Official antivirus, malware, and firewall FAQ

Status
Not open for further replies.
Joined
Oct 27, 2002
Messages
13,172
Reaction score
348
Points
83
Location
Cleveland, Ohio
Your Mac's Specs
MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
THIS THREAD IS OLD. NEW THREAD HERE:
http://www.mac-forums.com/forums/sw...-official-antivirus-malware-firewall-faq.html



--------------------------------------------




Antivirus and malware for Mac OS X

One of the first questions that many new switchers ask is, “do I need an antivirus program on my Mac?” The answer is usually no, but the truth is more nuanced than that.

Types of malware
First, let’s be clear that there are many types of malware on the Internet including the big three: viruses, trojans, and spyware. Each behaves, infects, and spreads differently.

As of now there are no viruses that affect Mac OS X. Viruses rely on their ability to self-replicate and Mac OS X makes that almost impossible.

There are a few cases of trojans and spyware that can infect the Mac, however following common sense browsing will prevent them. For example, don’t download software or other files unless you’re sure the source is reliable.

Also, never enter your admin password if prompted unless you’re absolutely sure why you’re being asked to do so!

Apple also has a great site on the safety features built into Mac OS X:
Mac OS X - Security - Keeps safe from viruses and malware

So when might you want to install an antivirus program?
There are reasons to use an antivirus program in a few circumstances.

1. If you’re paranoid about downloading and spreading malware and it will make you rest more easily, install an antivirus program to set your mind at ease.

2. If you are in a mixed network environment with Windows machines or share files back and forth with Windows users on a regular basis, you might want to consider antivirus software.

While as noted above, it’s almost impossible for the Mac to become infected by malware, you can do your part of being a good network citizen by catching malware before you can pass it on to a Windows user on your network.

3. Many schools or companies require antivirus software to join their network.

Running Windows on your Mac?
We always recommend running antivirus software on Windows, even on your Mac. Microsoft Security Essentials is free and does a great job. It’s important to realize though that getting malware on your Windows partition cannot infect your Mac.

Antivirus software options for Mac
Free options
ClamXav is lightweight and highly recommended by many users here.

Paid options
Paid solutions are available from several vendors including Symantec, Intego, McAfee (enterprise only), Panda, and Avast.

Firewalls and Network Security

You should always enable the built-in firewall in Mac OS X when you're using a public network. You can find instructions for setting up and configuring the firewall for OS X 10.4, 10.5, and 10.6.

In addition, common sense prevails when it comes to network security. Don't connect to un-trusted networks and never accept data or file sharing requests from people you don't know.

Never underestimate having a strong password that you change often. The Mac's keychain can help with this or a great program like 1Password.

--
Last Updated: 07.28.2011
Original thread: http://www.mac-forums.com/forums/switcher-hangout/23835-official-mac-antivirus-firewall-faq.html
 
OP
schweb
Joined
Oct 27, 2002
Messages
13,172
Reaction score
348
Points
83
Location
Cleveland, Ohio
Your Mac's Specs
MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
And an important note for those who consider themselves anti-antivirus or computer language purists....

There will obviously be differing opinions on whether you need an antivirus program, however you need to respect those who think differently.

Also, many laymen and new computer users use "virus" to refer to all malware. It is not your place to belittle them because they don't use the exact right terminology.

So rather than getting on a soapbox and proving your superior computing knowledge, take a moment and actually try to help them. Explain the difference if you must, but do it in a respectful way.

Especially keep in mind our very first Community Guideline:

Our community is made up of all kinds of different people, and all of them have the right to feel comfortable. Others may not think the way that you think, believe what you believe, know what you know, or see what you see. Always be polite and respectful in your interactions with others.
 
C

chas_m

Guest
schweb, your post above is EXCELLENT apart from the bit about the software firewall. You know my position on it so I won't repeat it here, but Apple explicitly told me that the software firewall is aimed SOLELY at users without a hardware firewall (dialup, rare situations with certain modems/routers).

That is why it is off by default.
 
OP
schweb
Joined
Oct 27, 2002
Messages
13,172
Reaction score
348
Points
83
Location
Cleveland, Ohio
Your Mac's Specs
MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
schweb, your post above is EXCELLENT apart from the bit about the software firewall. You know my position on it so I won't repeat it here, but Apple explicitly told me that the software firewall is aimed SOLELY at users without a hardware firewall (dialup, rare situations with certain modems/routers).

That is why it is off by default.

Thanks for the compliment, I appreciate it.

Hardware firewalls won't help you if you're not on a trusted secure network.

Hence why I stated you should use it when you're using a public network, like a free WiFi hotspot at a local coffee shop.

Unless you can verify the security of the hotspot and trust everyone one it, it's always better to be safe than sorry.
 
Joined
Jul 24, 2010
Messages
1
Reaction score
0
Points
1
Keyloggers?

Hello all,
I have been an avid Mac user for 5 years now (much to my boyfriend's chagrin). However, today I encountered my first security issue. I've been browsing the years of pages from the other antivirus thread but I haven't seen anything similar to my problem. There is just discussion over a/v software not for spyware etc. I'm not well versed in this stuff, is it the same?

Somehow my Gmail and WoW account both got hacked. Yesterday my friend used my computer do download and print some paperwork off of his USB drive after it wouldn't work on my boyfriend's PC. It was trying to run a .exe file on the PC. I am wondering if I could have gotten a keylogger from the USB? I haven't been to any suspicious sites, that I know of. I have been running iAntivirus and MacScan but they haven't detected anything.

Any suggestions?

Thank you,
Nicole
 
OP
schweb
Joined
Oct 27, 2002
Messages
13,172
Reaction score
348
Points
83
Location
Cleveland, Ohio
Your Mac's Specs
MacBook Pro | LED Cinema Display | iPhone 4 | iPad 2
99% sure you don't have Spyware. If you absolutely want to check, just download http://clamxav.com and run a scan of your system.

Files like .exe cannot run or function on the Mac, so that file didn't come from your system. Also, were you prompted to enter your admin password at all for a reason you weren't sure, that's the only way spyware or a trojan could have been installed.

But like I said, it's highly unlikely you have anything on your Mac.
 
Joined
May 1, 2005
Messages
126
Reaction score
2
Points
18
Location
NY
Your Mac's Specs
iMac (Retina 4K, 21.5-inch, 2019) 3 GHz 6-Core Intel Core i5, 1.03 TB Fusion Drive
Thank you for creating the greatest thread of all threads!
 

cwa107


Retired Staff
Joined
Dec 20, 2006
Messages
27,042
Reaction score
812
Points
113
Location
Lake Mary, Florida
Your Mac's Specs
14" MacBook Pro M1 Pro, 16GB RAM, 1TB SSD
Hello all,
I have been an avid Mac user for 5 years now (much to my boyfriend's chagrin). However, today I encountered my first security issue. I've been browsing the years of pages from the other antivirus thread but I haven't seen anything similar to my problem. There is just discussion over a/v software not for spyware etc. I'm not well versed in this stuff, is it the same?

Somehow my Gmail and WoW account both got hacked. Yesterday my friend used my computer do download and print some paperwork off of his USB drive after it wouldn't work on my boyfriend's PC. It was trying to run a .exe file on the PC. I am wondering if I could have gotten a keylogger from the USB? I haven't been to any suspicious sites, that I know of. I have been running iAntivirus and MacScan but they haven't detected anything.

Any suggestions?

Thank you,
Nicole

Were both accounts using the same password?
 
Joined
Aug 11, 2010
Messages
3
Reaction score
0
Points
1
Your Mac's Specs
MacBook os x 10.4 Intel Core 2 Duo 2.16 GHz L2 Cache (per processor): 4 MB Memory: 1 GB Bus Sp
if not malware, what is all this data??

MacBook
os x 10.4
120GB
Intel Core 2 Duo
2.16 GHz
1 GB

my mac was getting really slow so i wiped and reloaded the hd. it was zippy for a couple hours, then started bogging down again. i saw huge amounts of data being written to the hd when i wasn't using my computer, 10+ GB over a couple days i was only checking email. how can i find out what program is writing to my hd?

thanks in advance for your help.
 

cwa107


Retired Staff
Joined
Dec 20, 2006
Messages
27,042
Reaction score
812
Points
113
Location
Lake Mary, Florida
Your Mac's Specs
14" MacBook Pro M1 Pro, 16GB RAM, 1TB SSD
MacBook
os x 10.4
120GB
Intel Core 2 Duo
2.16 GHz
1 GB

my mac was getting really slow so i wiped and reloaded the hd. it was zippy for a couple hours, then started bogging down again. i saw huge amounts of data being written to the hd when i wasn't using my computer, 10+ GB over a couple days i was only checking email. how can i find out what program is writing to my hd?

thanks in advance for your help.

While the activity is occuring, open up Activity Monitor (Applications => Utilities). Then, click the % CPU header to sort by CPU utilization. Check the processes that are running high utilization and report back.

It may very well be Spotlight Indexing. I've also seen Dashboard widgets act goofy and start to make the drive run constantly.

Chances are you're not encountering malware, unless you installed pirated software or downloaded any video players from seedy sites.
 
Joined
Aug 11, 2010
Messages
3
Reaction score
0
Points
1
Your Mac's Specs
MacBook os x 10.4 Intel Core 2 Duo 2.16 GHz L2 Cache (per processor): 4 MB Memory: 1 GB Bus Sp
hey, thanks for the reply, cwa107.

the processes change back n forth but the biggest steady user is firefox, which sometimes shows 7-9 %, sometimes only 2-3%. i just changed the update frequency to 'very often' so now activity monitor is the biggest user with about 8.8% steady.

today, one GB of info has already been written since i first posted. is that just normal?

i also downloaded the clamxav for tiger, but am still trying to figure out how to use it. i made the 'contextual menu items' folder and logged out/in as the directions said, but now i am not sure where to find it.

i also read that it is nearly impossible to infect a mac. so maybe i am just used to all the trouble my pc used to give me.
 

cwa107


Retired Staff
Joined
Dec 20, 2006
Messages
27,042
Reaction score
812
Points
113
Location
Lake Mary, Florida
Your Mac's Specs
14" MacBook Pro M1 Pro, 16GB RAM, 1TB SSD
hey, thanks for the reply, cwa107.

the processes change back n forth but the biggest steady user is firefox, which sometimes shows 7-9 %, sometimes only 2-3%. i just changed the update frequency to 'very often' so now activity monitor is the biggest user with about 8.8% steady.

today, one GB of info has already been written since i first posted. is that just normal?

It could just be disk I/O with the swap file (virtual memory). Are you having performance problems, or just worried about the amount of I/O? Also, how are you monitoring it?

i also downloaded the clamxav for tiger, but am still trying to figure out how to use it. i made the 'contextual menu items' folder and logged out/in as the directions said, but now i am not sure where to find it.

i also read that it is nearly impossible to infect a mac. so maybe i am just used to all the trouble my pc used to give me.

It's not that it's impossible for a Mac to get viruses. In fact, it's very probable that one day there will be a true virus written for OS X. Now, it is impossible for a Windows virus to run on OS X because as you likely know, you can't run Windows software on OS X without using something like CrossOver or WINE (and even then, it's unlikely a virus would be able to properly execute, and it almost certainly wouldn't automatically execute).

With that said, there are two trojans out there for OS X - one accompanies a pirated copy of iWork and the other comes from a "video player" that is distributed via porn site. If you haven't frequented either source, you likely don't have an issue.

As we often say here on Mac-Forums, having a computer problem that you don't understand doesn't necessarily mean you have a virus.
 
Joined
Aug 11, 2010
Messages
3
Reaction score
0
Points
1
Your Mac's Specs
MacBook os x 10.4 Intel Core 2 Duo 2.16 GHz L2 Cache (per processor): 4 MB Memory: 1 GB Bus Sp
i took your advice and installed the beta of clamXav. i also picked up snow leopard and wiped/installed a new os. i noticed that zeroe wiping and re-installing with tiger only cleared 111.08 GB on a 120B GB drive. it seemed weird to me, so i tried it a few more times, but only got 111.08 GB. but when i wiped and re-installed with the new os, all 120.03 GB were available. is that normal?

clamXav found 9 'infections' from emails. every day i deleted the quarantined files, every day new infections were found in the scan. so i just wiped and re-installed again. this time, 119.64 GB were available on the 120.03 GB drive.

today, in the 4 hours my computer has been 'on', (and after installing os x 10.6 with updates, downloading pandora desktop app, adobe air dmg, firefox app, and clamXav beta last night) there are 109.81 GB available, with 3.31 GB having been written in that time.

i using the 'activity monitor' with cpu activity as the highlighted column.

firefox uses the most cpu, at 9 - 13 %
 
C

chas_m

Guest
In fact, it's very probable that one day there will be a true virus written for OS X.

Actually, there is nothing factual about this statement at all. It's completely incorrect.

By definition, viruses under Mac OS X are all but impossible, because they require *active user participation* in order to manifest and spread. The number of deeply idiotic (and, for said idiotic user, complicated) steps a person would have to actively take to make a virus work provides more than enough of an obstacle that you're about as safe as it is possible to be from the "threat" of this ever happening.

ONE person could, conceivably, infect themselves with a virus, I suppose -- some clueless moron running as root all the time who downloads and installs things without the slightest idea of what they are, perhaps -- but for the "virus" to spread, it would require that *everyone else* be at least that dumb.

We're ten years on, with ZERO viruses. I'm not sure what leads you to believe that Mac OS X is going to become LESS secure against this threat as time goes on, or that users will engage in RISKIER behaviour going forward than they did in the past, but it's a belief that has no basis in fact or precedent.
 
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
Hmmm.... Something that did (not) happen in the past is no guarantee for the future.
People are still talking about virus / Trojans / worms etc.... Pointless really.
When malicious code is run on your computer it doesn't matter what it is called now does it.... Damage is done, either to yourself or to others.
With all due respect, but when someone says that you need to type your password to allow malicious code to run , he/she is simply shortsighted.
The challenge has always been, still is and always will be to protect your identity.
As an example ... When you connect to your bank, the bank will know who you are but how can you be sure you are connected to your bank before you enter your credentials. (or Amazon or iTunes for that matter )

Anyway, everybody will have a choice in how he responds to threats but if people believe that technology will solve their (security) problems, then they don't understand the technology and they don't understand the problems.

Cheers ... McBie
 
Joined
Sep 1, 2010
Messages
2
Reaction score
0
Points
1
Hello. I am new to Mac and not at all computer proficient. I think I have something because I have been rerouted when I search on google. Sometimes the fan speeds up. I ran MacScan and found tracking cookies and deleted them. I ran iantivirus and got nothing. when I ran the ClamX it found 162787. emlx Heuristics. Phishin.... It would not remove it. I have no idea how to remove it. Is there a link that can walk me thru this? Also, the pop up blocker on Safari doesn't seem to work because I still get pop ups. Any help would be appreciated. thanks.
 

bobtomay

,
Retired Staff
Joined
Dec 22, 2006
Messages
26,561
Reaction score
677
Points
113
Location
Texas, where else?
Your Mac's Specs
15" MBP '06 2.33 C2D 4GB 10.7; 13" MBA '14 1.8 i7 8GB 10.11; 21" iMac '13 2.9 i5 8GB 10.11; 6S
... i noticed that zeroe wiping and re-installing with tiger only cleared 111.08 GB on a 120B GB drive.

Tiger uses Base 2 mathematics to report hard drive usage the same as every other OS on the planet.

but when i wiped and re-installed with the new os, all 120.03 GB were available. is that normal?

Snow Leopard is the first and at this point, the only OS to use Base 10 mathematics (which is what all the drive manufacturers use) to report drive size.

You can do a google search for Base 2 vs Base 10 to learn more.
There is no difference between them in the actual amount of space on the drive.
 

bobtomay

,
Retired Staff
Joined
Dec 22, 2006
Messages
26,561
Reaction score
677
Points
113
Location
Texas, where else?
Your Mac's Specs
15" MBP '06 2.33 C2D 4GB 10.7; 13" MBA '14 1.8 i7 8GB 10.11; 21" iMac '13 2.9 i5 8GB 10.11; 6S
Hello. I am new to Mac and not at all computer proficient. I think I have something because I have been rerouted when I search on google. Sometimes the fan speeds up. I ran MacScan and found tracking cookies and deleted them. I ran iantivirus and got nothing. when I ran the ClamX it found 162787. emlx Heuristics. Phishin.... It would not remove it. I have no idea how to remove it. Is there a link that can walk me thru this? Also, the pop up blocker on Safari doesn't seem to work because I still get pop ups. Any help would be appreciated. thanks.

ClamAV's phishing heuristics are based primarily on a search for HTML links where the visible and real targets of the link are different. It's a nice idea but with some URLs, for instance those based on TinyURL, it is likely to produce false positives. Most likely you can just ignore the report, though be cautious about clicking on any web link in the reported email, particularly if it's asking for any sort of personal information (never provide any sort of personal information via a web link in any email).

(Copy and paste from here)
 
Status
Not open for further replies.

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top