Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Response time to Mac Defender

Trebuin

Trebuin

macrumors 65816
Original poster
Jun 3, 2008
1,494
272
Central Cali
I was going to specifically cite Antivirus only, but since so many people insist that OSX itself is the perfect virus protection...or else blame it on the user, I've decided to include it as well. As I'm frequently busy, I could use some help.

I put this together because I haven't really seen any good benchmarks for any of these software. What really needs to be tested are response time, memory usage, disk usage (including all components), usability, and stability. Here's examples why: Norton took 1GB of my SSD...a significant amount of space. Intego Virusbarrier had fun crashing my computer all the time...at least norton didn't do that. There are reports that others sap 100% cpu usage. OsX itself would have left my computer shut down for about 20 or so days until a definition was released...had mac defender been an actual virus.
Here's the list so far:

Mac Defender Released: ~2 May (it's the trojan)

Responses

Sophos: 2 May 2011
Intego Virusbarrier V5 & V6: 2 May 2011
MacScan: 4 May 2011
Apple OsX: 31 May 2011

Kasperky: NLT (no later than) 4 May 2011
Norton:
iAntivirus:
ClamXav: NLT 8 May 2011
Avast:
MacKeeper:
McAfee:

Don't be worried about the fact that some of these have NLT and some later date than others...I simply can't find when they updated their definitions to include Mac Defender.
 
Last edited:
do you really need an antivirus software for Mac Defender? Its not a virus but malware. And malware for OSX you have to knowingly allow the installation, i.e., prompted for your password
 
maflynn said:
do you really need an antivirus software for Mac Defender? Its not a virus but malware. And malware for OSX you have to knowingly allow the installation, i.e., prompted for your password
Click to expand...

Personally, probably not...my dad and a lot of other more simple users who can be fooled...probably. Considering if you had an AV installed...you have a very small chance if fooled to install that think...eg, less than a day for the definitions to be produced. If you don't have AV, you have close to 30 days of exposure.

Also, considering these things can be put into hijacked sites, you actually have a greater chance of catching it. EG, if macupdate was hijacked by either proxy spoofing or just hacked with no modifications other than a few files changed...this could become a real reality. One day vs 30 is a huge difference then.

Finally, the country I'm in, about 40-60% of the sights are modified for data collection and computer hijacking. None of Macupdate's files pass any file validate because they are all modified. I have been briefed that I cannot do any banking over here and believe them considering my Paypal account was hijacked within 30 mins of using it. Such is the reality of not being in the good old US of A.
 
Trebuin said:
OsX itself would have left my computer shut down for about 20 or so days until a definition was released...had mac defender been an actual virus.
Click to expand...
You've started with a false assumption: that you were the first to encounter the malware.

From the time malware is first encountered in the wild until it's reported and defenses are developed is a matter of days or, at the worst, weeks. During that time, people are made aware of the malware's existence through news media, forums, etc. Not everyone encounters malware on the day it is released. On the contrary, most will never encounter any Mac malware during the entire time they own a Mac. Only a handful will initially encounter malware and by the time the majority of the public knows about it, defenses are already in place.

You don't need any antivirus software to protect Mac OS X from malware. No viruses exist in the wild that can run on Mac OS X, and there never have been any, since it was released 10 years ago. The handful of trojans that exist can be easily avoided with some basic education, common sense and care in what software you install:
 
Thank you for going off topic. This thread is about places that are a little more hostile than America and for least common denominators won't don't like to read news, yet still spend too much time going places they shouldn't.


You've started with a false assumption: that you were the first to encounter the malware.

Good, apple will always be the first to find and deal with this...they wont take nearly 30 days.
http://www.pcworld.com/article/2291..._defender_security_updateeverybody_relax.html

From the time malware is first encountered in the wild until it's reported and defenses are developed is a matter of days or, at the worst, weeks. During that time, people are made aware of the malware's existence through news media, forums, etc.

Good thing this country allows access to malware education:

Web Page Blocked


You have tried to access a web page which is in violation of your internet usage policy.

URL: www.foxnews.com/
Category: Prohibited News

To have the rating of this web page re-evaluated please click here.


Not everyone encounters malware on the day it is released. On the contrary, most will never encounter any Mac malware during the entire time they own a Mac.

And the Titanic will never sink.

Only a handful will initially encounter malware and by the time the majority of the public knows about it, defenses are already in place.

Thank goodness 2 May is after 31 May


You don't need any antivirus software to protect Mac OS X from malware. No viruses exist in the wild that can run on Mac OS X, and there never have been any, since it was released 10 years ago. The handful of trojans that exist can be easily avoided with some basic education, common sense and care in what software you install

So my dad clicking on install on Mac Defender (because he doesn't read news) would have done nothing since protection was in place and antivirus would have done nothing in addition to anything else?



All these responses are sarcastic, except the part about my dad...he really is a least common denominator.
 
Trebuin said:
Thank you for going off topic. This thread is about places that are a little more hostile than America and for least common denominators won't don't like to read news, yet still spend too much time going places they shouldn't.
Click to expand...
You're not making any sense. There is nothing in your original post about "places that are a little more hostile than America". Read your own posts. My response is on-topic for what you posted.
Trebuin said:
Good, apple will always be the first to find and deal with this...they wont take nearly 30 days.
Click to expand...
No, Apple won't always be the first, but as I already said, most people have never encountered Mac OS X malware.... ever.
Trebuin said:
Good thing this country allows access to malware education:

Web Page Blocked

You have tried to access a web page which is in violation of your internet usage policy.

URL: www.foxnews.com/
Category: Prohibited News

To have the rating of this web page re-evaluated please click here.
Click to expand...
Again, you're not making any sense. What are you talking about?
Trebuin said:
And the Titanic will never sink.
Click to expand...
Again, what's your point? Although in one way, your analogy works: 1,517 people died when the Titanic sank. That's 1,517 out of the entire global population of billions of people. Your chances of encountering Mac OS X malware is likely the same percentage.
Trebuin said:
Thank goodness 2 May is after 31 May
Click to expand...
You're not making sense again.
Trebuin said:
The handful of trojans that exist can be easily avoided with some basic education, common sense and care in what software you install.

So my dad clicking on install on Mac Defender (because he doesn't read news) would have done nothing since protection was in place and antivirus would have done nothing in addition to anything else?
Click to expand...
Your dad doesn't need to read the news to be protected from MacDefender. Read the bolded text above. All he has to do is to only install software from reputable sources. The fact that an install started that he didn't initiate should have been enough warning not to proceed with the installation. Antivirus software would have done nothing to protect him, since it didn't recognize MacDefender as a threat when it was first encountered.
 
Trebuin said:
Apple OsX: 31 May 2011
Click to expand...
AFAIK, Apple's initial Mac Defender response wasn't what most would consider timely, but in the end, they did deliver a solution that updates itself daily, removing new known malware from Macs.

IMO, the system works well enough that it seems like a lot of Apple blogs are first hearing about Mac Defender variants by looking at that Mac OS X malware daily update (vs. reblogging a press release from one of the usual computer security firms).
 
GGJstudios, I'm sorry you didn't read the last line of my last post. I'll give you one on my second post being off topic...that's actually the reason why I'd like some AV protection. Adobe keeps popping up that it wants to install an update, 10.2, which doesn't exist. I've been briefed never to install updates here.

Back on topic.

aristobrat: Good point, Apple actually does a decent job of response compared to windows. Also, you're right, it was the scare that the media took ahold of. Check this:

http://www.zdnet.com/blog/bott/an-applecare-support-rep-talks-mac-malware-is-getting-worse/3342

Apple had a bit more calls, but like you and this article mentions, the majority of the response was just from scares and questions.
 
Last edited:
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back