New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus • Advice and insight from world-class Apple enthusiasts • Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
Switcher Hangout The place for switchers to discuss their new machines, and how to work with OS X. General support can be had here for newbie stuff, like "How do I restart my new iMac?" :)

Official antivirus, malware, and firewall FAQ


Post Reply New Thread Subscribe

 
Thread Tools
Randy B. Singer

 
Randy B. Singer's Avatar
 
Member Since: Feb 01, 2011
Location: Sacramento, California
Posts: 566
Randy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to all

Randy B. Singer is offline
There is a new Trojan Horse going around that is quite nasty, called Flashback.

Article: Mac Flashback Trojan: Find Out If You’re One of the 600,000 Infected
Mac Flashback Trojan: Find Out If You're One of the 600,000 Infected
This article will tell you how to find out if you are already infected by the Flashback Trojan, and it tells where to go to find instructions on how to eliminate this malware if you are.
(Don't be too upset by the title of that article. I've yet to hear a single firsthand account of someone being infected by Flashback.)

Apple has already pushed out an update to Java that includes a patch to make your Mac immune to Flashback.
Once you either find out that you aren't infected with Flashback, or you find out that you are infected with Flashback and you eliminate it, it would be a very good idea to go ahead and update Java to acquire immunity to Flashback.
About the security content of Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7

Java, by the way, is a programming language that is used for applications and advanced features on Web sites. It's use has become very rare. If you think that it is unlikely that you even have a need for Java, it is possible to completely disable Java so that it can be totally eliminated as a vector of malware infection on your computer.:
How to check for and disable Java in OS X | MacFixIt - CNET Reviews

There is another Trojan Horse going around that is carried via a Microsoft Office document. Don't confuse this with the Flashback Trojan. Apple has already pushed out a security update to protect you against this Trojan also.
Apple updated XProtect with a definition to
catch the Office vulnerability. They refer to it as "OSX/Mdropper.i." You should run Software Update on your Mac and install all security updates.

In addition, if you have Microsoft Office installed, it's a good idea to install the Microsoft updaters for Office. These include a patch against this Trojan also:
Microsoft Office for Mac Downloads and Updates | Office For Mac

Randy B. Singer

Mac OS X Routine Maintenance • http://www.macattorney.com/ts.html
QUOTE Thanks
Randy B. Singer

 
Randy B. Singer's Avatar
 
Member Since: Feb 01, 2011
Location: Sacramento, California
Posts: 566
Randy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to all

Randy B. Singer is offline
A simpler method (i.e. non-command line) to check to see if you are infected by Flashback than the F-Secure steps is this little app that runs the test for you. It just posts a dialog that says whether or not you're infected, It does not make any attempt to remove the trojan. You can download it here:
http://rsdeveloper.com/downloads/test4flashback.zip

Randy B. Singer

Mac OS X Routine Maintenance • http://www.macattorney.com/ts.html
QUOTE Thanks
AliOop

 
AliOop's Avatar
 
Member Since: Sep 03, 2009
Location: Houston, Texas
Posts: 127
AliOop will become famous soon enough
Mac Specs: MacBook Pro.

AliOop is offline
Quote:
Originally Posted by Randy B. Singer View Post
A simpler method (i.e. non-command line) to check to see if you are infected by Flashback than the F-Secure steps is this little app that runs the test for you. It just posts a dialog that says whether or not you're infected, It does not make any attempt to remove the trojan. You can download it here:
http://rsdeveloper.com/downloads/test4flashback.zip
Being a new comer to the Apple world - iPhone and MacBook Pro - I'm rather hesatent to install or use anything that has a .zip extension. I feel its to my benefit to use approved programs/apps with the .dmg extension. With this trojan needing to be address, how do folks on this forum feel about using .zip files for what ever reason?

By the way, I went to an Apple store and had them assist me with this malware. By golly my machine was infected and they removed it. So I'm clean as of now.

On a related subject, I asked them to recomend an AV program. The tech suggested ESET Cyber Security and Kaperski AV. Any and all comments on these two programs will be greatly appreciated.

Thanks,
Alioop
QUOTE Thanks
vansmith

 
vansmith's Avatar
 
Member Since: Oct 19, 2008
Location: Toronto
Posts: 17,818
vansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond reputevansmith has a reputation beyond repute
Mac Specs: 2012 13" MBP (2.5 i5, 8GB)

vansmith is offline
Quote:
Originally Posted by AliOop View Post
Being a new comer to the Apple world - iPhone and MacBook Pro - I'm rather hesatent to install or use anything that has a .zip extension. I feel its to my benefit to use approved programs/apps with the .dmg extension. With this trojan needing to be address, how do folks on this forum feel about using .zip files for what ever reason?
There's no reason to be wary of zip files - Apple wouldn't have built in support for it if it was a bad file type. Sure, it's possible that something bad can be distributed but it's just as likely to be distributed as a dmg file. In essence, they are both just formats for containing/compressing files and each is no more dangerous than the other in and of itself.

Important Links: Community Guidelines : Use the reputation system if you've been helped.
M-F Blog :: Write for the blog
Writing a Quality Post
QUOTE Thanks
AliOop

 
AliOop's Avatar
 
Member Since: Sep 03, 2009
Location: Houston, Texas
Posts: 127
AliOop will become famous soon enough
Mac Specs: MacBook Pro.

AliOop is offline
vansmith, thanks for clarifying this. I feel better about it. I guess when it's all said and done, downloading a file or app or program from a reliable source is one's best bet.
QUOTE Thanks
fth1963

 
fth1963's Avatar
 
Member Since: Sep 15, 2011
Location: Denmark
Posts: 4
fth1963 is on a distinguished road

fth1963 is offline
I have had very good experience with ESET for Windows - fast, reliable and with low CPU usage.
I guess the ESET Mac version should also be OK.
QUOTE Thanks
AliOop

 
AliOop's Avatar
 
Member Since: Sep 03, 2009
Location: Houston, Texas
Posts: 127
AliOop will become famous soon enough
Mac Specs: MacBook Pro.

AliOop is offline
Quote:
Originally Posted by fth1963 View Post
I have had very good experience with ESET for Windows - fast, reliable and with low CPU usage.
I guess the ESET Mac version should also be OK.

Thanks for your input.
QUOTE Thanks
chscag

 
chscag's Avatar
 
Member Since: Jan 23, 2008
Location: Fort Worth, Texas
Posts: 39,404
chscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond repute
Mac Specs: 27" iMac i5, 3.2 GHz, iPad 3, iPhone 5c, 3 iPods, OS X Mavericks

chscag is offline
I'm not so sure. We've had bad reports about Kaspersky for the Mac, Norton AV for the Mac, and several other well known Windows products now available for the Mac platform. The bottom line here is just because it works well for Windows does not necessarily mean it will do the same for OS X. The one AV product that I know for sure that works well in OS X is ClamXav 2 an open source AV product designed specifically for the Mac.

Perhaps Randy Singer can recommend some others. He seems to be well up on what's good and what's not.
QUOTE Thanks
Randy B. Singer

 
Randy B. Singer's Avatar
 
Member Since: Feb 01, 2011
Location: Sacramento, California
Posts: 566
Randy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to all

Randy B. Singer is offline
Quote:
Originally Posted by chscag View Post
Perhaps Randy Singer can recommend some others. He seems to be well up on what's good and what's not.
The problem with Windows-centric anti-virus (AV) companies is that it is difficult to be sure that they understand the Macintosh. The Mac and the Mac virus landscape aren't exactly like that for Windows.

I'm developing a mistrust of Kaspersky because it is more and more looking like they created a tempest in a teapot over Flashback. They said that "over 600,000 Macs" were infected with Flashback, but now we are hearing that that number might not refer to Macs at all, and so far there are very few real-world reports of Macs being infected by Flashback. They may have just hyped Flashback to sell AV software.

For the past decade Intego's Virus Barrier consistently has won every AV software shootout test done by Macworld magazine. See:
VirusBarrier X4 Antivirus & Security Software Review | Macworld
VirusBarrier X5 Antivirus & Security Software Review | Macworld
And Intego is the only AV developer that is Macintosh-only.

The thing is that Virus Barrier, and just about every other AV program other than ClamXav, is stay-resident software. It is always running. So there will always be some level of performance degradation and the potential for software conflicts.

Nevertheless, I have Virus Barrier installed myself. I've never had a single problem with it, but then again I've never encountered any Mac malware, so Virus Barrier hasn't had a lot to do. (It occasionally alerts me to a phishing scam or an e-mail attachment that is a Windows virus, but those are easy to spot and deal with on a Mac without the need for AV software.) One huge advantage Virus Barrier has over many of its rivals is that it can usually clean an infected file, or entire computer, without any data loss or need to trash and reinstall programs.

ClamXav is easy to recommend to users, because it isn't stay-resident software and it is free.

Besides Virus Barrier and ClamXav, I've heard good (anecdotal) things about:

Eset $40/year
ESET - Antivirus Software with Spyware and Malware Protection

Sophos Home Edition (free)
Free Mac AntiVirus - Mac Security and Protection - Sophos

Sophos Anti-Virus (for businesses; expensive)
http://www.sophos.com/products/es/en...r/sav-mac.html

However, just this week I helped someone track down a performance problem with their Mac, and excessive rotating beachballs, and the culprit was the free version of Sophos

Other AV software that I know of (not necessarily a recommendation, this is just what's available):

Bit Defender $40
Antivirus Software for Mac OS - Bitdefender Antivirus for Mac

Comodo (free)
Mac Antivirus Protection, Download Mac Antivirus Free From Comodo

Kaspersky Anti-Virus For Mac ($40)
Anti-Virus Software for Mac Protection | Kaspersky Lab United States

Avast ($40/year)
http://www.avast.com/
http://www.avast.com/eng/avast-antiv...c-edition.html

VirusScan for Mac ($110 per year for a minimum of 3 licenses)
http://www.mcafee.com/us/enterprise/...n_for_mac.html

Norton Anti-Virus
Norton - Antivirus Software, Spyware Protection, and Personal Firewall by Symantec
(Norton/Symantec products have a reputation for being as bad as having a virus.)

Intego Virus Barrier X*($50)
Mac Anti-Virus Protection for Home, Virus Barrier - Intego

Authentium ESP Antivirus for Mac OS X* (changed hands?)
Commtouch - Internet Security Solutions | for Vendors and Service Providers
Antivirus | Commtouch - Internet Security Solutions

ClamXav (free)
ClamXav
http://www.markallan.co.uk/clamXav/index.php

MacScan $30
MacScan - Mac OS X Spyware Security and Privacy Malware Removal and Protection for Apple Macintosh

iAntiVirus $30/yr
Free Antivirus for Mac OS X | iAntivirus
gone? Maybe a really bad idea to go near?
http://www.reedcorner.net/news.php/?p=341

McAfee VirusScan for Mac (min. 3 licenses required to purchase) $110/3macs/yr.
McAfee VirusScan for Mac | McAfee Products

Randy B. Singer

Mac OS X Routine Maintenance • http://www.macattorney.com/ts.html
QUOTE Thanks
CDR2013

 
Member Since: Feb 10, 2012
Posts: 22
CDR2013 is on a distinguished road

CDR2013 is offline
For the last few days, I have been using Dr. Web (30-day trial; $33.97/year) for Mac, and it seems to be working well. I have not noticed any computer slowdowns, that I can see. I previously tried Kaspersky, and it made my MBP absolutely unusable, so I wanted to really watch the effect that Dr. Web has on it. Seems perfectly fine to me, so far.

Last edited by CDR2013; 04-07-2012 at 09:09 AM.
QUOTE Thanks
chas_m

 
chas_m's Avatar
 
Member Since: Jan 22, 2010
Location: Victoria, BC
Posts: 16,624
chas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond reputechas_m has a reputation beyond repute
Mac Specs: 2012 MBP, Black speakers, Black Benq second monitor, black(ish) iPhone 5s, Black 2012 iPad, etc.

chas_m is offline
Dr. Web – you mean the Russian company that lied about the 600,000 Macs being infected?

It's just a gut feeling on my part, but I fear you may have fallen for the hype. Hopefully you're just still on the trial period. Hopefully Dr. Web is actually a legitimate company, and not just an antivirus peddler that actually has a hand in propagating viruses – or stealing identities. I don't mean to sound anti-Russian – there are several great Mac Russian outfits, such as MacKiev – but I also know that some viruses and malware have come out of Russia, and that some theft identity rings operate from there. Because it is difficult to check the credentials of Dr. Web from here, I tend to be a little suspicious.

As misinformed as most media reports about this have been, the OVER reaction of Mac users over this has really surprised me. So, in the interest of spreading information that is accurate, let's reiterate the facts:

1. If you are running Lion (10.7) or Snow Leopard (10.6), all you need to do to immunize yourself from this problem is to run Software Update. If you have Java installed, you'll see an update for it. If you don't have Java installed, you won't. Either way, once you run Software Update, you'll be protected.

2. If you are on a system prior to Snow Leopard, the best thing to do is turn off Java in your browser's preferences. This may "break" some applets used on some websites, but Java is much less used these days and then it used to be. You may well not notice any changes in the websites you frequent.

If it is possible for you to do so, you should consider upgrading to Snow Leopard. While the Mac continues to be free of viruses, instances of malware due to things like Flash and Java are likely to increase. Systems that are still supported by Apple are better protected than systems that are not supported by Apple.

3. It is still my considered opinion that paying for antivirus software is a waste of money. Even if you feel the need to install some, there are several quality free alternatives for you to choose from. It is worth remembering that Apple already has an anti-malware protection system in place on your Snow Leopard or Lion system. This system is upgraded silently, so users are generally not aware that it has been updated – but Apple does update it whenever a threat appears. This is why almost no Mac systems have been infected by all the previous Flashback variants. In this particular case, there was no need for Apple to update its anti-malware program – installing the latest version of Java is the solution to the problem.

In my own personal opinion, your best defense against malware is to keep your software updated, and stay connected to the Mac community. Don't freak out over initial reports – they are often wrong. Treat "discoveries" by companies who sell antivirus software with healthy skepticism. The media and tech punditry are very Windows-oriented – their "reports" on Mac "viruses" are usually the source of much misinformation. Keep calm and carry on, as the British used to say. Wait for word from recognized and trusted Mac experts – or Apple itself – before overreacting.
QUOTE Thanks
Randy B. Singer

 
Randy B. Singer's Avatar
 
Member Since: Feb 01, 2011
Location: Sacramento, California
Posts: 566
Randy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to all

Randy B. Singer is offline
Quote:
Originally Posted by chas_m View Post
In my own personal opinion, your best defense against malware is to keep your software updated, and stay connected to the Mac community. Don't freak out over initial reports – they are often wrong. Treat "discoveries" by companies who sell antivirus software with healthy skepticism. The media and tech punditry are very Windows-oriented – their "reports" on Mac "viruses" are usually the source of much misinformation. Keep calm and carry on, as the British used to say. Wait for word from recognized and trusted Mac experts – or Apple itself – before overreacting.
I couldn't agree with this more. I think that Chas perfectly stated this.

Randy B. Singer

Mac OS X Routine Maintenance • http://www.macattorney.com/ts.html

Last edited by Randy B. Singer; 04-08-2012 at 06:12 AM.
QUOTE Thanks
Randy B. Singer

 
Randy B. Singer's Avatar
 
Member Since: Feb 01, 2011
Location: Sacramento, California
Posts: 566
Randy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to all

Randy B. Singer is offline
I sent this message out to my user group today. I thought that the folks on this discussion list might be interested in it.

This is a followup to my previous message about Flashback (which, by the way, at this point is not technically a Trojan, since it can infect your computer with no warning or user interaction whatsoever, simply by you visiting a malicious, or just an infected, Web site.) I thought that everyone would appreciate more information.

I've now sent out a mailing to over 9,000 subscribers of The MacAttorney Newsletter about Flashback, and I've posted about it on a dozen Mac discussion lists. So I've reached somewhere around 20,000 Mac users. Users have rushed to check to see if they were infected. So far, not a single user of the many who have written back has been infected with Flashback.

While I have no doubt that Flashback is real, and that it is a good idea to do all that you can to protect yourself from it, I'm beginning to think that much of this scare was hype invented by anti-virus software firms in Russia, from whom the original report eminated.

Some research on the Web turns up reports that the "600,000 infected machines" written about may not have necessarily been Macs. That number likely includes other OS's, the proportion of which to Macs is unknown. (i.e. It may be that mostly Windows computers were infected, and very few Macs.)

Daring Fireball (written by widely respected John Gruber), a very popular Mac blog, a few days ago posted about Flashback:
Daring Fireball Linked List: Flashback Trojan Reportedly Controls Half a Million Macs and Counting
As of last Thursday, he says he has heard from "about a dozen or so Daring Fireball readers whove been hit by this."

The problem is that when there is a panic about a new virus, there will always be a few folks who aren’t deep thinkers who will rush to tell you that they have been infected based on any change in their computer, or even in their lives, real or imagined. Once you manage to elicit the details from them, it becomes obvious that their report isn't credible.

Also, the media has reported that “security experts” have confirmed that Flashback is a huge threat. There is a problem with consulting with security experts. I call it the “to a hammer, everything looks like a nail” problem. These are folks who have been trained to recognize the millions of viruses that exist for Windows. To them, everything in the entire world is a huge security threat. I've never heard of a security expert who has said: " Just relax; start worrying if and when there are verifiable reports of computers being infected."

I wouldn't be surprised if, after all is said and done, that not a single one of us will be infected by Flashback, and not a single one of us will know anyone first-hand who has been infected by it.

Now, let me be completely clear, all of the above is not to say that you shouldn’t take all necessary steps to protect yourself from Flashback. You really should. But you should know that there is no reason to get paranoid. Your Mac is still the most secure personal computing platform out there. There isn’t a flood of Mac malware hitting us. The sky is not falling. It is very important to consider the source of any information that you hear about the Macinotsh, and that includes the media which doesn’t generally have a clue about the Mac. There are, unfortunately, lots of Apple-haters and people with various questionable motives in the world.

An interesting blog post:
Apple And The Flashback Trojan » Beyond Bridges

Various additional bits that might be helpful:

Macworld now has an article about Flashback:
What you need to know about the Flashback trojan | Macworld

How to check for and disable Java in OS X
“Java used to be deeply embedded in OS X, but in recent versions of the OS it's an optional install. Here is how to check to see if it is installed, and how to disable or remove it.”
How to check for and disable Java in OS X | MacFixIt - CNET Reviews

Some users have asked if there are any applications in common use that will be effected if they totally disable Java on their Macintosh. Here are the ones that I know of:
Evernote
MoneyDance
OpenOffice-based suites (i.e. LibreOffice, NeoOffice, OpenOffice/Mac)

I hope that you find this message useful.

Randy B. Singer

Mac OS X Routine Maintenance • http://www.macattorney.com/ts.html
QUOTE Thanks
chscag

 
chscag's Avatar
 
Member Since: Jan 23, 2008
Location: Fort Worth, Texas
Posts: 39,404
chscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond reputechscag has a reputation beyond repute
Mac Specs: 27" iMac i5, 3.2 GHz, iPad 3, iPhone 5c, 3 iPods, OS X Mavericks

chscag is offline
Thanks for the follow up Randy and good advice. It seems this whole Flashback thing has been blown way out of proportion.
QUOTE Thanks
Randy B. Singer

 
Randy B. Singer's Avatar
 
Member Since: Feb 01, 2011
Location: Sacramento, California
Posts: 566
Randy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to allRandy B. Singer is a name known to all

Randy B. Singer is offline
Quote:
Originally Posted by chscag View Post
Thanks for the follow up Randy and good advice. It seems this whole Flashback thing has been blown way out of proportion.
My pleasure.

I've heard from a large number of folks today in response to this mailing. Including a number of IT folks who deal with a lot of Macs in an enterprise context. Not a single one has seen a single infection.

However, I want to reiterate that Flashback is real, that it is very nasty, and that everyone really should take steps to protect your Mac from it. Fortunately you don't need anti-virus software to do so, and so far Flashback is extremely rare in the Western world.

Randy B. Singer

Mac OS X Routine Maintenance • http://www.macattorney.com/ts.html
QUOTE Thanks

Post Reply New Thread Subscribe


« How do I access my SD Card | Time Machine Issue? »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Official antivirus, malware, and firewall FAQ schweb Switcher Hangout 120 07-28-2011 04:27 PM

All times are GMT -4. The time now is 06:30 AM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?