PDA

View Full Version : AV software still being actively promoted



IWT
03-29-2016, 04:47 AM
Hope this is okay to post here.

There is an almost daily question from OPs on AV software and I think that the Mac-Forums have a fairly general consensus that the problem is Malware and that most AV don't find them, slow your Mac, have the potential to corrupt updates as they see them as threats; and there are no wild viruses out there yet for the Mac. Routine response in most cases.

Sad, therefore, to see Macworld not only promoting the use of AV software, but recommending the so-called 10 best http://www.macworld.co.uk/feature/mac/10-best-antivirus-for-mac-2016-3637103/?no1x1&utm_source=Mainline&utm_medium=email&utm_term=image&utm_content=image&utm_campaign=Mainline2303

Even more surprising that Macworld admits that they slow down some Macs by as much as 25% and have both false positives and false negatives. Their "Best" is one which is quite often mentioned by OPs as causing problems.

I realise we and Macworld are not in any way affiliated; but we can perhaps now see how some users can be encouraged to install AV software.

Just my thoughts.

Ian

Rod Sprague
03-29-2016, 08:04 AM
"Their "Best" is one which is quite often mentioned by OPs as causing problems." Yes Ian, and for $40.00 you would expect more.
I guess MacWorld is commercially driven and as these products are out there someone should be evaluating them and they have done that quite well but it is the terminology that really annoys me. The article "Do Macs get viruses? Do Macs need an antivirus? Why you DO need security software for your Mac | Mac security FAQs" refers to malware, adware and ransomware as though they are virus' which we all know they are not. The definition of a virus requires that it be self replicating and able to spread to other devices. This is clearly not so in the case of malware but perhaps the term "Virus" has just become so universal that developers can't see the point in educating or confusing the market by trying to distinguish between the true PC virus' and simple malware as found on the Mac OS.
Lastly does anyone need to continuously run an application that chews up resources and occasionally causes problems of it's own to protect them from something that can be easily eradicated with free software on a needs based episodic basis. My opinion, no. It is costly and unnecessary.
So I guess I will just have to get over my pedantic interpretation of inaccurate terminology. If it came from somewhere else and it causes a problem to the normal or expected operation of your device it's a virus. Still rubs me up the wrong way though.

IWT
03-29-2016, 08:14 AM
Congrats, Rod, on reaching 2000 posts!

Ian

Slydude
03-29-2016, 11:56 AM
Ditto.

pigoo3
03-29-2016, 11:58 AM
I realise we and Macworld are not in any way affiliated; but we can perhaps now see how some users can be encouraged to install AV software.


Then there's the AV companies themselves promoting their products with as much "scare tactics" that they can get away with as well. "The sky is falling…the sky is falling!!!".;)

Think about it. Mac OS X has been around for 15 years…and all along the way the AV folks have been with us. Over those past 15 years how many real threats have there been??

Yet over those 15 years the AV folks have been happily taking Mac-Users money (staying in business)…and we really haven't gotten much in return.:(

I've said it before & I'll say it again. Apple computers are not invulnerable. And someday we may have something to be concerned about it. But in the present environment…I see no justification to install AV on my computers.:)

- Nick

chscag
03-29-2016, 04:00 PM
Sad, therefore, to see Macworld not only promoting the use of AV software, but recommending the so-called 10 best — http://www.macworld.co.uk/feature/ma...n=Mainline2303

First... thread moved here to Security Awareness.

Lately I've been disappointed in the type and quality of articles appearing in Macworld. Ever since IDG decided to go 100% digital and no longer produce printed issues, their reporting and writings have steadily gone downhill. It doesn't surprise me that they would promote and write about AV products for the Mac. Frankly, I'm tired of their "filler" articles and wish they would get back to real hardware and software issues that are important to you and I the users. Let them report and talk about AV products in their sister magazine "PC World" if they have to. :Not-Amused:

harryb2448
03-29-2016, 05:02 PM
Well guys it follows that old, old Latin proverb.

'A buck is a buck is a buck'!

100% Apple user
04-17-2016, 10:06 AM
I have been using apple products since 2009 and have not seen any need to install any av software on them. started using apple products with a old g4 iBook,then a g4 powerbook, then a 2006 macbook, and a 2010 mac mini. now i have a 2009 macbook running 10.11.4, a 2010 mac mini running 10.11.4 and an iPad 2 running iOS 9.3.1. have never had any issues with any kind of malware that i am aware of. it is nice to use a computer and not have to run software that makes it run slow as 20w50 engine oil on a -20 below 0 day. apple products really do just work and are really the best around!!

Rod Sprague
04-17-2016, 11:29 AM
I do think we have to bear in mind, rightly or wrongly (it is wrongly) the word "virus" is becoming widely accepted as almost any rogue script that anyone may unwillingly pickup from any source without intent that is expressly designed and deliberately intended to disrupt the normal function of a device. It may be to exact payment for erroneous threats like ransomware or disrupt your browser function, altering your search engine or causing popups to magically appear for no apparent reason like adware. There are lots of examples of a term or name becoming the universal identifier for an object despite being obviously incorrect. When I was a lad all ballpoint pens were called biros' but of course Biro was the name of the Frence company that popularised the retractable ballpoint and so became synonymous with the device. Then there's the Bic disposable butane gas lighter etc. As much as it grates on my nerves I can see that some of the top rated anti virus apps for Mac OSX actually only deal with malware while their PC product is primarily for virus' perhaps they just can't be bothered differentiating for the purposes of advertising and it certainly wouldn't be the first time advertising companies shaped, manipulated and influenced public knowledge.

Ember1205
04-17-2016, 11:49 AM
Hi, all.

While I agree that OS X is significantly more secure and much less targeted than Windows, I don't agree that there "is no threat" (taking a bit of a liberty, bear with me).

Not using A/V software because the risk is so small is akin to:

- Not wearing a seatbelt because you've never been in a car accident
- Not wearing a motorcycle helmet because you've never crashed
- Not getting a flu shot because you've never had the flu

The list could continue, fill in your own examples.

I don't like the idea of having to run software on my machine to ensure that I am "as protected as I can be", but this is the reality we live in being connected to the Internet. If you wait until your machine is crashed by a virus of some sort, it's too late. A/V software does not fix problems, it helps to prevent them.

With Apple products continuing to gain in popularity and proliferate more households and companies, they are becoming a larger needle in a smaller haystack. Why are all of the viruses traditionally written against Windows? Because of the amount of impact they have based on the sheer volume of machines. Macs growing in numbers are making them a more desirable target. And, while they may be inherently harder to infiltrate (because the OS is designed to be secure in the first place), it WILL happen.

With that said, I think the products highlighted in the MW article are laughable. The top five are complete garbage - Avast is horrid, I've had computers infected while running Avira - and they don't even list AVG (which I run).

pigoo3
04-17-2016, 12:36 PM
I don't like the idea of having to run software on my machine to ensure that I am "as protected as I can be", but this is the reality we live in being connected to the Internet. If you wait until your machine is crashed by a virus of some sort, it's too late. A/V software does not fix problems, it helps to prevent them.

With Apple products continuing to gain in popularity and proliferate more households and companies, they are becoming a larger needle in a smaller haystack. Why are all of the viruses traditionally written against Windows? Because of the amount of impact they have based on the sheer volume of machines. Macs growing in numbers are making them a more desirable target. And, while they may be inherently harder to infiltrate (because the OS is designed to be secure in the first place), it WILL happen.

While I do agree with much that you are saying.:)...(nothing is impossible, one day our Mac's may become victims of a virus, and yes Windows computers are generally a more preferred target for virus writers). But there still isn't a terribly convincing argument to need AV software. There are currently no Mac virus's "in the wild"…and running AV apps can have their downsides.

If someone back in 2001 (when Mac OS X was first released) until 2016 (today)…insisted that they needed AV software on their Apple computers…they would have been running AV software for 15 years straight with no need for it. If running AV software had no negative aspects…then sure…run it. But many AV apps do have negative aspects…such as hogging computing resources (slow the computer down).

I also wanted to comment on the proliferation of Apple products. Yes…Apple products have gained popularity over the years (iPhone, iPad's, AppleTV, iWatch, etc.). But when it comes to Apple computers…Apple's computer market share for a long long time has remained fairly steady in the 10% or less area. Thus Apple computers are not a "larger needle in a smaller haystack".;)

See the charts below:

- In chart #1 (2009/2010) Apple's computer market share was 10.5%.
- In chart #2 (2015) Apple's computer market share was 6.9%.

The "other guys" have almost always been more than 90% of the computer market. I wish Apple was doing better than this…but that's the way it goes.;) And of course lately…consumers are slowly migrating from computers…to tablets & smartphone's (hopefully Apple iPhones & iPads).:)

http://cdn.arstechnica.net/wp-content/uploads/2010/10/pc_market_share_3q10.001.png

http://photos.appleinsidercdn.com/gallery/14531-10144-151008-PC-l.jpg

- Nick

p.s. Source documents for charts:

http://arstechnica.com/apple/2010/10/apple-breaks-10-market-share-in-us-lenovo-climbs-globally/
http://appleinsider.com/articles/15/10/08/mac-gains-marketshare-in-third-quarter-amid-continued-pc-market-slide

McBie
04-17-2016, 01:07 PM
I said it so many times and I will say it again ..... :-)

Those who believe that technology will solve their security problems do not understand the technology and do not understand the problems.

Take a step back and validate where the vulnerabilities are and what the threats are. Then define the risk and map that to your risk appetite.
I have a very low appetite to risk and I decided ( many moons ago ) to focus on vulnerabilities. The less you have them, the safer you are.
( That is why I wanted an OS that worked for me, not the other way around. :-) )

Awareness is key for everyone. Trying to change a mindset.
Why are people running their PC's every day with admin privileges ?
Why do people click on " I agree " when they are prompted to install an upgrade ?
Why do people use software that is repeatedly flagged with negative press ( ie. Flash & Java )

At the moment, Antivirus software for OS X is all about FUD. ( Fear , Uncertainty, Doubt ) .... vendors want to make a living and the OS X install base is growing.
Then again, OS X is not a target .... people are the target. It is people who click the " yes infect me with malware " button.
There are so many things that an end-user can do to prevent malicious code from entering/running on their device .... it beats me why they are still not doing it.
( One golden rule ....if you did not specifically went looking for it, don't install it )

I realise that changing a mindset is not easy ( After more that 30 years working in IT Risk ), but we all need to keep trying.
We are so focussed on sharks, but every year more people are killed by wild pigs than by sharks. To me that indicates that we are not focussing on the right thing. ?

We continuously identify " bad network traffic " and block that, instead of defining what is legitimate traffic and allowing that to pass through.
Awareness and communication, that is the key solution .... technology is not, it will always be one step behind.

One day, tools ( technology ) may become a " must " , but then again the tool must be configured correctly .... back to people.
( A fool with a tool is still a fool )

I have always been very passionate about IT related risk, but without the right approach , managing risk is useless.

My 2 cents.

Cheers ... McBie

Ember1205
04-17-2016, 01:48 PM
If someone back in 2001 (when Mac OS X was first released) until 2016 (today)…insisted that they needed AV software on their Apple computers…they would have been running AV software for 15 years straight with no need for it. If running AV software had no negative aspects…then sure…run it. But many AV apps do have negative aspects…such as hogging computing resources (slow the computer down).


Exactly the argument that I was stating doesn't hold water [for me]. How many years did people use PC's before THEY were hit with their first virus? How many years did people use Word before Melissa hit?

I get what you're saying about all of the years that people were using Macs w/o the need for A/V software. But, that WILL change. And the longer the trend without a virus, the more likely it is that the virus will hit "tomorrow".

Ember1205
04-17-2016, 01:50 PM
At the moment, Antivirus software for OS X is all about FUD. ( Fear , Uncertainty, Doubt ) .... vendors want to make a living and the OS X install base is growing.
Then again, OS X is not a target .... people are the target. It is people who click the " yes infect me with malware " button.
There are so many things that an end-user can do to prevent malicious code from entering/running on their device .... it beats me why they are still not doing it.
( One golden rule ....if you did not specifically went looking for it, don't install it )


A/V software for MOST platforms is about FUD. I agree that there are plenty of other ways to mitigate risk that would make it so that you don't NEED to have A/V, but ESPECIALLY when you're dealing with users that are less than VERY tech savvy, you have to have that software in place to protect those people from themselves.

McBie
04-17-2016, 02:01 PM
Ember1205, I slightly disagree .... :-)

Give a man a fish and he will have food for 1 day. Learn a man how to fish and he will have food for the rest of his live.

AV software ( on OSX ) is not protecting anyone from anything. .... AV tools are always too late.
Malicious code is becoming so intelligent as not to set off any AV detection at all.
Malware is far more efficient. Ask someone for his password nicely and he/she will give it to you ..... just try it.
Simply drop a USB memory stick next to the coffee machine and within minutes that stick will be in someone's machine.
Give a malicious application the icon of a folder and name it " Tanzania Safari Pictures " and within seconds people will click on it.

It is all about layer 8 of the OSI model .... the layer between the chair and the keyboard.
And too many times, the mouse is faster than the brain.

Cheers ... McBie

greyzland
04-24-2016, 08:36 PM
Macworld now is so desperate that I will be reading a news from a site and all of a sudden Macworld pop up will grab that site and freeze my screen and no matter what I do i can not move except to turn off my MBP.... the only option Macworld gives me is to accept to download and test what they offer.... I have to get out of what I am reading by turning off my MBP coz I don't want to be coerced by this company into submission into what they want...what a PITA.....

harryb2448
04-24-2016, 08:50 PM
Download AdBlockPlus ad Ghostery and run them will no doubt help.

and consider Malwarebytes for Mac for cleaning up nasty malware.

greyzland
04-26-2016, 03:14 AM
Download AdBlockPlus ad Ghostery and run them will no doubt help.

and consider Malwarebytes for Mac for cleaning up nasty malware.

Yes, i did follow your suggestion and it made my life easier and with so much peace..... now i can follow the news without the page moving up and down as the Pop ups explode left and right and to the center of what I am reading..
I also downloaded Malwarebytes and Onyx as suggested.......
Thanks to all of you.......

lclev
04-26-2016, 10:01 AM
...It is all about layer 8 of the OSI model .... the layer between the chair and the keyboard.
And too many times, the mouse is faster than the brain.

Cheers ... McBie

I so agree! I recently issued an "email safe practices" list to everyone at work - since it is my job! :Smirk: Anyway, I can always tell who actually read the memo and payed attention. I can even make a list of who's computer I need to "visit" and run scans on, which will probably have "issues."

I have one person who will forward to me anything she is suspicious of - which is better than opening it I guess. She gets hundreds of emails a day from members not only in our local area but statewide. So I am her ultimate filter. Joy.... now if I could convince her of safe surfing....

I have one who is the exact opposite, who never reads my email notices, that gets the prize for most "issues." I have to stay on top of him constantly. He has a Windows computer in his office and an iMac in the recording studio. He obviously loves the mac and wants one in his office because it never develops "issues." He also does not use it to surf the net hunting for free software/apps from questionable sites like he does the Windows machine - and no, he is not using torrents, those are blocked. But if I had it in the budget, I would get him a mac for his office as he is a danger to us all and life would be sooooo much easier for me.

So there is so much truth in McBie's OSI model of vulnerabilities - it resides in the fingers of the operator as they go tripping through the internet or opening their mail. ;D
And there is no anti-virus anything that can prevent operator-itis.

Lisa

Ember1205
04-26-2016, 10:18 AM
[SNIP]

So there is so much truth in McBie's OSI model of vulnerabilities - it resides in the fingers of the operator as they go tripping through the internet or opening their mail. ;D
And there is no anti-virus anything that can prevent operator-itis.

Lisa

Sure there is. It's called bolt cutters - cut the ethernet and power cables. Not while they're plugged in, of course. :)

lclev
04-26-2016, 01:09 PM
Funny you should say that. I just threatened to post an absolutely fabulous picture of myself on one of my fellow worker's desktop with a message saying, "No more internet for you...bad bad bad!" I won't tell you what brought that about..... :Shouting:

Lisa

MacInWin
04-27-2016, 06:48 AM
Lisa, I used to be the IT support for my late Father-in-Law. He was totally unable NOT to click on anything that said, "Free." He called me one day, said his computer wasn't working well. I went over there armed with my best antivirus tools (This was in the days when I used Windows). He had over 7000 virus instances! And as fast as I wiped them out, they came right back. I ended up taking the thing back to my house where I could isolate it and use more creative ways to attack it. Eventually I had to solicit help from a website that offered free technical advice on viruses. When I sent them the list of viruses they were aghast at it all and thought i ought to just nuke and pave it. But he had genealogy research from years of work and a mailing list for his old Army unit from WW II and we needed/wanted to preserve them. So I ended up putting them on a separate external drive with nothing else on it, then detaching it from the system, nuking and paving the machine, installing fresh A/V software on it, then reattaching the external and turning the AV loose on the files there. Eventually it was all cleaned up. When I returned it to him, I had attached a large sign on the top of it that said, "TANSTAAFL," which was taken from a Robert Heinlein book and stood for "There Ain't No Such Thing As A Free Lunch." It didn't help, he still clicked on everything that offered him Free anything...but the A/V caught things for me. He'd call to complain that the A/V wouldn't let him get to the Free stuff and I would just listen and at the end say, "Good."

M_Six
07-19-2016, 09:59 PM
As much as it can be a pain to learn to use, the No-Script plugin works wonders for keeping bad code at bay. It just takes some patience to develop the awareness of what to allow and what to not allow. And as it's been mentioned here, Ad-Block Plus is another great product. The two of them together pretty much make surfing safe. There's still the threat of infected email attachments, but usually infections from those are instances of "you can't fix stupid."

Rod Sprague
07-30-2016, 12:45 AM
Today I received the MacForums Newsletter email and had a read of the headline topic "New report on OS X anti-malware apps." It's good reading for anyone interested in online security found here for those who dont receive the News Letter http://www.mac-forums.com/blog/new-report-on-os-x-anti-malware-apps/?NL=MAC-01&Issue=MAC-01_20160729_MAC-01_659&sfvc4enews=42&cl=article_1_b&utm_rid=CPNET000001413632&utm_campaign=2395&utm_medium=email&elq2=5e1a0c936af34b1bab5ede62a237d9e7
I was interested in "KeRanger, a ransomware Trojan that infected thousands of Macs earlier this year" and it occurred to me that given our location and isolation I should at least look at the packages on offer; http://www.av-comparatives.org/mac-security-review-test-2016/
I have to say that despite my disappointment in Malwarebytes declining to be a part of the evaluation the packages on offer looked pretty good (including the free ones). In the past I have always opted for an app that can be run episodically for these purposes rather than one that operates constantly in the background but maybe those days are gone. The article includes good suggestions for safe browsing too, such as not using an Admin account for day to day use but that is a little complex for my wife who just likes everything to work. After reading the evaluations I was particularly interested in Sophos because it allows security management of up to five other computers (includes PC's) from one Home Dashboard. I am downloading it at the moment and if anyone is interested I will report back on it's success (or not).

M_Six
07-30-2016, 01:05 AM
Beware of some issues with Sophos on Macs. We run Sophos enterprise here at the university and I run Sophos Home for my personal machines. In both versions on Macs, some legit sites won't work even if you add them as exceptions. Two that I know of are radar.weather.gov's full CONUS loop and testmy.net (an internet speed checker).

Rod Sprague
07-30-2016, 01:08 AM
By the way, I think (bearing in mind that this is a cross platform app) we are going to have to get over the use of the word Virus as it applies to Mac OS. It seems plain that the industry has decided it's an umbrella term and thats what (despite it being literally incorrect) we have to call it.24803

IWT
07-30-2016, 04:15 AM
Rod,

Just remember that you may have to disable it/turn it off before any Apple software updates. There are numerous accounts of Sophos (and others) stopping, or worse, corrupting updates because they usually involve changes at system level - which Sophos sees as a threat.

Ian

Rod Sprague
07-30-2016, 04:44 AM
Thanks Ian, that's valuable advice. I will just monitor it for now and see what happens. Have the developers of Sophos commented on any of this?

Rod Sprague
07-30-2016, 04:46 AM
I got an email notification from M Six on this topic but it doesn't appear here. I wonder why? OOps, just found it. Thanks for the info on blocked sites, I will keep an eye out for that too.

harryb2448
07-30-2016, 06:36 PM
Naturally the software developers will start calling everything a 'virus' Rod. More sales equals more bucks and if we can scare or turn some of those old Mac users into the cash drawer so much the better.

M_Six
07-30-2016, 10:41 PM
Sophos hit on some "malware" tonight. It was the installer file for FileZilla. Only been sitting there on my hard drive for months.:P

Rod Sprague
07-30-2016, 10:51 PM
I agree to an extent Harry, but the wording of the evaluations does make it clear that we are talking about Malware protection for the Mac not Virus protection. Are you saying that the developers should change their wording on Mac versions of their cross platform products to read "malware"eg. "Automatic Malware protection Is On"? Cause I don't think thats going to happen.;D

Rod Sprague
07-30-2016, 11:02 PM
Here's synchronicity for you, I got this popup just now as I was reading this thread;

24808

And the report;

24809

chscag
07-30-2016, 11:30 PM
LOL, it's Windows junk Rod. Sophos, like other AV software is going to find all the Windows nasties. Hey, it's up to you to run whatever you like on your machine but I still contend that Malwarebytes is all you need.

greyzland
07-31-2016, 02:19 AM
Macworld now is so desperate that I will be reading a news from a site and all of a sudden Macworld pop up will grab that site and freeze my screen and no matter what I do i can not move except to turn off my MBP.... the only option Macworld gives me is to accept to download and test what they offer.... I have to get out of what I am reading by turning off my MBP coz I don't want to be coerced by this company into submission into what they want...what a PITA.....

I mean MacKeeper.....it has kept me hostage.......

Rod Sprague
07-31-2016, 09:20 AM
LOL, it's Windows junk Rod. Sophos, like other AV software is going to find all the Windows nasties. Hey, it's up to you to run whatever you like on your machine but I still contend that Malwarebytes is all you need.

Unfortunately it's not just me I'm worried about.

Randy B. Singer
07-31-2016, 09:16 PM
It's important to realize that AV software gives extremely self-serving "malware" alerts. In other words, the products tend to do what they can to scare you, rather than assuage your fears and educate you.

So, for instance, if your AV software comes across a bit of Windows malware that you received as a file attachment to an e-mail message, it generally won't tell you that the "malware" that it found can't run on a Macintosh and is entirely benign.

Another problem is that many commercial AV products don't look for adware at all. Of if they do, they report it as being equivalent to malware. However, even though adware can be extremely annoying, it is in no way malicious or harmful to your data.

Malwarebytes (free)
https://www.malwarebytes.com/antimalware/mac/
does a really good job of detecting and eliminating adware. And it's nice to have because it's free. But I don't think that it looks for any actual malware, even extinct malware, at all. The program runs too quickly to do a thorough scan for malware, and it's too small to contain the necessary malware definitions.

If you want a comprehensive anti-virus program (and I don't think that most Mac users need one), and you want a free one, you may want to check out:

avira (free)
http://www.avira.com/en/free-antivirus-mac
It did pretty well in the last AV comparison test that I find believable:
http://www.thesafemac.com/mac-anti-virus-testing-2014/
I haven't tried it myself.

I can't recommend Avast, because it installs adware.

Usually, for those who insist that they need anti-virus software, I recommend:

Intego's VirusBarrier
VirusBarrier wins all the believable anti-virus program comparison tests (there are lots of shill sites on the Web)
It is currently only $40 and I think that it is worth the money to have the best product if you feel that you need one:
http://www.intego.com/antivirus-internet-security-x8

cwa107
08-01-2016, 02:31 PM
By the way, I think (bearing in mind that this is a cross platform app) we are going to have to get over the use of the word Virus as it applies to Mac OS. It seems plain that the industry has decided it's an umbrella term and thats what (despite it being literally incorrect) we have to call it.24803

That is a huge problem, both in the industry and the user community. It's a particular problem here in the Mac community, because we have a tendency to trot out the old "there are no viruses for Macs!" line whenever someone brings up the concern.

I see "Malware" misused often as well. Malware literally means "Malicious Software", so it's a broad umbrella term which encompasses "virus", "adware", "spyware", "trojan" and every other nasty piece of code that exists. And yet, so often I see people here say things like "there's only malware on Macs, no viruses". This is a misleading statement.

I wish the industry would stop making a distinction altogether. They should change their products to be called "Anti-Malware", rather than "Anti-Virus". I guess they use that term simply because it's more recognizable than "malware", since it's been around longer. Unfortunately, it just further propagates the misunderstanding.

A true "virus" in the wild is a rarity even on Windows today. Most of what afflicts us, both Windows and Mac users, is one of the many other varieties of malware.

MacInWin
08-01-2016, 02:40 PM
cwa107, what virus affects Macs today? Not an app that requires user approval to install, not malware, but a true virus that can install itself with no authorizing action from the user and which can replicate to other Macs in the network or through electronic contact and install itself there with no user interaction. You made the bold statement that,
I see people here say things like "there's only malware on Macs, no viruses". Absolutely untrue.So what virus affects and infects Macs today?

cwa107
08-01-2016, 02:53 PM
cwa107, what virus affects Macs today? Not an app that requires user approval to install, not malware, but a true virus that can install itself with no authorizing action from the user and which can replicate to other Macs in the network or through electronic contact and install itself there with no user interaction. You made the bold statement that, So what virus affects and infects Macs today?

Misleading, not "untrue". You are correct, I've edited my post.

McBie
08-01-2016, 03:09 PM
As long as people understand that THEY are the target and not their OS ( computer ) then we have made a step forward.
All the rest is semantics.

My 2 cents.

Cheers ... McBie

Ember1205
08-01-2016, 03:10 PM
That is a huge problem, both in the industry and the user community. It's a particular problem here in the Mac community, because we have a tendency to trot out the old "there are no viruses for Macs!" line whenever someone brings up the concern.

I see "Malware" misused often as well. Malware literally means "Malicious Software", so it's a broad umbrella term which encompasses "virus", "adware", "spyware", "trojan" and every other nasty piece of code that exists. And yet, so often I see people here say things like "there's only malware on Macs, no viruses". This is a misleading statement.

I wish the industry would stop making a distinction altogether. They should change their products to be called "Anti-Malware", rather than "Anti-Virus". I guess they use that term simply because it's more recognizable than "malware", since it's been around longer. Unfortunately, it just further propagates the misunderstanding.

A true "virus" in the wild is a rarity even on Windows today. Most of what afflicts us, both Windows and Mac users, is one of the many other varieties of malware.

My guess here is that A) the first incident was an actual self-spreading piece of code (true virus) and B) the notion of "malware" hadn't been conceived. The first vendors created software to protect against those first viruses, and the name stuck.

The other piece of this is that a virus is something pretty much everyone understands - even the non tech savvy. We all get sick, and sometimes we get sick with viruses ourselves. How do you get someone that's not tech savvy to understand what malware is?

It's a double-edged sword. If you make the distinction and properly label so that folks like us understand it correctly, you will likely lessen the overall awareness because "malware" isn't as threatening as a "virus" to those that don't appreciate the difference.

MacInWin
08-01-2016, 03:51 PM
For me, the significant difference between a virus and malware is the level of malevolence and the self-propagation. Viruses tend to be very malicious: logging keys for passwords, file destruction, true ransomeware that cannot be bypassed by the user, etc. The level of malware that has hit OS X thus far has been much less malevolent, probably because of the system architecture and implementation, but in an event, much less malevolent. You get a hijacked browser, or the attempt at ransomware by browser, but truly malevolent software has, thus far, been pretty rare, if non-existent, on OS X. I run Ghostery with my browser, set to block everything, and have malwarebytes for anything that slips through (nothing has so far). I also avoid risky behavior (no torrents, no pirate sites, no porn, etc) so my level of risk is low, IMHO.

So the malware on OS X is neither highly malevolent nor easily propagated. That's the major difference between OS X and most Windows installations.

I've said before that I used to be tech support for my father-in-law, who regularly got infected on his Windows box with viruses of all sorts. He was a naive user who actually believed "free" was good and that everybody in the Internet was ok. So I would get the call every couple of weeks that he had some problem and I'd take my toolkit of virus-busters with me and do battle with the stuff on his system. That's where I learned the truth that there is no protection from stupid. And apparently no cure, either, as he never learned not to do that. When he passed away, I took one last shot at cleaning up his system to sell, and it was still heavily infected.

All that said, right now I don't have any A/V software other than malwarebytes and Ghostery. I don't see the need or benefit of having anything else. All they can find, at this time, are Windows viruses in emails, which I don't care about because I don't forward emails and they can't affect my system. If and when a true virus does appear for OS X, I'll look for an A/V suite to address the issue.

So, I think the balanced approach is, "Yes, there is malware for OS X, particularly for browsers, but it's nowhere as aggressive or damaging as in the Windows environment and no A/V package that charges you money will find anything but Windows viruses that cannot impact you at this time. OS X malware in browsers can be handled by malwarebytes and Ghostery at no cost to you. Just keep the security features of OS X in place (SIP, Gatekeeper) and 99+% of the time you'll be fine."

Randy B. Singer
08-02-2016, 01:51 AM
cwa107, what virus affects Macs today?

There are currently none whatsoever in the wild. Or, at least none that can infect a recent installation of OS X.

However, there *have* technically been viruses for OS X in the past. (For clarity, a "virus" is self-replicating malware.) The traditional examples have never made it into the wild.

So far, the most common sort of virus for Windows, the ones where users' machines become infected and then send out e-mails to folks in their Contacts with viral attachments, has never existed for OS X.

However, there have been instances of "driveby downloads" (malware that self downloads and installs when you visit a web site hosting it, with no interaction from the user necessary to become fully infected) including Flashback, Mdropper, and Maljava. It is not unreasonable to categorize a driveby download as a virus. It does self-propagate, though not in the way that many folks think of when speaking about a traditional virus. Flashback, Mdropper, and Maljava all relied on Java being installed and enabled on the user's Macintosh, and all have since been patched against by Apple and Oracle. (Oracle owns Java.) In fact, recent versions of OS X don't even install Java by default, which seems to have caused malware writing sociopaths to have given up on trying to write more versions of Java-based malware.

Macarena, created ten years ago, was an actual virus for OS X. But it was only a proof of concept, it has never been found in the wild, and the only existing version didn't do anything malicious.

OSX.Exploit.Launchd was also an actual virus from ten years ago. It also has never been found in the wild, and the code that it relied on no longer even exists in OS X.

Inqtana was an actual virus from ten years ago. It also never made it into the wild, and Apple patched OS X against it almost immediately when it first appeared.

MacInWin
08-02-2016, 08:43 PM
Randy, you made my argument for me. Nothing in the wild, and when the few in history did get out, Apple patched OS X almost immediately. Java you can drive a truck through the security holes, which is why I don't have Java installed. Can't fault Apple for that hot mess. Ditto for Flash, which I block. And now with SIP, Apple has made it really hard for anything truly nasty to get through. So A/V software has nothing to scan FOR, as nothing is out there. What A/V does scan for are Windows viruses, usually in attachments to email or in spamware directly. I have a pretty good spam block service and don't open unsolicited emails, nor do I forward them so I have zero need for any A/V at all. I think I last ran ClamXav about two years ago, just for a lark. Ghostery protects my browsers and I have malwarebytes at the ready if I need it.

Rod Sprague
08-02-2016, 09:10 PM
I think that if you do a search for a list of recent Trojans for Mac OS you will find that eg. Cryptolocker and keystroke logging Keydnap are far more potentially dangerous than the average annoying Adware. Although less common Ransomcrypt and other similar Trojans and Worms are much easier to prevent than they are to remove. And even if you can remove them that does not mean you will be able to access your data files.


Sent from my iPhone using Mac Forums

Rod Sprague
08-02-2016, 09:12 PM
How many of our users and members use a second non admin account for day to day browsing?


Sent from my iPhone using Mac Forums

Ember1205
08-02-2016, 09:16 PM
With MacOS requiring the admin PW to perform admin functions, I'm perfectly comfortable using my one account for everything.

harryb2448
08-02-2016, 09:25 PM
Queation is how many Mac users have picked this up other than from using Transmission, a Bit Torrent client?

Rod Sprague
08-03-2016, 02:02 AM
I know this is outdated going back to 2014 but this article describes Ventir a trojan which is of the "dropper" type and highlights what Harry said and why I asked about non admin accounts for day to day use.

"Ventir uses a dropper program (e.g. Trojan horse) that can leave a backdoor, a keylogger and other malicious files behind on an infected Mac. These can be used for spying and stealing information from the victim’s Mac.

We currently do not know how the malware is distributed. Ventir is a Trojan horse, so it’s likely being picked up when downloading pirated software from peer-to-peer websites, such as BitTorrent.

The primary feature of Ventir is that it integrates a legitimate component for intercepting keystrokes that is freely available on code sharing websites.

Infection Vector
The keystroke logger makes use of an open source software package freely available from GitHub, called LogKext. Given the recent scares about hacked accounts, the thought of software that watches what you type and sends it to the bad guys is particularly unnerving.

LogKext has three files that function to intercept keystrokes (updated.kext), match the codes of the keys pressed by the victim to the characters associated with these codes (Keymap.plist), and log the keystrokes along with some system events (EventMonitor agent).

Fortunately, LogKext hooks on to the OS X kernel only if the dropper is successful in obtaining elevated privilges to the victims Mac".

So you may not be asked for an admin password for this script to gain access to root.

See this article; https://www.intego.com/mac-security-blog/ventir-trojan-intercepts-keystrokes-from-mac-os-x-computers/

Rod Sprague
08-03-2016, 02:12 AM
Would an AV application be able to intercept such a malicious script? That is a good question, yes? The page link I attached goes on to say that, an this is pretty obvious, if a threat is new and therefore unknown then it will not be in the "definitions" of the AV software and therefore the answer is no you will not be protected.
they go on to list precautions we can all take, some of which I agree with and others I don't, but the second non-admin account for day to day use is head of the list.
"1.Create a non-admin account for everyday activities
2. Use unique, strong passwords
3. Uninstall Java from your machine
4. Do not install pirated software from peer-to-peer sites
5. Pay attention to system warnings when it asks you whether you want to install something
6. Turn on FileVault full-disk encryption on your Mac
7. Run “Software Update” and patch your Mac promptly when Apple security updates are available
8. Ensure all third-party software is up-to-date (i.e. Flash Player, web browsers)
9. Use a web browser that contains a sandbox and has a solid track record of fixing security issues promptly
10. Install a good Mac security solution (this includes anti-virus and firewall)".

Randy B. Singer
08-03-2016, 02:28 AM
Randy, you made my argument for me. Nothing in the wild, and when the few in history did get out, Apple patched OS X almost immediately. ...

Actually that's always been *my* argument. I'm glad to see lots of others in this thread agree. Four years ago when we had an extended discussion on the topic here, I took a lot of grief for that position. I, and everyone else who didn't think that Mac users needed to be running AV software, was called "complacent;" and not a lot of folks were willing to back me up.

Randy B. Singer
08-03-2016, 04:54 AM
I think that if you do a search for a list of recent Trojans for Mac OS you will find that eg. Cryptolocker and keystroke logging Keydnap are far more potentially dangerous than the average annoying Adware. Although less common Ransomcrypt ...

Cryptolocker/Ransomcrypt/Mabouia are different names for the exact same piece of Mac malware.
It is only a proof-of-concept, created in a lab by white-hat hackers, and it does not and never has existed in the wild:
https://community.norton.com/zh-hans/node/1286741

There *has* been a genuine example of ransomware in the wild for the Macintosh, called KeRanger, but the only place it has ever been encountered in on an illegal file sharing service, and Apple has since patched OS X against it. It no longer exists in the wild.

The press loves to point to proof-of-concepts to sensationalistically show that the Macintosh is just as vulnerable to malware as Windows is. But that totally ignores the reality of what a proof-of-concept is all about. The good guys create proof-of-concepts to show what's possible, not to infect Macs. Knowledge of what's possible allows Apple to harden the Mac to prevent this type of infection in the future.

harryb2448
08-03-2016, 06:31 PM
Agree Randy. That is why AV companies have adopted of calling malware, adware etc 'viruses'. More sales if they can scare the Mac populace.

Apple4life60077
10-19-2016, 10:44 AM
I have never used any type of av software on any of my Mac's since I do not use bit torrent sites or any other typical suspicious websites. I have never had an issue, and no one I know has ever had an issue with their Mac's but when I used windows there used to be all kinds of crap just flowing in doing simple web browsing and running the weather radar websites.

Cr00zng
10-19-2016, 03:57 PM
I have never used any type of av software on any of my Mac's since I do not use bit torrent sites or any other typical suspicious websites. I have never had an issue, and no one I know has ever had an issue with their Mac's but when I used windows there used to be all kinds of crap just flowing in doing simple web browsing and running the weather radar websites.

All website spew out "all kinds of crap", some more than the others. There's really no way around it without blocking them that in turn will impact the website's performance. Nowadays, it doesn't really matter. Reputable site are susceptible to malware as well as questionable sites, thanks for the malwertising campaigns. Both the websites and the advertisement companies make a quick buck, or less by displaying the ad that links to the malware, without any regards to the actual content.

And yes, this is much more relevant on the Windows, than OSX, Linux, etc., platforms. The calculated malware ROI may have something to do with that, or in an other word, the market share of these platforms pretty much dictates the direction for the malware developers among other tangible parts.


How many of our users and members use a second non admin account for day to day browsing?

Sent from my iPhone using Mac Forums

Add me to the non-admin account... That's pretty much basic security principal for all platforms, including Windows. In the latter OS, 97% exploit would be blocked with using non-admin account. The chances are that the stats would be similar, if someone would take the efforts to evaluate the impact between standard and non-admin accounts for the respective platforms.

Randy B. Singer
10-22-2016, 09:44 AM
All website spew out "all kinds of crap", some more than the others. There's really no way around it without blocking them that in turn will impact the website's performance. Nowadays, it doesn't really matter. Reputable site are susceptible to malware as well as questionable sites, thanks for the malwertising campaigns. Both the websites and the advertisement companies make a quick buck, or less by displaying the ad that links to the malware, without any regards to the actual content.

What you are speaking about is ad-based scareware attacks via JavaScript that give the appearance of freezing your Macintosh and trapping it on a Web page that may demand a ransom, or require you to call a phone number. While this appears to be malware, it isn't. No malware has been downloaded to your Macintosh, your data hasn't been harmed in any way, and your browser hasn't really been irrevocably frozen. You can simply force-quit to escape.
http://tidbits.com/article/15777

JavaScript scareware attacks can be thwarted by updating to Safari 10 (part of Sierra, or available separately for El Capitan), or, if you are running an older version of the Mac OS, Safari 9.1 for OS X 10.9.5 Mavericks, 10.10.5 Yosemite, and all versions of 10.11 El Capitan. You can update Safari via Software Update.
See:
http://tidbits.com/article/16360

This is probably a good time to mention that, for those of you looking for the ultimate in security while surfing the Web, the latest version of Opera is not only a really nice, and speedy, free browser, but it now comes with a free ad-blocker, and a free built-in VPN service (the latter being especially valuable if you use your laptop on open Wi-Fi networks, such as in restaurants and Starbucks)!
http://www.opera.com/computer/mac

chscag
10-22-2016, 07:46 PM
This is probably a good time to mention that, for those of you looking for the ultimate in security while surfing the Web, the latest version of Opera is not only a really nice, and speedy, free browser, but it now comes with a free ad-blocker, and a free built-in VPN service (the latter being especially valuable if you use your laptop on open Wi-Fi networks, such as in restaurants and Starbucks)!
http://www.opera.com/computer/mac

Thanks Randy, nice to see Opera back in business again. Do you by chance know if the Opera mobile browser also includes a free VPN?

Rod Sprague
10-22-2016, 10:22 PM
I have been an exponent of Opera on OSX for a while and while the latest version includes an optional VPN Opera Mini for iOS requires a seperate app called Opera Free VPN available on the App Store.

chscag
10-23-2016, 12:47 AM
Thanks Rod. I really only access the internet on occasion from my iPhone when I'm away from the home office. I already have Chrome, Safari, and Epic for browsers on my iMac. I might download and install the Opera browser and VPN for iOS.

Rod Sprague
10-23-2016, 01:45 AM
I don't think the Opera VPN is tied to Opera Mini it seems to be a free standing app that should work with any iOS browser but I do like Opera Mini and of course it syncs with my desktop version. Oh, and it has an easily accessible "night mode" which I use a bit.

Randy B. Singer
10-23-2016, 02:29 AM
Thanks Randy, nice to see Opera back in business again. Do you by chance know if the Opera mobile browser also includes a free VPN?

One is not included:
https://itunes.apple.com/app/id363729560?mt=8&pt=341230&ct=doc_direct_via_opera_com_mobile_mini_page

However, there is a separate free VPN you can download from the Opera folks called Opera Free VPN:
https://itunes.apple.com/us/app/opera-free-vpn-unlimited-ad/id1080756781?mt=8

chscag
10-23-2016, 02:41 AM
Thanks Randy. According to the iTunes store reviews, the Opera Free VPN is not yet compatible with iOS 10 although it says it was updated Oct 5th.