Malware in iMacs

Discussion in 'iMac' started by alex1313, Jul 12, 2015.

  1. alex1313 macrumors newbie

    Joined:
    Apr 3, 2009
    #1
    Hello everyone.

    I have an iMac with OSX Yosemite 10.10.3. I was checking Google analytics for my website using Safari and I saw a strange referral there. I clicked on it and it turn out to be a porn site. I immediately closed it because I know that just by opening a site malware can be downloaded and steal your information. A similar thing happened with a windows laptop I have and my credit card info got stolen. Should I be concerned that my Mac got a malware? How likely is this to happen in Macs? How could I find out if I got infected with a malware? I have heard that macs are more protected for viruses and malware (or better said, malware developers don't usually write them for OSX) so I'm not sure if I should be concerned or not. Thanks.
     
  2. garyrh66 macrumors newbie

    garyrh66

    Joined:
    Mar 16, 2015
    #2
    Download and install AdwareMedic from here http://www.adwaremedic.com/index.php and run it.
     
  3. Ulenspiegel macrumors 68020

    Ulenspiegel

    Joined:
    Nov 8, 2014
    Location:
    Land of Flanders and Elsewhere
    #3
    You should not be concerned. Nevertheless as one our distinguished members used to say: practice safe computing.
    What concerns some applications:

    1. AdwareMedic - (free) finds and cleans adware.
    2. ClamXav - (used to be free, it has a trial now) finds and cleans malware.
    3. AdBlock - blocks ads, like those aggressive pop-ups with MacKeeper etc.
     
  4. chabig macrumors 68040

    Joined:
    Sep 6, 2002
    #4
    Thanks for telling us exactly which version you're using. Now go update to 10.10.4. Keeping your software current is good security practice.

    I don't think this is possible on a Mac. We have a permissions system built into the foundation of the system. Software cannot be installed without your permission. Apps and Safari tabs are sandboxed.

    It's good to be security conscious. I'm sorry your info was taken, but Windows problems don't carry over to the Mac.

    It's not wrong to be concerned, but you really have nothing to worry about. OS X is now about 15 years old and there has never been a virus for it in the wild. Trojans do exist, but you have to explicitly install those. Don't install stuff without thinking, or just because a web page asks you to.

    I second the recommendation for AdwareMedic.
     
  5. burne macrumors 6502

    burne

    Joined:
    Jul 4, 2007
    Location:
    Haarlem, the Netherlands
    #5
    You must have missed the very recent brouhaha about three very serious exploits in flash (CVE-2015-5119, CVE-2015-5122, CVE-2015-5123). All are exploitable in three different operating systems, all are labeled as 'critical' meaning the exploit is remotely exploitable without user intervention and without any visible feedback to the user. All are actively used to infect internet users.

    You have updated flash by now (or uninstalled it) so that one doesn't matter anymore but there's more coming..
     
  6. chabig macrumors 68040

    Joined:
    Sep 6, 2002
    #6
    Good point. Flash is just full of hurt. I don't have it installed on my system, and I don't recommend anyone else should either. If I really want to use a website that requires flash, I run it in Chrome because it has flash built in and it automatically updates. That keeps my system as free from flash as possible.
     
  7. burne macrumors 6502

    burne

    Joined:
    Jul 4, 2007
    Location:
    Haarlem, the Netherlands
    #7
    Why are you so certain flash is the only problem? Java and Quicktime are equally bad, and many of the much less used plugins might be much worse but aren't use enough to register on the exploit-radar.

    Do you know all installed plugins and do you trust them?

    Edit: sadly the forum software insists on badgering the link. Choose 'Help -> Installed Plug-ins' for a list. I found three plugins I did not expect.
     
  8. chabig macrumors 68040

    Joined:
    Sep 6, 2002
    #8
    Of all the plugins, Flash is by far the least secure and most compromised in my opinion.
     
  9. burne macrumors 6502

    burne

    Joined:
    Jul 4, 2007
    Location:
    Haarlem, the Netherlands
    #9
    Almost all computers have flash installed. It's nice to find an insecurity in Gofor-It for IE, but you're going to have a hard time finding a computer with that plugin installed. So, instead they focus on the things people do have installed. Flash and Java.
     
  10. chabig macrumors 68040

    Joined:
    Sep 6, 2002
    #10
    Right, and after years of updates and vulnerability fixes, Flash seems no closer to achieving a trusted status. Even this week, the security chief of Facebook called on Adobe to give up on it. It's beyond fixing.
     
  11. burne macrumors 6502

    burne

    Joined:
    Jul 4, 2007
    Location:
    Haarlem, the Netherlands
    #11
    So, you just uninstall flash and you are safe? Nothing left to worry about?
     
  12. chabig macrumors 68040

    Joined:
    Sep 6, 2002
    #12
    Why would you ask that?
     
  13. fathergll macrumors 6502a

    Joined:
    Sep 3, 2014
    #13
    I'd also disconnect your iMac from the internet for greater protection.
     
  14. Chippy99 macrumors 6502a

    Joined:
    Apr 28, 2012
    #14
    And leave it switched off and unplugged, if you want to be totally safe.
     
  15. roadkill401 macrumors 6502

    roadkill401

    Joined:
    Jan 11, 2015
    #15
    Dont forget to put it into a lead lined box and burry it at least 9 feet deep in the ground
     
  16. cincygolfgrrl macrumors 6502

    cincygolfgrrl

    Joined:
    Apr 2, 2012
    Location:
    Somewhere In Time
    #16
    Flash and Java are unnecessary apps. My iMac runs marvelously without either. I too keep an updated copy of Chrome around incase a site I need still requires Flash.

    Delete Flash and Java.
     
  17. cynics macrumors G3

    Joined:
    Jan 8, 2012
    #17
    Flash as in the flash a lot of streaming services use like Hulu and HBO? I wish that was unnecessary.
     
  18. cincygolfgrrl macrumors 6502

    cincygolfgrrl

    Joined:
    Apr 2, 2012
    Location:
    Somewhere In Time
    #18
    Chrome! Use Chrome. That will allow you to get rid of Flash for good.
     
  19. Chippy99 macrumors 6502a

    Joined:
    Apr 28, 2012
    #19
    How does that help? AFAIAA, Chrome can't run flash content without the Flash Plugin. So if you have no flash installed, you still wouldn't be able to watch Hulu for example.
     
  20. mrkramer macrumors 603

    mrkramer

    Joined:
    Jul 11, 2006
    Location:
    Somewhere
    #20
    Just because there are some exploits in flash doesn't mean that they have been used on the mac. As of today the only known malware for OS X are a handful of trojans, and you have to type in your admin password to get them.
     
  21. cynics, Jul 19, 2015
    Last edited: Jul 19, 2015

    cynics macrumors G3

    Joined:
    Jan 8, 2012
    #21
    Chrome still requires Flash. If you disable it (chrome: plugins without the space) or uninstall it.

    Screen Shot 2015-07-20 at 2.15.58 AM.png

    Besides I find Safari w/ flash to be more convenient for me personally with handoff and integration with iOS devices that default to Safari. Chrome is becoming more and more tempting though. Be nice if Apple just got Safari to the same level as Chrome.
     
  22. burne macrumors 6502

    burne

    Joined:
    Jul 4, 2007
    Location:
    Haarlem, the Netherlands
    #22
    The material leaked by the breach of Hancking Team shows otherwise.

    A friend is playing with that and currenty has two malware-droppers that install without any prompt and leave a solid foundation for further compromise of the system in question.
     
  23. FloatingBones macrumors 65816

    FloatingBones

    Joined:
    Jul 19, 2006
    #23
    Please provide a link. I'm not doubting you. OTOH, if you know this with certainty, then a link to the exact story should be trivial for you to provide. Thanks!
     
  24. Georgio macrumors 6502

    Georgio

    Joined:
    Apr 30, 2008
    Location:
    Essex, UK
    #24
    From memory there has only ever been one Mac specific virus and that was the worm or early bird virus about 15 years ago. Even that was totally harmless and easily cleaned off.
    People just don't bother with Macs as the effort involved against the amount of people to cause grief to is too small.

    Windows was an easy target as early versions positively encouraged viruses with people cashing in on monthly subscriptions to remove the viruses. Not a good time to have windows.
     
  25. burne macrumors 6502

    burne

    Joined:
    Jul 4, 2007
    Location:
    Haarlem, the Netherlands
    #25
    You've missed the three CVE's I gave earlier? (CVE-2015-5119, CVE-2015-5122, CVE-2015-5123)

    On top of those now comes a local root escalation vulnerability. Which makes for a complete set of exploits. All I need is to manoeuvre somebody with anything but the latest flash to a specific webpage. Hé Presto! P0wn3d.

    (The local root escalation works with anything that allows you to run local code. Flash, Java, and a ******** of old, vulnerable non-popular web plugins.)

    It will be gone in a few days, but my point stands: your Mac (nor mine) is not a magic coat of armour. You are vulnerable, you need to use your brain and some caution.
     

Share This Page