viruses?? malware?

Wait for it ...

 

LOL! And here it is!

Once you give someone access to your computer, all bets are off, as they could install malware or keyloggers. A clean install would ensure it's all cleaned up.

Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.

Mac Virus/Malware FAQ​

1. Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall
   
   
2. Uncheck "Open "safe" files after downloading" in Safari > Preferences > General
   
   
3. Disable Java in your browser (Safari, Chrome, Firefox). This will protect you from malware that exploits Java in your browser, including the recent Flashback trojan. Leave Java disabled until you visit a trusted site that requires it, then re-enable only for the duration of your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)
   
   
4. Change your DNS servers to OpenDNS servers by reading this.
   
   
5. Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.
   
   
6. Never let someone else have access to install anything on your Mac.
   
   
7. Don't open files that you receive from unknown or untrusted sources.
   
   
8. For added security, make sure all network, email, financial and other important passwords are long and complex, including upper and lower case letters, numbers and special characters.
   
   
9. Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.

That's all you need to do to keep your Mac completely free of any Mac OS X malware that has ever been released into the wild. You don't need any 3rd party software to keep your Mac secure.

 

It sounds like either a file sharing site or a porn site. If your brother didn't install anything, you're probably fine. Clear your browser's cache and cookies and make sure you have an ad blocker to deal with pop ups. If you haven't already done so, try changing your DNS servers on your Mac and your router to OpenDNS servers. This will show you how: Why am I being redirected to other sites?

 

You have nothing to worry about. You really really really really have nothing to worry about.
Honestly, seriously, as straight forward as I can say this. You. have. nothing. to. worry. about.

I've used a Mac's since 1990 and have gone through every sort of virus or malware scare imaginable and zero of them were ever worth sweating because there was nothing wrong. Yes, today there is one Java trojan out there that caused a little bit of a stir in the Mac community but that has been resolved by Apple and there are tools available to detect and solve that issue. You are fine.

 

Never underestimate the might of the hacking community.

Flashback by definition of a virus was a virus. It downloaded itself, ran, and installed malware that gave hackers access to your computer. That's a virus.

 

No it was not a virus, virus' don't say "hello I want to install on you system may I have your admin password please"

 

WTF?

Where did he find those sites? Where's the Pirate Bay? You need to educate him as to where to find the good stuff.

 

No, that's not the definition of a virus, and Flashback wasn't one. It was a trojan. Read the FAQ I posted earlier to learn accurate definitions of malware types.

 

In the perfect world you would be right but unfortunately working in IT it is not. Computers are messy 1's and 0's and nothing is ever strait forward.

You are right but yet wrong. An ambiguity that is the IT world.

It's actually a combination but for the sake of simplicity and explaining to the user that it's better to be cautious than assume you're safe. The word virus scares people more than trojan. Trojan is a condom. A virus hurts people so it's more scary. This is why "virus" is used and not trojan or malware. Have any idea how many questions I get when I say it's malware? When I say it's a virus the user understands. It's about speaking a language the user can relate with. Basic communication with the user is IT 101. Please learn it.

Never ever assume you're safe. You should still use common sense and be cautious regardless what it is you're using. It's best to learn and understand that than play ignorance and assume safety.

 

So what I tell users all the time is malware/viruses/trojan etc etc are usually getting to you by email or an ad on a website. You can protect yourself by not going to ads or staying away from those websites with a lot of ads. If you don't know what the email is don't open it. Never open an attachment from an email that didn't come from someone you know. Don't go to websites with a lot of ads. Don't use applications that have ads in them. Always click the 'x" or I guess in your case the red button if you don't know what it is.

In regards to your ftp site:

Pinging Ka9q.UAR.Net [194.44.214.3] with 32 bytes of data:
Reply from 194.44.214.3: bytes=32 time=127ms TTL=56
Reply from 194.44.214.3: bytes=32 time=127ms TTL=56
Reply from 194.44.214.3: bytes=32 time=127ms TTL=56
Reply from 194.44.214.3: bytes=32 time=126ms TTL=56

Ping statistics for 194.44.214.3:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 126ms, Maximum = 127ms, Average = 126ms

C:\Users\>tracert 194.44.214.3
13 104 ms 106 ms 106 ms ae-2-70.edge3.Frankfurt1.Level3.net [4.69.154.71
]
14 129 ms 128 ms 128 ms dialup-212.162.19.58.frankfurt1.mik.net [212.162
.19.58]
15 127 ms 127 ms 127 ms Ka9q.UAR.Net [194.44.214.3]

Trace complete.

So here you can kinda see where that site is. http://whatismyipaddress.com/ip/194.44.214.3

It gives you a geological map of where that IP is within 50 miles. You will notice that it is in the Ukraine. I would say that is concerning and unless you know exactly what it is you're doing with that FTP site I would recommend not using it.

http://www.ip-adress.com/ip_tracer/ka9q.uar.net - Here's another tool I like to use and here you can see it says the same thing.

I did some digging around and it looks like a hosting site that stores files, music, movies, applications - I'm guessing illegally.

 

First, stop freaking out. You're probably perfectly fine. Power off your computer and don't touch it for a little bit. That isn't technical info, it's just to help you look at things calmly.

When you turn it on, go through your files and applications and delete anything that isn't yours. Also delete your anti-virus program and cancel the subscription. It has nothing positive to offer you.

Once the unwanted stuff is deleted, it's gone. Simple as that. If you are really worried or are unsure of how to do this, make an appointment at the Genius Bar and ask for help.

The last thing you want to do is get all panicked and start picking apart your Mac. You'll drive yourself crazy and may end up fixing something that wasn't broken.

 

The definitions for various malware types are accurate, even in an imperfect world, and even if some people are unaware of those definitions. Flashback is a trojan. It does not replicate itself, which is one of the two primary characteristics of a virus. The Flashback trojan is completely avoidable by prudent user action. That is not true for viruses.

There's nothing "messy" about 1s and 0s, and everything is very strait forward, even if the user may not understand why things work the way they do. Computers do exactly what programming tells them to do, even if it's something the user doesn't want or expect or understand.

It's not a combination. If it doesn't meet the two basic requirements, it's not a virus.

As for being cautious, go back and read my first post in this thread. Nothing about it suggests that you shouldn't be cautious. Practicing safe computing assumes that you're not inherently safe and that you need to take steps to protect your computer from malware. I've listed those steps in that post.

That's not why those terms are used. It has nothing to do with "scary" or condoms. If you don't know why those terms are used, you could benefit from some additional learning.

No, it's about benefitting the user by informing them of the facts. Educating them about facts is a much better way to serve them, rather than simply conforming to the user's uninformed thinking and language.

Again, re-read that first post. There is nothing in it that suggests playing ignorant and assuming safety. It does recommend the common sense and cautious approach of practicing safe computing and gives specific steps for doing so.

Ads, while annoying, are not inherently dangerous. Just because a website has many ads does not indicate the presence or likelihood of malware. Also, there are many other vectors through which malware can be introduced to a computer, beyond emails or ads. If you want to help users, I recommend you spend some time gaining an understanding of malware as it relates to Macs, so you'll stop giving them misinformation. Reading the 3rd post in this thread, along with the FAQ that's linked there is a good way to start.

 

LOL!!!

So true!

 

I disagree with you're definition of a virus - specifically with how you differentiate between the spread of a trojan and virus. A virus can spread pretending to be an email attachment and require intervention to execute; it can also act as a trojan horse by pretending to be a useful attachment while carrying a payload designed to compromise a system.

So if a piece of malware spreads via email and appears to be something of interest so you click on it, but installs a backdoor without your knowledge, is it a virus or is it a trojan? Arguments could be made for either scenario.

In fact, a self replicating virus that requires no user interaction would probably fall under the worm category.

Of course, in the end the semantics differences don't matter as one term becomes the popular usage; witness what happened to hacker. Once a term is broadly accepted trying to parse differences is like pushing rope uphill.

 

You don't have to stop using all FTP sites. Just that FTP site is concerning. That site is a hosting site you go there to "login" to download movies, music, porn ... Injecting viruses into files isn't hard to do tho. My point is it looks like an untrusted source and you have no idea what they are doing to those files they are hosting.

It's not trying to access your mac. It doesn't particularly work that way. Basically just be cautious and don't assume safety. Your anti-virus that you paid for is fine still use it.

Here's a free one tho that you can use.
http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-edition.aspx

You can't say macs don't get viruses because they clearly do. It's 1's and 0's - All software can get a virus. Don't assume safety instead be proactive and be safe.

 

It's not my definition. It's the industry's definition, and it's accurate, whether you agree with it or not. Viruses do not require user action to install or replicate. A trojan cannot self-replicate, whether it requires user action to install or not. There has never been a Mac OS X virus in the wild. There have been trojans, of which Flashback is one.

Sophos should be avoided, as it could actually increase your Mac's vulnerability, as described here and here.

Name one. I have never said Macs can't get viruses. They don't get them because no Mac OS X virus exists in the wild.

 

I know for a fact that malware and viruses come from websites and ads.

----------

You can read books all day long but in the actual industry it's a different ball game.

 

so you call it something it isn't to make it easier for non-computer literate people can understand?

 

I didn't say otherwise. I said that just because a site has ads doesn't mean it's likely to have malware. I also said there are many other ways of encountering malware other than emails or ads on websites.

Having spent over 40 years in the industry, I'm quite aware of the nature of that "ball game", and who said anything about reading books? Those malware definitions are from industry security firms and anyone who is informed will acknowledge the accuracy of those definitions. Only those who are not informed will disagree.