Official antivirus, malware, and firewall FAQ

Status
Not open for further replies.
Joined
Feb 1, 2011
Messages
4,407
Reaction score
2,098
Points
113
Location
Sacramento, California
There is a new Trojan Horse going around that is quite nasty, called Flashback.

Article: Mac Flashback Trojan: Find Out If You’re One of the 600,000 Infected
Mac Flashback Trojan: Find Out If You're One of the 600,000 Infected
This article will tell you how to find out if you are already infected by the Flashback Trojan, and it tells where to go to find instructions on how to eliminate this malware if you are.
(Don't be too upset by the title of that article. I've yet to hear a single firsthand account of someone being infected by Flashback.)

Apple has already pushed out an update to Java that includes a patch to make your Mac immune to Flashback.
Once you either find out that you aren't infected with Flashback, or you find out that you are infected with Flashback and you eliminate it, it would be a very good idea to go ahead and update Java to acquire immunity to Flashback.
About the security content of Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7

Java, by the way, is a programming language that is used for applications and advanced features on Web sites. It's use has become very rare. If you think that it is unlikely that you even have a need for Java, it is possible to completely disable Java so that it can be totally eliminated as a vector of malware infection on your computer.:
How to check for and disable Java in OS X | MacFixIt - CNET Reviews

There is another Trojan Horse going around that is carried via a Microsoft Office document. Don't confuse this with the Flashback Trojan. Apple has already pushed out a security update to protect you against this Trojan also.
Apple updated XProtect with a definition to
catch the Office vulnerability. They refer to it as "OSX/Mdropper.i." You should run Software Update on your Mac and install all security updates.

In addition, if you have Microsoft Office installed, it's a good idea to install the Microsoft updaters for Office. These include a patch against this Trojan also:
Microsoft Office for Mac Downloads and Updates | Office For Mac
 
Joined
Feb 1, 2011
Messages
4,407
Reaction score
2,098
Points
113
Location
Sacramento, California
A simpler method (i.e. non-command line) to check to see if you are infected by Flashback than the F-Secure steps is this little app that runs the test for you. It just posts a dialog that says whether or not you're infected, It does not make any attempt to remove the trojan. You can download it here:
http://rsdeveloper.com/downloads/test4flashback.zip
 
Joined
Sep 3, 2009
Messages
132
Reaction score
3
Points
18
Location
Houston, Texas
Your Mac's Specs
MacBook Pro.
A simpler method (i.e. non-command line) to check to see if you are infected by Flashback than the F-Secure steps is this little app that runs the test for you. It just posts a dialog that says whether or not you're infected, It does not make any attempt to remove the trojan. You can download it here:
http://rsdeveloper.com/downloads/test4flashback.zip

Being a new comer to the Apple world - iPhone and MacBook Pro - I'm rather hesatent to install or use anything that has a .zip extension. I feel its to my benefit to use approved programs/apps with the .dmg extension. With this trojan needing to be address, how do folks on this forum feel about using .zip files for what ever reason?

By the way, I went to an Apple store and had them assist me with this malware. By golly my machine was infected and they removed it. So I'm clean as of now.

On a related subject, I asked them to recomend an AV program. The tech suggested ESET Cyber Security and Kaperski AV. Any and all comments on these two programs will be greatly appreciated.

Thanks,
Alioop
 

vansmith

Senior Member
Joined
Oct 19, 2008
Messages
19,924
Reaction score
559
Points
113
Location
Queensland
Your Mac's Specs
Mini (2014, 2018, 2020), MBA (2020), iPad Pro (2018), iPhone 13 Pro Max, Watch (S6)
Being a new comer to the Apple world - iPhone and MacBook Pro - I'm rather hesatent to install or use anything that has a .zip extension. I feel its to my benefit to use approved programs/apps with the .dmg extension. With this trojan needing to be address, how do folks on this forum feel about using .zip files for what ever reason?
There's no reason to be wary of zip files - Apple wouldn't have built in support for it if it was a bad file type. Sure, it's possible that something bad can be distributed but it's just as likely to be distributed as a dmg file. In essence, they are both just formats for containing/compressing files and each is no more dangerous than the other in and of itself.
 
Joined
Sep 3, 2009
Messages
132
Reaction score
3
Points
18
Location
Houston, Texas
Your Mac's Specs
MacBook Pro.
vansmith, thanks for clarifying this. I feel better about it. I guess when it's all said and done, downloading a file or app or program from a reliable source is one's best bet.
 
Joined
Sep 15, 2011
Messages
4
Reaction score
0
Points
1
Location
Denmark
I have had very good experience with ESET for Windows - fast, reliable and with low CPU usage.
I guess the ESET Mac version should also be OK.
 
Joined
Sep 3, 2009
Messages
132
Reaction score
3
Points
18
Location
Houston, Texas
Your Mac's Specs
MacBook Pro.
I have had very good experience with ESET for Windows - fast, reliable and with low CPU usage.
I guess the ESET Mac version should also be OK.


Thanks for your input.
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
I'm not so sure. We've had bad reports about Kaspersky for the Mac, Norton AV for the Mac, and several other well known Windows products now available for the Mac platform. The bottom line here is just because it works well for Windows does not necessarily mean it will do the same for OS X. The one AV product that I know for sure that works well in OS X is ClamXav 2 an open source AV product designed specifically for the Mac.

Perhaps Randy Singer can recommend some others. He seems to be well up on what's good and what's not.
 
Joined
Feb 1, 2011
Messages
4,407
Reaction score
2,098
Points
113
Location
Sacramento, California
Perhaps Randy Singer can recommend some others. He seems to be well up on what's good and what's not.

The problem with Windows-centric anti-virus (AV) companies is that it is difficult to be sure that they understand the Macintosh. The Mac and the Mac virus landscape aren't exactly like that for Windows.

I'm developing a mistrust of Kaspersky because it is more and more looking like they created a tempest in a teapot over Flashback. They said that "over 600,000 Macs" were infected with Flashback, but now we are hearing that that number might not refer to Macs at all, and so far there are very few real-world reports of Macs being infected by Flashback. They may have just hyped Flashback to sell AV software.

For the past decade Intego's Virus Barrier consistently has won every AV software shootout test done by Macworld magazine. See:
VirusBarrier X4 Antivirus & Security Software Review | Macworld
VirusBarrier X5 Antivirus & Security Software Review | Macworld
And Intego is the only AV developer that is Macintosh-only.

The thing is that Virus Barrier, and just about every other AV program other than ClamXav, is stay-resident software. It is always running. So there will always be some level of performance degradation and the potential for software conflicts.

Nevertheless, I have Virus Barrier installed myself. I've never had a single problem with it, but then again I've never encountered any Mac malware, so Virus Barrier hasn't had a lot to do. (It occasionally alerts me to a phishing scam or an e-mail attachment that is a Windows virus, but those are easy to spot and deal with on a Mac without the need for AV software.) One huge advantage Virus Barrier has over many of its rivals is that it can usually clean an infected file, or entire computer, without any data loss or need to trash and reinstall programs.

ClamXav is easy to recommend to users, because it isn't stay-resident software and it is free.

Besides Virus Barrier and ClamXav, I've heard good (anecdotal) things about:

Eset $40/year
ESET - Antivirus Software with Spyware and Malware Protection

Sophos Home Edition (free)
Free Mac AntiVirus - Mac Security and Protection - Sophos

Sophos Anti-Virus (for businesses; expensive)
http://www.sophos.com/products/es/endpoint-server/sav-mac.html

However, just this week I helped someone track down a performance problem with their Mac, and excessive rotating beachballs, and the culprit was the free version of Sophos

Other AV software that I know of (not necessarily a recommendation, this is just what's available):

Bit Defender $40
Antivirus Software for Mac OS - Bitdefender Antivirus for Mac

Comodo (free)
Mac Antivirus Protection, Download Mac Antivirus Free From Comodo

Kaspersky Anti-Virus For Mac ($40)
Anti-Virus Software for Mac Protection | Kaspersky Lab United States

Avast ($40/year)
Avast | Download Free Antivirus & VPN | 100% Free & Easy
Get Free Antivirus for Mac | Avast Security

VirusScan for Mac ($110 per year for a minimum of 3 licenses)
McAfee VirusScan Enterprise – Antivirus Solution | McAfee Products

Norton Anti-Virus
Norton - Antivirus Software, Spyware Protection, and Personal Firewall by Symantec
(Norton/Symantec products have a reputation for being as bad as having a virus.)

Intego Virus Barrier X*($50)
Mac Anti-Virus Protection for Home, Virus Barrier - Intego

Authentium ESP Antivirus for Mac OS X* (changed hands?)
Commtouch - Internet Security Solutions | for Vendors and Service Providers (outdated link removed)
Antivirus | Commtouch - Internet Security Solutions

ClamXav (free)
ClamXav
http://www.markallan.co.uk/clamXav/index.php

MacScan $30
MacScan - Mac OS X Spyware Security and Privacy Malware Removal and Protection for Apple Macintosh

iAntiVirus $30/yr
Free Antivirus for Mac OS X | iAntivirus (outdated link removed)
gone? Maybe a really bad idea to go near?
The Safe Mac » Beware iAntivirus!

McAfee VirusScan for Mac (min. 3 licenses required to purchase) $110/3macs/yr.
McAfee VirusScan for Mac | McAfee Products
 
Joined
Feb 10, 2012
Messages
22
Reaction score
0
Points
1
For the last few days, I have been using Dr. Web (30-day trial; $33.97/year) for Mac, and it seems to be working well. I have not noticed any computer slowdowns, that I can see. I previously tried Kaspersky, and it made my MBP absolutely unusable, so I wanted to really watch the effect that Dr. Web has on it. Seems perfectly fine to me, so far.
 
Last edited:
C

chas_m

Guest
Dr. Web – you mean the Russian company that lied about the 600,000 Macs being infected?

It's just a gut feeling on my part, but I fear you may have fallen for the hype. Hopefully you're just still on the trial period. Hopefully Dr. Web is actually a legitimate company, and not just an antivirus peddler that actually has a hand in propagating viruses – or stealing identities. I don't mean to sound anti-Russian – there are several great Mac Russian outfits, such as MacKiev – but I also know that some viruses and malware have come out of Russia, and that some theft identity rings operate from there. Because it is difficult to check the credentials of Dr. Web from here, I tend to be a little suspicious.

As misinformed as most media reports about this have been, the OVER reaction of Mac users over this has really surprised me. So, in the interest of spreading information that is accurate, let's reiterate the facts:

1. If you are running Lion (10.7) or Snow Leopard (10.6), all you need to do to immunize yourself from this problem is to run Software Update. If you have Java installed, you'll see an update for it. If you don't have Java installed, you won't. Either way, once you run Software Update, you'll be protected.

2. If you are on a system prior to Snow Leopard, the best thing to do is turn off Java in your browser's preferences. This may "break" some applets used on some websites, but Java is much less used these days and then it used to be. You may well not notice any changes in the websites you frequent.

If it is possible for you to do so, you should consider upgrading to Snow Leopard. While the Mac continues to be free of viruses, instances of malware due to things like Flash and Java are likely to increase. Systems that are still supported by Apple are better protected than systems that are not supported by Apple.

3. It is still my considered opinion that paying for antivirus software is a waste of money. Even if you feel the need to install some, there are several quality free alternatives for you to choose from. It is worth remembering that Apple already has an anti-malware protection system in place on your Snow Leopard or Lion system. This system is upgraded silently, so users are generally not aware that it has been updated – but Apple does update it whenever a threat appears. This is why almost no Mac systems have been infected by all the previous Flashback variants. In this particular case, there was no need for Apple to update its anti-malware program – installing the latest version of Java is the solution to the problem.

In my own personal opinion, your best defense against malware is to keep your software updated, and stay connected to the Mac community. Don't freak out over initial reports – they are often wrong. Treat "discoveries" by companies who sell antivirus software with healthy skepticism. The media and tech punditry are very Windows-oriented – their "reports" on Mac "viruses" are usually the source of much misinformation. Keep calm and carry on, as the British used to say. Wait for word from recognized and trusted Mac experts – or Apple itself – before overreacting.
 
Joined
Feb 1, 2011
Messages
4,407
Reaction score
2,098
Points
113
Location
Sacramento, California
In my own personal opinion, your best defense against malware is to keep your software updated, and stay connected to the Mac community. Don't freak out over initial reports – they are often wrong. Treat "discoveries" by companies who sell antivirus software with healthy skepticism. The media and tech punditry are very Windows-oriented – their "reports" on Mac "viruses" are usually the source of much misinformation. Keep calm and carry on, as the British used to say. Wait for word from recognized and trusted Mac experts – or Apple itself – before overreacting.

I couldn't agree with this more. I think that Chas perfectly stated this.
 
Last edited:
Joined
Feb 1, 2011
Messages
4,407
Reaction score
2,098
Points
113
Location
Sacramento, California
I sent this message out to my user group today. I thought that the folks on this discussion list might be interested in it.

This is a followup to my previous message about Flashback (which, by the way, at this point is not technically a Trojan, since it can infect your computer with no warning or user interaction whatsoever, simply by you visiting a malicious, or just an infected, Web site.) I thought that everyone would appreciate more information.

I've now sent out a mailing to over 9,000 subscribers of The MacAttorney Newsletter about Flashback, and I've posted about it on a dozen Mac discussion lists. So I've reached somewhere around 20,000 Mac users. Users have rushed to check to see if they were infected. So far, not a single user of the many who have written back has been infected with Flashback.

While I have no doubt that Flashback is real, and that it is a good idea to do all that you can to protect yourself from it, I'm beginning to think that much of this scare was hype invented by anti-virus software firms in Russia, from whom the original report eminated.

Some research on the Web turns up reports that the "600,000 infected machines" written about may not have necessarily been Macs. That number likely includes other OS's, the proportion of which to Macs is unknown. (i.e. It may be that mostly Windows computers were infected, and very few Macs.)

Daring Fireball (written by widely respected John Gruber), a very popular Mac blog, a few days ago posted about Flashback:
Daring Fireball Linked List: Flashback Trojan Reportedly Controls Half a Million Macs and Counting
As of last Thursday, he says he has heard from "about a dozen or so Daring Fireball readers whove been hit by this."

The problem is that when there is a panic about a new virus, there will always be a few folks who aren’t deep thinkers who will rush to tell you that they have been infected based on any change in their computer, or even in their lives, real or imagined. Once you manage to elicit the details from them, it becomes obvious that their report isn't credible.

Also, the media has reported that “security experts” have confirmed that Flashback is a huge threat. There is a problem with consulting with security experts. I call it the “to a hammer, everything looks like a nail” problem. These are folks who have been trained to recognize the millions of viruses that exist for Windows. To them, everything in the entire world is a huge security threat. I've never heard of a security expert who has said: " Just relax; start worrying if and when there are verifiable reports of computers being infected."

I wouldn't be surprised if, after all is said and done, that not a single one of us will be infected by Flashback, and not a single one of us will know anyone first-hand who has been infected by it.

Now, let me be completely clear, all of the above is not to say that you shouldn’t take all necessary steps to protect yourself from Flashback. You really should. But you should know that there is no reason to get paranoid. Your Mac is still the most secure personal computing platform out there. There isn’t a flood of Mac malware hitting us. The sky is not falling. It is very important to consider the source of any information that you hear about the Macinotsh, and that includes the media which doesn’t generally have a clue about the Mac. There are, unfortunately, lots of Apple-haters and people with various questionable motives in the world.

An interesting blog post:
Apple And The Flashback Trojan » Beyond Bridges

Various additional bits that might be helpful:

Macworld now has an article about Flashback:
What you need to know about the Flashback trojan | Macworld

How to check for and disable Java in OS X
“Java used to be deeply embedded in OS X, but in recent versions of the OS it's an optional install. Here is how to check to see if it is installed, and how to disable or remove it.”
How to check for and disable Java in OS X | MacFixIt - CNET Reviews

Some users have asked if there are any applications in common use that will be effected if they totally disable Java on their Macintosh. Here are the ones that I know of:
Evernote
MoneyDance
OpenOffice-based suites (i.e. LibreOffice, NeoOffice, OpenOffice/Mac)

I hope that you find this message useful.
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,833
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
Thanks for the follow up Randy and good advice. It seems this whole Flashback thing has been blown way out of proportion.
 
Joined
Feb 1, 2011
Messages
4,407
Reaction score
2,098
Points
113
Location
Sacramento, California
Thanks for the follow up Randy and good advice. It seems this whole Flashback thing has been blown way out of proportion.

My pleasure.

I've heard from a large number of folks today in response to this mailing. Including a number of IT folks who deal with a lot of Macs in an enterprise context. Not a single one has seen a single infection.

However, I want to reiterate that Flashback is real, that it is very nasty, and that everyone really should take steps to protect your Mac from it. Fortunately you don't need anti-virus software to do so, and so far Flashback is extremely rare in the Western world.
 

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
Agree with Randy. I have not seen one case of that Malware on anyones Macs.

Be sure though and install the Java update and be safe just in case.

I truly believe the 600K is highly exaggerated.
 
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
Agree with Randy. I have not seen one case of that Malware on anyones Macs.

Be sure though and install the Java update and be safe just in case.

I truly believe the 600K is highly exaggerated.

I posted my view on this 600000 earlier this week.
Knowing that any initial assessment is wrong , during any investigation my first question has always been .... who would have an interest in counting the number of infections and where do the numbers come from.
Facts is what matters and from the responses on this forum, the success rate of this malware is low.
I still believe that the intentions of this malware was to create a proof of concept, nothing more.

Cheers ... McBie
 
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
Just found this ..... and I don't trust this at all .....

Web tool checks if your Mac is Flashback-free | MacFixIt - CNET Reviews

Read the article carefully and try to visualize the concept of the service they are talking about. :)

If this is any indication where the ( so called infection ) numbers come from , then this is very dodgy, to say the least.

Only my 2 cents of course and I may be totally wrong ( paranoid )

Cheers ... McBie
 
Joined
Mar 30, 2004
Messages
4,744
Reaction score
381
Points
83
Location
USA
Your Mac's Specs
12" Apple PowerBook G4 (1.5GHz)
Keep in mind that if the number of infected systems really is 600K, that would only be about 1% of Mac users.

How many of us have a hundred Macs we can check? If you haven't checked at least that many randomly-chosen Macs, you can't expect to have seen even one infected system even if that number is correct.

So "600k infections" and "very low infection rate" can both be true.

In any event, even if the number is half that, this is still a watershed in Mac security.
 
Status
Not open for further replies.

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top