Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Look up "herd immunity." No man is an island.

Additionally many do inadvertently infect their Mac. Hence, the anti-malware programs.

"herd immunity" does not apply here because we are not talking about malware that can spread between Macs, or even Mac malware that can spread to Win PCs. I could ask you to lookup "natural selection" however that doesn't seem to apply to humans any longer as they do really stupid things every day like self inflicting infections on their otherwise extremely secure computers that have many, many layers of built in malware protection.

I will say this over and over but installing active malware scanning software on your Mac almost certainly makes your Mac MORE vulnerable than is was without the software. This type of software is currently "snake oil" on a Mac. It prevents nothing more than the Mac OS already protects against, yet integrates itself into the OS at a low level where it can introduce vulnerabilities that were not there in the first place.
 
@IHelpId10t5 no need to shout.

… get rid of Sophos and use Malwarebytes …

I can't recommend that. From a July incident:

A run of Malwarebytes Anti-Malware found:

OSX.Genieo
PUP.Macbooster

Related: https://blog.malwarebytes.com/cybercrime/2015/08/genieo-installer-tricks-keychain/

I removed both items. A long shot, I wonder whether either of those PUAs were contributory to Sophos failures.

– and those were prior failures of Sophos Anti-Virus, quite different from more recent failures; and those more recent failures included successful clean-up of Genieo-related files that had been missed by Malwarebytes Anti-Malware. And so on.

we are not talking about malware that can spread between Macs, or even Mac malware that can spread to Win PCs.

That may be true for you but it's not true for what I'm talking about, and moreover: let's not forget the opening poster.
 
As is always the case with articles of Mac "threats", the article that you have linked is the typical FUD that is published over and over by security researchers that want to peddle their wares. If you do just a bit or reading you would realize that this "threat" requires that the user downloaded an application and then entered their administrative credentials! You clearly have not read and understood the article that you linked.

I have no problem with the folks at Malwarebytes as they have provided some great (mostly Windows) products in the past. But in this case the "threat" still requires user self infliction to occur at all.
 
let's not forget the opening poster.

dotDefender at UCLA

I was attempting to go to the UCLA bookstore website

I have http://shop.uclastore.com/ leading to http://shop.uclastore.com/c-318-bookzone.aspx for BookZone.

@Old dog guy please: is that the address, or similar to the address, that you used for the UCLA bookstore?

I read that you use Safari. Some versions of Safari hide the address by default. Hidden or not, you can copy it by keying Command-L followed by Command-C.

when something called dotDefender came up with some stuff about the site being blocked and contacting the administrator with some code.

If you revisit the page then does a code reappear and if so:

a) what's the code; and

b) what's the address of the page?

I really don't have any active anti-virus protection. I do have Bitdefender, free version so not complete, and as far as I can tell it is not connected to this other thing.
Just wondering about the need of actually getting full time anti-virus and if so what are your recommendations?
I know that Macs are vulnerable nowadays and maybe it's time to get some protection. I don't have top secret stuff on my new iMac but it may be worth the price today. Thoughts?
Thanks.

Thanks for the input. The Dark Web is kinda like dark matter to me, I believe it's out there just don't know where and I'm not going to look for it.
I'll just try to keep everything clean and up to date. …

Depending on the address(es) where you found dotDefender code(s), it's possible but very unlikely that your Mac was in some way compromised.

What follows is vaguely technical. Not intended to make you feel in any way foolish.

http://www.uclastore.ucla.edu/ for me today resulted in code 0A6D-D795-10ED-03CA with reference to dotDefender, so It's reasonable to assume that UCLA uses dotDefender and treats the product as suitably reputable. Internet Archive Wayback Machine captures for the same URL result in different codes, for example 9E11-8966-86F5-AF59 captured by me a few minutes ago (and there are 240 other captures over nineteen years, but I don't intend to seek a date when use of dotDefender began).

In July 2016 someone else captured another dotDefender code for http://secure4.ha.ucla.edu/

… and so on. The site administrators might like to reconfigure their dotDefender installation(s) to not present alerts for base URLs such as those; in the meantime, the simplest explanation may be that the administrators do not expect people to visit those URLs during the course of normal browsing.

UCLA aside

Hiding of full addresses, by browsers such as Safari, may increase the incidence of wasted visits to base URLs, but that's a discussion for a different topic.
 
As is always the case with articles of Mac "threats", the article that you have linked is the typical FUD that is published over and over by security researchers that want to peddle their wares.

If you are referring to the "Genieo installer tricks keychain" article (I can't tell to whom you were replying), then, as the author of that article, I take exception to calling it "FUD." It is simply a description of the behavior of a particularly nasty Genieo installer that was utilizing a vulnerability in the system to gain access to the keychain without user permission.

The point was twofold: 1) to bring attention to more misbehavior on the part of Genieo, and 2) to bring attention to an important vulnerability in OS X that could be used to steal passwords and other keychain data. I was also in contact with Apple about this issue at the time, and they made some changes to OS X in response.
 
OP wrote above:
"Along sort of the same line, I clean out the history on Safari when I'm done with it . I don't like the idea of having all those little cookies sitting in my computer. Again, thoughts on this practice?"

I agree with you on that.

I routinely "reset" Safari (still can do that if you're running 10.8.5).
On El Capitan, I quit Safari, then open Safari's folders and delete EVERYTHING in them (with the notable exceptions of Extensions and Bookmarks). I clean it out, but good.

I just can't figure out those folks with months and months of "history" and who keep 40 tabs open at once. I don't use tabs, ever. If I open a tab by mistake, I quickly close it and re-open what I was looking for in a "new window" instead. :)

I'm also one of those who shuts the Mac down every night, and reboots every morning...
I thought that if you do this you have to re-enter all your password info on sites you use.
 
I thought that if you do this you have to re-enter all your password info on sites you use.
You can clear cookies and cache without clearing passwords you've saved. If you haven't saved any passwords, then yes, you would have to re-enter them if you clear cookies or log out of sites.
 
There'll be a lot of Apple fanboys telling you that you don't need Antivirus on a Mac. …

I wouldn't use the word fanboy but here's someone: https://forums.macrumors.com/posts/23164060

Also, for malware it's normal to find most OS-specific topics not staying focused on the OS for which the topic began. That's true for both this topic (El Capitan and antivirus software) and the other (What is the best antivirus for Mac El Capitan?) …

Sophos for the win, …

It has many good points but for Mac OS X, the engineering by Sophos is sometimes unforgiveably sloppy.

… Sophos works well. …

That's partly by using defaults that are not sane.

… I vaguely remember that Sophos was always a bit behind the curve as far as safe computing practices on the Mac were concerned. …

Also, when I last dug into things, I drove a small tractor through a design flaw that allowed the EICAR test file to be written to, and read from, part of a volume that was reportedly protected by on-access scanning. That, and more …

… Has anyone here ever had Mac Malware install on their Macs? …

Yes, long ago, and the incident was extremely disruptive to a group of people. When I discussed it years later, some readers scoffed. I assume that those people had never experienced the difficulties of dealing with a spreading incident for which a software vendor had not yet developed protection.
 
Last edited:
Avast if my favorite. Btw, why don't you open a poll with this thread. Might help everyone.
 
Avast if my favorite. Btw, why don't you open a poll with this thread. Might help everyone.
Only the thread starter can add a poll, and they haven't been on the site for 6 months. You can certainly use an antivirus app if you want to, but they aren't necessary to keep a Mac malware-free, as long as you practice common sense safe computing. None of the AV apps have 100% detection rates, so practicing safe computing is more effective than any app.
 
Microsoft System Center 2012 Endpoint Protection for Mac works flawlessly. Before I was using Sophos for Mac but it beach balled my quad core Mac (not my dual core Mac).
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.