User Name
Password
AppleNova Forums » General Discussion »

Viruses, Malware and Anti-virus on OS X


Register Members List Calendar Search FAQ Posting Guidelines
Viruses, Malware and Anti-virus on OS X
Thread Tools
Maciej
M AH - ch ain saw
 
Join Date: May 2004
 
2016-03-12, 10:36

Sorry if this is well trodden ground, I did a cursory search and everything thread seemed quite out of date - most recent bumps were in 2013.

Anyway, as time goes on, every couple of months I reconsider whether I should be scanning for viruses (either in real time, or periodically) on my Mac. Lately I've had my laptop at work a bit, and one of the PCs that's been accessing our fileshare may be riddled with malware.

I don't really understand how these things work, in detail, so I'm having a question or two.

1) I imagine it is perfectly plausible for OS X to just harbor a virus or malware designed to exploit Windows - is it this correct? Likely? Could connecting to a fileshare theoretically spread such malware to any computer that connects?

2) Are y'all periodically scanning for malware? Scanning in real time? What software are you using?

User formally known as Sh0eWax
  quote
kscherer
Which way is up?
 
Join Date: Aug 2004
Location: Boyzeee
 
2016-03-12, 11:45

For reference, I am defining these things here so you can understand the difference:

Scareware: malicious computer programs designed to trick a user into buying and downloading unnecessary and potentially dangerous software, such as fake antivirus protection.

Malware: software that is intended to damage or disable computers and computer systems.

Adware: software that automatically displays or downloads advertising material (often unwanted) when a user is online.

Virus: a piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.

Ransomeware: a type of malicious software designed to block access to a computer system until a sum of money is paid



Personally, I don't use any, nor do I scan for anything. There are currently no "viruses" running on the Mac platform, although there is an increasing amount of malware and adware floating about. Plus, lots of scareware (MacKeeper and the like).

The two most common issues we are seeing in the shop are adware and scareware. The most important thing to note is that none of it gets to your Mac all on its own (unlike the computer virus epidemics that plague Android and Windows). Adware and scareware turns up mostly while users are surfing adult websites. They get popups (adware) warning them that unless they download (or call) this "scanning/cleaning" software, their Mac will explode (scareware). These two forms are almost always in bed with each other, i.e. one leads directly to another.

I have seen some ransomeware on Macs, but only running on Windows within virtual machines. However, because VM's like Parallels and Fusion create disk-sharing so Windows can move files back and forth between itself and Mac OS, the ransomware is able to encrypt the Mac volume and leave the entire system unusable. Last week, Macrumors reported on some ransomware being propogated by a BitTorrent client, so there are instances of this crap running on the Mac.

As far as Macs propagating viruses on a network, I have not personally seen it in action, although it certainly is technically possible. However, if I understand it correctly, a virus would first have to exist on the Mac that was capable of copying itself across your network. 0's and 1's don't spontaneously make copies of themselves; a piece of code must be running to copy them from point A to point B. There has been some Malware for the Mac (downloaded through infected, pirated copies of Apple's Pages and Adobe Photoshop, IIRC) that were capable of this. It seems that this was about 7 or 8 years ago, though.

Many moons back we did sell Intego's Anti-Virus software for the Mac (taking advantage of people's completely unreasonable fears—shame on us ), but we discovered it was circumventing some built-in security features and causing trouble for our customers, so we took it off the shelf. We haven't carried anything since then, and warn our customers that installing any of the fool stuff is just asking for trouble.

I can tell you not to be fooled by any of the ads or other nonsense you might encounter while surfing about. It is all scareware/adware/malware and isn't worth your time.

However, I can very highly recommend that you install the AdBlock Plus extension (if you are using Safari) which will clear up all the click-ad and pop-up-ad Adware you will likely encounter. Also, if you're concerned about malware (the only real threat Mac users face), you can install Malwarebytes from Adwaremedic. This seems like a good tool, and we've been installing it in the service department for about a year. We have had no blow-back from customers, so we trust the product.

I think the more likely outcome in your situation would be for some random Word or Excel document to be harboring a virus. As the .doc or .xls file can reside on your Mac in its complete form, it would be possible for someone to fileshare into your Mac, grab said document and transfer it to their Windows machine, thus propagating the virus. I suppose something like Norton Anti-virus for Mac would discover said file and remove it, although the offending Word document may go along for the ride (although, perhaps, Norton is capable of removing the offending gibberish without destroying the file?). Then, when you discovered the file was missing, you might be seduced into downloading it, again, and start the process all over.

I take a hands-off approach to Macs and viruses: I don't worry about it and refuse to contaminate my system with the resource-hogging garbage known as Anti Virus. However, some network admins may require it, so you might have no choice. If you have a choice, don't burden your system with it. After all, the Windows machines on your network should be running it, right? Aren't they then inoculated and supposedly immune?

As for your Mac getting infected from a Windows machine, the chances are slim at best, and may be just short of "never". We have been doing data migrations from virus/malware-plagued Windows machines for years. Every user-generated file is moved—including emails, photos, documents, those silly .exe and .uix files that show up all over the user's documents folder, mail attachments and random downloads, you name it. Not once, and I mean never, has a piece of Scary Software™ ever had a negative affect on the Mac in question. Never, ever, not once! I would worry more about someone hacking the network and rummaging around in my documents folder than I would about malware moving from Windows to Mac. Important: Malware, scareware, adware, viruses and ransomware running on Windows machines will be executables which the Mac won't even recognize as legitimate software and won't run, anyway. You have little (if anything) to fear.

When a customer brings a troubled Mac into the shop, one of the first things our techs do is look for instances of MacKeeper, anti-this-or-that, and any other computer "cleaner/scanner" software (including anti-virus). We inform the customer of the need to remove it and do so. Such things always result in improved performance (although said software may not be the sole cause of trouble, but often is).

The short version of this post goes like this: Install at your own risk!

- AppleNova is the best Mac-users forum on the internet. We are smart, educated, capable, and helpful. We are also loaded with smart-alecks! :)
- Blessed are the peacemakers, for they shall be called sons of God. (Mat 5:9)
  quote
Maciej
M AH - ch ain saw
 
Join Date: May 2004
 
2016-03-12, 14:37

Thanks for the thorough note. It is helping me understand the situation. I'll just keep browsing and clicking wisely for now I guess.
  quote
PB PM
Sneaky Punk
 
Join Date: Oct 2005
Location: Vancouver, BC
Send a message via Skype™ to PB PM 
2016-03-13, 14:50

The first ransomware for Mac OSX became known about this past week. It was through a hacked version of Transmission bittorent software, that came through the official server for 1-4 hours. It's out there and was very real. In this case the ransomeware fooled gatekeeper, and Mac OS's other defences by tagging along through signed software. The only way for affected users to restore there systems was via offline backups there were not connected to their systems. Any connected Time Machine backups on affected systems were also encrypted and unusable for the victims.

http://arstechnica.com/security/2016...searchers-say/

Is there any good software for the Mac to deal with this stuff? Nope, just be vigilant and don't go to wacky websites and download random stuff off bittorent sites.

Last edited by PB PM : 2016-03-13 at 15:00.
  quote
kscherer
Which way is up?
 
Join Date: Aug 2004
Location: Boyzeee
 
2016-03-13, 17:46

Quote:
Originally Posted by PB PM View Post
Is there any good software for the Mac to deal with this stuff? Nope, just be vigilant and don't go to wacky websites and download random stuff off bittorent sites.
This.
  quote
turtle
Lord of the Rant.
Formerly turtle2472
 
Join Date: Mar 2005
Location: Upstate South Carolina
 
2016-03-13, 20:28

The thing about the Transmission case is that it isn't random software and was completely legit in the world of Apple Eyes other than containing the payload. Because it was signed no user would have a clue that something bad was going on their system because it was all signed and downloaded from a reliable source. Heck, I would have entered my admin username and password for that install and I keep my eyes out for what software is asking to have those details. Transmission is a well trusted software title with tons of legit uses.

Aside from a hack like this where legit software was laced with malware/ransomware, you do need to be cautious when downloading software from non-curated sources like the Mac App Store. This is actually much worse for the indie Mac developer out there who never bothered to get an Apple cert and now is going to be forced to go that path just to help ease the minds of general users.

Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.”
Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it.
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2016-03-16, 20:30

I'll second kscherer's recommendation on Malwarebytes from AdwareMedic. It's a decent tool for scanning your system for the few known baddies. You almost certainly don't need it, but it can give you peace of mind. Also, good job on defining the differences between the terms.

As an alternative to Adblock Plus, though, everyone I know has moved on to uBlock or uBlock Origin. It's your typical browser ad-blocker that subscribes to the same feeds as ABP, but it reportedly has a smaller memory and CPU footprint. Last I checked, they both have plugins for Safari, Chrome, and Firefox.

Also, I don't recall how much in-your-face Safari gets when it encounters a website that's been known to serve malicious software, but both Chrome and Firefox do a good job of throwing up full-page-blocking warning screens to caution you against proceeding. Among other reasons, I'd recommend using one of those, with Chrome being my personal long-time favorite on the desktop.

(edit: Right... I remember that Safari does have the same basic malware warning screen.)

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
Maciej
M AH - ch ain saw
 
Join Date: May 2004
 
2016-03-17, 19:15

Thanks all. Great discussion.

Is anyone using EFF's Privacy Badger?
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2016-03-17, 19:47

I haven't used that one, but after taking a quick look now, Privacy Badger appears to behave like Ghostery (which I have used before). Ghostery basically does the same thing ad-blockers like uBlock and ABP do, but it limits itself only to blocking requests to known trackers and privacy nuisances (JavaScript, tracking pixels, social media widgets, etc).

Having a robust set of rules in something like uBlock or ABP effectively makes Ghostery (and probably Privacy Badger) irrelevant by giving you a superset of things to block. I think the ones I have selected in my current uBlock Origin setup are either the defaults or pretty close to the defaults...



With uBlock at least, you can click into each list to get the exact details of what each is blocking. Admittedly, it can be a bit of information overload, but for this kind of thing, transparency is king.

In a similar but different vein, though, another extension to consider (it doesn't work in Safari) is EFF's HTTP Everywhere extension. This is an extension that keeps a catalog of popular sites that provide HTTPS-encrypted hosts, and the extension automatically attempts to change any requests to use the secure version instead of the insecure version. This one is less about malware and more about keeping your data safe any time you send something across the wire.

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
Maciej
M AH - ch ain saw
 
Join Date: May 2004
 
2016-03-17, 20:20

Ahh, thanks for the tip.

I know, EFF doesn't seem to have the resources to support Safari as well as Firefox... I'd really like that plugin too, but I'm a little hooked on safari.
  quote
Brad
Selfish Heathen
 
Join Date: May 2004
Location: Zone of Pain
 
2016-03-17, 21:07

FWIW, it's less a matter of EFF not having resources and more a matter of Safari's extension API being less capable than Firefox's and Chrome's. I'm pretty sure they're open to someone submitting a working solution for Safari, but apparently no one has come forward.

Will there be a version of HTTPS Everywhere for IE, Safari, or some other browser?
Quote:
As of early 2012, the Safari extension API does not offer a way to perform secure rewriting of http requests to https. But if you happen to know a way to perform secure request rewriting in these browsers, feel free to let us know at https-everywhere at EFF.org (but note that modifying document.location or window.location in JavaScript is not secure).

The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting.
  quote
Posting Rules Navigation
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Post Reply

Forum Jump
Thread Tools
Similar Threads
Thread Thread Starter Forum Replies Last Post
Anti-virus/spyware/adware Firewalls Echo259 General Discussion 4 2007-11-14 09:12
Microsoft Anti-virus seabass069 Third-Party Products 5 2006-03-12 00:38
Anti Virus for Mac naashraf Third-Party Products 15 2005-03-10 09:55
Norton Anti-Virus is a true Virus Quagmire Genius Bar 6 2005-02-06 16:03
Do we really want anti-virus soft ? Nico_from_Paris Third-Party Products 11 2004-07-29 07:47


« Previous Thread | Next Thread »

All times are GMT -5. The time now is 10:38.


Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2024, AppleNova