The Official Mac AntiVirus and Firewall FAQ

[cwa107]

Nope, she just saw an animated ad. Nothing to worry about, your machine is fine.

 

[nammar]

Hi,

I am new to mac os x , how can I grep all files of size 1M for example ?

thanks

 

[homeschool mom]

I believe this may be somewhat on this topic. One of my email contacts has alerted me that emails that I respond to from him give him a warning not to open on his end. My Macbook Pro running snow leopard has been fine and not showing any signs of doing strange things. Another friend said (also PC user) said that in the last couple weeks much of the mail she sent me was bounced back due to viruses that my mac would not accept. Has anyone else experienced either of these issues? What are some ways I could check to be sure that there is nothing going on in my Mac that I don't want. I don't run virus detection soft ware at this time, would adding one be prudent? Thank you.

 

[bobtomay]

Your MacBook Pro would be running fine, since at this time there have not been and still are no viruses in the wild that can run in OS X.

If you receive and open attachments that others send you, it is possible that you have files on your Mac that contain windows viruses.

The only way you could be sending one to someone else would be by attaching that infected file and forwarding it on to someone else. It still would do nothing but sit on your Mac.

Since you have no anti-virus running, your computer would not kick back an email to anyone because of it containing a virus. How would your Mac know? That would be your ISP doing that and nothing to do whatsoever with your Mac.

My guess is, the one claiming to be having their email kicked back has sent you virus containing email which got through your ISP's check and you have then forwarded it on to the one claiming to be receiving infected email.

 

[cwa107]

Don't forget that there are mail servers between you and your recipients / senders. All your Mail program does is transmit and receive from your Internet Service Provider (ISP)'s mail server. And conversely, the same goes for your contacts. And there are lots of little anomalies that can happen during the process. A lot of my users forget about this and get irritated when I remind them that Email, in general, is not a guaranteed transmission medium. There is no direct handshake between the recipient and the sender.

One of the complaints I often see from my users is that they get a bounce-back message for an email that they never sent. Immediately, they assume they must have a virus. What happened in reality is that one of their contacts out on the Internet has their email address in their contact list. They became infected with a virus, the virus harvests their address book and uses their address as the "from:" address when trying to send itself to others. When those emails are sent, their mail server rejects the message as being virus infested and replies with a note out of courtesy, telling the supposed sender that they are trying to send out a malicious message. What actually happened is that they did nothing, the only thing they were guilty of was being a contact on an infected machine. I know that story is kind of hard to follow, but it's typical of the kind of anomalies I'm referring to.

 

[helmet_d]

mail Worm ?

my internet provider has informed me that my routers mac address has been responsible for 5000 SPAM emails

could it be a worm
are there mac worms ??


mac book
snow leopard
airport extreme


thanks
D

 

[cwa107]

my internet provider has informed me that my routers mac address has been responsible for 5000 SPAM emails

could it be a worm
are there mac worms ??


mac book
snow leopard
airport extreme


thanks
D

There are no known viruses currently in the wild for Mac OS X. With that said, if someone else is riding on your wireless network, it's possible that they may be using it as a spam relay. Do you have any security on your wireless network?

 

[didymus]

The idea that the Mac is completely virus free is erroneous - the number out there is very limited, e.g., I've seen 7 quoted as the total number, but the idiots who develop these things are continually working to "improve" their products and get them on to everyone's machine.

Sure - there are so few that they may never hit you, at the moment, but time brings changes and having an anti-virus and anti-malware program on your machine is being better safe than sorry!

Read, for example, this: Kaspersky Unveils Antivirus for Mac - PC World and this: iAntiVirus - Free AntiVirus for Mac is free and built specifically for the Mac.

 

[cwa107]

The idea that the Mac is completely virus free is erroneous -

There are very important differences between a virus, a worm and a trojan.

A virus is malicious program that is self-replicating (key distinction) and can infect existing files. It is usually transmitted via email or removable media and from there, will infect a machine and spread to others. There are NO true viruses for Mac OS X at this time.

A worm takes advantage of a security flaw to copy itself to multiple machines (one on Mac OS X, patched with a security fix).

A trojan is more of a social engineering tactic - it's simply a malicious program disguised as a desirable one. These are easily avoided by being judicious about using your admin password when you're installing a program from a foreign source. (2 or 3 different variations on the same DNS redirector. Usually included with pirated software or video players on seedy sites).

My advice, which I have given in this thread on countless occasions, still stands. Follow these three rules and you will not need to worry about malware on a Mac (at least not at this juncture):

1. Don't pirate software.
2. Be judicious about where you download your software from.
3. NEVER enter your admin password when prompted during a software install, unless you trust the source and know exactly what the program is and what it does.

Now, this is subject to change - but right now, AV solutions just aren't necessary. Particularly if you use just a modicum of common sense when dealing with software.

 

[didymus]

There are very important differences between a virus, a worm and a trojan.

Yes, indeed - I ought to have been more specific in the claim However, my concern stands - when I read posts about this problem (not only in this thread) I sense a degree of complacency on the subject. ("Oh, I'm so glad to have switched to the Mac, because it is virus free!") I've read a number of articles (usually associated with the sale of anti-malware systems - which is perhaps a matter of special pleading!) that deal with this issue and it does seem that most providers of AV software are getting into the provision of systems to protect the Mac - e.g, Malware authors target Mac emerging markets ? The Register And when installing a free anti-virus, anti-worm, anti-trojan piece of software is such a straightforward process, it seems a pity not to take advantage.

 

[bobtomay]

It seems a pity to me, to have a program running on my machine, eating resources that is not wanted, not needed and not required at this time due to the propaganda put out by the anti-virus companies feeding on the fear of ex Windows users.

Even Kaspersky admits as much in the link you provided.

Just because they have not been infected in the past does not mean they are safe now.

So, while it may be possible for a virus/malware to exist that can infect a Mac, when it happens it will be on practically every media outlet you can name.

In the meanwhile, since there have not been any, exactly what are they scanning for? How would any of them recognize a virus or piece of malware?

Even the Windows anti-virus apps scan based on known viruses and educated guesses (aka as heuristics). Those updates they're coming out with all the time are for new ones that have been found. imho: It is unlikely that the first virus that hits OS X will be found by any of the current batch of anti-virus apps until they have been updated to recognize it. I see absolutely no benefit in running such a thing on my computer. But, each to their own.

The last link from The Register has Sophos quoted as: "...predicts that...". These "predictions" have been around for years and come from the purveyors of anti-virus software. The article even says: "Reg Hardware editor Tony Smith said that the last 'serious' Mac virus affected Mac OS 7 (circa 1992)". You can draw your own conclusions.

 

[rhone]

This is ridiculous. Isn't it time to close this topic and start a new sticky that begins with information about Mac and viruses that is newer than 2005? I'm not reading through 21 pages...

Please don't get me wrong. I think this is valuable information, but can't it start afresh with more up to date information from the get go?

 

[D3v1L80Y]

This is ridiculous. Isn't it time to close this topic and start a new sticky that begins with information about Mac and viruses that is newer than 2005? I'm not reading through 21 pages...

You don't have to read through 21 pages.
You can search within a thread for keywords or phrases by using the link at the top of every thread.
It is much easier to use that and search through only 21 pages of one thread than it is to search the entire forum.
(see attached image)

Please don't get me wrong. I think this is valuable information, but can't it start afresh with more up to date information from the get go?

The information here is up to date. Just because a thread is started in 2005 doesn't mean that its information is necessarily invalid.

OS X has been around since 2001 and still doesn't have any viruses.
The information and advice really hasn't changed since then.

Besides, this thread may be four years old, but it has been active for the entire four years and has been updated if and when any new information becomes available.

 

[bobtomay]

While it may be dated in 2005, the information in the very first post has not changed - at all. It provides all the information necessary for one to make an educated decision as to whether you want to run an anti-virus product in OS X.

There still has been no virus or spyware released for OS X to date.

 

[rhone]

I can't tell that from the first post (that it's still up to date). Maybe an edit at the top of the post saying "as of date x, this is still valid."

And what about this? I know it's 3 years old (Feb 2006), but it kind of makes the statement about not ever being a virus for OS X, well, no longer up to date:
Mac OS X Virus Alert - Sophos Anti Virus has found the first 'real virus' for Mac OS X known as OSX/Leap-A or OSX/Oompa-A. The OSX/Leap worm or trojan is spread via instant messenger forwarding itself as a file named 'latestpics.tgz'. When launched the worm attempts to spread via iChat sending itself to the users buddy list. The application will also try to infect the recently used applications.

 

[rhone]

You don't have to read through 21 pages.
You can search within a thread for keywords or phrases by using the link at the top of every thread.
It is much easier to use that and search through only 21 pages of one thread than it is to search the entire forum.
(see attached image)

The information here is up to date. Just because a thread is started in 2005 doesn't mean that its information is necessarily invalid.

OS X has been around since 2001 and still doesn't have any viruses.
The information and advice really hasn't changed since then.

Besides, this thread may be four years old, but it has been active for the entire four years and has been updated if and when any new information becomes available.

Again, that's my point. I shouldn't have to search through 21 pages to find what's up to date and what has been replaced by new information. I'll just google for something that's been written about the topic in late 2009.

Sorry, I'm really not trying to argue or be difficult, and what you suggest might work for some--or most even--I'm just offering my viewpoint. To me, I'll just google it elsewhere because of the dated nature of this sticky, thus obviating the utility of the sticky to me.

It's just a suggestion, FWIW, and I know it would take someone time and effort, so I'm certainly not going to get upset about it, because I have nothing to offer myself.

 

[cwa107]

I can't tell that from the first post (that it's still up to date). Maybe an edit at the top of the post saying "as of date x, this is still valid."

And what about this? I know it's 3 years old (Feb 2006), but it kind of makes the statement about not ever being a virus for OS X, well, no longer up to date:
Mac OS X Virus Alert - Sophos Anti Virus has found the first 'real virus' for Mac OS X known as OSX/Leap-A or OSX/Oompa-A. The OSX/Leap worm or trojan is spread via instant messenger forwarding itself as a file named 'latestpics.tgz'. When launched the worm attempts to spread via iChat sending itself to the users buddy list. The application will also try to infect the recently used applications.

Actually not a virus, it's more like a worm, but it's really not even that clever since the user has to purposely initiate it. Regardless, the flaw that it exploited has long since been patched.

 

[D3v1L80Y]

...it kind of makes the statement about not ever being a virus for OS X, well, no longer up to date:
Mac OS X Virus Alert - Sophos Anti Virus has found the first 'real virus' for Mac OS X known as OSX/Leap-A or OSX/Oompa-A. The OSX/Leap worm or trojan ....

No, it doesn't.

Worms and Trojans are not viruses.

A Trojan is a program that does something undocumented which the programmer intended, but that the user would not approve of if he or she knew about it.
A Trojan cannot self-replicate like a virus.

Worms are similar to a virus, but they are functionally different.
A Worm exists as a separate entity. Unlike viruses, Worms do not attach themselves to other files or programs.


Also, as was already pointed out, the Leap-A worm was patched long ago.
Had you continued your search, you would have located this information.

Again, that's my point. I shouldn't have to search through 21 pages to find what's up to date and what has been replaced by new information. I'll just google for something that's been written about the topic in late 2009.

You honestly didn't even need to use the search within the thread feature to find information from 2009.
If you just went back a mere three pages, you would have found this:

http://www.mac-forums.com/forums/sw...mac-antivirus-firewall-faq-18.html#post876122

 

[rhone]

Got it. Thanks for the clarification about the virus thing.

You honestly didn't even need to use the search within the thread feature to find information from 2009.
If you just went back a mere three pages, you would have found this:

http://www.mac-forums.com/forums/sw...mac-antivirus-firewall-faq-18.html#post876122

Touche'!

 

[harryb2448]

And have a read of this rhone:-

Mac OS X anti-virus software: More trouble than it's worth? | MacFixIt - CNET Reviews

Particularly about Sophos half way down.

It is also three years old but nothing has changed.