Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Trojans

Tonsko said:
I know (nearly) everyone on here says not to bother with AV, fair enough.

How though, do you know if you got a trojan?
Click to expand...
Do you mean you've installed software from questionable sources, so you wonder if a trojan was included? Because installing apps, which includes entering your admin password, is the only way you can get a trojan. Surely you would remember installing something.

Mac Virus/Malware Info
 
Well no, I've not done it yet. There's always time though I guess, although something I'd prefer to avoid tbh.

The only software I've installed is from legit sites (VMWare Fusion, AppZapper etc).

Currently I run as admin, but shall be downgrading that in the near future once I get a handle on how OSX does sutff, but the default when you install programs 'ask for password before proceeding' I think.

Is it possible to get them from merely running some software that say, doesn't need an install? Little utils that you might find lying around. For example - KeePass for MAC doesn't require an install, it just runs. Again, I got that from the sourceforge site so I'm (hoping) that that will be ok.

Will Little Snitch be useful in this regard? I know it pops up to tell you stuff is trying to dial out, and the firewall I use on windows (comodo) has all that stuff sewn up.
 
Tonsko said:
Is it possible to get them from merely running some software that say, doesn't need an install? Little utils that you might find lying around.
Click to expand...
No, unless it asks for your password, you should be fine. The few trojans that exist out there are not much of a threat, unless you routinely install pirated software or download and install software (codecs, etc.) from porn sites or other disreputable sites. If you exercise reasonable care in getting software from reliable sources, your chances of having your Mac infected by malware of any kind are extremely remote.
Tonsko said:
Will Little Snitch be useful in this regard?
Click to expand...
No, Little Snitch only informs you whenever a program attempts to establish an outgoing Internet connection. It doesn't detect malware.
Tonsko said:
and the firewall I use on windows (comodo) has all that stuff sewn up.
Click to expand...
There is a built-in firewall in Mac OS X that works quite well. To configure it, go to System Preferences > Security > Firewall
 
Cheers for those answers (have already configured the bog standard OSX firewall).

Another question to clarify Little Snitch - say you do get a trojan/malware etc. it order for that software to do anything of any use to the controller, it would have to dial out, or at the very least activate a listener port.

Does LS notify you of only stuff that tries to connect outbound? Or will it tell you if it's detected a local port that's open and listening for connections?
 
Tonsko said:
Another question regarding Little Snitch - say you do get a trojan/malware etc. it order for that software to do anything of any use to the controller, it would have to dial out, or at the very least activate a listener port.
Click to expand...

Or simply sit keylogging looking for stuff that looks like credit card details then wait till it thinks your not there and send an email via Mail.app using AppleScript...
 
Tonsko said:
Cheers for those answers (have already configured the bog standard OSX firewall).

Another question regarding Little Snitch - say you do get a trojan/malware etc. it order for that software to do anything of any use to the controller, it would have to dial out, or at the very least activate a listener port.

Does LS notify you of only stuff that tries to connect outbound? Or will it tell you if it's detected a local port that's open and listening for connections?
Click to expand...

Not all malware requires an internet connection to do damage. Some Windows trojans, once installed, can destroy or corrupt files on the computer, even if an internet connection is not present. Little Snitch is an internet access monitoring tool. It should not be expected to detect the presence of malware. It detects attempts to establish an internet connection, whether by a legitimate app or an unwelcome app.

robbieduncan said:
Or simply sit keylogging looking for stuff that looks like credit card details then wait till it thinks your not there and send an email via Mail.app using AppleScript...
Click to expand...
True. If you had previously marked Mail.app as a trusted app, a trojan could, theoretically, use Mail to spam or email your private info out, and Little Snitch would let it go, since you had previously told it Mail.app was OK.
 
These little notes are useful, thanks. There is still much I don't know about OSX and how it works.

...and yeh, agree about other methods of malware tomfoolery. Wasn't thinking straight, sorry.
 
Tonsko said:
These little notes are useful, thanks. There is still much I don't know about OSX and how it works.

...and yeh, agree about other methods of malware tomfoolery. Wasn't thinking straight, sorry.
Click to expand...
No need to apologize for asking questions. That's how we all learn. Be sure to read the link I posted on malware. It will really help. Also, as a new Mac user, you might benefit from this:

Helpful Information for Any Mac User

This should answer most, if not all, of your battery questions: Apple Notebook Battery FAQ

Also, searching the forum with MRoogle will usually find answers to most of your questions.
 
GGJstudios said:
True. If you had previously marked Mail.app as a trusted app, a trojan could, theoretically, use Mail to spam or email your private info out, and Little Snitch would let it go, since you had previously told it Mail.app was OK.
Click to expand...

I don't know how Little Snitch does it, but for example the Keychain would know exactly that you've got a different application, even if it has the same name. (And it would know that it is the same application if it was signed with the same signature; so the Keychain would trust a new version of Mail.app signed by Apple, but not a new version of Mail.app that is unsigned or signed by someone else than the previous signer).


Tonsko said:
Is it possible to get them from merely running some software that say, doesn't need an install? Little utils that you might find lying around. For example - KeePass for MAC doesn't require an install, it just runs. Again, I got that from the sourceforge site so I'm (hoping) that that will be ok.
Click to expand...

The operating system will ask you when you try to run an application that you just downloaded. Nothing can happen unless you willingly allow it to happen. If you didn't have to enter an administrator password, then there is less damage that can be done, but _any_ application that you start can do things like erasing everything in your user directory, if that's what it wants to do. It can't mess up your machine; if you allow guest users than a guest user downloading and running an application can only damage their guest user account and nothing else. But there is plenty that a malicious application can do without being installed. But nothing that a Time Machine backup cannot fix.
 
gnasher729 said:
I don't know how Little Snitch does it, but for example the Keychain would know exactly that you've got a different application, even if it has the same name. (And it would know that it is the same application if it was signed with the same signature; so the Keychain would trust a new version of Mail.app signed by Apple, but not a new version of Mail.app that is unsigned or signed by someone else than the previous signer).
Click to expand...
Yes, I agree it probably has a digital signature for each app, or copy of an app. The scenario I posted referred to a trojan actually using the existing Mail.app to send info, rather than making a copy of the app. I don't think Little Snitch could detect what app launched Mail... only that Mail was attempting to access the web.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back