Gasp! A major and unknown threat for OSX

[Randy B. Singer]

Heh! I'd also say they were of little or no value or purpose, as Apple says to ignore them as "not a cause for concern."

Basically what that means is that if you can't interpret those messages they are no cause for alarm.

But if you find them of value, enjoy them!

The snark really isn't necessary. You said that the messages are "meaningless." I merely pointed out that they exist for a reason, and have meaning to those they are intended for, which is mainly system administrators who understand UNIX. It wasn't a personal attack. There is no reason to be defensive.

 

[MacInWin]

No snark intended. I was sincere. If you have a use for them, by all means use them. As you say, for me and most users, and apparently for Apple (most of the time), they are valueless and safe to ignore. In the context of what MToo said about having 98,000 repairs done, most, if not all, of them were probably of the "safe to ignore" category.

Seriously, no snark intended. Sorry if it came across that way.

 

[MToo]

Did your machine do anything typical of malware, such as throw up a ransom notice? Did a run of anti-virus software identify a known piece of malware?

Hmm. Which anti virus software should I buy for the system that claims no viri ? Or malware?

Not a slam. A question. If there isn't any, why was it written? The existence of anti malware software for Macs means there is malware for Macs. So what is it, ( and the salesman in the first post was right then?)?

No reply covers changing permissions, keyboard lockout, and Admin ID simultaneously. And adding a new admin user while removing the current admin. seems pretty **** directed.

A partial boot: made it all the way to the desktop. But without keyboard control could do nothing. Keyboard tests ok on other systems. Trial keyboards don't work either. All keyboards worked in safe mode.

Paranoia? A good movie. You can see me in the bar. Not drinking OJ.

Didn't have to ignore unix messages. Didn't get any.

And why the **** couldn't the Apple geniuses figure it out in 6 hours?

 

[MToo]

No snark intended. I was sincere. If you have a use for them, by all means use them. As you say, for me and most users, and apparently for Apple (most of the time), they are valueless and safe to ignore. In the context of what MToo said about having 98,000 repairs done, most, if not all, of them were probably of the "safe to ignore" category.

Seriously, no snark intended. Sorry if it came across that way.

No Snark read. All of the repairs were access permission repairs. I checked manually. Before and after fixing. A small sample size. But 100 percent consistent. Have you ever heard off anything, accidental or malware turnoff access to all files? And quickly. Was working one minute and not the next.

If it's a bug, somebody else should have had it. And it's a big bug.

 

[Slydude]

I may be splitting hairs her but if the files were of absolutely no use Apple wouldn't have included them. The folks coding those files weren't getting paid to code/modify the files for nothing. The fact that most users can safely ignore them in most circumstances is not the same thing as being useless.

@Randy Thanks for the examples explaining why these messages occur. I know Apple had declared these problems as no big deal for most users. I'd wondered about them but not enough to try and translate technogeek (Unix permissions).

 

[Randy B. Singer]

I may be splitting hairs her but if the files were of absolutely no use Apple wouldn't have included them.

Well, actually, Apple didn't "include them." These informational messages already existed (that is, its normal for them to be generated) in the underlying BSD Unix that OS X sits on top of.

The problem is that Apple hasn't done a consistently good job of shielding ordinary users from these messages in Disk Utility. (Disk Utility is really a tool for ordinary Mac users. Unix geeks will likely be using the command line, i.e. Terminal, to do the same thing. Its normal and even helpful for these informational messages show up when repairing permissions from the command line. But they should be filtered out so that they don't appear when repairing permissions in Disk Utility.)

Every now and then Apple will update Disk Utility, and all of these informational messages will no longer pop up in Disk Utility when repairing permissions. Unfortunately, usually a subsequent update to Disk Utility with have them return. It's like Apple keeps forgetting to set things up so that users are shielded from these informational messages.

 

[Rod]

LOL I am just north of you in Mindanao.. About the same here..

Wow, what a small world, we however have just gotten fibre optic cable in the street and packages are looking pretty good price wise. I just keep thinking there must be a catch.

 

[Randy B. Singer]

Did your machine do anything typical of malware, such as throw up a ransom notice? Did a run of anti-virus software identify a known piece of malware?

Hmm. Which anti virus software should I buy

Well, first, you don't have to "buy" one. There are a number of anti-virus (AV) programs for the Macintosh that are free. For instance:

ClamXAV
ClamXav

avast! Free
avast! Free Antivirus for Mac | Security Software for Apple OS X

AVG AntiVirus
http://www.avg.com/us-en/avg-antivirus-for-mac

Avira Mac Security
Free Antivirus for Mac - Download the best Mac antivirus

BitDefender
Bitdefender Virus Scanner for Mac

Download one, and do a scan. However, you may want to uninstall that program afterwards so that it doesn't slow down or destabilize your Mac, as many fully interactive AV programs have been known to do.

Why do I recommend that you get an AV program and run it on you Macintosh? Well, many switchers, used to the horrible malware situation on Windows, instinctively assume that any and all problems that they experience with their Mac must be due to "a virus." They don't know yet that when encountering a problem with your Mac, it isn't logical to automatically assume that malware in the cause. Especially if the problem is manifesting itself in such a way that no known malware exists to cause it.

If you run an AV program on your Mac, and it doesn't find any malware, then...you don't have one. So you will then have proven to yourself that your Mac is not infected with malware and that you have to move on and do other sorts of (more fruitful) troubleshooting on your computer.

By the way, Macintosh AV software will also scan for a subset of Windows viruses. It isn't uncommon for AV software to find that you have a Windows virus on your Mac; usually a file attachment to an e-mail message. These Windows viruses can't run on a Mac, nor can they damage your Mac in any way. So if the AV software that you run flags something and gratuitously tells you that it saved you from an infection, make sure that you write down what that infection was. It was likely nothing that you needed saving from.

...for the system that claims no viri ? Or malware?

Who claimed that there is "no malware" for the Macintosh? I didn't. Did anyone?

There definitely is malware for the Macintosh. There isn't much of it. What exists is extremely rare to encounter. And, at least for now, just about all of what exists can't harm your Mac. Your Mac even defends itself to a point with built-in AV software called XProtect/Gatekeeper.

Not a slam. A question. If there isn't any, why was it written?

I bet you can answer this one yourself. Have you ever encountered a product that you didn't need in the store? Possibly even a product that *no one* needs?

To avoid a long discussion, let me just tell you: To make MONEY.
That's also the answer to the reason why a company might exaggerate the need for something that you don't need, possibly to the point of causing some folks to become paranoid.

I really don't want to have to keep on regurgitating the same thing in this thread. May I instead recommend an article.

Rich Mogul, a well known Mac security expert, wrote this article last year. He was asked last week if he had changed his outlook, and he said that his view had not changed and referred folks back to this article:

Do You Need Mac Antivirus Software in 2013?
TidBITS: Do You Need Mac Antivirus Software in 2013?

 

[jfoxbox]

Somehow I question the blind believe in the OSX line of no virus in the wild. I refer to an organization which specialties in that area- https://www.virusbtn.com/blog/2014/08_27.xml . Are they just wrong, or perhaps are you?
To run a mac without some antivirus is like making your Mac into a virus carrier for all the windows machines out there. I get malware in documents which come from Mac users who think they don't have any viruses, yet get them from PC//Windows users and just pass them on. That is irresponsible.

 

[chscag]

Somehow I question the blind believe in the OSX line of no virus in the wild. I refer to an organization which specialties in that area- https://www.virusbtn.com/blog/2014/08_27.xml . Are they just wrong, or perhaps are you?

Note that the article you refer to is titled: VB2014 preview: Methods of malware persistence on Mac OS X

No one here is arguing that there isn't malware that can get into a Mac. However, malware is not self replicating as most viruses commonly are. The fact is, there are no known viruses in the wild than can infect a Mac.

To run a mac without some antivirus is like making your Mac into a virus carrier for all the windows machines out there. I get malware in documents which come from Mac users who think they don't have any viruses, yet get them from PC//Windows users and just pass them on. That is irresponsible.

Again you're referring to malware, but I partially agree with you. Users who interchange files between Macs and PCs should be protected. Most universities require Mac owners to run AV software when on their network and the same goes for businesses. What really is irresponsible is the vast majority of Windows users who do not practice safe computing, not the minuscule amount of malware passed on from a Mac.

 

[MacInWin]

In addition to what chscag said, the vulnerabilities noted in the article are in Flash (which I don't use, and you shouldn't, either) and Java (again, I don't have installed and you shouldn't, either). If an OSX user uses commonsense and some rudimentary security measures (don't let software automatically update, don't let "Safe" files be automatically opened in your browser, don't open attachments from people you don't know, or that you didn't expect, etc) you'll be pretty safe. The challenge is, of course, that since there are no viruses in the wild for OSX and that the OS is pretty secure in all the known avenues of attach, that any virus that is successful will exploit some weakness that is, at this time, unknown. Therefore any A/V now on the market cannot protect from that unknown avenue as it is just that, unknown.

 

[ThatITGuy]

So, as I left (for the last time) to find another dealer, I decided that one of two things were in play here.

1. The salesman was blowing false information on purpose. (Anybody ever hear a salesman lie?)

2. The level of his ignorance was such that precluded any sane person from dealing with him.

The level of ignorance in this thread is hard to believe. Many people are simply using the 'ostrich' approach of burying their head in the sand and denying reality.

Of course Macs can and do get viruses/malware. Or more specifically programs running on a Mac can (and do).

I am very careful about web sites I visit, I always use Firefox and I keep my Mac (OS X 10.9.4) and my browser and all addons updated.

I still managed to pick up a virus that infected my email program (Thunderbird - also constantly updated) with a junk.eve virus. This virus kept moving emails to the "junk" folder without user interaction.

ClamXav found the virus and deleted it.

(Prior to running ClamXav I checked I used muCommander and there were two "junk.exe" - the legit one and the virus. This was also confirmed by using 'Find Any File').

So while the kernal, (OS X) itself may not get a virus due to inbuilt protection (XProtect and Gatekeeper) - programs running on a Mac certainly can get viruses.

In fact Apple have modified their claim that Macs can't get viruses:

Apple drops claim that 'Macs don't get viruses' | Flashback Trojan

Virus Bulletin also shows Macs can get viruses:

https://www.virusbtn.com/blog/2014/08_27.xml

Busting The Myth: Apple MACs Do Get Viruses! | Dr. Tech

While I love my Mac - and would not go back to PC's and Windoze - I am not in denial either.

I have 23 year IT experience, most with PCs since DOS 3.1 and XTs, am a Novell CNE and CNA - I swapped to Mac 5 years ago.

 

[vansmith]

The level of ignorance in this thread is hard to believe.

Nothing that you linked to proves that OS X is susceptible to viruses. Since you claim that there is widespread ignorance in this thread, I suggest you look up what a virus is and not conflate that with other forms of malware.

I am very careful about web sites I visit, I always use Firefox and I keep my Mac (OS X 10.9.4) and my browser and all addons updated.

What does Firefox have to do with this?

I still managed to pick up a virus that infected my email program (Thunderbird - also constantly updated) with a junk.eve virus. This virus kept moving emails to the "junk" folder without user interaction.

Can you point to something that, beyond any shadow of a doubt, proves that "junk.eve" is a virus and not some other form of malware.

(Prior to running ClamXav I checked I used muCommander and there were two "junk.exe" - the legit one and the virus. This was also confirmed by using 'Find Any File').

junk.exe is a Windows executable and by definition cannot run in OS X. I'm not sure why that's relevant.

So while the kernal, (OS X) itself may not get a virus due to inbuilt protection (XProtect and Gatekeeper) - programs running on a Mac certainly can get viruses.

OS X is more than just the kernel and includes much of the Apple supplied userland.

I have 23 year IT experience, most with PCs since DOS 3.1 and XTs, am a Novell CNE and CNA - I swapped to Mac 5 years ago.

I think you still have some brushing up to do on the semantics of malware. While I don't doubt your experience and expertise, I find it intriguing that you paint the users of this thread as ignorant and then display a similar ignorance.

 

[Randy B. Singer]

Can you point to something that, beyond any shadow of a doubt, proves that "junk.eve" is a virus and not some other form of malware.

"junk.exe" is a Windows executable file. Windows viruses running on Windows computers replicate themselves by sending out e-mails with viral attachments to folks in the user's address book. Those viral e-mails may be sent out to acquaintances with Macs. When Mac users receive those e-mails with viral attachments, they can't run on the Macintosh, and they can't harm the Macintosh in any way. In fact, they can't even be spread to a Windows user without you *purposely* re-sending them. In other words, they are harmless to Mac users and not really a threat to Windows users if you are the least bit careful.

But, if you run an anti-virus program, many of them will detect that Widows virus and set off alarms and tell you that it has saved you from some evil threat. These reports are self-serviing and while they lead some Mac users to believe that they were infected with a Macintosh virus, in fact the anti-virus software didn't save them from anything that they needed to be saved from.

As for Mac users spreading Windows viruses, that is such an uncommon vector as to be unimportant. In any case, Macintosh anti-virus software doesn't look for all Windows viruses. Some don't even look for a subset of them.

Protection from Windows viruses is the responsibility of Windows users. The only way for Windows users to get the best protection available from Windows viruses is for Windows users to be running meticulously updated anti-virus software. There is no good reason why Mac users should need to run anti-virus software to protect Windows users from viruses. They should be protecting themselves.

 

[Randy B. Singer]

Somehow I question the blind believe in the OSX line of no virus in the wild. I refer to an organization which specialties in that area- https://www.virusbtn.com/blog/2014/08_27.xml . Are they just wrong, or perhaps are you?

Sort of neither. That wasn't a very good article (an example of an Apple II virus, from decades ago, is irrelevant to the Macintosh), and the only examples of viruses that they give are of things that are now extinct.

No one has said that a Macintosh virus is "impossible." It is possible. In fact, there have been a couple of proof-of-concept viruses for the Mac, though neither have ever been developed and disseminated into the wild. What you have heard in this thread is that there are *currently* no Mac viruses (defined as self-propagating malware) in the wild. And that is irrefutably the case. There are only a handful of examples of Mac malware in the wild, and we know what all of them are. These things are very hard to create. They take a lot of talent, time, and money. Given that, and given that mac malware creators tend to meet nasty futures, there is a strong disincentive to creating a Mac virus.

"Security experts" have been saying that there will be a flood of malware, including viruses, for the Macintosh, real soon now, for as long as OS X has existed. The thing is, they have been crying "wolf" for 13 years now (a lifetime in the computing industry.)

Here is an interesting article. It's a few years old, but still entirely relevant:

Daring Fireball: Wolf!
Daring Fireball: Wolf!

Lay persons think that because they look similar, that the Mac and Windows are similarly susceptible to malware. That isn't the case. OS X was designed with an entirely different philosophy that Windows, and from the bottom up is much more secure:

Is Windows inherently more vulnerable to malware attacks than OS X?
Is Windows inherently more vulnerable to malware attacks than OS X? | Platforms - InfoWorld
or
Is Windows inherently more vulnerable to malware attacks than OS X? | Platforms - InfoWorld

Microsoft Windows: Insecure by Design
http://ensign.ftlcomm.com/ensign2/mcintyre/pickofday/aug027_03/PegoraroWP.pdf

See post from "Munkery" regarding Mac security:
Apple Updates Mountain Lion Developer Preview With New Security Features - Mac Rumors

 

[ThatITGuy]

Nothing that you linked to proves that OS X is susceptible to viruses. Since you claim that there is widespread ignorance in this thread, I suggest you look up what a virus is and not conflate that with other forms of malware.

To the admin that replied: I would suggest you get off your high horse.

Viruses are a part of malware. Spyware, trojans, viruses all constitute malware.

"malware
ˈmalwɛː/
noun
noun: malware; plural noun: malwares

software which is specifically designed to disrupt or damage a computer system."

"Short for "malicious software," malware refers to software programs designed to damage or do other unwanted actions on a computer system. In Spanish, "mal" is a prefix that means "bad," making the term "badware," which is a good way to remember it (even if you're not Spanish).

Common examples of malware include viruses, worms, trojan horses, and spyware."

Malware Definition

But obviously you know better than anyone else mr so-called administrator

"junk.exe" is a Windows executable file.

I may have got the extension (.exe) wrong - it was "junk" something because it had the same extension as the legitimate Thunderbird one and it did move emails to the Thunderbird "Junk" folder every time Thunderbird started - I had several emails in their that had no 'message filters' that sent them there (I have no 'message filters' at all) and I had never seen those emails - as in they never showed up in my Inbox first.

Call it viruses - call it malware - doesn't matter there certainly are things that can affect the running of the Mac despite Administrator's refusal to admit it and despite Administrator's denying that viruses are indeed 'malware'.

 

[chscag]

To the admin that replied: I would suggest you get off your high horse.

And I suggest you tone it down. You can discuss all you want about whatever, but let's do it in a polite manner. Thanks.

 

[ThatITGuy]

And I suggest you tone it down. You can discuss all you want about whatever, but let's do it in a polite manner. Thanks.

I suggest you look up what a virus is and not conflate that with other forms of malware.

And did you suggest to the other Admin that he tones it down and maybe learns his definitions before showing his ignorance?

Or is this just a one-sided thing?

 

[lclev]

Okay, it is getting a bit testy here. We have discussed this very issue on this forum enough to convince me we will never all agree. It is impossible when you mix those who have extensive Windows background and are now switchers with others who have been Apple fans for most if not all their computer lives.

The virus versus malware definition threw me at first too. According to Symatec, "Malware" is short for malicious software and used as a single term to refer to virus, spy ware, worm etc. Malware is designed to cause damage to a stand alone computer or a networked pc. So wherever a malware term is used it means a program which is designed to damage your computer it may be a virus, worm or Trojan.

A "Virus" is a program (.exe, .com, .bat) written to enter to your computer and damage/alter your files/data. A virus might corrupt or delete data on your computer. Viruses can also replicate themselves. A computer Virus is more dangerous than a computer worm as it makes changes or deletes your files while worms only replicates itself with out making changes to your files/data.

So if we want to get so technical, currently known viruses will not infect an Apple computer because OS X will not run an .exe, .com, or .bat type file extension. Could that change - sure, but all viruses still must be introduced by the user somehow. Now as for the other types of malware that is a whole other issue and yes, there has been a few pieces of malware in the past.

It still comes down to what I stated above, we all will never agree. I do run anti-virus but I am a resent switcher and I share files between my windows computer and my mac. I use my MB Air to filter my emails. I admit to feeling more secure having anti-virus running but who knows, someday I may walk on the wild side and give it up.

BTW, I too, am an IT, have been working with computers since the days of DOS 1.0, and I plan to never stop learning new ideas from other computer lovers.

Lisa

 

[dtravis7]

And did you suggest to the other Admin that he tones it down and maybe learns his definitions before showing his ignorance?

Or is this just a one-sided thing?

You were told to tone it down by staff here. I strongly suggest you listen.

What the Admin said was not insulting but very true. You shot back with your insult. This will be your warning. Keep it nice here.