Anti Virus Software?

[GGJstudios]

BTW, why do you never mention that OS X includes an anti-malware scanner by default in your malware related posts or in your malware link?

It seems that it would be pertinent for users to know that it is present and its limitations so that it can be used effectively.

I agree that it's pertinent for users that are on current SL or Lion. Users of earlier versions of Mac OS X don't have the same functionality. Mostly it's because I haven't taken the time to update the link. Also, I wouldn't advise any user to place their dependence on anti-malware software, to the exclusion of safe computing practices. The user knowing that the scanner is present is not required for it to be as effective as it can be.

 

[munkery]

I agree that it's pertinent for users that are on current SL or Lion. Users of earlier versions of Mac OS X don't have the same functionality.

Given that a two layer protection scheme (as available by default in SL and Lion) is better than one layer of protection, users of earlier versions of OS X should be encouraged to install anti-malware software because these versions don't have the same functionality.

This is especially true for users running now unsupported version of OS X that are no longer receiving security patches.

Does your link suggest that users of earlier versions of OS X should run anti-malware software?

I concede that the link I provide only makes that suggestion implicitly.

 

[GGJstudios]

Does your link suggest that users of earlier versions of OS X should run anti-malware software?

No, as all forms of Mac OS X malware in the wild can be avoided by safe computing practices alone.

 

[iSayuSay]

Anti virus for Mac? By the gods .. this is blasphemy!!





... Kidding man .. no .. you dont need one

 

[munkery]

No, as all forms of Mac OS X malware in the wild can be avoided by safe computing practices alone.

If an OS is no longer receiving security updates and malware developers are still looking for holes in the system, any hole found will allow any new malware targeting the system to be able to chronically exploit the system because the holes will not be fixed by Apple.

If a remote root vulnerability (example = 10.4 mDNSresponder exploit) is found or a remote and local vulnerability are found and strung together (example = iOS Jailbreakme 2 & 3 exploits), malware can be made for these vulnerabilities and Apple will not patch these holes on unsupported version of OS X.

Malware based on these types of vulnerabilities would be able to infect the system without user interaction.

This concern is relevant because bugs found in currently supported version of OS X often apply as well to earlier unsupported versions of OS X.

The only solution for such users is to run anti-malware software.

 

[GGJstudios]

Malware based on these types of vulnerabilities would be able to infect the system without user interaction.

The only solution for such users is to run anti-malware software.

The only problem with that argument is that since no such malware exists in the wild, no anti-malware can protect against it, since it doesn't know what to look for. Until such malware manifests itself and defenses are created, anti-malware offers no additional security to those who employ safe computing practices.

 

[Tanax]

As you already know, no Mac OS X malware exists in the wild that installs itself without user consent.

You just said it yourself that there are a handful of trojans. You're contradicting with yourself. I know a trojan isn't by definition a "virus" but stop being such a besserwisser by marking words. You don't want a virus in your computer as little as you want a trojan in your computer.

Anti-virus softwares can scan programs before you install them to see if they are safe to install or not. That's why an anti-virus software is good. If anti-virus software only protected against programs that installs themselves it wouldn't be of much use on Macs - no.

 

[GGJstudios]

As you already know, no Mac OS X malware exists in the wild that installs itself without user consent.

You just said it yourself that there are a handful of trojans. You're contradicting with yourself.

I'm not contradicting myself. The Mac OS X trojans that exist in the wild cannot install themselves without user consent. That's one of the primary differences between viruses and trojans. Read the Mac Virus/Malware link I posted earlier to understand the differences.

 

[munkery]

But, once that type of malware does exist, those Mac users will have to run anti-malware software to compensate for the fact the OS is no longer receiving security patches.

Prior to the emergence of that type of malware, those users installing anti-malware software, such as ClamXav, will benefit from a two layer protection scheme that is more effective than only one layer of protection.

Do you think that it is possible for a Mac to get a virus?

 

[GGJstudios]

Do you think that it is possible for a Mac to get a virus?

Yes, it's possible for any OS to get a virus. However, since none have ever existed for Mac OS X, antivirus software offers no protection against a future virus. When one is released into the wild and discovered and virus definitions are added to antivirus apps, then they will be able to offer protection. Until then, as long as a user is careful in what software they elect to install, they can run malware-free without the need for antivirus software. If someone elects to run antivirus software, that's certainly their choice, but it's not required.

 

[munkery]

Yes, it's possible for any OS to get a virus.

Do you think that it is possible for you to make a mistake?

 

[GGJstudios]

Do you think that it is possible for you to make a mistake?

Of course! I've made many mistakes in my life. But if you're referring to installing malware-infected software from untrustworthy sites or software that I haven't carefully researched before installing, the answer is no, I've never made such a mistake. Neither has the vast majority of Mac OS X users, or the media would be buzzing with the flood of malware on Mac OS X.

You're trying to make a case that anti-malware is necessary on Mac OS X, to protect against lapses in the user practicing safe computing. It's not. The instances of Mac OS X malware in the wild is rare enough that most users, even the careless ones, will never encounter malware, unless they're engaging in high-risk activities like pirating software.

 

[munkery]

You have also made some mistakes in giving out computer security related advice.

I use an unsecured network in the building. This is also worrying me. Can other people see what I am doing?

Extremely unlikely, unless you've expressly given them access to your system. If you don't know how to do this, then you probably haven't.

Using an unsecured network is risky. Specifically, other users can capture all traffic that is not encrypted (SSL). They cannot see what you are doing that only occurs within your system but they have access to all traffic that travels through the network (between your computer and the router) that is not encrypted.

This means that all of your browsing activity can be observed and your emails can be read if your email provider does not use full session encryption. Gmail uses full session encryption but I do not think that hotmail does yet. Bank websites usually have full session encryption.

Software, such as Ettercap, allows them to tag along with you from site to site by showing the web pages you visit in their web browser. A packet sniffer will capture your IM chats and emails in plain text if those services are not encrypted.

Nothing has to be installed on your system for a MITM attack to work. It is all done on the attackers system. Your system gets tricked into thinking that the attackers computer is the router and then after the attacker's computer logs the traffic it sends the traffic to the router.

There are even methods to trick other users into thinking that they are using encryption when they are not. All of this can be done without your authorization and without you even knowing about it unless you know specifically how to detect such activities.

All of these attacks are very easy to do. They all can be done using GUI based software. No operating systems have built in defences to these kinds of ARP poisoning attacks.

I would never use an unsecured network because you have no idea who else is connected to it. I would connect to a secured network that I do not administrate if I know the network administrator and felt they made good decisions about who they allow connect to the network.

If I do connect to large public networks, such as a coffee shop or university, I run a program called Mocha because it will give me an alert in the lower left corner of my display when someone is attempting to poison the ARP table to perform MITM attacks.

 

[GGJstudios]

You have also made some mistakes in giving out computer security related advice.

This is off-topic, as that discussion is in a completely different thread. As I said, it's extremely unlikely. While it's not impossible, the people who would bother with employing such techniques to access other people's computers represent an extremely small minority. Most computer users barely know enough to surf the web, check email and run basic apps. This is evidenced by the thousands of threads posted in this and other forums, asking the most basic of questions.

 

[Tanax]

I'm not contradicting myself. The Mac OS X trojans that exist in the wild cannot install themselves without user consent. That's one of the primary differences between viruses and trojans. Read the Mac Virus/Malware link I posted earlier to understand the differences.

And you think that people don't make mistakes, installing programs they think are safe? I know the difference between viruses and trojans. People still makes mistakes. Having an anti-virus software that you can scan an install-file before installing to make sure it's safe to install would help dramatically in decreasing the chances of installing a trojan.

Don't get me wrong. I've been using my MBP without an anti-virus for 2 years now and I don't think I have been infected. I feel rather safe without anti-virus. But then again, how do I know for sure? How do I know that I haven't installed a trojan that lurks in my system, collecting personal information? I don't. An anti-virus software could quite easially scan my computer and find that for me.

I'm not saying people are stupid and willingly installs trojans. I'm just having a hard time understanding what you're saying, that we're better off without anti-virus. It's just not true. Mac's may be a hell of a lot safer against viruses and trojans than PC's - they are not entirely safe though and anti-virus software would close that gap to a minimum risk of being infected.

 

[munkery]

As I said, it's extremely unlikely. While it's not impossible, the people who would bother with employing such techniques to access other people's computers represent an extremely small minority.

This is where you are wrong. The methods I describe are some of the most common ways in which computer users have their accounts compromised while using public and/or unsecured networks.

This is because these methods require absolutely no real skill. Anybody with an interest in basic computer related crime can learn those methods in a couple of hours given how easy it is to use software such as Ettercap.

Downloading a penetration testing distro of Linux, such as BackTrack, provides a plethora of tools for such activities.

If you really understood computer security, you wouldn't be misinforming other users in this forum like you did to the OP in that previous thread.

 

[GGJstudios]

I'm just having a hard time understanding what you're saying, that we're better off without anti-virus.

That's not what I'm saying at all. I'm saying you don't need 3rd party anti-virus/anti-malware to keep your Mac free from malware, as long as you're careful about what software you install. You can run AV if you choose, but don't expect that it will provide any more protection than safe computing practices will provide, and don't expect that it will protect you from malware that has not yet been created. The danger in running anti-malware is allowing it to give you a false sense of security, causing you to abandon safe computing practices. As has already been proven in the case of MacDefender and others, malware detection rates of anti-malware apps is less than 100%, but safe computing practices can protect you from all Mac OS X malware that exists in the wild.

This is where you are wrong. The methods I describe are some of the most common ways in which computer users have their accounts compromised while using public and/or unsecured networks.

The percentage of average Mac users having their computers compromised is extremely small. Naturally, the likelihood increases when using public or unsecured networks, but it's still quite small. I don't recommend running on public or unsecured networks at all, and I didn't misinform that poster. The symptoms they were concerned about were completely unrelated to malware or having their computer compromised. They had launched Front Row and didn't know what it was. That user was even running ClamXav antivirus. Their issue had nothing to do with computer security at all. They simply didn't know what the Front Row app was.

 

[John T]

Anti-virus softwares can scan programs before you install them to see if they are safe to install or not.

That sounds interesting. What's the name of the software?

 

[GGJstudios]

That sounds interesting. What's the name of the software?

ClamXav is one such app. There are several.

 

[vert18]

I use Sophos for Mac and use it from my win7 bootcamp as well. Both free and they play well with Mac OSX

better than most of the crap bloatware antivirus out there

 

[GGJstudios]

I use Sophos for Mac and use it from my win7 bootcamp as well. Both free and they play well with Mac OSX

better than most of the crap bloatware antivirus out there

Sophos should be avoided, as it could actually increase your Mac's vulnerability, as described here and here.

ClamXav is a safer choice, if you choose to run any 3rd party antivirus.

Mac Virus/Malware Info

 

[munkery]

The percentage of average Mac users having their computers compromised is extremely small. Naturally, the likelihood increases when using public or unsecured networks, but it's still quite small.

There are a lot of users on this forum complaining about online accounts being compromised.

Often, the methods I describe are related to these accounts being compromised.

I do not think the number is as small as you suggest.

Also, in relation to any online threat, does a low incidence rate justify not taking any precautions to avoid those threats?

Does it justify not telling the OP in that other thread about those threats?

I don't recommend running on public or unsecured networks at all, and I didn't misinform that poster.

You did misinform that poster. Here is her post along with your reply:

I use an unsecured network in the building. This is also worrying me. Can other people see what I am doing?

Extremely unlikely, unless you've expressly given them access to your system. If you don't know how to do this, then you probably haven't.

Malicious users on the network can see a lot of what another user is doing without the targeted user expressly giving access to their system.

The symptoms they were concerned about were completely unrelated to malware or having their computer compromised.

And, that justifies misinforming that poster?

Their issue had nothing to do with computer security at all.

So, that justifies misinforming that poster?

So, users should only be made aware of online security threats after they have already been compromised?

I think the issue was that you weren't aware of the fact that you were misinforming the poster.

 

[GGJstudios]

There are a lot of users on this forum complaining about online accounts being compromised.

Online accounts being compromised in most cases has nothing to do with the user's computer, but are usually compromised due to weak passwords. I've seen very few instances where someone's computer was hacked or accessed to compromise security. Most often, email accounts or other online accounts are accessed without involving the user's computer at all.

I think the issue was that you weren't aware of the fact that you were misinforming the poster.

I didn't misinform the poster. What I stated was completely accurate. I addressed the poster's concern and resolved the issue they posted about. I elected not to derail that thread with an off-topic discussion about network security that had nothing to do with that poster's issue. Please stop derailing this thread with off-topic discussion about an unrelated thread. If you want to talk about that thread, it's more appropriate to do so in that thread.

 

[Tanax]

That sounds interesting. What's the name of the software?

This is an interesting question and it's a perfect example of exactly what I'm trying to point out; Mac users are simply too uneducated. Maybe today it is unlikely to get infected but tomorrow is a new day and the fact that Mac users seem to be so ignorant as displayed by Mr. GG~ is quite frankly really scary.

It is true that just because you have an AV you shouldn't abandon all other safety precautions and only trust the AV. And that's not what I'm trying to say. I'm simply saying that by having an AV that is more likely to get updated faster to include security for new threats is not a bad idea.

To answer your question; Scanning a file(such as an install-file) is a standard feature on almost every AV-software.

I found a free AV-software for Mac made by Avast!. It does look very promising. Just ran a full system scan on my computer and it found 4 infected files. None of which that affects my system. These were files that I would be likely to send to other people, friends that are running Windows.

 

[munkery]

Online accounts being compromised in most cases has nothing to do with the user's computer, but are usually compromised due to weak passwords.

Many online accounts are compromised using the methods I described as well.

Non-encrypted logins are often compromised via the methods I presented to that OP.

In conjunction with password re-use, encrypted logins are compromised indirectly via those methods.

Sophisticated MITM attacks can strip out SSL encryption to compromise encrypted logins.

Weak passwords are another cause for encrypted logins being compromised when password re-use is not a factor.

This information wasn't relevant to tell the OP given the specific line in the post to which you were replying?

I've seen very few instances where someone's computer was hacked or accessed to compromise security. Most often, email accounts or other online accounts are accessed without involving the user's computer at all.

The methods I described require no hacking or access to the target computer. The attacker only has to belong to the same network. This was a possibility given the OP's situation.

I didn't misinform the poster. What I stated was completely accurate.

I elected not to derail that thread with an off-topic discussion about network security that had nothing to do with that poster's issue.

So, you didn't misinform the poster but you also consciously decided to not give the poster beneficial network security advice?

Essentially, by not proactively responding to the poster about a relevant network security issue, you misinformed the poster.

Those two statements placed adjacent to each other as provided in your reply negate your argument that you didn't misinform the poster.

Please stop derailing this thread with off-topic discussion about an unrelated thread. If you want to talk about that thread, it's more appropriate to do so in that thread.

I will be done derailing the thread when you stop perpetuating the derailment by not replying with posts filled with sophistry.