The Official Mac AntiVirus and Firewall FAQ

APL said:

What about torrents? And i have read threw this post and didn't really see a favorite virus/spyware program?

Click to expand...

What about them?

You didn't see a recommendation, because by and large, there is no need for anti-virus or anti-spyware software, because they have very little or nothing to search for.

OK sounds good. So no spyware or anti-virus program, my macbook gets here wednesday! cant wait

zongamin said:

I recently changed from using ClamXav to Intego Virus Barrier (its in the macupdate bundle which I was getting anyway).

Click to expand...

$70.00????

No virus yeah right!!! Apple says get a AV

Well I did some research at a non-mac site and found this, and I am waiting for a email for a couple more "virus" program discriptions. Virus, worm, trojan they are coming mac users.....

Mac OS X Virus: Inqtana.A Worm
Discovered: February 17, 2006
OSX/Inqtana.A is a Java-based worm that exploits the directory traversal vulnerability in the Bluetooth file and object exchange services in Mac OS X 10.4 (Tiger).


Leap.A aka Oompa-Loompa virus
The Leap.A (aka Oompa-Loompa) infects applications in Mac OS X 10.4 (Tiger) running on PowerPC processors.
IMPORTANT NOTE: The Leap.A worm has no similarities and is not related to March 2007 reports of the oompa loompa song repeatedly playing on Windows PCs. For details and a fix of the Oompa Loompa song on startup problem, see the "Oompa Loompa Song on Startup" entry. The following description is of the MacOSX Leap.A worm: Name
Leap.A, aka Oompa-Loompa Virus
Also known as: Oompa-Loompa, OSX/Oomp-A, Leap.A, CME-4, MacOS/Leap, MacOS/Leap!tgz, OSX.Leap.A, OSX/Leap
Type: iChat worm and Mac OS X 10.4 virus
Affects: Mac OS X 10.4 (Tiger) running on PowerPC processors
Discovered: February 14, 2006
Description: The Leap.A (aka Oompa-Loompa) infects applications in Mac OS X 10.4 (Tiger) running on PowerPC processors. Upon infection, Leap.A (aka Oompa-Loompa) sends itself to the infected user's contacts via iChat.
The sent attachment is named latestpics.tgz. The extracted latestpics.tgz file contains latestpics, which appears to have a .jpg icon. In reality, the icon is being faked by a second, hidden file, named _latestpics.
Impact of Infection: Leap.A installs itself differently depending on the rights of the logged in user. If the user is logged in as an administrator, Leap.A installs itself to the /Library/InputManagers/ directory.
If the user is not logged in as admin and does not have root permissions, the Leap.A virus will install to the ~/Library/InputManagers/ directory.

The link below says that Apple recomends as of Nov 2008 to get a virus protect software: Apple tells Mac users: Get anti-virus • The Register

"Apple suggests Intego VirusBarrier, Symantec Norton Anti-Virus 11 for Macintosh and McAfee VirusScan for Mac as possible security options"

APL said:

Well I did some research at a non-mac site and found this, and I am waiting for a email for a couple more "virus" program discriptions. Virus, worm, trojan they are coming mac users.....

Mac OS X Virus: Inqtana.A Worm
Discovered: February 17, 2006
OSX/Inqtana.A is a Java-based worm that exploits the directory traversal vulnerability in the Bluetooth file and object exchange services in Mac OS X 10.4 (Tiger).

Click to expand...

This is a worm, not a virus - and the hole has since been patched. There is no vulnerability. Also, you would have to be in range of a Bluetooth device (30 feet) for this to do anything.

Leap.A aka Oompa-Loompa virus
The Leap.A (aka Oompa-Loompa) infects applications in Mac OS X 10.4 (Tiger) running on PowerPC processors.
IMPORTANT NOTE: The Leap.A worm has no similarities and is not related to March 2007 reports of the oompa loompa song repeatedly playing on Windows PCs. For details and a fix of the Oompa Loompa song on startup problem, see the "Oompa Loompa Song on Startup" entry. The following description is of the MacOSX Leap.A worm: Name
Leap.A, aka Oompa-Loompa Virus
Also known as: Oompa-Loompa, OSX/Oomp-A, Leap.A, CME-4, MacOS/Leap, MacOS/Leap!tgz, OSX.Leap.A, OSX/Leap
Type: iChat worm and Mac OS X 10.4 virus
Affects: Mac OS X 10.4 (Tiger) running on PowerPC processors
Discovered: February 14, 2006
Description: The Leap.A (aka Oompa-Loompa) infects applications in Mac OS X 10.4 (Tiger) running on PowerPC processors. Upon infection, Leap.A (aka Oompa-Loompa) sends itself to the infected user's contacts via iChat.
The sent attachment is named latestpics.tgz. The extracted latestpics.tgz file contains latestpics, which appears to have a .jpg icon. In reality, the icon is being faked by a second, hidden file, named _latestpics.
Impact of Infection: Leap.A installs itself differently depending on the rights of the logged in user. If the user is logged in as an administrator, Leap.A installs itself to the /Library/InputManagers/ directory.
If the user is not logged in as admin and does not have root permissions, the Leap.A virus will install to the ~/Library/InputManagers/ directory.

Click to expand...

This is actually a Trojan, not a virus. It is a piece of software disguised as a picture. By definition, it's not a virus - you must willfully execute it. A little bit of common sense (i.e. not opening attachments from untrusted sources) will protect you a lot better than any kind of anti-virus software. Also, this is negated by the fact that it only runs on PPC processors.

OSX.Leap.A - Symantec.com - do note the infection rate, which according to Symantec is 0-49 users (out of millions).

Another good article explaining why this one is nothing to worry about: Leap-A malware: what you need to know | Macworld

The link below says that Apple recomends as of Nov 2008 to get a virus protect software: Apple tells Mac users: Get anti-virus • The Register

"Apple suggests Intego VirusBarrier, Symantec Norton Anti-Virus 11 for Macintosh and McAfee VirusScan for Mac as possible security options"

Click to expand...

This was a sensationalized media event that eventually led to Apple pulling the notice. Apparently, at one time Apple had a document recommending anti-virus software that was several years old. Apple updated the document, at which point the press caught on as if this was a new announcement and started sensationalizing it.

The simple fact of the matter is that there are no "in-the-wild" viruses for OS X. The current crop of Mac anti virus products scan mostly for Windows viruses, which the Mac is not susceptible to (although you can accidentally transfer one to a Windows user). If you are really paranoid, you can run an AV product, but in general it's not necessary.

Trust me on this, when the first real virus comes out for OS X, the media will be all over it like stink on dung - you will be well aware of the vulnerability long before it ever has a chance to propagate to your system.

THANK YOU, I was worried for a while. I will most likely have one because of a couple pc's i will be passing files too. Now for what one does not run in the backround on MAC and I can scan only when I want too... cwa107 any ideas?

Thanks again cwa107 you got my vote!

APL said:

THANK YOU, I was worried for a while. I will most likely have one because of a couple pc's i will be passing files too. Now for what one does not run in the backround on MAC and I can scan only when I want too... cwa107 any ideas?

Thanks again cwa107 you got my vote!

Click to expand...

You have to put it into perspective. There are literally hundreds of thousands of different kinds of malware for Windows. Your chances of getting something are extremely high on that platform. For OS X, there's maybe 2 or 3 types of malware (and that's all Trojans, which again must be willfully installed - you're not going to get one by accident). Your chances are infinitely less of encountering one of these maladies, even less so if you're judicious about entering your system password.

I can't recommend an AV product, because I've never felt the need to run one, so I don't have any experience with the different products out there. As far as transmitting viruses goes, that's also a very slim chance - particularly if you run anti-virus on those machines.

My advice would be to download the free ClamXAV. It's an on-demand scanner, so it's not obtrusive. But at least you can rest-assured knowing that you have something to scan files with.

Don't run Norton antivirus. It will slow you to a crawl. It also it very hard to get rid of after installing the crap. ClamXav is best for Mac.

Has anybody checked out a program called iAntivirus?

TiggerRPh said:

$70.00????

Click to expand...

err, no... $49.99 (about £30 at the time) - includes Virus Barrier and Rapidweaver (and other stuff).

Virus Barrier is MUCH better than Clam which is slow and not really 'active'.

I probably should fix some antivirus on my windows machine, if I get my thumb out of my HIND QUARTERS someday

but as for Phoenix Scanner, I got my iMac running like A SWEET DREAMS (made of these) since I got it, had a week trouble, but that is forgotten, and I have been having it for four years time, still works awesome! and I haven't touch an antivirus program for it. When they say Virus exist for mac, I will start thinking of turning my firewall on =)

Targeting MACs all must know spread the word!!! If you get an "iilegal" copy of iwork i believe 09 (maybe 08) but via p2p there is a virus or trojan not sure which yet. No not mine i bought my copy ill post a pic if you want, i use student discount to by apple items, but anyways bittorrent file we have seen it in 2 apps to include iwork. Malicious code within installation, if you scan just the file no good once you extract have fun. I will try to find out more info just want to put this pot in and get people looking because if you transfer or email with someone that has it, UT OH! A friend called me about 1200 miles away like "dude *** mac is down mac is down!" we looked into it and narrowed it down to iwork and some dvd program he downloaded. All bad people all bad

Re Activating Firewall in iMac 5.1 2.16 GHz

Hi ,

Thanks for this informative thread.

I'm a dummy when it comes to the hows of my computer but always felt my Mac was safe from attack but I have discovered my kids have added Limewire to my computer and after reading this link I went to check my sharing pref's. I'm not sure what to change, but help tells me I have no firewall activated. We use a Belkin wireless router to access the internet. I would appreciate any suggestions on what I need to change to make my Mac safer and whether you believe Limewire is a problem.

Regards,
Margaretm

schweb said:

Many many switchers coming from the Windows world are always concerned about whether or not they need a firewall or antivirus software for their Mac. The short answer: maybe, it's a personal choice.

Having a firewall is always a necessity to protect your computer and network from hackers who could steal data or harm your machines. Luckily Mac OSX has it's own built-in firewall that can be activated in the Sharing pref pane in System Preferences.

Now when it comes to antivirus software it gets trickier and there isn't as much agreement. Here are the normal pros and cons...

Pros:

• If you use the machine in a mixed network antivirus software will help stop you from further infecting the network. While your Mac can't be infected by a Windows virus, it can pass it on.
• Even though there is not a virus for Mac OSX that doesn't mean there will never be one. Having antivirus software installed makes you proactive in your protection.
• Most users see no performance decrease or issues when running antivirus software.

Cons:

• There has never been a virus or spyware released for Mac OSX to date.
• It eats up resources on some machines
• In certain situations it could cause stability issues or kernel panics

As you can see there are good reasons on both sides so in the end you need to make up your mind on which your most comfortable with.

If you decide to add an antivirus program to your computer here are some that are available for OSX:

Norton AntiVirus for Mac
McAfee Virex for Mac
ClamXav (free)

Click to expand...

Do I have to worry about spyware?

MargaretM said:

Hi ,

Thanks for this informative thread.

I'm a dummy when it comes to the hows of my computer but always felt my Mac was safe from attack but I have discovered my kids have added Limewire to my computer and after reading this link I went to check my sharing pref's. I'm not sure what to change, but help tells me I have no firewall activated. We use a Belkin wireless router to access the internet. I would appreciate any suggestions on what I need to change to make my Mac safer and whether you believe Limewire is a problem.

Regards,
Margaretm

Click to expand...

Well, Limewire definitely opens some holes in the protective measures for your network - and as such, you are at the mercy of Limewire's developers to keep your machine secure. Personally, I would remove Limewire and undo any exceptions to the Firewall settings in System Preferences => Security => Firewall tab.

The only thing I've seen kids use Limewire for is to download pirated content - and little good will come of that, particularly with the RIAA and MPAA policing that network and the willingness of ISPs to divulge your Internet usage.

babychan said:

Do I have to worry about spyware?

Click to expand...

If you use some common sense, and by that I mean being judicious about what you download from the Internet and install - particularly when you're prompted for your admin password during installation, then you needn't worry about it. There is very little to no "Spyware" for the Mac, depending on your definition.

Mac Newbie

I'm a newbie to the Mac world and your post helped a lot. But antivirus programs does hamper the performance of a laptop a/o PC. Especially "Norton Symentec". I have to say that the pros outweigh the cons, because the protection that it gives is extremely good. I am talking about Windows.

Now that I have a Mac I've been told many times that an antivirus program is not really needed. But of course no OS is 100% safe. It all depends for what you use your network for.

philby123 said:

Has anybody checked out a program called iAntivirus?

Click to expand...

I've been using iAntivirus for about a week now and I barely notice it's even there. It's everything that I wanted to be, so I'd say I'm pretty happy with it

I've just removed Intego Virus Barrier X5 (even though I recommended it just a few posts back!).
On my G5 at least it has a tendency to constantly reopen the process 'virusbarriers' which takes up about 22mb AT LEAST 7 times, usually 11 times and I once found it was running 119 (One Hundred and Nineteen) times...
Intego support suggested that I reinstall, and whilst it never managed to get to 119 processes again it would still take up between 200 and 300mb just doing nothing.
Not only that but in a resting state it would use up about 5% of my CPU, all the time.

So my advice is Firewall, Firefox+Adblock+NoScript, Little Snitch and most of all common sense - don't enter your admin password to watch 'videos' etc.

Anybody running a Mac and not running AntiVirus is really gambling with exposing their sensitive information.

While you don't hear about a Virus specifically being for a Mac, you certainly do hear about Trojan Horse programs, Keyloggers that can steal your information, etc.

If you do some research, there are plenty of vulnerabilities within the Mac OS, and programs that run on a Mac. This is how virus writers are able to create virus programs in the first place. While these people may not have targeted an operating system with single digit market share, its only a matter of time.

Keyloggers for Mac are cheap to buy, and easy to insert into any program as a free download. Mac users tend to be over confident in this department and will just install anything. Suddenly a keylogger is installed in your Mac, recording all the information when you log into internet banking, etc.

Since the firewall is turned off by default then there is nothing to stop, or even alert you, about the data leaving your machine.

So while there arent a lot of things to worry about labelled "Virus" in Mac land, there are plenty of other threats out there for Mac users to worry about that Virus scanners will be able to detect and stop.

An example of new Mac attack techniques being developed.


Mac OS X research warns of stealthier attacks