Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple Updates OS X Anti-Malware Definitions to Block 'Yontoo' Adware

gotluck said:
MS Security Essentials is a free antivirus/malware maintained by Microsoft. If the user has it installed (and has Windows Update enabled), you really have to screw up to get your machine infected. It is always using system resources. I've always viewed the lack of a need to waste resources running AV as a great advantage of OSX. xProtect seems like a gateway drug to a full AV and a 'waste' of system resources. ...Well, maybe it's a personal problem that I hate to waste power on AV.
Click to expand...

I understand what you're saying now. I use MS SE at the office and I find it to be a good AV. It's lightweight and stays out of my way. It doesn't use much in the way of resources IMO. With that said, I don't see what Apple is doing as a bad thing. In today's computer world, I think, most computers have plenty of resources, be they CPU cycles, available RAM and storage space to support an AV like MS SE or what Apple is doing.

Now if we want to discuss Symantec's AV products, that is a whole another story and I wouldn't argue at all about the wasted resources used for that. ;)
 
Amazing Iceman said:
Well, I hope the same, but that .plist file shown above seems to only register the name of the file. I don't see any kind of CRC or any other identifier.

I really hope there are more identifiers! :eek:
Click to expand...

maybe it is just a temporary wall until they write something stronger.
 
SandboxGeneral said:
I understand what you're saying now. I use MS SE at the office and I find it to be a good AV. It's lightweight and stays out of my way. It doesn't use much in the way of resources IMO. With that said, I don't see what Apple is doing as a bad thing. In today's computer world, I think, most computers have plenty of resources, be they CPU cycles, available RAM and storage space to support an AV like MS SE or what Apple is doing.

Now if we want to discuss Symantec's AV products, that is a whole another story and I wouldn't argue at all about the wasted resources used for that. ;)
Click to expand...

I hear you and I agree it really isn't so bad.

It's sad to see that advantage begin to get eroded away though. Granted I'm sure xprotect is far, far lighter.
 
gotluck said:
I hear you and I agree it really isn't so bad.

It's sad to see that advantage begin to get eroded away though. Granted I'm sure xprotect is far, far lighter.
Click to expand...

Agreed. But we all knew that days of malware and exploits that target OS X or target apps that run on OS X would come.
 
Mike MA said:
Isn't it already there? I mean, why do we need to manage it ourselves - I like this approach. It just works (in the background) :D
Click to expand...

Exactly. That's the best approach, I believe. I try not to laugh every time my 'Windows friends' get interrupted by the daily anti-virus popup. And windows update, that postpone 4 hours thing. As far as I can remember, the only annoying popup in OSX is the battery reserve. But that's kinda necessary.
 
Thank you Apple. Saves me much headaches trying to keep on top of this stuff myself so that I can focus on the more important things in life.
 
DavidMarks said:
Exactly. That's the best approach, I believe. I try not to laugh every time my 'Windows friends' get interrupted by the daily anti-virus popup. And windows update, that postpone 4 hours thing. As far as I can remember, the only annoying popup in OSX is the battery reserve. But that's kinda necessary.
Click to expand...

Man, your friends must be some of the sloppiest people in the world. I've seen the virus popup thing, like, twice in the last year and a half.

The windows update postpone for 4 hours thing is kind of annoying though. I love how MS tells everyone there's no reason why anyone would need to reboot Windows anymore, then require you to reboot Windows every time you install one of their programs or big patches.
 
gotluck said:
This is a very good thing, not trying to be critical.

But isn't this a slippery slope towards 'microsoft security essentials'? For now xprotect surely uses less system resources, but I'd wager that eventually the day will come for antivirus/antimalware on osx.
Click to expand...

This isn't just a slippery slope towards "Microsoft Security Essentials", this already is Apple's pendant to "Windows Defender". Integrating something similar to MSE would just be the next logical - and necessary - step.

In every black hat hacking competition, OS X always is the first OS that gets successfully hacked. Apple dumbed down the powerful Unix foundation a bit too much to let OS X still be a truly secure platform. Heck, Apple even de-activates the firewall in the default settings. Doesn't that make you feel safe already?

Trojans have become an everyday reality on OS X, and it just doesn't matter whether such a trojan requires the user's authorization to be installed. Most users are IT-illiterate enough to simply click "yes" on everything that pops up - it's a simple truth of life, end of story.

You also don't need to mention the lack of viruses on OS X. Viruses have long disappeared from the Windows landscape, too. Most malware on Windows are also trojans and maybe there are a few worms still active. (A worm is a standalone program that usually replicates itself over the network by exploiting known security holes; a virus would usually try to attach itself to a program). W32.Blaster was the last evil worm I've heard about - and encountered myself - and that was back in 2003. Since then, malware usually comes in the form of trojans. And those things are now being written for OS X as well.

OS X has become a targeted main stream platform. It's a sign of stupid arrogance and ignorance when someone pretends that it's a super-safe and malware-free platform. I doubt that OS X Mountain Lion is any safer than Windows 8 (which has MSE and other defense mechanisms built in and also has an activated firewall); and it's definitely not safer than any current Linux or BSD distribution. The argument that Linux has an irrelevant market share on the desktop would be invalid: Linux runs on most servers on the Internet and all desktop versions of Linux use the same foundation as their server siblings.

Using the Mac App Store as the sole distribution channel for software wouldn't really fix the problem. Firstly, this solution comes at the price of the user's freedom. I don't know about you, but I find a platform that forces me to buy and download software from one single source completely unacceptable. Secondly, going down that route --might-- provide some protection against trojans (as long as the software does not download additional content from an unknown location), but it won't protect you against worms or other software that uses security holes to upload and install itself. It also won't protect you against browser exploits. Remember that you only needed to visit jailbreakme.com to jailbreak your iPhone?
 
SandboxGeneral said:
I understand what you're saying now. I use MS SE at the office and I find it to be a good AV. It's lightweight and stays out of my way. It doesn't use much in the way of resources IMO. With that said, I don't see what Apple is doing as a bad thing. In today's computer world, I think, most computers have plenty of resources, be they CPU cycles, available RAM and storage space to support an AV like MS SE or what Apple is doing.
Click to expand...

I just saw this. I'm not sure how much xProtect takes up, but MSE only eats up about 80-100 meg of ram, and roughly 0.5% of a single CPU to do its thing. Unless you're doing an aggressive scan, the resources it takes up are about nil. If you turned it off, you wouldn't even notice a difference.

edit: here you go.

malware_service.jpg


66 meg. It'll spike up a bit if I download something or transfer a file, but usually sits around that when it's not needed.
 
Last edited:
pooprscooper said:
I hope that's not true, otherwise this X.protect is useless as botnet owners would have already changed the name of the file by now.
Click to expand...

That's the whole point of weak protection: To suck up effort. They can change the name, it will be blocked again. They change the name again, it will be blocked again. The last time, there were at least six rounds of changing / blocking until someone figured out that the money they made wasn't actually worth the effort. The _best_ malware protection by far is a malware writer who lost money.
 
Renzatic said:
Man, your friends must be some of the sloppiest people in the world. I've seen the virus popup thing, like, twice in the last year and a half.

The windows update postpone for 4 hours thing is kind of annoying though. I love how MS tells everyone there's no reason why anyone would need to reboot Windows anymore, then require you to reboot Windows every time you install one of their programs or big patches.
Click to expand...

LoL - So who didn't have to reboot OSX after its last 'Major Update'?

Oh, and who had to wait for 4 months for them to fix a browser thats still broken (e.g. that I can still scroll down faster than it can draw the page!, and which is slower is OSX then the same solution running on Vista in a vm !!! )
 
Winni said:
This isn't just a slippery slope towards "Microsoft Security Essentials", this already is Apple's pendant to "Windows Defender". Integrating something similar to MSE would just be the next logical - and necessary - step.

In every black hat hacking competition, OS X always is the first OS that gets successfully hacked. Apple dumbed down the powerful Unix foundation a bit too much to let OS X still be a truly secure platform. Heck, Apple even de-activates the firewall in the default settings. Doesn't that make you feel safe already?

Trojans have become an everyday reality on OS X, and it just doesn't matter whether such a trojan requires the user's authorization to be installed. Most users are IT-illiterate enough to simply click "yes" on everything that pops up - it's a simple truth of life, end of story.

You also don't need to mention the lack of viruses on OS X. Viruses have long disappeared from the Windows landscape, too. Most malware on Windows are also trojans and maybe there are a few worms still active. (A worm is a standalone program that usually replicates itself over the network by exploiting known security holes; a virus would usually try to attach itself to a program). W32.Blaster was the last evil worm I've heard about - and encountered myself - and that was back in 2003. Since then, malware usually comes in the form of trojans. And those things are now being written for OS X as well.

OS X has become a targeted main stream platform. It's a sign of stupid arrogance and ignorance when someone pretends that it's a super-safe and malware-free platform. I doubt that OS X Mountain Lion is any safer than Windows 8 (which has MSE and other defense mechanisms built in and also has an activated firewall); and it's definitely not safer than any current Linux or BSD distribution. The argument that Linux has an irrelevant market share on the desktop would be invalid: Linux runs on most servers on the Internet and all desktop versions of Linux use the same foundation as their server siblings.

Using the Mac App Store as the sole distribution channel for software wouldn't really fix the problem. Firstly, this solution comes at the price of the user's freedom. I don't know about you, but I find a platform that forces me to buy and download software from one single source completely unacceptable. Secondly, going down that route --might-- provide some protection against trojans (as long as the software does not download additional content from an unknown location), but it won't protect you against worms or other software that uses security holes to upload and install itself. It also won't protect you against browser exploits. Remember that you only needed to visit jailbreakme.com to jailbreak your iPhone?
Click to expand...

Software firewalls aren't that necessary any more. Apple should put this on by default I agree, but most people don't directly connect to the internet anymore. The connect via a router either at home or at their workplace (they're most vulnerable when connecting to public WiFi but even then are more susceptible to a man in the middle attack through someone intercepting their traffic - something a firewall wouldn't prevent).

Routers generally will use NAT traversal which is usually more secure than any software firewall. I know that simplifies things slightly because of uPnP issues with some routers however it is the case that most people are sufficiently protected by their router.

I do agree with you about the need for proper background anti malware scanning software or for Apple undoing some of the changes they made to the BSD foundation of OS X to put some of the security back into the OS. Windows is actually now pretty secure as MS are taking security seriously since they got burned (10 years ago now). I'm pleased to see Apple starting to take things more seriously than they used to (particularly by giving control of third party stuff like JAVA and Flash) but they have a long way to go.
 
Winni said:
You also don't need to mention the lack of viruses on OS X. Viruses have long disappeared from the Windows landscape, too. Most malware on Windows are also trojans and maybe there are a few worms still active. (A worm is a standalone program that usually replicates itself over the network by exploiting known security holes; a virus would usually try to attach itself to a program). W32.Blaster was the last evil worm I've heard about - and encountered myself - and that was back in 2003. Since then, malware usually comes in the form of trojans. And those things are now being written for OS X as well.
Click to expand...

I don't know, I work for a company that is approximately 600 users, 1/4 of those Macs. I can honestly say that during the average week there are 4 or 5 virus or malware alerts from the Windows machines, and almost never any for the Mac. I'm not sure about your assertion that viruses (even technically speaking, ones that attach themselves to files) have all but disappeared - I see them all the time. Usually they're nothing that can't be taken care of from the AV software, but they still exist and there is still nothing like those numbers on the Mac (99% of the Mac alerts, when they exist, are simply Mac users that have managed to come across some kind of Windows malware via email, etc).

I don't agree with your claim that the Mac App Store is a poor solution, just because you don't like purchasing from a single storefront... As someone who supports endusers (both at work and at large ;), boy would I appreciate it if Windows users could only download files from the Microsoft Store. Could you imagine how much fewer malware there would be? Not to mention 9 layers of pervasive toolbars attaching themselves to IE and Firefox with the computer equivalent of Krazy Glue. Just because there can and will be security holes in this model (take iOS as the extreme of this) doesn't mean it makes it much harder to distribute exploits. iOS's security record speaks for itself on that point. It's a tradeoff to be sure, but there seems to be a huge benefit from a security perspective.

Just as it's silly to say "Macs can't get viruses", it's also silly to assume they're anywhere close to the threat they are for windows.
 
Winni said:
In every black hat hacking competition, OS X always is the first OS that gets successfully hacked. Apple dumbed down the powerful Unix foundation a bit too much to let OS X still be a truly secure platform. Heck, Apple even de-activates the firewall in the default settings. Doesn't that make you feel safe already?
Click to expand...

The far majority of hacks are done through third party applications, such as java & flash. With a lot of the same exploits will be on multiple operating systems.

In the first phase of these competitions access is only given through a network. When no one could break in that way the rules were "relaxed" allowing access to the internet and third party applications.

I don't believe that security is in anyway effected just because the user interface is "Dumbed down" Drop down to a terminal and the power of UNIX is still there.

it's definitely not safer than any current Linux or BSD distribution. The argument that Linux has an irrelevant market share on the desktop would be invalid: Linux runs on most servers on the Internet and all desktop versions of Linux use the same foundation as their server siblings.
Click to expand...

Yet Linux has been dumbed down, in some cases more then Mac OSX, in trying to make it more viable to the main stream consumer market. But yet its just as secure? Which is it?
 
Mike MA said:
Well, depending on what virus checker your running.
Click to expand...

True. Even though they've improved...slightly over the past couple of years, Norton and McAffees seem to harass you over every single thing.

HEY! ARE YOU UP TO DATE? HEY! ARE YOU UP TO DATE! HEY! ARE YOU UP TO DATE? THIS WEBSITE IS REALLY SUSPICIOUS! WHAT'S THAT? OH SHI! IT'S A VIRUS OUT TO STEAL YOUR CREDIT CARDS! OH WAIT! NO! IT'S JUST A PIECE OF LINT! SORRY! HEY? ARE YOU UP TO DATE?

Basically, when you install one of those two programs, you don't really have a computer anymore. You have a giant expensive virus checker that doesn't like you doing anything else with it.
 
Does anyone have any difficulty with their Mac automatically updating when set to do so daily? Mine doesn't seem to want to anymore...
 
Renzatic said:
Basically, when you install one of those two programs, you don't really have a computer anymore. You have a giant expensive virus checker that doesn't like you doing anything else with it.
Click to expand...

Indeed. And what from my point of view basically is the key difference to Norton and the other utilities common for PCs these days - they do use a heavy portion of your overall system performance.

Something I don't notice when using the OS X Firewall and Anti-Malware Definitions. So, I like this approach.
 
Mike MA said:
Something I don't notice when using the OS X Firewall and Anti-Malware Definitions. So, I like this approach.
Click to expand...

It is the preferable approach, hence why Win8 has the firewall and antimalware bundled together in Defender. It's quiet, updates itself daily without requiring user intervention, and does its job without getting in your way.

The only sad thing is that, despite this, OEMs are still bundling Norton in with all their machines.
 
zachkolk said:
I have plenty of common sense and have no clue when I installed it. I only saw ads in Google Chrome (which I rarely use), which is why I'm not sure when. I was actually able to browse the package contents of Chrome and delete it off my Mac before Apple recognized it as adware.
Click to expand...

Obviously there was a lack of it though. This doesn't just install itself.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back