Viruses On Os X
- Thread starter Captain Code
- Start date
Not that it will be very visible on page 58, but i just wanted to contest the "No virus on OS X" claim. Exploits have been available since 2003.
Have a look http://www.exploit-db.com/platform/?p=osX
Have a look http://www.exploit-db.com/platform/?p=osX
Randy Singer
Registered
The topic of viruses comes up all the time. There is a comprehensive list of all of the malware for Mac OS X, which is kept meticulously updated, here:
http://www.reedcorner.net/mmg-catalog/
This list is maintained by someone who isn't biased, in that he isn't
trying to sell you anti-virus software.
On the far left of this list each piece of malware is rated for its
"threat level."
Note that there currently are no actual "viruses" (defined as self-propagating malware) in the wild for the
Mac. Most of the malware are Trojan Horses which can be avoided by
simply keeping vigilant.
Also note that of the handful of malware that exists, just about all
of it is of little or no concern.
The vast majority of Mac users do without any anti-malware software. However, if you want something economical to scan for viruses, this is free and very effective, and it won't bog down your Mac:
Clam X Anti-Virus (Free)
http://www.clamxav.com
http://www.reedcorner.net/mmg-catalog/
This list is maintained by someone who isn't biased, in that he isn't
trying to sell you anti-virus software.
On the far left of this list each piece of malware is rated for its
"threat level."
Note that there currently are no actual "viruses" (defined as self-propagating malware) in the wild for the
Mac. Most of the malware are Trojan Horses which can be avoided by
simply keeping vigilant.
Also note that of the handful of malware that exists, just about all
of it is of little or no concern.
The vast majority of Mac users do without any anti-malware software. However, if you want something economical to scan for viruses, this is free and very effective, and it won't bog down your Mac:
Clam X Anti-Virus (Free)
http://www.clamxav.com
DeltaMac
Tech
You can likely find the answers to your questions by looking through the rest of this thread (now 59 pages)
Java is the most actively pursued conduit for potential threats, at least on OS X
Use it, and realize there are possible risks
there's a few free AV choices in my post in your own previous thread: http://macosx.com/forums/mac-os-x-server/321784-free-anti-virus-software.html#post1525422
I wouldn't PAY for antivirus software, or leave it enabled full-time. I haven't found any antivirus software for the Mac that I could describe as being "good" - I am still too close to believing that the "anti-virus" companies create (and distribute) the viruses (virii?), particularly those with home offices in other countries. It's in their interest to "find" viruses - but, how often do we first hear about viruses from the folks that claim to protect the users (us!). There's a hazy underworld there, that I am not completely convinced about.
I have no facts to back that up, but it's just a 'feeling' that I acknowledge.
Java is the most actively pursued conduit for potential threats, at least on OS X
Use it, and realize there are possible risks
there's a few free AV choices in my post in your own previous thread: http://macosx.com/forums/mac-os-x-server/321784-free-anti-virus-software.html#post1525422
I wouldn't PAY for antivirus software, or leave it enabled full-time. I haven't found any antivirus software for the Mac that I could describe as being "good" - I am still too close to believing that the "anti-virus" companies create (and distribute) the viruses (virii?), particularly those with home offices in other countries. It's in their interest to "find" viruses - but, how often do we first hear about viruses from the folks that claim to protect the users (us!). There's a hazy underworld there, that I am not completely convinced about.
I have no facts to back that up, but it's just a 'feeling' that I acknowledge.
Satcomer
In Geostationary Orbit
IMHO don't install JAVA unless you absolutely need it. It almost daily has a security concern.
Plus go to MacUpdate and do search for a MacUpdate search for antivirus and read the reader comments on the free programs to make your own decision. Then decide which one will fit your version of OS X.
Randy Singer
Registered
Why do you need one ASAP? Is there a specific threat to the Macintosh that you are concerned about? Or are you required to have AV software running at work?
This one is free, and it does a great job of finding all known Mac viruses:
ClamXav (free)
http://www.clamxav.com/
I wouldn't set it up to do automatic scans, though. That way you can avoid any overhead that it takes up and/or any software conflicts.
Java is automatically uninstalled by the latest Apple update:
http://news.yahoo.com/apple-drops-java-experts-warn-mac-users-security-203354009--sector.html
Though you can still install the latest version from Oracle just by double-clicking on a report of a missing Java plug-in in your browser. More info:
http://support.apple.com/kb/DL1572
http://news.yahoo.com/apple-drops-java-experts-warn-mac-users-security-203354009--sector.html
Java presents an hugely tempting vector for the introduction of malware. However, there is a lot of popular software for the Mac that requires Java to run. For instance:
LibreOffice, NeoOffice and OpenOffice
Evernote
GraphicConverter
Dreamweaver
Camino
Cyberduck
Flip4Mac
Emailchemy
Eudora OSE
PDF OCR
BRAdmin Light for Brother Printers
Xcode
Postbox
Since the only Java-based malware that we have seen has been limited to browsers, it seems to me that it would be sufficient to turn off Java in your browser and leave it enabled for other applications.
Another interesting article worth linking here
http://9to5mac.com/2012/11/05/use-sophos-antivirus-watch-out/
So update if you were using Sophos, and if you're not, you might want to consider some AV that reacts a bit faster to openly reported exploits.
http://9to5mac.com/2012/11/05/use-sophos-antivirus-watch-out/
So update if you were using Sophos, and if you're not, you might want to consider some AV that reacts a bit faster to openly reported exploits.
Satcomer
In Geostationary Orbit
These programs with their latest updates don't need Java any longer.
A tool that might be useful in finding at least malware or adware is FSE:
http://www.scsc-online.com/FSE.html
WARNING: READ THE PRODUCT PROFILE FIRST - don't run out like a dingbat and just buy it if you don't know what it does, and read the "experience level" required to use it! If you don't understand Unix processes, filenames and paths, permissions, etc you won't have a clue what this thing is doing.
FSE is a file system events monitor. We use it during the installation of packages to track what's being installed on a system. I'm sure this has been mentioned in this thread, but malware/adware typically hides itself behind fake and often official looking names, like plist files, libraries, etc. etc.
There's a fairly well known (but somewhat questionable) product on the market that offers a "demo" version of what it does. When the demo period expires it demands credit card info. If you go ahead and click on the option to buy it and then opt out, the thing more or less creates a primary window demanding payment and won't let you access anything else on your system. Most people end up hitting and holding the power button.
We tested this as follows:
1. Monitor the installation w/FSE and let it record all file activity.
2. Set the computer to a manual date in the future so the expiration date of the demo with the adware/malware is over.
3. Reboot the system.
4. Start FSE in full logging mode to record everything.
5. Launch the demo program with the adware/malware.
6. Duplicate what a user is doing to create the problem.
7. When the system locks, push the power button and hold it to shut the system down.
8. Reboot.
9. Look at the FSE log file.
Typically the log file will show that when the "adware/malware" phase of the program kicks in, it starts doing things to its official looking binaries. They're typically one of the following:
1. An actual binary
2. A compressed application that it uncompresses and installs unknown to you
3. Launches the binary that locks up the system.
From this information, you'll be able to track down the offending binaries.
Some observations and warnings about using FSE are as follows:
1. This is NOT a tool for amateurs. If you don't understand Unix command line file paths, processes, commands, etc. you'll be sorry.
2. It's a direct interface to the kernel and it WILL bog your system down, probably to about 50% of its speed.
3. Avoid using it during Spotlight indexing. The FSE display is just an indicator. Spotlight can create files that are 10's of MB in a few seconds.
4. Don't leave it running for a prolonged time. Your log files will be gigabytes (that's not a joke).
FSE is log file oriented. You will also need to be able to read the log files it generates and understand them.
We find the product useful, but you've been warned!
http://www.scsc-online.com/FSE.html
WARNING: READ THE PRODUCT PROFILE FIRST - don't run out like a dingbat and just buy it if you don't know what it does, and read the "experience level" required to use it! If you don't understand Unix processes, filenames and paths, permissions, etc you won't have a clue what this thing is doing.
FSE is a file system events monitor. We use it during the installation of packages to track what's being installed on a system. I'm sure this has been mentioned in this thread, but malware/adware typically hides itself behind fake and often official looking names, like plist files, libraries, etc. etc.
There's a fairly well known (but somewhat questionable) product on the market that offers a "demo" version of what it does. When the demo period expires it demands credit card info. If you go ahead and click on the option to buy it and then opt out, the thing more or less creates a primary window demanding payment and won't let you access anything else on your system. Most people end up hitting and holding the power button.
We tested this as follows:
1. Monitor the installation w/FSE and let it record all file activity.
2. Set the computer to a manual date in the future so the expiration date of the demo with the adware/malware is over.
3. Reboot the system.
4. Start FSE in full logging mode to record everything.
5. Launch the demo program with the adware/malware.
6. Duplicate what a user is doing to create the problem.
7. When the system locks, push the power button and hold it to shut the system down.
8. Reboot.
9. Look at the FSE log file.
Typically the log file will show that when the "adware/malware" phase of the program kicks in, it starts doing things to its official looking binaries. They're typically one of the following:
1. An actual binary
2. A compressed application that it uncompresses and installs unknown to you
3. Launches the binary that locks up the system.
From this information, you'll be able to track down the offending binaries.
Some observations and warnings about using FSE are as follows:
1. This is NOT a tool for amateurs. If you don't understand Unix command line file paths, processes, commands, etc. you'll be sorry.
2. It's a direct interface to the kernel and it WILL bog your system down, probably to about 50% of its speed.
3. Avoid using it during Spotlight indexing. The FSE display is just an indicator. Spotlight can create files that are 10's of MB in a few seconds.
4. Don't leave it running for a prolonged time. Your log files will be gigabytes (that's not a joke).
FSE is log file oriented. You will also need to be able to read the log files it generates and understand them.
We find the product useful, but you've been warned!
Satcomer
In Geostationary Orbit
I also just came across the warning New Digital Trojan signed Mail ware targeting Mac users.
Satcomer
In Geostationary Orbit
This is not so much OS X but for most users that use this cheap Linksys routers (that I despise). News Flash: Bizarre attack infects Linksys routers with self-replicating malware. So beware of this one if you use Linksys routers.
Satcomer
In Geostationary Orbit
For an update I came a crisis a Apple Supoort document Remove unwanted adware that displays pop-up ads and graphics on your Mac.
Plus to say again use the donationware AdwareMedic to remove more modern pieces of Trojans.
Plus to say again use the donationware AdwareMedic to remove more modern pieces of Trojans.
Last edited:
Randy Singer
Registered
Thank you for pointing out that Apple support note, but AdwareMedic makes removing adware manually, and thus that document, irrelevant.
Just to be clear, Adware is generally not considered to be "malware". Adware, though annoying, isn't at all malicious.
Also, there are malicious Trojan Horses, and there are adware Trojan Horses. AdwareMedic will only handle the latter.
An update...the free anti-virus program, Avast, actually installs adware! (So it might be a good idea to avoid it.)
http://www.thesafemac.com/avast-installs-adware/
Also, the previously entirely legitimate software download sites, Softonic and Download.com, now will infect you with adware when you download software from them:
http://www.thesafemac.com/mmg-defense/
Satcomer
In Geostationary Orbit
Well I found more routers are being attack in the article Some Routers Vulnerable to Remote Hacking. Also pay attention to the article link article At least 700,000 routers given by ISPs are vulnerable to remote hacking .
Satcomer
In Geostationary Orbit
Well everybody that said that a certain aggressive Mac Virus Checker have been hacked, MacKeeper Users Exposed!
