Official antivirus, malware, and firewall FAQ

Status
Not open for further replies.
Joined
Mar 24, 2011
Messages
4
Reaction score
0
Points
1
I don't think that you have been hacked. Lots of users have been receiving scam phishing e-mails:
Phishing - Wikipedia, the free encyclopedia
that say that they have been charged on their PayPal account, on their UPS account, on their Chase credit card account, etc.

DON'T EVER click on anything in one of these e-mails. I hope that you didn't "lodge your dispute" with PayPal by clicking on a link in the e-mail you received. That's how they fool you into giving them sensitive private information.



You can use this free product to do a scan to see if you have an infection. But I'd be willing to bet that you don't have one. Rather, you fell for a social engineering trick.


ClamXav (free)
ClamXav
It was definitely not a Phising email I have had some of these before and sent them to PayPal, this was a cosher charge on my PayPal account as I logged onto my account to check, I also had my bank check it out and if I had not alerted them the charge would have been debited from my credit card account on the 29th of this month.
 
Joined
Feb 1, 2011
Messages
3,667
Reaction score
1,243
Points
113
Location
Sacramento, California
Good info Randy and a reminder to all of us about Phishing schemes. Thanks.

I just learned something pretty interesting the other day that I hadn't known. Apple quietly added Google's "Safe Browsing" technology to Safari. This technology keeps a database of malicious Web sites constantly updated, and it warns users away from those sites. This means that Phishing sites and sites hosting or poisoned by "drive-by download" malware can't easily infect Mac users! This technology is also in the Mac versions of Firefox and Chrome.

See:

Google’s Safe Browsing in Safari, Firefox, and Chrome
Google Safe Browsing | Google Developers
Inside Safari 3.2
 
Joined
Feb 26, 2010
Messages
2,116
Reaction score
123
Points
63
Location
Rocky Mountain High, Colorado
Your Mac's Specs
1.8 GHz i7 MBA 11" OSX 10.8.2
Java Zero Day

Disable Java NOW, users told, as 0-day exploit hits web ? The Register

Google news search
https://www.google.com/webhp?source...f.&fp=1a77c99e1aba770e&ion=1&biw=1174&bih=983

Note this is Java which is different than Javascript

From what I read the exploit allows any code to execute on the machine. The current payload is a windows executable so it doesn't directly run on Macs YET. There is no reason that the payload could be a Mac or Linux executable either. Hopefully Oracle patches this soon.

To disable Java
Chrome
go to the browser bar and type in
chrome://plugins
Disable Java

Firefox
Go to Tools Pull Down -> Add Ons -> Plugins -> Disable any Java

Safari
Go to Safari Pull Down -> Preferences -> Security Tab -> Uncheck Enable Java
 
Joined
Aug 25, 2012
Messages
1
Reaction score
0
Points
1
I'm not sure if I have a virus or malware at the moment.

I've read the first post of the thread and some of the more recent pages, and they imply that it is difficult to get an infected mac. However I am getting some interesting behaviour from avast antivirus. I'm not sure if I have a problem or not.

Before visiting this thread, I initially assumed I needed an antivirus and installed avast antivirus (has worked okay for me on PC). I did a google search on calibrating my monitor on the mac, and attempted to visit this site:
h??p://www.rytterfalk.com/2011/02/04/calibrate-your-mac-for-free
(replace the ?? with tt if you want to visit it)
Avast blocked the site and warned be it had an infection: html:script-inf

Since that time, I continually get these pop up alerts from avast webshield telling me they are blocking the infected website, when I am not actually visiting the website. Initially these alerts came up a few times a day, but now I'm getting them about every second day. Here is a photo of the pop alerts and my webshield log:

ScreenShot2012-09-03at93928PM.png


ScreenShot2012-09-03at93715PM.png


Doing a system scan with avast, doesn't come up with an actual infected file. It does come up with a 'warning' about a potentially suspect file called bootroot.loader, but I believe this is just a false positive.

ScreenShot2012-09-03at93828PM.png


I've tried deleting history, temporary internet file and cookies, in case one of these are trying to reconnect the URL and causing the pop ups.

Help/advice appreciated
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,832
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
Solution: Remove Avast. It's crap ware on the Mac and causes more problems than it fixes. It also issues false alerts (as you found out above). While it does work better on PCs (that's debatable) it does not work well at all on a Mac. As a matter of fact, I wouldn't use it on my PCs either. I use the free and very good Microsoft Security Essentials.

If you wish to use an AV package on your Mac, download the free ClamXav version 2.X from here. It's free and non-intrusive. Also please read through this entire thread and especially the replies from member Randy Singer.
 
Joined
Aug 15, 2011
Messages
51
Reaction score
1
Points
8
Your Mac's Specs
Mid '10 MacBook Pro, 128GB iPhone 6, 160GB iPod Classic, 32GB iPad 4th Gen, AirPort Extreme, AppleTV
Bot Warning from Comcast

I recently received an email from my ISP (Comcast) which told me they suspected I have a bot and I should take corrective action. I downloaded ClamXav and scanned both my MacBook Pro and my external hard drive and I found no threats. I searched some of the forums and became concerned about some Flash Update(?) threat because I usually go ahead and let it update when it pops up. In retrospect, I know I should go directly to the site and update from there, and I will from this point on. Anyway, I read a helpful post about how to check if I've been infected by this threat that poses as a Flash update by running a command in Terminal and the resulting message would determine if I had been infected or not. According to the test, I did not have that threat either. So my question, finally, is: Well...I don't know what my question is. I'm just confused and concerned. Any advice is greatly appreciated.

Also, on a separate note, now I'm also concerned about this Java Zero Day post I just read on this page! Can someone please elaborate on that for me? I'm really showing my ignorance here, but I don't even know what Java does, or what I would be losing by disabling it in Safari. Or is this actually something I should be worried about?

Thanks so much to all you saints who take the time to help idiots like me!
 

cwa107


Retired Staff
Joined
Dec 20, 2006
Messages
27,038
Reaction score
810
Points
113
Location
Lake Mary, Florida
Your Mac's Specs
14" MacBook Pro M1 Pro, 16GB RAM, 1TB SSD
I recently received an email from my ISP (Comcast) which told me they suspected I have a bot and I should take corrective action. I downloaded ClamXav and scanned both my MacBook Pro and my external hard drive and I found no threats. I searched some of the forums and became concerned about some Flash Update(?) threat because I usually go ahead and let it update when it pops up. In retrospect, I know I should go directly to the site and update from there, and I will from this point on. Anyway, I read a helpful post about how to check if I've been infected by this threat that poses as a Flash update by running a command in Terminal and the resulting message would determine if I had been infected or not. According to the test, I did not have that threat either. So my question, finally, is: Well...I don't know what my question is. I'm just confused and concerned. Any advice is greatly appreciated.

Are there any other machines sharing that Comcast connection?

Do you have a wireless network? If so, you'll want to make sure it's locked down and that none of your neighbors are interloping. It needs to be using WPA or WPA2 security, not WEP. If you didn't configure this yourself, check with the person who did.

Also, on a separate note, now I'm also concerned about this Java Zero Day post I just read on this page! Can someone please elaborate on that for me? I'm really showing my ignorance here, but I don't even know what Java does, or what I would be losing by disabling it in Safari. Or is this actually something I should be worried about?

As I understand it, this only effected Java 7 (which you would have downloaded manually from Oracle). If you're using the Apple-supplied Java (6), then you're probably fine.

Thanks so much to all you saints who take the time to help idiots like me!

One more thing, ClamXAV is a multi-platform scanner, and I'm not sure that it's geared specifically to scanning for Mac malware.

On the Mac App Store, you can find the free Bitdefender reactive scanner, which I believe is actually better than ClamXAV and it's not a resource hog like some of the others.

Mac App Store - Bitdefender Virus Scanner
 
Joined
Aug 15, 2011
Messages
51
Reaction score
1
Points
8
Your Mac's Specs
Mid '10 MacBook Pro, 128GB iPhone 6, 160GB iPod Classic, 32GB iPad 4th Gen, AirPort Extreme, AppleTV
Are there any other machines sharing that Comcast connection?

Do you have a wireless network? If so, you'll want to make sure it's locked down and that none of your neighbors are interloping. It needs to be using WPA or WPA2 security, not WEP. If you didn't configure this yourself, check with the person who did.

Yes, I am using an AirPort Extreme router, and I have my network configured as WPA2. The only devices on the network are my MacBook Pro, iPhone 4S, Apple TV, and my wireless printer. I have a guest access set up on the AirPort for my girlfriend's Droid phone (yuck), and for other guests' laptops, etc., but no one has been here using laptops or anything for a long time and this bot message is very recent.

As I understand it, this only effected Java 7 (which you would have downloaded manually from Oracle). If you're using the Apple-supplied Java (6), then you're probably fine.

Well the only thing I know for sure is that I haven't downloaded anything from Oracle, because I don't even know what that is, lol. So it seems I should be safe from the Java Zero Day threat.

One more thing, ClamXAV is a multi-platform scanner, and I'm not sure that it's geared specifically to scanning for Mac malware.

On the Mac App Store, you can find the free Bitdefender reactive scanner, which I believe is actually better than ClamXAV and it's not a resource hog like some of the others.

Ok, I'll definitely check out BitDefender. It's just that I've read tons of posts where people tout ClamXav as the best thing for Mac users looking for this type of software.

P.S. Do you think I've effectively confirmed I'm free of the "Flash Update threat"?

Thank you! I really appreciate your help!
 
Joined
Sep 17, 2012
Messages
107
Reaction score
0
Points
16
Location
San Diego, California
Your Mac's Specs
13" Retina MBP 2015
Hi, just finished reading all of this thread; you want me to give up my PC Peanuts Blanket - anti-virus programs, anti-malware programs, and my firewall programs? :Angry-Tongue:

All of them; which, in my case would be to discontinue Norton's 360.

I currently have the latest version and a subscription for another full year; and, it will transfer to a Mac version. I have never had a problem with Norton's 360 on my PCs; I do not experience any loss from its running in the background. Also never measured, i.e., did speed tests.

If I never had a problem with it on a 7200 rpm; I can't image I would experience a problem running two SSDs.

Having said that, I am making the switch; I am not married to Norton's

My summary of what everyone has said is definitely have ClamXav in your system and run it either periodically or on a schedule to scan your system for malware.

Of the myriad of programs available to the public, if you get it from the Apple Store, at least it has been tested etc.

EST Cybersecurity, $40, 4* - 12 reviews, is sold by the Apple Store. Is that the same as an Apple Endorsement?

VirusBarrier X6, 1yr - $50/3yr - $100 and covers 2 Macs. My senior memory is that Randy is running this software; no problems.

To those of you who believe nothing is necessary other than vigilance, since we never know when the idiot out there is going to finally write something that is going to screw the pooch,

$33/yr with VB seems like cheap insurance for two machines!?

As always, all thoughts appreciated.
 
Joined
Aug 15, 2011
Messages
51
Reaction score
1
Points
8
Your Mac's Specs
Mid '10 MacBook Pro, 128GB iPhone 6, 160GB iPod Classic, 32GB iPad 4th Gen, AirPort Extreme, AppleTV
Suspected Bot on MBP

As I previously posted, I received a warning from my ISP (Comcast) which stated they suspect I have a bot on my MacBook Pro. Thanks to the advice of the helpful members here, I have tried a few things which should put my mind at ease, but I'm still paranoid.

I used Terminal to check if I somehow got the Flash updater malware in Safari, and that test came out good.

I scanned the full system with ClamXav, and that found nothing.

I scanned the full system with BitDefender, and that found nothing.

Am I in the clear? I don't understand where this Bot warning came from if everything is fine. Is there anything else I should try? Or is this just a fluke? Could it have been some of my own activity that made them think it was a bot?

Thanks a million!
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,832
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
Stop worrying about it. You're in the clear, it's Comcast that's paranoid. ;)
 
Joined
Mar 13, 2012
Messages
21
Reaction score
0
Points
1
Location
Ft Lauderdale FL
Your Mac's Specs
late 09 mac mini, core 2 duo 2.53, 4 gigs 1330 DDR3, 320 Gig HD, Samsung external DVD Burner
Passwords

Heck of a post/sticky...nice job!:) I've used the program "1Password"...very very handy for remembering passwords & "auto-loading" them when necessary.

- Nick
I live in a duel environment and use robo form on my mac and PC with the PC you get the opportunity to make up passwords with it that can be pretty close to bullet proof, I will look to see if you can do the same for mac's.:D
 

chscag

Well-known member
Staff member
Admin
Joined
Jan 23, 2008
Messages
65,248
Reaction score
1,832
Points
113
Location
Keller, Texas
Your Mac's Specs
2017 27" iMac, 10.5" iPad Pro, iPhone 8, iPhone 11, iPhone 12 Mini, Numerous iPods, Monterey
We recommend using 1Password to store all your passwords, private information, serial numbers, etc. In addition it can create and store very strong passwords which nowadays is a must. Take a look at it and perhaps download a trial version to test. Here is the LINK.
 
Joined
Dec 30, 2012
Messages
15
Reaction score
0
Points
1
Location
Scotland
Your Mac's Specs
2.5 Ghz Intel Core i5, 4GB 1600 MHz DDR3, Intel HD Graphics 4000 512 MB. OS X 10.9.1 Late 2012
I've heard some horror stories with MacKeeper, certainly one to stay away from! Using ClamXav myself (for peace of mind) minimal memory usage and does the job! I would certainly re-itterate what other members have said go for that if, like me, even for peace of mind and just as a precaution!

Regards.
 
Joined
Feb 1, 2011
Messages
3,667
Reaction score
1,243
Points
113
Location
Sacramento, California
...MacKeeper, certainly one to stay away from! Using ClamXav myself...

Thomas Reed maintains an excellent Web site on the topic of Macintosh malware (with an associated Macintosh Malware catalog):
Thomas' Tech Corner » Mac Malware Guide : What are the threats?
Thomas' Corner : Mac Malware Guide

Thomas has published online the results of a huge comparison test between a large number of Macintosh anti-virus programs:
Thomas' Tech Corner » Mac anti-virus detection rates

You can download the compiled data in a table here:
http://www.reedcorner.net/downloads/malware_detections.pdf

Interesting tidbits from the results:
- None of the AV programs were 100% effective at detecting all malware
- ClamXav is surprisingly ineffective
- Sophos AV, Dr. Web Light, and Virus Barrier Express, all free, are quite good
- MacKeeper, MacScan, and Kaperski are all just about worthless

An interesting update on this...
As a result of that comparison test Thomas Reed reports that ClamXav has since been updated to identify just about all of the malware that it couldn't detect.

Thomas has been in contact with a number of the other AV software vendors as a result of his comparison test, and he expects to run the test again in a few months, as several of the vendors have or will be updating their products.

A quote:
"As of today, all Mac malware is either extinct or cannot infect a properly-updated machine. Although there are situations that can lead to infection, they require dangerous behavior on the user’s part, such as not updating their systems or downloading software from bad sources, such as through most torrent applications. Right now, anti-virus software is still not necessary for most users."
Thomas' Tech Corner » A look back at 12 years of Mac malware
 

pigoo3

Well-known member
Staff member
Admin
Joined
May 20, 2008
Messages
44,056
Reaction score
1,275
Points
113
Location
U.S.
Your Mac's Specs
2011 17" MBP 2.2ghz, 16gig ram, OS 10.11.6
Thomas Reed maintains an excellent Web site on the topic of Macintosh malware (with an associated Macintosh Malware catalog):
Thomas' Tech Corner » Mac Malware Guide : What are the threats?
Thomas' Corner : Mac Malware Guide

Thomas has published online the results of a huge comparison test between a large number of Macintosh anti-virus programs:
Thomas' Tech Corner » Mac anti-virus detection rates

You can download the compiled data in a table here:
http://www.reedcorner.net/downloads/malware_detections.pdf

Interesting tidbits from the results:
- None of the AV programs were 100% effective at detecting all malware
- ClamXav is surprisingly ineffective
- Sophos AV, Dr. Web Light, and Virus Barrier Express, all free, are quite good
- MacKeeper, MacScan, and Kaperski are all just about worthless

Thanks Randy. "Awesomely" informative post!:)

- Nick
 
Joined
Feb 1, 2011
Messages
3,667
Reaction score
1,243
Points
113
Location
Sacramento, California
Anti-Virus Program Comparison Test

Thomas has published online the results of a huge comparison test between a large number of Macintosh anti-virus programs:
Thomas' Tech Corner » Mac anti-virus detection rates


Thomas Reed has once again tested most of the anti-virus programs for the Macintosh. Some of the programs have improved significantly since his last test.

Mac anti-virus testing, part 2
The Safe Mac » Mac anti-virus testing, part 2

The results are compiled in this PDF:
http://www.reedcorner.net/downloads/malware_scan_results_2013.pdf

Interesting tidbits from the results:
- Virus Barrier (both the free Express version and the commercial version), Dr. Web, and Avast!, all free programs, were able to detect 100% of active malware. Other did less well.
- ClamXav (a popular free anti-virus program) only detected 83% of active malware.

A quote:
"However, it is important to keep in mind that Mac OS X already does an admirable job of protecting against malware. At this time, there is no known malware capable of infecting a Mac running a properly-updated version of Mac OS X 10.6 or later, with all security settings left at the default (at a minimum)."
 
Joined
Dec 30, 2012
Messages
15
Reaction score
0
Points
1
Location
Scotland
Your Mac's Specs
2.5 Ghz Intel Core i5, 4GB 1600 MHz DDR3, Intel HD Graphics 4000 512 MB. OS X 10.9.1 Late 2012
Thomas Reed has once again tested most of the anti-virus programs for the Macintosh. Some of the programs have improved significantly since his last test...

Excellent article! It's good to see a 'real' indication of the performance of each engine!
 
Joined
Dec 4, 2009
Messages
16
Reaction score
0
Points
1
So I have Mac Keeper loaded, and I would like to uninstall it. How do I?
 
Status
Not open for further replies.

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top