Security on MacBook Pro

philrhi · Feb 24, 2013

What is the best Malware - Security for my MacBook. I understand that Apple products are well protected but I have avast Free Antivirus, MacKeeper and Clean my Mac programmes recommended with positive and negative features.
I mistakenly though that MacKeeper and Clean my Mac were part of Apple etc.
The later not being free etc any advice please.

Advice please.

philrhi

cwa107 · Feb 24, 2013

philrhi said:
What is the best Malware - Security for my MacBook. I understand that Apple products are well protected but I have avast Free Antivirus, MacKeeper and Clean my Mac programmes recommended with positive and negative features.
I mistakenly though that MacKeeper and Clean my Mac were part of Apple etc.
The later not being free etc any advice please.

Advice please.

philrhi

MacKeeper and 'Clean My Mac' are pretty much scamware. Avoid them like the plague they are.

Your Mac has a rudimentary, built-in anti-malware program known as 'XProtect'. If you have OS X 10.8 (the latest version), it also has a feature called Gatekeeper that only allows software that has been at least somewhat vetted by Apple. These two measures alone should prevent the scant amount of malware that exists for OS X from ever touching your computer.

If you feel the need to run an occasional Malware scan, try ClamXAV or BitDefender.

This thread has much more comprehensive information within it, if you're interested:

http://www.mac-forums.com/forums/sw...-official-antivirus-malware-firewall-faq.html

chas_m · Feb 24, 2013

Mainia's information is incorrect. Neither XProtect nor Gatekeeper can be "easily bypassed."

Your chances of getting a virus -- now or anytime in the future -- are nil. Your chances of getting any malware are incredibly slim, and while anti-malware programs might help, common sense will protect you far better.

Bottom line: this paranoic thinking is a symptom of Windows FUD. You're on a Mac now, you can relax and enjoy your machine with very little concern. Sensible, routine, best practices are all you need to "protect" yourself.

TattooedMac · Feb 24, 2013

Mainia said:
AV is a must on a Mac, or at least in the future.

Its this ill informed statement that scare the unaware and newly switched users form the Window's environment to the OS X environment.
At least in the future ?? Ummm have you some sort of time machine that your not letting the rest of the world in on ?? This again is wrong and with no Information via a link to back it up, i call hogwash !!! There is NO WAY anyone can predicyt what what will affect Mac's in the future unless you, yourself is writing some sort of malicious code that you know will affect a Mac or more so the OS.
Please refrain from these sort of statement, so the new switches dont rush out and get AV that is not needed, could cost them unnecessary $ or bog down or do things to the OS that then makes them think they have a virus/malware etc

pigoo3 · Feb 24, 2013

Mainia said:
AV is a must on a Mac, or at least in the future.

Anything is posible in the future. So predicting that something is possible in the future is a discussion that's pretty hard to argue with...since no one can accurately predict the future.

What we can discuss and "hang our hat on" is past performance/history. Macintosh computers and Windows computers (for the most part) have been around since the early to mid-1980's.

In that time (25+ years)...Windows computers have been plagued with all sorts of negtive infections...while in the same period of time...Macintosh issues have been very very minor. So minor...that the downsides of installing anti-virus, anti-malware, etc. applications out-weigh the upsides.

I would predict (at least the near future)...Macintosh computers will remain a safe computing platform free of virus's...making it unecessary to install any sort of "protective" program.

If you ("Mainia") wish to install AV programs...go for it...it's your computer...do as you wish.

But please...it's really not necessary to insight a panic regarding virus's, malware, etc. in the Macintosh community...since there is very little (if anything) to be concerned about.

- Nick

chas_m · Feb 25, 2013

Mainia: you are hereby invited to send me all these "mac viruses" you claim are out there. Remember, they have to be viruses, not malware. I look forward to the avalanche of your imagination.

Nobody (including me) said you CAN'T run any anti-malware software if you want to, or that Macs don't have the (low) possibility of malware. But malware ≠ viruses and if you were half the expert you appear to think you were, you'd be a lot less reckless with your language and general FUD.

The fact of the matter is that the Mac Forums FAQ that has been referred to here has the up-to-date and correct factual information, and you do not.

pigoo3 · Feb 25, 2013

Mainia said:
This is very normal for Mac extremists who don't follow hackers and internet security and attack vectors.

I've been a Macintosh User since 1986 (around 27 years). This means that just about everyday for 27 years I have booted up my Macintosh computer.

Since the internet/world wide web pretty much was up & running in a format that we recognize today (let's call that around the mid-1990's)...I have signed onto the internet almost everyday in one way or another (about 18 years).

Now I do not claim to know everything...but if there was something important enough to know regarding virus's, malware, etc. on a Macintosh computer...I would know about it (eventually).

As of February, 2013...there is really nothing that the Macintosh community as a whole needs to fear. This could change tomorrow...but it probably won't. If there was all of a sudden something to fear...believe me...we here at Mac-Forums would be one of the very first places to know!!!

- Nick

TattooedMac · Feb 25, 2013

Because the world knows Mac's dont get Viruses, the second one came out the world would know about it. It would be on the news every minute of the day, people would be blogging about it and you wouldnt be able to go anywhere without hearing that there is one out there and with social media these days, half the planet would know about it within minutes . . . .
Because Windows machines are so prone to viri, it goes on page 27 of the paper, you dont hear about anything on the news and bloggers go . . . . Meh its just another one and dont bother blogging about it.

The person that writes one to truely infect a Mac, will be more famous than Tom Cruise and will be within minutes of him releasing it.
WE WILL KNOW MINUTES AFTER !!!!!!!

cwa107 · Feb 25, 2013

Remember Malware is a broad term that encompasses "virus". It literally means "Malicious Software", so though you may be correct about there being no self-replicating, self-propogating malware (i.e. virus), is the terminology all that significant?

Can't "Malware", even if you were to exclude viruses from that categorization, be every bit as damaging as a "virus"?

I'm not arguing either way, just providing some food for thought.

vansmith · Feb 25, 2013

chas_m said:
Mainia's information is incorrect. Neither XProtect nor Gatekeeper can be "easily bypassed."

But it can and has been. As for XProtect, simply changing a string in its plist file is enough to get around it (and I mean that quite literally).

chas_m said:
Your chances of getting a virus -- now or anytime in the future -- are nil.

I will bet everything I have that this is wrong. Unless your clairvoyant, I'll side with history which has proven that nothing is unhackable...nothing.

An honest question: why is it that you think OS X is impenetrable now and in every moment (as you suggest) in the future?

MacInWin · Feb 25, 2013

cwa107, you are correct about malware. That term is all-inclusive. And yes, malware can be damaging. However, viruses are self-replicating and generally truly malicious. The debate is that Mainia made the claims that Windows has no viruses that threaten Windows users, and that Mac products do, so a user of Mac products needs some sort of antivirus software. Those claims are patently false. Mainia has been challenged to produce evidence of even one virus for Mac products in the wild, but will be unable to do so as none exist. The recent malware with Java and OSX simply highlight that OSX is, in itself, pretty robust, but that poorly written third party products like Flash and Java have security holes which can be exploited in the OSX environment (as well as WIndows, Linux, etc). The simple solution for the Mac user is to disable Java and Flash (I've done that and don't miss either of them). NO AV software required.

cwa107 · Feb 25, 2013

vansmith said:
But it can and has been. As for XProtect, simply changing a string in its plist file is enough to get around it (and I mean that quite literally).

So, just playing devil's advocate here- but can you modify that plist file as a normal user, or would you first need to compromise the DAC?

And I don't know the answer to that - I'm honestly curious as to how many layers of security a hacker would need to go through before they even got that far. I'm sure a bit of social engineering could potentially open up a lot of doors, and depending on the user, that could be very easy to orchestrate.

But then again, no amount of AV is going to stop social engineering.

cwa107 · Feb 25, 2013

dtravis7 said:
So Windows has Zero Virus's. Interesting. Maybe I should sell my Macs and get a nice Windows 8 Cloud touch DESKTOP Touch machine since there is no way it ever can get a virus.

No one is saying that. I think the point Mainia is trying to make is that true viruses are much less common than they once were on Windows. What you're battling (and indeed, what I battle with Windows on a regular basis myself) are different kinds of malware other than viruses... and that since there has been a significant uptick on general malware for OS X, there is a much more equal risk of malware infection than there may have been in the past.

Again, I don't mean to ruffle your feathers or anything Dennis - just trying to be fair here and make sure we are on the same page in terms of terminology.

cwa107 · Feb 25, 2013

dtravis7 said:
What I am removing from the systems I repair are true Virus's. I know the difference and for him to say there are no longer any Virus's for Windows is wrong. There are. Sure there is Malware that I use Maleware bytes and SuperAntiSpyware to remove. Those Apps do not find the Virus's that I am removing because they are Real Virus's and not Malware.

I don't doubt that there are true viruses in the wild for Windows still. That said, instances of Trojans, rootkits and worms are far more common today than they once were. And they will likely continue to decline, since it takes great genius to write a truly self-replicating virus. Any moron can write a Trojan. Wherever the amount of effort exerted exceeds the benefit of the objective, the bad guy is going to default to the least amount of effort. And that's what we're seeing with OS X malware.

None of this stuff is difficult to remove or avoid, and that's why I don't personally run AV on my Mac. Well.... that and ALL (and I mean ALL) of the current crop of on-access AV products for the Mac truly suck. BitDefender and ClamXAV I like, because they are non-invasive and don't add any extra CPU cycles. Can they hold your hand as a neophyte and keep you away from bad stuff? No. But if you need a good reactive scanner, they do the job efficiently. The benefit of a proactive scanner (on-access) is that they are supposed to catch the infection before it hits. But how many times have you actually seen an AV product (any) let an infection slip by? For that matter, how many Windows machines are you disinfecting that have a good, solid AV solution, but were compromised nonetheless? If you're like me - nearly all of them.

So what does that say about the sorry state of AV products... both for the Mac and for Windows?

vansmith · Feb 25, 2013

cwa107 said:
So, just playing devil's advocate here- but can you modify that plist file as a normal user, or would you first need to compromise the DAC?

The plist is located in a protected directory (/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources) so it would require some sort of elevated privileges but as you mentioned, some simple social engineering could help to clear that hurdle. I really just included it to clarify how easy one could circumvent XProtect especially since text processing and manipulation is dead easy in many scripting languages.

cwa107 said:
Any moron can write a Trojan.

At the risk of making it appear as if I'm trying to disprove any allegations of stupidity, I'm tempted to see if I can craft one with my relatively novice programming skills (obviously, I wouldn't use it on anyone else's computer). Perhaps I'll finally have a use for those virtual machines I have lying around.

vansmith · Feb 25, 2013

I don't actually think it will be all that difficult. From what I understand, it could be as simple as sending files my way once something has installed itself surreptitiously. I don't purport to "have t3h skillz" to do this well but I think I could probably conjure up something that would work in a very primitive fashion.

...why, why must I give myself these ridiculous challenges?

cwa107 · Feb 25, 2013

vansmith said:
The plist is located in a protected directory (/System/Library/CoreServices/CoreTypes.bundle/Contents/Resources) so it would require some sort of elevated privileges but as you mentioned, some simple social engineering could help to clear that hurdle. I really just included it to clarify how easy one could circumvent XProtect especially since text processing and manipulation is dead easy in many scripting languages.

Yeah, but to my point - a user trained in the art of not giving a suspect program credentials (which many Mac users are) would stop this issue cold. So, yeah, you can always trick the neophytes - but the same could be said for any computer, any platform. The biggest threat when it comes to malware is the user.

At the risk of making it appear as if I'm trying to disprove any allegations of stupidity, I'm tempted to see if I can craft one with my relatively novice programming skills (obviously, I wouldn't use it on anyone else's computer). Perhaps I'll finally have a use for those virtual machines I have lying around.

Write a shell script that kicks off a mass delete. Rename the script to "SUPER COOL PROGRAM CLICK MEEEEEEEEEE!!!!" and give it a fancy icon. There, you have a trojan.

Script kiddie stuff really....

vansmith · Feb 25, 2013

cwa107 said:
Yeah, but to my point - a user trained in the art of not giving a suspect program credentials (which many Mac users are) would stop this issue cold. So, yeah, you can always trick the neophytes - but the same could be said for any computer, any platform. The biggest threat when it comes to malware is the user.

True but successful trojans are successful because you don't see it coming. The concern I raised was not so much getting the credentials but how, once they were had, XProtect could be rendered useless. In fact, given access, a grade 11 "intro to visual basic" programmer could do it.

cwa107 said:
Write a shell script that kicks off a mass delete. Rename the script to "SUPER COOL PROGRAM CLICK MEEEEEEEEEE!!!!" and give it a fancy icon. There, you have a trojan.

Script kiddie stuff really....

I like to think that I could do it with a little more grace and tact (should those words be suitable to the context). I'm interested to see if I could do it while appearing as if nothing was wrong.

osxx · Feb 25, 2013

Got to side with Dennis on this one my neighbors Win 7 was so infected had to do a clean install but I can say of my friends with Mac's I have never seen them get any malicious bug and they surf some pretty dangerous territory.
Guess I will worry about it when it makes the 6 o"clock news or Time Magazine until then surfs up.

TattooedMac · Feb 25, 2013

vansmith said:
...why, why must I give myself these ridiculous challenges?

Professors usually do just for the challenge

Security on MacBook Pro

philrhi

cwa107

chas_m

Guest

TattooedMac

pigoo3

Well-known member

chas_m

Guest

pigoo3

Well-known member

TattooedMac

cwa107

vansmith

Senior Member

MacInWin

Guest

cwa107

cwa107

cwa107

vansmith

Senior Member

vansmith

Senior Member

cwa107

vansmith

Senior Member

osxx

TattooedMac

Shop Amazon