The Official Mac AntiVirus and Firewall FAQ

[cwa107]

I know there are no Mac viruses in the wild, but what about keyloggers? And I should probably know this before asking if there are keyloggers in the wild, but when someone says "in the wild" in regards to viruses, that means you won't get one just by going to a website, right? I think it does but I just want to be sure.

In the wild means that the malware is available in the general public (not in a lab environment).

Yes, there are keyloggers for Mac OS X, but none that are installed without your (or someone else's) physical interaction with the machine.

 

[Skipper76]

My cousin has sent me this puzzling message, "YOUR MAIL IS COMING IN RED INK AND A WARNING OF PHISHING". I'm running V 10.6.2 with no PC enabling software, so my computer should be clean. He's sent me similar messages in the past. Any idea why he thinks I'm sending corrupted emails?

 

[cwa107]

My cousin has sent me this puzzling message, "YOUR MAIL IS COMING IN RED INK AND A WARNING OF PHISHING". I'm running V 10.6.2 with no PC enabling software, so my computer should be clean. He's sent me similar messages in the past. Any idea why he thinks I'm sending corrupted emails?

Hard to say without reviewing the content of the message itself. If it's something you've forwarded onto him, the content of the message (or links within the message) could be construed as a phishing attempt by his email client.

If the message is not something you sent, but appears to have come from you, it could very well be a spoof email that just happens to use your address as the sender. This is a common phenomena that can be confusing for the recipient. Long story made short, it's possible for someone to become infected with malware that harvests the addresses for that person's contact list, it then uses those addresses in the "FROM:" field to try to obscure the actual source of the malicious email. The net effect is that you've don't nothing at all, it's just that the message appears to have come from you.

Most people don't realize that you can easily spoof the "FROM:" address in an email. For example, I can send you an email today that appears to come from "[email protected]", when in reality it came from a random SMTP gateway that just happens not to have any kind of authentication mechanism.

 

[McBie]

A quick look at the E-mail header ( view --> message --> raw source ( or long headers ) will tell you a bit more about the E-mail

Cheers ... McBie

 

[dtravis7]

Most people don't realize that you can easily spoof the "FROM:" address in an email. For example, I can send you an email today that appears to come from "[email protected]", when in reality it came from a random SMTP gateway that just happens not to have any kind of authentication mechanism.

As a joke to a friend who loves jokes, I used Windows 2k Servers SMTP client once. Sent him an email from bill gates telling him to quit pirating our Microsoft Windows Xp or we will take measures against him. He actually believed it and called me in a panic!

So yes, it can and does happen.

I did the joke to scare him because of his pirated Windows hoping he might purchase it legally. He did actually!

 

[Skipper76]

...If it's something you've forwarded onto him, the content of the message (or links within the message) could be construed as a phishing attempt by his email client. If the message is not something you sent, but appears to have come from you, it could very well be a spoof email that just happens to use your address as the sender.

A quick look at the E-mail header ( view --> message --> raw source ( or long headers ) will tell you a bit more about the E-mail

His comments usually come back after I've forwarded something, so perhaps it's perceived as something odd by the client. I always try to trim down anything I sent anyone, including all the previous forwards - maybe I'm cutting out some key identification that would indicate my forwarded message is authentic - and harmless. I'll ask him to check the header also. He seems to be the only one who has this problem.

I really appreciate your sound advice. Thank you both...

 

[mtbinva]

Sometimes Virus software clients for emails will auto-generate a response to a threat or perceived threat and email back the offending sender in hopes of warning the sender of a possible situation. The result is supposed to have a twofold purpose, one, to warn the sender their system may be compromised or infected, and two, have the offending sender resolve the situation so they do not spread the virus further.

 

[Skipper76]

I had a PC from 1982 until December 2008, and remember quite vividly the warnings and scares over perceived threats. So happy I switched to an iMac! I'm getting a MacBook next. I trust a Mac, which is why I want to prove to my cousin that I can't be sending him polluted material.

 

[Skipper76]

I cut and pasted some of the comments in a message to my cousin and he replied, "...it isn't in red on this email..its when its attached...but yet if i scroll down it appears and i can see it..."

Does that provide any more information on what's happening?

 

[Skipper76]

I attached a document and asked, "Does this attachment prompt a warning or anything?"

His answer:
YES IT DOES ..I COULDN'T RESPOND TO YOU BECAUSE OF IT...IT BLOCKS MY RETURN MAIL OPTION...SO I DIDN'T OPEN IT AND SENT THIS NEW E MAIL TO YOU...

Anything make sense yet?

 

[cwa107]

Not enough info. It's like calling your mechanic and saying "my car is making a noise and doesn't work - what's wrong?".

 

[TheJoker]

p2p sharing

So I'm brand new to a mac of about a week.. I'm glad I found this forum. If there is "no virus" for the os x then is p2p safe?

 

[TattooedMac]

So I'm brand new to a mac of about a week.. I'm glad I found this forum. If there is "no virus" for the os x then is p2p safe?

p2p is safe, and as long as you use safe work practices and dont dl illegal stuff you should be ok.
There was a trojan doing the rounds in a iLife 09 torrent, but as im aware that is about it.


Cheers

 

[cwa107]

So I'm brand new to a mac of about a week.. I'm glad I found this forum. If there is "no virus" for the os x then is p2p safe?

Safe? It depends on how you define safety. If you're just concerned about traditional viruses, sure. But P2P networks and clients are a lot more dangerous than just that.

First and foremost, many popular P2P clients like Limewire open up holes in your computer's defenses and you have to trust that the vendor has their software secured. That might be an acceptable risk to you, but did you know that Limewire has had several exploits created for it?

Additionally, many P2P network, particularly the Gnutella network (which is what Limewire connects to) are heavily policed by the RIAA and MPAA, international trade groups that have made it their mission to sue every user sharing files that they can identify. If you're in the US, there have been hundreds of precedents of agents for the RIAA and MPAA successfully subpoenaing ISPs in order to get your identity and file suit.

In short, there's a lot more to worry about than just viruses if you're using P2P. As I always say - if it's worth listening to, watching or using, then it's worth buying.

 

[dtravis7]

CWA, well said and I agree completely. I will not use Limewire or any Gnutella network no matter what. Everyone I know who does runs into issues. Sure it gets me their business when I repair their computer, but why take the chance?

 

[TheJoker]

I don't use it unless I have to.. For rare music and such.. But I have been using limewire for like 5 years and I just download the files that look legit.. If I don't have limewire open is it still connected with the internet? And if its not connected it shouldn't be a problem right?

 

[cwa107]

I don't use it unless I have to.. For rare music and such.. But I have been using limewire for like 5 years and I just download the files that look legit.. If I don't have limewire open is it still connected with the internet? And if its not connected it shouldn't be a problem right?

I'm not familiar with the Mac version, but I have seen the Windows version make modifications to the TCP/IP stack and installing a separate client piece that keeps connections open even when Limewire is not. That may also be true of the Mac version, but I can't confirm that.

Limewire, in general, is bad news. If you need to P2P something (legal), I would recommend using a Bittorrent client instead.

 

[TheJoker]

I tried bittorrent and I couldn't figure it out...

 

[New2TheMac]

Are there rootkits for the Mac? If so would I get one just by going to a website?

And actually, in terms of any kind of internet nasties like trojans, worms, malware, etc, would I get any of that just by going to a website? I try to stay off of bad websites and of course I'm careful of where I enter my password.

 

[Chasingu]

Should I get anti virus software for my Mac since I have Windows on Boot Camp? I don't install anything on their and don't browse the web. It is just for online games. I also have anti virus on my Windows Partition, I just want to be safe.