* *site* instead.  



> 12. I know Opener/Renepo isn't a virus or even a trojan, but what IS it then?
> 
> It's little more than a proof of concept. A virus is a self-replicating malicious piece of software designed to destroy files and folders on a computer system. A trojan is a piece of software which pretends to be legitimate and useful but does in fact install other software (unbeknownst to you) which opens up a "back door" to your computer, allowing a hacker to have access to your files and theoretically your entire computer system. In this instance, Opener would be the "other software" &#65533; or you might call it the "payload".
> 
> ...



Some interesting threads on it on that site.

"And I have nothing more to say."

--J.D.


----------



## Randy Singer (Feb 24, 2009)

Whenever a threat exists in the wild, even a "concept" threat, it can be used as sort of a construction kit by other sociopaths to create a new, non-"concept" threat.  That's how most of the OS 8/9 viruses came about.  And it is even how at least one of the current non-concept Trojans for OS X came about.  

I don't think that Macintosh users currently need to have AV software.  However, if you are one of those folks that think that you do need it, I would presume that you would want AV software that actually works, and which actually works to protect you from potential threats.  ClamXav isn't such a product.  ClamXav does not protect you from either the existing threats to the Macintosh, or the potential ones.  The only thing good about ClamXav is that it is free.

A good AV program, such as Virus Barrier, has a definition to protect you against Opener, and against Trojans that are very similar to Opener.  ClamXav won't do a thing to protect you from such a Trojan.

At this point there are close to a dozen non-concept Trojans for OS X.

I've heard of:

ASthtv05 and AStht_v06
http://www.macworld.com/article/134084/2008/06/www.idgconnect.com
http://www.securemac.com/applescript-tht-trojan-horse.php

iSight Trojan
http://www.theregister.co.uk/2008/06/23/mac_trojan/

OSX/Hovdy-A
http://www.sophos.com/pressoffice/news/articles/2008/06/machovdyA.html

DNSChanger /OSX.RSPlug.A /OSX/Puper
http://www.dnschanger.com/

OSX.RSPlug.E (a variant of RSPlug )
http://www.intego.com/news/ism0808.asp

OSX.Lamzev.a
http://www.symantec.com/security_response/writeup.jsp? 
docid=2008-111315-1230-99

Worm.OSX.Autostart
http://lowendmac.com/virus/worm.shtml

Leap-A
http://blogs.zdnet.com/Apple/?p=100

I don't know to what extent any of the above are duplicate names for 
the same thing.

Check ClamXav's Web site, ClamAV's database, anywhere that you like.  Does ClamXav protect you from any of these?  Virus Barrier will protect you from all of them.


----------



## Doctor X (Feb 24, 2009)

Choosing at random:



			
				lapicide said:
			
		

> The Trojan 'OSX.RSPlug.D' found on porn websites disguised as a codec required to play video files. The user has to download and install it himself.
> 
> The second one is called OSX.TrojanKit.Malez or OSX.Lamzev.A . It is " a hacker tool designed primarily to allow attackers to install backdoors in a user's system." It is not installed through internet traffic but a hacker has to have physical access to your computer to install it.
> 
> ...



_Quod erat demonstrandum_

"Cheery bye"

--J.D.


----------



## Randy Singer (Feb 24, 2009)

Now find me something that shows that there is actually anyone at the ClamAV project who can analyze Mac viruses and can write and include Mac viruse definitions in ClamAV.

I've already given you the link to the ClamAV project's AV database.  Please find the Mac threats in the database for me.

Once again, ClamAV/ClamXav is worthless if you actually want protection from any Macintosh-specific threats.  But if you want to kid yourself that it is protecting you...good luck.


----------



## Doctor X (Feb 24, 2009)

I refer the individual to the answer I gave previously.

--J.D.


----------



## johnnyrich (Mar 27, 2009)

Has anyone heard of the Facebook virus Koobface affecting a Mac?

Unfortunately a link got clicked and ever since, strange things have been going on - it feels as though someone has got some access to the computer - all through Safari - forums have been posted our my accounts without me being online, all trace of emails have disappeared, all birthdays in the calendar have moved by a few days and today, the normal online banking screen was replaced by a fake one.

Grrr..


----------



## ElDiabloConCaca (Mar 27, 2009)

Koobface can only affect Win32 machines -- so Mac OS X is unaffected by it (unless, of course, you're running Windows via BootCamp or via virtualization -- but even then, the worm would only cause trouble in your Windows partition or virtualized machine).

Your troubles must have come from another source.


----------



## Randy Singer (Mar 27, 2009)

I haven't heard of any Mac viruses that infect Facebook.  In fact, I have yet to hear of an actual "virus" for OS X; though there are now about half a dozen Trojan Horses for OS X.

If you want a list of all OS X malware, check out:

http://www.sophos.com/security/analyses/search-results/?search=macintosh&action=search&x=0&y=0

http://search.securityfocus.com/swsearch?sbm=/&metaname=alldoc&query=macintosh&x=0&y=0

However, don't get excited when you read these pages.  Most of what you see listed is for OS 8/9 and won't run under OS X.


----------



## closebeauty (May 15, 2009)

Hi,
Is this viruses for os X?
Keylogger for Mac OS X


----------



## Randy Singer (May 16, 2009)

closebeauty said:


> Hi,
> Is this viruses for os X?
> Keylogger for Mac OS X



Yes, it is for OS X.

But *no* it isn't a "virus"
http://en.wikipedia.org/wiki/Computer_virus
as it can't self-replicate.

In fact, you really can't even call it "malware"
http://en.wikipedia.org/wiki/Malware
as a keylogger isn't necessarily malicious, nor is it necessarily used against the wishes of the computer's user, as some folks have legitimate uses for keyloggers.

But assuming that someone wanted to use Mac Keylogger for malicious purposes, they would have to have physical access to a user's Macintosh to do so, as physical access is nominally required to install it. (Unless you have something like a malicious system administrator.  Which is possible.  Parents have been known to use keyloggers to keep tabs on what their children are doing on their computer.) There is no other surreptitious way to install this software, such as via the Internet or e-mail.  

So, if you are concerned that this product is a threat to you or other Mac users...it really isn't.  At least no more so than allowing someone physical access to your Mac without them being supervised.


----------



## closebeauty (May 16, 2009)

Hi, Randy
Thanks very much.
It's very kind of you to explain it to me.
I think this application aobo mac os x keylogger should be spy software, no spyware.


----------



## Randy Singer (May 16, 2009)

closebeauty said:


> Hi, Randy
> Thanks very much.
> It's very kind of you to explain it to me.
> I think this application aobo mac os x keylogger should be spy software, no spyware.



Well, it *can* be spy software, if you use it as spy software.

By the way, there are other key loggers for OS X.  They aren't anything that is rare, new, or unheard of.

In fact, software for OS X designed for parents to spy on their children isn't uncommon either.

This isn't considered to be "malware" because it isn't considered to be "malicious" but rather to be a legitimate thing for parents to be doing.  (However, I'm not saying that I personally approve of this.)


----------



## tayen (Jul 29, 2009)

That is so mean, dude!


----------



## mcshelll (Sep 14, 2009)

I hope this is the right place to post this. How do I find out if I have malware on my Macbook pro? I recently had a hotmail account hacked. I contacted them and they say it was from malware. I don't know how to find out if they are right. I do know my hotmail account was hacked into and spam sent to my contacts. I changed my password as soon as I found out. Nothing more happened since then. I feel like if it were due to malware, changing my password wouldn't fix everything, as it could then find out my new password. I don't really know though. Recently my laptop has acted odd in new ways. It freezes up for a bit and throws up the rainbowball fairly often and sometimes runs really slow. I also have had a few odd pop ups. One happened recently right as I opened FF, before going to any web sites. So maybe they are right, how do I figure this out? 
BTW I am sure someone will tell me I deserve this for being a hotmail user, but I have had the account 10 years and have kept it because I resist change lol.


----------



## wakeflow (Sep 14, 2009)

Too bad the Anti-Virus protection programs are the ones giving the viruses.


----------



## Randy Singer (Sep 14, 2009)

mcshelll said:


> I hope this is the right place to post this. How do I find out if I have malware on my Macbook pro?



The only way to be 100% sure is to run a good anti-virus program that looks for all potential malware for the Macintosh.  The best choice for this would be:

Intego's Virus Barrier ($70)
http://www.intego.com/virusbarrier/

There is a free demo.  Maybe you can run it and it can just tell you if you are infected with any malware.  (I don't know if the demo will do that.)

What I can tell you is that there are no actual viruses that can infect OS X.  None.  There are a few Trojan Horses, but they are extremely rare.

Generally when you have a problem with a Macintosh, you should investigate other possible reasons for the problem first.  As a general rule, purchasing anti-virus software for a Macintosh is a waste of money.



mcshelll said:


> I recently had a hotmail account hacked. I contacted them and they say it was from malware. I don't know how to find out if they are right.



Three things come to mind here.

The first is that such companies love to tell you that it is all due to a virus.  That makes it easy for them to do nothing for you and blow you off.

Second, it was a virus...where?  On their server?  If that is the case, you have no control over *their server*.  

Third, if they are trying to say that you have a virus that is sending out spam to other users, this can happen...to a Windows user.  Not a Macintosh user.  There are no viruses, or even Trojans, that can successfully do this to you if you are running OS X.  (Maybe they think that you are running Windows, or they don't know anything about the Macintosh.)



mcshelll said:


> I do know my hotmail account was hacked into and spam sent to my contacts.


It sounds like Hotmail's server was hacked, not as if you have malware on your Macintosh. 



mcshelll said:


> I changed my password as soon as I found out. Nothing more happened since then.


Then it sounds like you are okay now.



mcshelll said:


> Recently my laptop has acted odd in new ways. It freezes up for a bit and throws up the rainbowball fairly often and sometimes runs really slow.



Try running all of the routine maintenance at:

Macintosh OS X Routine Maintenance
http://www.macattorney.com/ts.html

See if that helps.



mcshelll said:


> I also have had a few odd pop ups. One happened recently right as I opened FF, before going to any web sites. So maybe they are right, how do I figure this out?



What did the pop-up say?  It may have been a legitimate dialog box.

In any case, you may want to turn on the pop-up blocker in FireFox:
FireFox menu --> Preferences  --> Content tab --> Block Pop-up Windows check box



mcshelll said:


> BTW I am sure someone will tell me I deserve this for being a hotmail user, but I have had the account 10 years and have kept it because I resist change lol.


I haven't heard any complaints of any problems from Macintosh-using Hotmail users.  A quick look at:
http://www.macintouch.com/readerreports/internetservices/topic4647.html
turns up now serious problems.  If Mac users were having problems with Hotmail, the reports would be all over Macintouch.


----------



## Doctor X (Sep 14, 2009)

As an aside, the only problems I have had with *Hotmail* has been on *FF* when using *Addblock* add-ons _in the past_--M$ really does not like you blocking their adds.  No problems now.  I have a problem with *Safari* showing weird fonts on *Hotmail*, but I think that is due to the fonts I am using . . . which I am trying to work out!

--J.D.


----------



## Randy Singer (Sep 15, 2009)

mcshelll said:


> ... I also have had a few odd pop ups.



Today's TIDBITS has an article on the scareware folks visiting the NY Times website encountered the past few days, and how to stay safe:

http://db.tidbits.com/article/10563


----------



## perfessor101 (Sep 15, 2009)

AFIK the only way your Mac can become infected is with the complicity of the user who must provide the password for the installation. The most common sources of malware are pornographic sites that suggest you download and install new or updated codecs or software to "better view the site" or file sharing sites offering cheap/free downloads of Apple and other software (the installers have been modified to install the malware as well as the software -- in trying to get illegal software you get more than you bargained for). The most common of these trojans is known under a variety of names but most commonly is called DNSChanger. You can download and run a free DNSChanger Remover tool that will tell you if your system was infected with this Trojan as well as removing the Trojan if it is present. For general protection I use the freeware/donationware ClamX AV which will also detect the DNSChanger Trojan.

I suspect the Hotmail response is because they are so accustomed to dealing with Windows products they gave you their automatic first response without knowing or understanding the implications of the fact you are using a Mac. The system symptoms you are reporting can have a variety of causes none of which are related to malware on your system.

You need to do some serious troubleshooting and a thorough review of your normal security precautions.


----------



## mcshelll (Sep 16, 2009)

Thank you all so much for your replies. I am sorry I didn't get a chance to get back here sooner, but hubby and I celebrated our 25th wedding anniversary yesterday.
I am going to check out all the links posted, but I feel much better now. I should have known I would get great info here, because this site is the best!


----------



## mcshelll (Sep 16, 2009)

Randy Singer said:


> What did the pop-up say?  It may have been a legitimate dialog box.
> 
> In any case, you may want to turn on the pop-up blocker in FireFox:
> FireFox menu --> Preferences  --> Content tab --> Block Pop-up Windows check box



It was an actual ad for something, but I don't recall what exactly. I do have pop up blocker enabled on FF, but sometimes it doesn't catch them all. There is one site I visit monthly that blocks them on the first page, but the second click I make always launches a pop up ad. I just close it and it has happened that way for longer than I have had this specific computer. Another site that always has at least one pop up get through, is the NY Times site you mentioned. I do go there sometimes, but have not been there since some time in July. It is happening on more site for me now though, and they seem to be random.


----------



## mcshelll (Sep 16, 2009)

perfessor101 said:


> AFIK the only way your Mac can become infected is with the complicity of the user who must provide the password for the installation. The most common sources of malware are pornographic sites that suggest you download and install new or updated codecs or software to "better view the site" or file sharing sites offering cheap/free downloads of Apple and other software (the installers have been modified to install the malware as well as the software -- in trying to get illegal software you get more than you bargained for). The most common of these trojans is known under a variety of names but most commonly is called DNSChanger. You can download and run a free DNSChanger Remover tool that will tell you if your system was infected with this Trojan as well as removing the Trojan if it is present. For general protection I use the freeware/donationware ClamX AV which will also detect the DNSChanger Trojan.
> 
> I suspect the Hotmail response is because they are so accustomed to dealing with Windows products they gave you their automatic first response without knowing or understanding the implications of the fact you are using a Mac. The system symptoms you are reporting can have a variety of causes none of which are related to malware on your system.
> 
> You need to do some serious troubleshooting and a thorough review of your normal security precautions.



I don't go to porn sites, but I do go to quite a few coupon and freebie sites. Anyone heard of issues recently at those type sites for macs? I ran the check though any and DNSChanger was not found.


----------



## mcshelll (Sep 16, 2009)

Doctor X said:


> As an aside, the only problems I have had with *Hotmail* has been on *FF* when using *Addblock* add-ons _in the past_--M$ really does not like you blocking their adds.  No problems now.  I have a problem with *Safari* showing weird fonts on *Hotmail*, but I think that is due to the fonts I am using . . . which I am trying to work out!
> 
> --J.D.


I did sign up at Facebook, using that hotmail address, a few weeks before I found my account hacked. Facebook does scan your contact list for potential friend accounts already on Facebook, when you go through the sign up process. I do know the spam sent did come from inside my hotmail (from an ip in China, not mine), so it wasn't just that my contacts were stolen and spoofs sent. I have been wondering if they are related in any way though.


----------



## Doctor X (Sep 16, 2009)

I think they are, however, I have had "throwaway" accounts spoofed when I have gone after scammers.  Unless your sent box is filled with the outgoing e-mails, it was probably spoofed.

Be that as it may, if you use *FF*, make your life easier with *AdBlock* and *No Script*.  With a few uses you will be able to view just about anything while preventing a lot of crap like ads and pop-ups.  I would also recommend *Disable Autoplay* which prevents having a video/song immediately play when you go to a website--nothing like having "I Wanna [*CENSORED*--Ed.] with My Accountant, Baby!" blare though your work stereo because some idiot decided it was a "wicked funny" joke to send you!

*Safari* does not so easily lend itself to modification.

I do not use Facebook, it being yet another abomination that targets children and the weak--Hey!  GET OFF MY LAWN!!--but spammers/scammers regularly troll such to gather e-mail addresses.  If your e-mail is public . . . there you go!

--J.D.


----------



## Doctor X (Sep 16, 2009)

I will add that I enjoy this thread since literally every 3-6 months I run into the typical "PC _versus_ Mac" fight where a PC user declares Macs "just as" vulnerable as Windoz or claims that a Mac was hacked/infected/self-destructed right on stage in front of Steve Jobs!  The story gets better every time I read it.  It kind of is nice to be reminded that, no, really, things have not changed, no, calm down, do what you have been doing.

--J.D.


----------



## wcr1951 (Sep 16, 2009)

I am a Mac user whose Hotmail account was recently hacked into as well, so it IS happening to Mac users.  I didn't have a strong password, so I have changed it now to something stronger, so am hoping my problem is resolved.  The Hotmail support told me the same thing....that malware is the culprit - even for us Mac users.


----------



## mcshelll (Sep 16, 2009)

wcr1951 said:


> I am a Mac user whose Hotmail account was recently hacked into as well, so it IS happening to Mac users.  I didn't have a strong password, so I have changed it now to something stronger, so am hoping my problem is resolved.  The Hotmail support told me the same thing....that malware is the culprit - even for us Mac users.


Do you also have a facebook account? If not, we can rule that out. My email is not public there, but I am still suspect of it a bit.
I have to admit that my password was not strong also. It is very strong now. I have learned my lesson that!


----------



## mcshelll (Sep 16, 2009)

Doctor X said:


> I think they are, however, I have had "throwaway" accounts spoofed when I have gone after scammers.  Unless your sent box is filled with the outgoing e-mails, it was probably spoofed.
> 
> Be that as it may, if you use *FF*, make your life easier with *AdBlock* and *No Script*.  With a few uses you will be able to view just about anything while preventing a lot of crap like ads and pop-ups.  I would also recommend *Disable Autoplay* which prevents having a video/song immediately play when you go to a website--nothing like having "I Wanna [*CENSORED*--Ed.] with My Accountant, Baby!" blare though your work stereo because some idiot decided it was a "wicked funny" joke to send you!
> 
> ...



I will check those programs out, thanks. I do hate when websites just start talking to me, grrrr. It would be great to stop that one for sure.
As for the attack being a spoof, I think the information from the headers proves they are spoofs. Hotmail said that, plus it looked like that to me when I read the headers. However, there are no copies in sent my file, so i could be wrong. I had thought you could uncheck a box and there not be a copy in the sent file, but I have not looked at that in a long time. It used to be that way.


----------



## ElDiabloConCaca (Sep 16, 2009)

I don't mean to come off sounding like a naysayer, but someone guessing a weak password should not and is not considered "hacking," nor does it matter whether or not you use Windows, Mac, Linux, UNIX, DOS, BeOS, or any other flavor of operating system in this case.

Hotmail is available to everyone, regardless of platform, so the type of computer you use has absolutely zilch to do with the "hacking" of a Hotmail account.

A weak password is usually the culprit, as many here have found, and exploiting a weak password is the simplest of "hacking" techniques, though it can hardly be called "hacking."  Your Hotmail password was simply guessed by someone -- it was not "harvested" by malware installed on your Mac.

It does sound like Hotmail tech support is handing out canned answers to common problems: 

"Someone hacked into my account!"

"Well, that's because more than likely you're infected with malware."

I think, more than likely, that Hotmail accounts that have been compromised have been  compromised because people choose extremely poor passwords, or use the same password across multiple sites -- both extremely unintelligent things to do, like using the exact, same key for your house, car, boat, lockbox, safe, and safety deposit box.  Once they have one, they've got them all because little to no precaution was taken to protect anything.

This happens quite frequently (in fact, more frequently than it should, simply because of laziness).  It's akin to building a fortress, complete with a moat, motion-sensing sensors, motion-sensitive lights, laser beams, crocodiles, sharks with lasers on their heads, spike pits and banana peels strategically placed throughout said fortress, then putting a plastic Fisher-Price lock on the front door -- rendering every other security precaution moot.  A weak password is the weak-link "chink" in the armor that the sword passes through without effort: all that protection for nothing.

Lessons learned:

1) Don't use a weak password.  Ever.  At all.  At any time.  For anything.  Use a password that is at least 8 characters long, and includes both upper- and lower-case letters, numbers, and symbols.  The 8-character requirement is because even with the super-est of super computers on the planet, all put together, all working in unison, it would take more years than you will live and your children will live to go through all the possible combinations of letters, numbers and symbols.  It is programmatically infeasible to guess a strong, 8-character password in any reasonable amount of time.  With 7 characters, you're talking a day -- maybe hours.  6 characters takes minutes.  5 characters would take seconds.  You get the drift.

2) Don't use the same password for two different ANYthings.  "But I can't remember all those passwords!"  Tough titty.  Get over it.  Get a better memory.  Get a piece of paper and a pencil.  Get something.

3) Your password should change, at the very minimum, twice a year, and ideally once a month.  Yes, it's tough to remember all those new passwords.  No, no one has sympathy for you.  If that's the toughest thing you have to do to protect your sh*t online, well, I'd say that's a pretty easy life you've got going there.

4) There are no malware/viruses/trojans for Mac OS X that "harvest" Hotmail password nor spies on your keystrokes.  At all.  In existence.  That's not the culprit, no matter what the boneheads at Hotmail tech support say.

A good password is something like, "Gg6y(0!h54".

A horrible password is "JLH_1976".  That's my initials and my birth year.  An equally pathetic password would be "1J9L7H6", for very obvious reasons.  Choose a password that is gibberish -- has absolutely no meaning -- no significant dates -- no initials -- nothing that means anything to you at all.  If you can remember the password without having typed it several hundred times, you have chosen an inferior, pathetic and lazy password.

Right now, we should all be hearing each other's feet scrambling out the door to the nearest password-protected website to change our passwords, once again.

[End rant]


----------



## mcshelll (Sep 16, 2009)

Doctor X said:


> I will add that I enjoy this thread since literally every 3-6 months I run into the typical "PC _versus_ Mac" fight where a PC user declares Macs "just as" vulnerable as Windoz or claims that a Mac was hacked/infected/self-destructed right on stage in front of Steve Jobs!  The story gets better every time I read it.  It kind of is nice to be reminded that, no, really, things have not changed, no, calm down, do what you have been doing.
> 
> --J.D.


This made me laugh because someone from my internet provider tried to tell this exact crap recently. He even pulled out the Steve Jobs story and claimed Macs can be hacked faster on a direct attack than pc's.


----------



## mouquiflu (Oct 9, 2009)

I accept with information:
1) Virus may also come on MacOS X, even if currently there is no known virus infection on our plateform. Therefore it is not a bad idea to have antivirus SW on your Mac with uptodate definitions.
2) If you use VPC you are vulnerable to Windows viruses.
__________________________
Cheap tennis ball machine for sale | Used lobster tennis ball machine | Review of Tennis twist, Playmate, Little Prince and Wilson tennis ball machines


----------



## Doctor X (Oct 9, 2009)

mcshelll said:


> This made me laugh because someone from my internet provider tried to tell this exact crap recently. He even pulled out the Steve Jobs story and claimed Macs can be hacked faster on a direct attack than pc's.



If you search up there you will find a challenge on of the *Gurus* offered to see just how vulnerable a Mac _versus_ a PC is.  I have extended it to a number of "Mac iz jst az hakzorz az PC LOL!"ers since he posted it . . . not one of the cowards have taken him up on it.

It last happened on a thread on a non-computer forum dedicated to . . . 

. . . 





. . . wait for it . . . 



. . . 



. . . protecting your PC.

--J.D.


----------



## Randy Singer (Oct 12, 2009)

mouquiflu said:


> I accept with information:
> 1) Virus may also come on MacOS X, even if currently there is no known virus infection on our plateform. Therefore it is not a bad idea to have antivirus SW on your Mac with uptodate definitions.



Macintosh anti-virus software requires the software developer to have a sample of the virus they are trying to provide you protection from, to be able to program the anti-virus software to be able to recognize and protect  you from a particular virus.  No Mac viruses currently exist, so Macintosh anti-virus software can't protect you from those viruses.  At least not yet.

OS X has been out for over 8 years now.  So far, there are no Macintosh viruses (there are a few incredibly rare Trojan Horses, but not a single virus), though Windows apologists have been going around for all 8 years saying that there will be lots of them "any-day now."  They may be right, but so far their track record of predicting that the Mac will have viruses has been pretty poor.

Note that OS X 10.6 (Snow Leopard) has anti-virus software built-in.
http://www.macworld.com/article/142457/2009/08/snowleopard_malware.html
Apple can update this software via Software Update as needed.



mouquiflu said:


> 2) If you use VPC you are vulnerable to Windows viruses.]


That's not necessarily a concern.  Most Macintosh users who are running Parallels, Fusion, or Bootcamp are running them because they only need access to one or two mission critical applications from Windows.  If you don't use Windows on your Macintosh to access the Internet or to get e-mail (and the included Macintosh software is just fine for those tasks, in most cases) then the vector for receiving a virus is cut off, and a user has no real concern about getting a Windows virus.


----------



## nancy86 (Jan 28, 2010)

Hi bro,
Viruses sometimes acts very rude to your system's information's and in most of the cases it damages or corrupts it by using executing any arbitrary code coded in it. 

So, it is better for you to use any anti-virus software in this regard. The anti-virus software's are effective enough to prevent virus invasions and protects your valuable data's in the system. In case some of your data's are already been corrupted or lost due to viruses then in such circumstance I will prefer you to use any Data Recovery Mac software and recover the data's effectively. 

All the Best!


----------



## Doctor X (Jan 28, 2010)

If it was a good product, you would not have to spam.

Have rated it low for that very reason! 

--J.D.


----------



## Randy Singer (Jan 28, 2010)

nancy86 said:


> Hi bro,
> Viruses sometimes acts very rude to your system's information's and in most of the cases it damages or corrupts it by using executing any arbitrary code coded in it.
> 
> So, it is better for you to use any anti-virus software in this regard. The anti-virus software's are effective enough to prevent virus invasions and protects your valuable data's in the system. In case some of your data's are already been corrupted or lost due to viruses then in such circumstance I will prefer you to use any Data Recovery Mac software and recover the data's effectively.
> ...



I call TROLL.

(And not a well informed one, at that.)


----------



## nancy86 (Jan 28, 2010)

It was not spam buddy, just suggesting a way to get the lost data back caused due to virus.


----------



## Randy Singer (Jan 28, 2010)

nancy86 said:


> It was not spam buddy, just suggesting a way to get the lost data back caused due to virus.



And, specifically, which *Macintosh OS X* viruses cause you to lose data?


----------



## Doctor X (Jan 31, 2010)

Randy Singer said:


> And, specifically, which *Macintosh OS X* viruses cause you to lose data?



*crickets*

--J.D.


----------



## Rhisiart (Feb 3, 2010)

I recently installed Intego's VirusBarrier X6. It caused havoc (slow downs, programmes freezing, system not loading up after logging in etc.). 

These problems immediately stopped after deleting it (involving some colonic irrigation to get all the Intego deposits in various library folders). 

This is a shame as I am sure Intego are usually pretty reliable (I have notified them).

I now have ClamXav installed instead, although I am still not entirely convinced I need any anti-virus protection.


----------



## Doctor X (Feb 5, 2010)

I found--as did others--that *ClamXV* can run the processor hot in periods that then require you to quit the program.  There are numerous complaints about it on the site . . . which they have all deleted!  That is not exactly responsible service.

If it works for you, then it works for you.  I dumped it and do not miss it.

--J.D.

P.S. *iAntivirus* suffers from the same problem consistently.


----------



## Doctor X (Feb 5, 2010)

The irony is, about a year ago, I defended the prat.

--J.D.


----------



## BreatheCarolina (Feb 10, 2010)

I've noticed the same thing as Doctor X concerning ClamXV and iAntiVirus. 

My solution: I have ClamXV set to monitor certain key folders all the time and then once every few weeks do a whole system scan along with my routine maintenance rituals. I haven't experienced any slowdowns/crashes related to ClamXV doing this.


----------



## starhorsepax (Apr 30, 2010)

Does anyone know if there is a sign in console for any wierd trojans or anything? I don't mean I expect it to be a virus blocker or anything but some lines are suspicious.  I'm getting a line that says
 '4/30/10 5:31:45 PM [0x0-0x11011].com.apple.Safari[114] DrawDirtyStuff() 
4/30/10 5:32:02 PM [0x0-0x11011].com.apple.Safari[114] Resource loading time: 12914ms 
4/30/10 5:32:02 PM [0x0-0x11011].com.apple.Safari[114] Filter time: 65 
4/30/10 5:32:02 PM [0x0-0x11011].com.apple.Safari[114] Broken filter? false 
4/30/10 5:32:02 PM [0x0-0x11011].com.apple.Safari[114] Slow filter? false 
4/30/10 5:32:05 PM [0x0-0x11011].com.apple.Safari[114] Images created: 4 

I also saw one that said machine-destroy right after a crash. The titles make me a bit suspicious...and I've been having weird issues since the crash. I'm looking into other causes but these console lines give me pause. Is there a good reason a bit of code would have such a label?


----------



## ex2bot (May 1, 2010)

Starhorsepax,

It's very unlikely your machine is affected by a Trojan because there aren't many that affect your Mac. It's common for there to be a lot of system log entries, such as the ones posted by Safari.

If you're worried about it, get the free iAntivirus, install it, and check your machine. I wouldn't waste your time running it all the time. There just aren't many threats out there. (The one exception is if you have Microsoft Office 2004 or Office X  and use documents with macros a lot. If that's the case, it might be a good idea to scan your docs for macro viruses. The latest Microsoft office, 2008, can't do macros, so no need to scan if you have 2008.)

If your computer crashes to a kernel panic ("You need to restart your computer."), you may have faulty RAM or a buggy or incompatible kernel extension. I used to use Parallels, whose kernel  extension sometimes crashed my machine.

Good luck! 
Bot


----------



## michaelkemp2 (May 2, 2010)

Its a sad fact, Macs spread windows viruses because peeps feel they dont need to worry about anti virus software. Although for us mac lovers, we dont give a crap. What relates to us is the simple fact that their ARE MAC VIRUSES!!!!!! They work much differently, and are much much more rare. But they do exist, and always have. Ignore you grand pappy, they will destroy your data if you get a bad one. (although again rare, it happens and has happened to me back in 2001) To protect your mac ignore cookies, (most websites no longer require cookies to operate), or turn off the 3rd party cookies. Set up a firewall in your system preferences, and if you want to go all out, buy a program like LittleSnitch and block all those bulls^$t accesses by port scanners and free apps. All of these will add greatly to your computer security, and make it just that much more unlikely to have to realize the horror of one of the mac viruses.

MORE: If you are thinking of anti virus, sadly none of them really work, yes they detect the virus, but only after infection (kinda the opposite of anti, isn't it?). Although if you still want to use one, Id suggest Norton's Anti Virus, its one of the more popular ones, and offers the best mac compatibility I've ever seen with the types of applications.


----------



## coolio2654 (May 7, 2010)

You kidding me?  Of course there are viruses.  I've heard of some from reliable and tech-savvy to some degree friends.    
I know macintosh fanboys like saying the mac's security is uber perfect, but this is seriously too much.  Even I, who thinks macs are the best OS's around, will not accept this lie.


----------



## ElDiabloConCaca (May 7, 2010)

Name one, single virus for Mac OS X. Any of them.


----------



## coolio2654 (May 7, 2010)

I only heard from reliable resources of viruses.  But I found this one online (after much lurking, I have to admit). 
http://www.sophos.com/security/analyses/viruses-and-spyware/osxleapa.html


----------



## TitanShadow (May 7, 2010)

Just because there are few viruses for the Mac doesn't mean that the Mac is more secure.  While I do believe that by the nature of the FreeBSD / Linux / Unix based OS X creates more inherit security this is by no means full proof.  In fact any security guru worth their salts would point out that in the Pwn to Own competitions of recent years OS X has fallen due to browser 0-Day exploits.  The fact that iPhone continues to be jailbroken in both tethered, untethered, and instant over the USB port all from exploits in the OS.

Apple is not perfect, the saving grace is the small percentage and high cost of entrance to the market of the Macintosh.  It could break at any point in time.


----------



## ElDiabloConCaca (May 8, 2010)

coolio2654 said:


> I only heard from reliable resources of viruses.  But I found this one online (after much lurking, I have to admit).
> http://www.sophos.com/security/analyses/viruses-and-spyware/osxleapa.html



Not a virus.

A worm.

Very different.


----------



## ElDiabloConCaca (May 8, 2010)

Edit: ah, screw it.  I'll believe it when I see it.  "It could break at any point in time" is like saying "One day the human race will go extinct, so all humans today are at risk."  It's been argued to death, and only one test remains (which was previously offered, yet no takers):

I'll put an up-to-date Mac OS X box, fully exposed, on a public IP address.  First to "hack" it and install an actual true, blue virus without human intervention (I'll even accept a rootkit) gets to see me eat a pile of dog feces on YouTube.


----------



## BreatheCarolina (May 8, 2010)

TitanShadow said:


> In fact any security guru worth their salts would point out that in the Pwn to Own competitions of recent years OS X has fallen due to browser 0-Day exploits.




 This could have been done with the other two computers in the contest just as fast if the other teams had been smart enough to do the same thing. 

 And the guy who did it (Mr. Miller, a former NSA employee) custom tailored a website and an exploit especially for the contest. 

 On top of that the 2009 Macbook (and the Ubuntu and Vista boxes) were standing at the end of the first day. It wasn't until the second day, where the rules allow direct access to the computers (i.e. user input) that the Macbook was taken down. So the fact that the Macbook was "hacked" had just as much to do with user stupidity than fancy hacking antics.

 And to top it all off, I don't believe it was a virus that was the culprit. As far as I know TippingPoint hasn't disclosed the nature of the exploit and Apple hasn't said anything either. I'd like to know how Mr. Miller did it but my money is on a worm, not a virus. Which, as Diablo pointed out, are two very different things.


Long story short: As long as you take basic precautions and exercise common sense your Mac will be perfectly safe.


----------



## ElDiabloConCaca (May 8, 2010)

Mr. Miller did it with a trojan -- which is tricking a user into doing something on their computer that would then allow a malicious person/computer the opportunity to install software or otherwise gain access to a computer.

A virus can do this without human intervention: a computer simply connected to the internet and powered on can be infected with a virus (via backdoor or a bug in some software).  A trojan cannot do this.

That's why the computers were still standing on day one: day one was "virus" day -- "try and compromise this computer without physically touching the computer."  Day two, when someone could actually sit down and do something "stupid" on the computer, was "trojan" day.


----------



## Rhisiart (May 8, 2010)

ElDiabloConCaca said:


> I'll put an up-to-date Mac OS X box, fully exposed, on a public IP address.  First to "hack" it and install an actual true, blue virus without human intervention (I'll even accept a rootkit) gets to see me eat a pile of dog feces on YouTube.


We will all have been annihilated by an errant asteroid by the the time you turn on your iSight camera.


----------



## Doctor X (May 9, 2010)

Thank you, that version of the myth has expanded to Steve Jobs debuting a Mac only to HAVE IT HACKED ON STAGE!!!1!!!!11 [!--Ed.]

These predictions remind me of various apocalyptic groups I stumble literally upon.  The "New World Order/Anti-Christ/Disco" is coming . . . soon . . . any moment . . . just wait.

I have a wonderful book on such movements--_Apocalypse Pretty Soon_--analyzing a number of end-time cults in America.  It is now ironic that it is an _old_ book.

Still we are here.

Nevertheless, the point has always remained that security begins and ends with the user.  On a Mac/PC/Whatever you can give away your Personal Data [Tm.--Ed.] on a phish site if you are not careful.  

Still . . . I am allowed to smirk as my Souless Left-Behind-in-PC World colleagues open every "I have a new computer" with "what anti-virus software did you buy?"

:smug:

--J.D.


----------



## starhorsepax (May 23, 2010)

So I hear all this about mac viruses and malware being rare, but I got this weird message from my internet browser about unusual high internet usage "You may have a blaster virus". Of course, last time it was my Dad's pc that got the message. And this morning my wireless internet has been on the fritz-a blaster symptom apparently, but then I also just downloaded the mac os x security update. With all of those factors, it's a bit hard to rule out the 'rare malware' invasion...but I wouldn't trust Norton with my macbook. Last time I used Norton's on my imac it fixed one problem and caused a bunch of others. I am concened with getting one, not just because I need to download stuff-I can't afford to buy software to replace what my imac ran in classic-but also because I'm sharing files with PCs more than I ever thought I would need too. So many variables to consider...


----------



## pedz (May 23, 2010)

A "Trojan" is always a real threat on any computer.  Don't assume that a virus or worm is the only way to attack.

I read this article this past week: http://w2spconf.com/2010/papers/p27.pdf

It illustrates that the threats can come not to your computer but to your online accounts directly if you are not careful (and if the web sites are not extremely careful).  My point is telling this is to make you aware that "the Mac is 100% virus proof" is not where your caution needs to end.

Except for Windows, 99% of the successful "hacking" penetrates the system via the user -- not the computer.  DOD was "hacked" when a guy sprinkled infected thumb drives in the parking lot and someone was naive enough to pick one up, put it in his PC.  The PC has an auto launch "feature" and -- boom -- it was infected.

I don't think anyone who is serious claims that Mac (Unix) is bullet proof.  But Unix did originate under the assumption that there would be multiple users on the same system.  Windows did not start out with that assumption and so it suffered (still suffers?) from that past.

I like how the Mac asks you a few questions every once in a while like "You just downloaded this, do you really want to launch it?"

To summarize, you could be infected if you downloaded something that was tainted, trusted it, and launched it.  That is not a virus or a computer failure but a user and a trust failure (you trusted someone who was not trustworthy).  I don't think anyone on this list argues that that is not easy to do.  They are arguing that that isn't a virus (and its not).

On that note, I do not use my admin account much at all.  So, if I screwed up and trusted something that was infected, my user account could get hosed up but the machine itself would not.


----------



## Randy Singer (May 23, 2010)

starhorsepax said:


> So I hear all this about mac viruses and malware being rare, but I got this weird message from my internet browser about unusual high internet usage "You may have a blaster virus".



The Blaster virus is a Windows virus, not a Macintosh virus.

What you encountered was most likely a scareware pop-up, trying to get you to purchase (Windows) anti-virus software.  You can turn pop-ups off in your browser, or you can just safely ignore such scareware.

There are no actual viruses for OS X, no matter what anyone tells you.  There are a handful of Trojan Horses, but they are so rare that you probably couldn't find one if you went looking for one.

Here is an excellent new Web site on the topic of Macintosh malware:
http://www.reedcorner.net/thomas/guides/macvirus/
...and an associated
Macintosh Malware Catalog
http://www.reedcorner.net/thomas/guides/macvirus/malware_catalog.shtml

You will note that, in the  list of malware for the Mac, above, there are only a couple of threats that make it as high as achieving a "Low" risk rating.  Those risks are handled by anti-malware software that is now included in OS X 10.6:
http://www.macworld.com/article/142457/2009/08/snowleopard_malware.html

Until there is a real threat to the Macintosh, using anti-virus software is likely to be more problematic on your Macintosh than any malware you might come across. Your best defense for now is to have a good archival backup for your data.


----------



## starhorsepax (May 24, 2010)

Thanks for the tips. The message about blaster is coming from an embarq service message, its not a pop up, it's a redirect -very annoying as it can't be disabled. I have to quit browser and all to get it to leave. If  I even open the other browser when it's open that one gets it too.
I really  would like a better backup for my macbook before I add anti virus or something, since right now it's sharing an external drive-can't be reformatted for Time machine-with my old imac. I do suspect I may need something given all the freeware (I do check reviews and security of sites first) and the fact that it's in contact with a less than trusted pc and network (at least I'm not impressed with them. I've had files vanish off both flash and main network in spite of their antivirus, with no apparent reason.)


----------



## itezyonline (Jun 17, 2010)

It is not possible that virus will be on Operating System, but when your system will be effected from viruses than may be chance that it can effect of operating system as well. So anti-virus software should be install in your system all the time.

Thanks
itezy


----------



## BreatheCarolina (Jun 25, 2010)

Just read this article, Apple secretly updates Mac malware protection.

Its still not a virus but interesting nonetheless. I didn't believe it at first but then I checked the Xprotect.plist myself and it is fact. Its kinda funny that Apple didn't mention it in the release notes. Any of you ACMTs on here know why Apple was keeping it hush-hush other than marketing reasons?


----------



## Randy Singer (Jul 4, 2010)

BreatheCarolina said:


> Just read this article, ...Any of you ACMTs on here know why Apple was keeping it hush-hush other than marketing reasons?





Apple just about never comments on any of their security updates, beyond occasionally admitting that an update is a "security update."  They have never even admitted that there is anti-malware protection included in OS X 10.6 and later.  Why would they tell us that they have updated that protection feature when they have never even told that it exists?

Apple probably figures that users don't really need to know what is in a security update, and that virus writing sociopaths don't need to know what it is that they are trying to defeat.


----------



## wouldrichest (Jul 11, 2010)

chevy said:


> There is a complete article about security on MacOS X in the March issue of MacWorld
> http://www.macworld.com/2005/02/features/macsecurityhome/index.php
> 
> Statements:
> ...



it should be noted that any Windows virii/spyware that you get in VirtualPC will be limited to the VirtualPC operating system, and cannot, in any way, damage or affect your Mac OS X system. At the worst, your Virtual OS will be kaput and will have to be deleted and re-installed, but OS X and your hardware will be absolutely fine.


----------



## Randy Singer (Jul 11, 2010)

wouldrichest said:


> Quote:
> Originally Posted by chevy
> There is a complete article about security on MacOS X in the March issue of MacWorld
> http://www.macworld.com/2005/02/feat...home/index.php



That article is from 2005, and I believe that it was semi-misguided even back then.




wouldrichest said:


> Statements:
> 1) Virus may also come on MacOS X, even if currently there is no known virus infection on our plateform.


They *may* come.  On the other hand, OS X has now been out for over 8 years.  For eight long years Windows apologists have been saying that there will be lots of viruses for OS X any day now.  The next true virus for OS X will be the first.  

Here is an excellent new Web site on the topic of Macintosh malware &#8232;that you might find edifying:&#8232;http://www.reedcorner.net/thomas/guides/macvirus/&#8232;&#8232;
...and an associated Macintosh Malware Catalog&#8232;http://www.reedcorner.net/thomas/guides/macvirus/malware_catalog.shtml

Meanwhile there are literally millions of viruses for Windows.
http://vil.nai.com/vil/default.aspx



wouldrichest said:


> Therefore it is not a bad idea to have antivirus SW on your Mac with uptodate definitions.



Anti-virus software for OS X doesn't work that way.  To provide protection against a specific viral threat, OS X AV software requires that the AV software developer have a copy of the virus, and that they create an update to their AV software to detect and deal with that virus.  No Macintosh AV software provides protection against as-yet unknown threats.  So,  owning AV software now won't protect you automatically against any as-yet unknown viruses.  There is no reason to purchase AV software until there is a threat that has been identified. 



wouldrichest said:


> 2) If you use VPC you are vulnerable to Windows viruses.



Well, first VirtualPC no longer exists.  It was for PowerPC-based Macs only, and Apple stopped making PowerPC-based Macs over 3 years ago.

Modern Macs can run Windows under virtualization with Fusion, Parallels, or VirtualBox.  Or using Bootcamp.  When you run these products, you are indeed vulnerable to most, but not all, Windows viruses.

However, it is easy to avoid Windows viruses completely when you run Windows on your Macintosh, with no need for any AV software whatsoever.  

The vectors through which you can become infected with a Windows virus is either via the Internet (including e-mail), or by sharing media with other Windows users.  

Most Mac users running Windows only do so to run one or more mission critical applications that are Windows only.  The Macintosh has excellent native programs to access the Internet.  So, if you only access the Internet using Mac programs, and you don't share software with other Windows users, your chances of contracting a Windows virus are just about nil.



wouldrichest said:


> 3 _my statement_) There are other risks... the first one being the risk to lose your data due to hardware problems. Therefore it is a very good idea to backup your data on a regular basis.



Yes, very true.  



wouldrichest said:


> it should be noted that any Windows virii/spyware that you get in VirtualPC will be limited to the VirtualPC operating system, and cannot, in any way, damage or affect your Mac OS X system. At the worst, your Virtual OS will be kaput and will have to be deleted and re-installed, but OS X and your hardware will be absolutely fine..



Very true with respect to virtualization.  However, as stated above, VirtualPC is now a defunct product.


----------



## Doctor X (Jul 12, 2010)

So the sky is still not falling down.

--J.D.


----------



## MIKA2 (Jul 26, 2010)

no,it is not true to  ignore the viruses.the usefull thing which you cand make is to install a good antivirus.I recommend you a rewiev of the 10 important antiviruses ------
hope you enjoy it


----------



## ElDiabloConCaca (Jul 26, 2010)

Thanks for giving us a list of 10 anti-virus software packages -- none of which run on Mac OS X.

Your post was not "enjoyable," nor was it informative at all.  Every bit of information you have given us has been covered numerous times in the last 52 pages of this thread.  I highly recommend reading through the entire thread to make sure what you're contributing has not already been covered.

Not to mention any website with an originating country of Columbia is not to be trusted.  Sorry, nothing against Columbians -- but Columbian websites are usually not to be trusted... especially in terms of software that is decidedly US-based.


----------



## Doctor X (Jul 27, 2010)

. . . and I reported the website for spamming fora.

--J.D.


----------



## Rhisiart (Aug 2, 2010)

I assume this is a Windows virus?


----------



## Doctor X (Aug 2, 2010)

I do not know if it is a virus.  *Clam* also detects phishing attempts based on the e-mail.

--J.D.


----------



## ex2bot (Aug 2, 2010)

It amazes me how large this thread is, concerning something that doesn't exist (Mac OS viruses, that is)! Am I wrong? I haven't yet seen reports of a virus. A few worms, several trojans, no viruses. 

(BTW, I keep getting emails because I'm subscribed to this thread. I've got to stop being lazy and unsubscribe!)


----------



## Rhisiart (Aug 2, 2010)

Doctor X said:


> I do not know if it is a virus.  *Clam* also detects phishing attempts based on the e-mail.


Can you explain JD?



ex2bot said:


> It amazes me how large this thread is, concerning something that doesn't exist (Mac OS viruses, that is)! Am I wrong? I haven't yet seen reports of a virus. A few worms, several trojans, no viruses.


Yes, but it's a fatalistic thing, i.e. too good to be true. Those that see the glass half full probably don't venture into this thread.


----------



## nixgeek (Aug 2, 2010)

Rhisiart said:


> Can you explain JD?
> 
> 
> Yes, but it's a fatalistic thing, i.e. too good to be true. Those that see the glass half full probably don't venture into this thread.



The thing is that viruses per se are kind of a relic in this day and age.  There's no gain in destroying someone's data.  The interest nowadays is to acquire your personal information for monetary gain.  This is why we see more rootkits and trojans than we do viruses on any platform, and it's more a matter of duping the user into giving permission to install and run covertly without them being alerted that something's wrong.  That kind of intrusion is pretty much possible on any platform since the user is really the weakest link.


----------



## Doctor X (Aug 3, 2010)

Rhisiart said:


> Can you explain JD?



Long story short, for amusement I will go after scammers and frauds with a fake e-mail address.  This means that one "crap" e-mail address gathers a lot of . . . well . . . _crap_: from the various "viagra" ads to the 419 scams.  Along with this, I will get phishing attempts.

*Clam* will pick up on those e-mails in your *Mail* program.  It reads the phishing attempt, methinks.  I state this because the ones that triggered *Clam* do not contain a virus nor point to a webpage that has viruses.  It just recognizes it as "dangerous."

That does not mean I do not get the occasional e-mail with an attached Beastie that affects PCs 

--J.D.


----------



## lenco12 (Sep 16, 2010)

ElDiabloConCaca said:


> ...it should be noted that any Windows virii/spyware that you get in VirtualPC will be limited to the VirtualPC operating system, and cannot, in any way, damage or affect your Mac OS X system.  At the worst, your Virtual OS will be kaput and will have to be deleted and re-installed, but OS X and your hardware will be absolutely fine.



The virus can also attack any file that can be accessed from the VPC environment, and this can be your whole Mac if you open it to VPC. Of course the virus will not reproduce on MacOS, but it still can delete files.

Another "agonstic" virus type is made of the M$ Office macro viruses. These are based on Office and not on the underlying OS.

_________________


----------



## Randy Singer (Sep 16, 2010)

On Sep 16, 2010, at 6:47 AM, macosx.com wrote:

>>Another "agonstic" virus type is made of the M$ Office macro viruses. 
>>These are based on Office and not on the underlying OS.

Microsoft macro viruses are dead easy to avoid.  One just has to turn on "Macro Virus Protection" in Word and Excel.

If you have Office 2008 you don't even have to do that.  Since that version of Office doesn't include Visual Basic, it can't run Visual Basic macros.

More information:
http://kb.iu.edu/data/agzk.html

Also, there are perfectly good versions of Word and Excel for the Macintosh.  There is little to no reason to run them on your Macintosh under Windows.
http://www.mactopia.com


----------



## Rhisiart (Sep 29, 2010)

Do I need anti-virus software on my Mac OS?

I am a sober user of the Internet (no porn, bit-torrent, illegal software downloads etc).

P.S. I have anti-virus for Windows 7 when using Bootcamp.

I suppose I am looking for a simple No or Yes answer.


----------



## ElDiabloConCaca (Sep 29, 2010)

No.


----------



## Randy Singer (Sep 29, 2010)

Rhisiart said:


> Do I need anti-virus software on my Mac OS?
> 
> I am a sober user of the Internet (no porn, bit-torrent, illegal software downloads etc).
> 
> ...



The overwhelming majority of Macintosh users don't use anti-virus software.

Here is an excellent up to date Web site on the topic of Macintosh malware &#8232;that you might find illuminating:&#8232;
http://www.reedcorner.net/thomas/guides/macvirus/

...and an associated Macintosh Malware Catalog&#8232;http://www.reedcorner.net/thomas/guides/macvirus/malware_catalog.shtml

You will note that, in the* list of malware for the Mac, above, there are no actual "viruses" (malware that is self-replicating and/or self installing), and there are only a couple of threats that make it as high as achieving a "Low" risk rating.* Those risks are handled by anti-malware software that is included in OS X 10.6:
http://www.macworld.com/article/142457/2009/08/snowleopard_malware.html

Until there is a serious threat to the Macintosh, using anti-virus software is likely to be more problematic on your Macintosh than any malware you might come across. Your best defense for now is to have a good archival backup for your data.


----------



## fryke (Sep 30, 2010)

... which is taken care of if you use TimeMachine.


----------



## ElDiabloConCaca (Oct 1, 2010)

The Macarena virus never got past "proof of concept" stage and was first reported almost 4 years ago.  In total, it affected less than 50 computers worldwide.  It is not, nor will it be, a threat to OS X.

Not only that, but it is not a "very harmful Mac virus" -- Symantec lists it as having "low" damage level with "easy" containment and "easy" removal.

http://www.symantec.com/security_response/writeup.jsp?docid=2006-110217-1331-99

By the way, loved you on "Charles in Charge."  Whatever happened to your sister?


----------



## Dyldjian (Oct 10, 2010)

Hi, this might be a stupid question, but today when I switched on my mac (Leopard 10.5.8 Power Mac G5) a little partially transparent rectangle opened up with a big yellow triangle with an exlamation mark in it, and next to it it says, "Your Mac's disk space is being wasted by junk files. Clean your mac now!" with the option to "ignore", "Ok", or the little "X" in the corner.

Ive been a mac user for a couple of years now and never seen it before. Is this built into Leopard? or is it from another program, or malware? any ideas? just seems a little suspicious to me...


----------



## Doctor X (Oct 10, 2010)

You know, I do not have an answer, but you may wish to open *Activity* and see what is running/what programs are running.  Make a list.  A proper Guru may then be able to tell you is something is running that should not be running.  I am not aware of that at all, but I tended to keep my Mac clean 

--J.D.


----------



## Randy Singer (Oct 10, 2010)

Dyldjian said:


> Hi, this might be a stupid question, but today when I switched on my mac (Leopard 10.5.8 Power Mac G5) a little partially transparent rectangle opened up with a big yellow triangle with an exlamation mark in it, and next to it it says, "Your Mac's disk space is being wasted by junk files. Clean your mac now!" with the option to "ignore", "Ok", or the little "X" in the corner.
> 
> Ive been a mac user for a couple of years now and never seen it before. Is this built into Leopard? or is it from another program, or malware? any ideas? just seems a little suspicious to me...



I don't think that this is part of Leopard, and I don't think that it is malware.  I think that it is a pop-up ad.  And I'm willing to bet that you had a Web browser open.  Correct?

To stop this from happening in the future, if you are using the Safari browser, do this:
In Safari:
Safari menu --> Block Pop-Up Windows  (Make sure that it is checked.)

Here is a list of all of the malware for Mac OS X:
http://www.reedcorner.net/thomas/guides/macvirus/malware_catalog.shtml
You don't  have anything there.


----------



## Dyldjian (Oct 11, 2010)

Hi, no I didnt have a web browser opened, it appeared as soon as leopard loaded up. it looks nothing like a window. ive attached images of it, it changes slightly with a mouse rollover.

heres all my processes. Can anyone decipher this?

ID     Process Name              User        CPU      RSIZE            VSIZE
0      kernel_task               root       3.0      142.07 MB       1.12 GB          
1      launchd                   root       0.0      584.00 KB       586.72 MB        
12     kextd                     root       0.0      1.25 MB         586.16 MB        
13     DirectoryService          root       0.0      3.35 MB         588.79 MB        
14     notifyd                   root       0.0      488.00 KB       586.14 MB        
15     syslogd                   root       0.0      480.00 KB       587.21 MB        
16     configd                   root       0.0      1.92 MB         587.69 MB        
17     mDNSResponder             _mdnsrespo 0.0      1.21 MB         587.47 MB        
21     securityd                 root       0.0      1.72 MB         587.28 MB        
22     distnoted                 daemon     0.0      760.00 KB       585.56 MB        
26     coreservicesd             root       0.0      13.05 MB        600.48 MB        
27     diskarbitrationd          root       0.0      1.00 MB         585.66 MB        
43     ntpd                      root       0.0      868.00 KB       586.11 MB        
44     usbmuxd                   _usbmuxd   0.0      1.43 MB         6.57 GB          
45     update                    root       0.0      292.00 KB       585.54 MB        
46     SystemStarter             root       0.0      684.00 KB       585.58 MB        
50     mds                       root       0.0      133.10 MB       830.30 MB        
51     loginwindow               apple      0.0      5.54 MB         679.15 MB        
52     KernelEventAgent          root       0.0      652.00 KB       585.65 MB        
53     kdcmond                   root       0.0      996.00 KB       585.70 MB        
55     hidd                      root       0.0      600.00 KB       586.09 MB        
56     fseventsd                 root       0.0      1.65 MB         593.67 MB        
58     dynamic_pager             root       0.0      700.00 KB       585.58 MB        
64     autofsd                   root       0.0      676.00 KB       585.59 MB        
65     socketfilterfw            root       0.0      1.56 MB         585.91 MB        
66     WDDriveManagerSe          root       0.0      976.00 KB       586.27 MB        
71     krb5kdc                   root       0.0      1.38 MB         586.03 MB        
74     WindowServer              _windowser 24.5     79.12 MB        883.16 MB        
79     launchd                   apple      0.0      544.00 KB       585.72 MB        
91     HWPortCfg                 root       0.0      1.02 MB         586.59 MB        
92     HWNetCfg                  root       0.0      1,020.00 KB     586.66 MB        
93     EmagicA26A62mFW           root       0.0      612.00 KB       586.96 MB        
94     qmasterd                  root       0.0      4.02 MB         602.60 MB        
101    qmasterd                  root       0.0      4.27 MB         602.67 MB        
105    Helper                    apple      0.0      14.05 MB        727.71 MB        
107    AirPort Base Station Agen apple      0.0      2.86 MB         700.08 MB        
111    Spotlight                 apple      0.0      4.80 MB         672.80 MB        
112    UserEventAgent            apple      0.0      3.47 MB         592.58 MB        
114    Dock                      apple      1.1      14.54 MB        723.83 MB        
115    ATSServer                 apple      0.0      6.33 MB         644.90 MB        
116    pboard                    apple      0.0      580.00 KB       586.59 MB        
117    SystemUIServer            apple      0.0      9.24 MB         733.54 MB        
118    Finder                    apple      0.0      12.66 MB        743.85 MB        
130    coreaudiod                root       0.0      3.11 MB         590.05 MB        
138    WDDriveManagerStatusMenu  apple      0.1      9.88 MB         730.84 MB        
139    iTunes Helper             apple      0.0      2.29 MB         656.96 MB        
141    RealPlayer Downloader Age apple      0.2      2.93 MB         667.98 MB        
143    RPDLAgentHelperJ          root       0.0      12.88 MB        598.78 MB        
158    DashboardClient           apple      0.0      16.53 MB        737.83 MB        
159    DashboardClient           apple      0.0      14.10 MB        719.82 MB        
160    DashboardClient           apple      0.0      12.17 MB        735.16 MB        
168    Firefox                   apple      9.7      164.82 MB       955.38 MB        
231    RealPlayer Downloader     apple      1.1      17.19 MB        747.82 MB        
425    mdworker                  apple      0.0      6.39 MB         652.21 MB        
459    Photoshop                 apple      1.7      136.26 MB       1.03 GB          
460    AdobeCrashDaemon          apple      0.0      1.42 MB         586.61 MB        
474    Activity Monitor          apple      14.0     12.32 MB        753.50 MB        
475    pmTool                    root       1.6      1.28 MB         595.66 MB        
477    Stickies                  apple      0.0      6.86 MB         731.28 MB        
481    AppleSpell.service        apple      0.0      1.90 MB         601.67 MB        
487    nmblookup                 apple      0.0      1,008.00 KB     19.54 MB


----------



## Doctor X (Oct 11, 2010)

Not to appear a complete thickie, but if you have no browser open, why is *Firefox* running?  Are you sure the program is not running and you just have windows closed/minimized?

--J.D.


----------



## Dyldjian (Oct 11, 2010)

ok, firefox is running in that list because I was on this forum at the time.
this wierd junk files thing started as soon as my mac booted up, before I loaded firefox.


----------



## ElDiabloConCaca (Oct 11, 2010)

Have you installed any software like MacKeeper, or any kind of useless "maintenance" software that claimed to "optimize," "speed up," "defragment," or "clean" your Mac?


----------



## Dyldjian (Oct 12, 2010)

well, I think its pretty fair to say that I'm an idiot. yes macKeeper was installed, and yes that's exactly what it was. I just didn't think of it because it was installed weeks ago and only just started doing this yesterday. sorry for wasting everyones time.


----------



## Satcomer (Oct 31, 2010)

Well SecureMac has is a warning called Boonana Trojan Horse
trojan.osx.boonana.a and then released a free removable tool called Boonana Trojan Horse Removable Tool.

I however have never heard of this in the wild.


----------



## Randy Singer (Nov 9, 2010)

There is a new tool that allows anyone to easily hack into your Web accounts (e.g. Facebook) when you use an open Wi-Fi network, such as at Starbucks or an airport. It is called FireSheep. FireSheep is effective when you use your Macintosh, your iPhone, your iPad, or your iPod Touch:
<http://www.usaliveheadlines.com/1708/firesheep-allows-anyone-to-hack-facebook-twitter-over-wifi.htm>

There are two ways to deal with this. The first is to use a VPN (virtual private network). The second is to use a free Firefox add-on called BlackSheep to alert you to the presence of FireSheep. Here are two articles that will give you details on both:
http://mashable.com/tag/firesheep/


People using any browser are susceptible:
<http://dailyator.com/how-to-guard-yourself-and-your-mac-from-firesheep-and-wi-fi-snooping/74248/>
or
http://is.gd/gSOeN

How to protect yourself:
<http://www.tuaw.com/2010/10/26/how-to-guard-yourself-and-your-mac-from-firesheep-and-wi-fi-snoo/>
or
http://is.gd/gSOpH


----------



## jenny433 (Apr 22, 2011)

chevy said:


> You may also considere this article about Mac security
> http://www.informit.com/articles/article.asp?p=335882



You can get the same Windows viruses in VPC but I'd consider that a really rare occurence. For the useage that VPC gets, there's a lot less risk of infection. You don't normally use it all day surfing the net, checking email etc. The usual usage pattern of VPC is to run some niche program for a few hours at a time.


----------



## Satcomer (May 3, 2011)

New MACDefender malware discovered for OS X

Also if you read the article MAC Defender Rogue Anti-Virus Analysis and Removal (even though they spelt Mac wrong!)


----------



## Satcomer (May 25, 2011)

Yet another turn: Intego: New variant of Mac Trojan horse doesn't require a password. 

To help protect your self to this Trojan run is to open Safari, then go to Safari's Preferences - General tab and uncheck the box for  "Open Safe files after downloading ...". The Trojans exploit this box being checked.


----------



## Satcomer (May 29, 2011)

Another scam is rearing it's ugly head and you can read about it in the article ChronoPay Fueling Mac Scareware Scams.  As Mac users we need to start be suspicious of things like this scam.


----------



## vaelors (Oct 8, 2011)

Thanks for information!


----------



## Satcomer (Oct 20, 2011)

Well I have come access a manual fix for theTrojan-Downloader:OSX/Flashback.C. It's really good information from F-Secure to find out if you were suckered in this Trojan.


----------



## Satcomer (Nov 1, 2011)

There is another *Trojan* making it's way across PTP bit Torrent files. It is called the DevilRobber.  So be careful and only trust files from people you actually know and are expecting.


----------



## fazlurrehman (Nov 14, 2011)

I also accept this that OS X is very strong as far as Virus attack is considered


----------



## Satcomer (Nov 14, 2011)

fazlurrehman said:


> I also accept this that OS X is very strong as far as Virus attack is considered



OS X doesn't get virus attacks. OS X users are only hit by Trojans. An OS x user must give their username & password to a Trojan for it to install. 

One trick is if you use Safari is to go Safari's Preferences and uncheck the box for "Open "safe" files after downloading". This will stop Trojans from unpacking automatically when visiting a nefarious web site.


----------



## g/re/p (Nov 15, 2011)

When booted into windows os on an intel processor macintosh computer, would windows be considered a virus?


----------



## jebratt (Dec 21, 2011)

I know is the a thread about this already but I am wondering if anyone can suggest a good (and preferably free) software application for my Mac (I am using an older MacBook with OS 10.4.8) and have a virus on my machine.  I did not think that Macs were prone to such things but I am anxious to resolve the matter as the virus is emailing everyone on my contact list and spamming them...Thanks in advance!!


----------



## SGilbert (Dec 21, 2011)

That's NOT a virus, just a stolen email password!  CHANGE your password now.


----------



## jebratt (Dec 21, 2011)

thanks... I just did that this morning so I am hoping that such actions prove sufficient...


----------



## ElDiabloConCaca (Dec 21, 2011)

jebratt said:


> I know is the a thread about this already but I am wondering if anyone can suggest a good (and preferably free) software application for my Mac (I am using an older MacBook with OS 10.4.8) and have a virus on my machine.  I did not think that Macs were prone to such things but I am anxious to resolve the matter as the virus is emailing everyone on my contact list and spamming them...Thanks in advance!!



There isn't a single virus available for Mac OS X.

There are some _trojans_ available, but none that do anything like what you're describing.

A remote possibility is that you have the DNSChanger trojan.  Were you ever asked, when visiting a web page, to download and install some "Quicktime Codecs" to properly view the page?  If so, did you?  If so, you were tricked.  Try using the free DNSChanger removal tool here:

http://www.dnschanger.com/

Are you absolutely sure you're infected?  More than likely, if what you're describing is actually happening (spamming address book contacts), is that someone has obtained access to your MobileMe/.Mac/iCloud account and is using your email address and spamming your contacts.  This is not the result of any kind of infection on your Mac, and the remedy is to simply change your MobileMe/.Mac/iCloud password.

Password security is a whole 'nother discussion altogether, but a good rule of thumb for picking a strong password is that if you can remember the password you've picked from memory after having typed it less than 50 times, you have picked an absolutely horrible password.  Pick again until you can't remember your own password and must read it off of the paper you wrote it down on.


----------



## jebratt (Dec 21, 2011)

Thanks for your assistance and I have changed my password for various accounts which I hope will help matters... I will also visit the website you mentioned and see if the tool works as I am very eager to fix things as soon as possible... In answer to your question, I really do not remember visiting any sites that requested such information so I think the issue is that someone has logged into my account... 

Once again, please accept my sincere appreciation for your prompt response...this is very useful site!!


----------



## Giaguara (Dec 22, 2011)

One of the relatively common ways of stealing a user's login and account details I see every now and then in Facebook. When you click on any page or any link from/in Facebook, it should _not_ show another Facebook login to see anything. If you are logged in in Facebook and see something asking you to log in your Facebook account again, it's a scam. And if you find a page, a link etc that does that report it to FB.

And bewared of it also when browsing on mobile devices - and when you do log in to FB or any other site you have an account on, double-check the full URL on your phone. As on a phone you usually just see the beginning, it might well start Facebook.com.something.something.somethingelse.somedomain.xx - just like they have been trying for years with bank accounts.


----------



## Doctor X (Apr 5, 2012)

I know . . . malware does not mean viruses, but I have PC Heads screaming at me about it:



> Flashback is a family of Mac OS malware that appeared in September 2011. Older Flashback versions relied on social engineering tricks to infect computers, but the latest variants are distributed via Java exploits that don't require user interaction.
> 
> On Tuesday, Apple released a Java update in order to address a critical vulnerability that's being exploited to infect Mac computers with the Flashback Trojan horse.
> 
> ...








Comments? I am stuck in the Land of Slowz Interwebz which is making commenting/searching a bit tedious. Yes, I know, PC "gots BAZILLIONS of TROJANS!!11!"

After an HOUR of slow loading pages I found an earlier--and better--article:

http://reviews.cnet.com/8301-13727_...es-to-exploit-unpatched-java-vulnerabilities/

which seems to suggest the bastard does not work on *Lion*. Granted for those of us who do not run *Lion*





--J.D.


----------



## Giaguara (Apr 5, 2012)

That flashback trojan has got a bunch of attention since yesterday. I'd say it's a problem primarily with _Java_ platform than with Mac OS X...


----------



## Doctor X (Apr 5, 2012)

Understood, of course the _Solo-PC'rs_ are trumpeting the "MACS ARE NOT SAFE" claims. Leaving aside the obvious fact that security remains a user responsibility for both Mac and PC, is there any method of "cleaning" the Trojan and/or rebuttal to such partisans?

Working on an incredibly poor connection in my travels, so it is taking forever to search.

On second thought, never mind. I just realized I have no reason to waste my time with helping such people.

--J.D.


----------



## Satcomer (Apr 6, 2012)

I just read the article Mac Flashback malware: What it is and how to get rid of it (FAQ). I tried it just to make sure I wasn't affected and I urge everyone try to see if they are infected.

Plus Apple today out a version 2 (April 5, 2012) off the Java Update so check your Software Update again. It is just updated because of Disk unpacking bug on some Macs.


----------



## Giaguara (Apr 6, 2012)

Essentially, like in http://osxdaily.com/2012/04/05/how-to-check-for-the-flashback-trojan-in-mac-os-x/:



> Launch Terminal (found in /Applications/Utilities/) and enter the following commands:
> _defaults read /Applications/Safari.app/Contents/Info LSEnvironment_
> 
> If you see a message like &#8220;The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist&#8221; proceed to the next defaults write command:
> ...



I still smell BS statistics and scare tactics deployed by anti-virus companies for the numbers telling that "several hundred thousand older Macs have been affected". 

Sort of the same type of numbers and mutant statistics that a while back mentioned how an average woman _eats_ 4-7 lb of lipstick in her lifetime. When you break back the numbers of how much an average woman "eats" lipstick a year, it would come to at least 1.5 oz which would be, if the lipstick are the same size as average lip balms, count to 10 lipsticks. A year. So a lipstick a month, _eaten_ and not used as a lipstick? 
Just based on how much lipstick is reported sold does not count that the women _eat_ it all. 
Just because there are several hundred thousand older Macs around it does not mean they were all affected, or even that would all have had laid-back java settings in them. 

Anyway. Back to vulnerabilities and potential vulnerabilities... they still pretty much remain the same on Macs:

1. Java (aka Java platform - not a Mac OS X specific issue)
2. Javascript (aka a Javascript issue - not a Mac OS X specific issue)
3. Flash (aka a Flash issue - definitely not a Mac OS X specific issue)
4. Microsoft Office macros (aka a MS issue - not a Mac OS X specific issue)
5. Trojans and other bad stuff downloaded/installed by user - these have been often from some weird P2P program (user issue)
6. User issues (command line acrobatics, allowing a child to use an administrator account, user removing some stuff they shouldn't, using a rotten AppleScript or Automator script, or installing something themselves - user issues)
7. User settings, or sometimes default settings (e.g. automatic login, using an administrator account for everything, having bad passwords) <-- these are potential hazards if the Mac gets to wrong hands
8. Mac OS X settings (e.g. in 10.7 no admin password is no longer required for system updates... that Software Update downloads from Apple's site) <-- some of these could have some potential


----------



## Satcomer (Apr 12, 2012)

Apple today released trough Software update a third Java update that removes the Trojan plus turn of auto running Java Applelets unless you put a checkmark in /Applications/Utilities/Java Preferences.app. You can read about it at the MacWorld article New Java update from Apple removes Flashback malware. So check your Software Update today.


----------



## Satcomer (Apr 15, 2012)

Well today there is a new Java exploit affecting Macs again. Read the article Sabpab, new Mac OS X backdoor Trojan horse discovered and parroted by Forbes article New Mac OS X Backdoor Trojan Discovered. 

As the article mention I checked /YourUserName/Library/Preferences/ for the files com.apple.PubSabAgent.pfile & /Library/LaunchAgents/com.apple.PubSabAGent.plist and both were there. So I am not sure but I Securely Deleted them just in case. 

So you all should better check also and go into Safari's Preferences, Security and turn off Java for now since this is how bad people are exploiting Macs right now.


----------



## Doctor X (Apr 15, 2012)

Are you sure you did not find com.apple.PubS*U*bAgent.plist?

The reason I mention that is some might, in searching for these, may misread the "u" for an "a."

--J.D.


----------



## MrEnigma (Aug 23, 2012)

Not that it will be very visible on page 58, but i just wanted to contest the "No virus on OS X" claim.  Exploits have been available since 2003.

Have a look http://www.exploit-db.com/platform/?p=osX


----------



## Doctor X (Aug 23, 2012)

But they are not vira.

--J.D.


----------



## Randy Singer (Sep 3, 2012)

The topic of viruses comes up all the time.  There is a comprehensive list of all of the malware for Mac OS X, which is kept meticulously updated, here:

http://www.reedcorner.net/mmg-catalog/

This list is maintained by someone who isn't biased, in that he isn't 
trying to sell you anti-virus software.
On the far left of this list each piece of malware is rated for its 
"threat level."

Note that there currently are no actual "viruses" (defined as self-propagating malware) in the wild for the
Mac. Most of the malware are Trojan Horses which can be avoided by 
simply keeping vigilant.
Also note that of the handful of malware that exists, just about all 
of it is of little or no concern.

The vast majority of Mac users do without any anti-malware software.  However, if you want something economical to scan for viruses, this is free and very effective, and it won't bog down your Mac:

Clam X Anti-Virus (Free)
http://www.clamxav.com


----------



## cleo (Oct 24, 2012)

what is a good anti virus software?... if there is a free one that would be even better... i need to install one ASAP...
thanks for any help...Also.. whats your opinion about Java?


----------



## DeltaMac (Oct 24, 2012)

You can likely find the answers to your questions by looking through the rest of this thread (now 59 pages)

Java is the most actively pursued conduit for potential threats, at least on OS X
Use it, and realize there are possible risks

there's a few free AV choices in my post in your own previous thread: http://macosx.com/forums/mac-os-x-server/321784-free-anti-virus-software.html#post1525422

I wouldn't PAY for antivirus software, or leave it enabled full-time. I haven't found any antivirus software for the Mac that I could describe as being "good" - I am still too close to believing that the "anti-virus" companies create (and distribute) the viruses (virii?), particularly those with home offices in other countries. It's in their interest to "find" viruses - but, how often do we first hear about viruses from the folks that claim to protect the users (us!). There's a hazy underworld there, that I am not completely convinced about.
I have no facts to back that up, but it's just a 'feeling' that I acknowledge.


----------



## Satcomer (Oct 24, 2012)

cleo said:


> what is a good anti virus software?... if there is a free one that would be even better... i need to install one ASAP...
> thanks for any help...Also.. whats your opinion about Java?



IMHO don't install JAVA unless you absolutely need it. It almost daily has a security concern.

Plus go to MacUpdate and do search for a MacUpdate search for antivirus and read the reader comments on the free programs to make your own decision. Then decide which one will fit your version of OS X.


----------



## Randy Singer (Oct 24, 2012)

cleo said:


> what is a good anti virus software?... if there is a free one that would be even better... i need to install one ASAP...



Why do you need one ASAP?  Is there a specific threat to the Macintosh that you are concerned about?  Or are you required to have AV software running at work?

This one is free, and it does a great job of finding all known Mac viruses:

ClamXav (free)
http://www.clamxav.com/

I wouldn't set it up to do automatic scans, though.  That way you can avoid any overhead that it takes up and/or any software conflicts.



cleo said:


> Also.. whats your opinion about Java?



Java is automatically uninstalled by the latest Apple update:
http://news.yahoo.com/apple-drops-java-experts-warn-mac-users-security-203354009--sector.html
Though you can still install the latest version from Oracle just by double-clicking on a report of a missing Java plug-in in your browser.  More info:

http://support.apple.com/kb/DL1572

http://news.yahoo.com/apple-drops-java-experts-warn-mac-users-security-203354009--sector.html

Java presents an hugely tempting vector for the introduction of malware.  However, there is a lot of popular software for the Mac that requires Java to run.  For instance:

LibreOffice, NeoOffice and OpenOffice
Evernote
GraphicConverter
Dreamweaver
Camino
Cyberduck
Flip4Mac
Emailchemy
Eudora OSE
PDF OCR
BRAdmin Light for Brother Printers
Xcode 
Postbox

Since the only Java-based malware that we have seen has been limited to browsers, it seems to me that it would be sufficient to turn off Java in your browser and leave it enabled for other applications.


----------



## Giaguara (Nov 7, 2012)

Another interesting article worth linking here

http://9to5mac.com/2012/11/05/use-sophos-antivirus-watch-out/



> Tim Bray notes a post on Neohapsis: http://archives.neohapsis.com/archives/fulldisclosure/2012-11/0032.htm
> 
> 
> 
> ...



So update if you were using Sophos, and if you're not, you might want to consider some AV that reacts a bit faster to openly reported exploits.


----------



## Satcomer (Nov 8, 2012)

Randy Singer said:


> For instance:
> 
> ... NeoOffice ....
> Evernote
> ...



These programs with their latest updates don't need Java any longer.


----------



## Louie55 (Feb 26, 2013)

A tool that might be useful in finding at least malware or adware is FSE:

http://www.scsc-online.com/FSE.html

WARNING: READ THE PRODUCT PROFILE FIRST - don't run out like a dingbat and just buy it if you don't know what it does, and read the "experience level" required to use it! If you don't understand Unix processes, filenames and paths, permissions, etc you won't have a clue what this thing is doing.

FSE is a file system events monitor. We use it during the installation of packages to track what's being installed on a system. I'm sure this has been mentioned in this thread, but malware/adware typically hides itself behind fake and often official looking names, like plist files, libraries, etc. etc.

There's a fairly well known (but somewhat questionable) product on the market that offers a "demo" version of what it does. When the demo period expires it demands credit card info. If you go ahead and click on the option to buy it and then opt out, the thing more or less creates a primary window demanding payment and won't let you access anything else on your system. Most people end up hitting and holding the power button.

We tested this as follows:

1. Monitor the installation w/FSE and let it record all file activity.
2. Set the computer to a manual date in the future so the expiration date of the demo with the adware/malware is over.
3. Reboot the system.
4. Start FSE in full logging mode to record everything.
5. Launch the demo program with the adware/malware.
6. Duplicate what a user is doing to create the problem.
7. When the system locks, push the power button and hold it to shut the system down.
8. Reboot.
9. Look at the FSE log file.

Typically the log file will show that when the "adware/malware" phase of the program kicks in, it starts doing things to its official looking binaries. They're typically one of the following:

1. An actual binary
2. A compressed application that it uncompresses and installs unknown to you
3. Launches the binary that locks up the system.

From this information, you'll be able to track down the offending binaries.

Some observations and warnings about using FSE are as follows:

1. This is NOT a tool for amateurs. If you don't understand Unix command line file paths, processes, commands, etc. you'll be sorry.
2. It's a direct interface to the kernel and it WILL bog your system down, probably to about 50% of its speed.
3. Avoid using it during Spotlight indexing. The FSE display is just an indicator. Spotlight can create files that are 10's of MB in a few seconds.
4. Don't leave it running for a prolonged time. Your log files will be gigabytes (that's not a joke).

FSE is log file oriented. You will also need to be able to read the log files it generates and understand them.

We find the product useful, but you've been warned!


----------



## Doctor X (Mar 1, 2013)

--J.D.


----------



## Satcomer (Jan 23, 2014)

I also just came across the warning New Digital Trojan signed Mail ware targeting Mac users.


----------



## jbarley (Jan 23, 2014)

I was convinced my system had contracted a virus, but it turned out to be something called "Mavericks 10.9"


----------



## Satcomer (Feb 13, 2014)

This is not so much OS X but for most users that use this cheap Linksys routers (that I despise). News Flash: Bizarre attack infects Linksys routers with self-replicating malware. So beware of this one if you use Linksys routers.


----------



## Satcomer (Feb 1, 2015)

For an update I came a crisis a Apple Supoort document Remove unwanted adware that displays pop-up ads and graphics on your Mac.

Plus to say again use the donationware AdwareMedic to remove more modern pieces of Trojans.


----------



## Randy Singer (Feb 2, 2015)

Satcomer said:


> For an update I came a crisis a App,e Supoort document Remove unwanted adware that displays pop-up ads and graphics on your Mac.
> 
> Plus to say again use the donationware AdwareMedic to remove more modern pieces of Trojans.



Thank you for pointing out that Apple support note, but AdwareMedic makes removing adware manually, and thus that document, irrelevant.

Just to be clear, Adware is generally not considered to be "malware".   Adware, though annoying, isn't at all malicious.

Also, there are malicious Trojan Horses, and there are adware Trojan Horses.  AdwareMedic will only handle the latter.

An update...the free anti-virus program, Avast, actually installs adware!  (So it might be a good idea to avoid it.)
http://www.thesafemac.com/avast-installs-adware/

Also, the previously entirely legitimate software download sites, Softonic and Download.com, now will infect you with adware when you download software from them:
http://www.thesafemac.com/mmg-defense/


----------



## Satcomer (Aug 29, 2015)

Well I found more routers are being attack in the article Some Routers Vulnerable to Remote Hacking.  Also pay attention to the article link article At least 700,000 routers given by ISPs are vulnerable to remote hacking .


----------



## Satcomer (Dec 26, 2015)

Well everybody that said that a certain aggressive Mac Virus Checker have been hacked, MacKeeper Users Exposed!


----------



## Doctor X (Dec 26, 2015)

I thought *MacKeeper* _was_ a virus. . . .






--J.D.


----------



## Satcomer (Dec 11, 2016)

To update this warning thread there is a new warning Mutiple Netgear routers are vulnerable to arbitrary command injection. So if you have one of this routers make your password super strong!


----------

