Loading ...
Sorry, an error occurred while loading the content.
 

Re: [wpmac] Free anti-virus software for OSX

Expand Messages
  • Randy B. Singer
    ... There are no viruses for OS X, it s true. But beyond that, the malware picture for the Macintosh, though rosy, isn t as simple as the Mac is immune or
    Message 1 of 17 , Aug 31, 2007
      On Aug 31, 2007, at 5:57 PM, John Rethorst wrote:

      > > The problem is that ClamXav uses ClamAV's
      > > anti-viral database, with few additions in consideration of the
      > > Macintosh.
      >
      > But at this point there are no additions to be made, since there
      > are no OSX viruses.

      There are no viruses for OS X, it's true.

      But beyond that, the malware picture for the Macintosh, though rosy,
      isn't as simple as "the Mac is immune" or "none exists." There *is*
      malware that can infect your Mac. It's just very, very rare.

      There are several Trojans/worms for OS X (not just "concepts"), but
      they are incredibly rare, and they aren't self-propogating, so you are
      unlikely to encounter them, and only then if you engage in downloading
      from peer to peer networks. Trojans for OS X include Opener/Renepo, the
      WordInstaller Trojan, MacCowHand, and MP3/Concept. MP3/Concept does not
      exist in the wild as anything other than a proof-of-concept.
      http://www.sophos.com/virusinfo/analyses/maccowhanda.html
      http://www.sophos.com/virusinfo/analyses/shrenepoa.html
      http://vil.nai.com/vil/content/v_129163.htm
      http://www.macintouch.com/opener.html
      http://securityresponse.symantec.com/avcenter/venc/data/
      macos.mw2004.trojan.html
      http://www.macworld.co.uk/news/index.cfm?NewsID=8651
      http://www.intego.com/news/pr41.asp
      http://www.securityfocus.com/archive/1/395107/2005-04-03/2005-04-09/0

      As for MP3/Concept, when someone posts a proof-of-concept on the
      Internet, my personal feeling is that it is sort of like providing a
      construction kit for psychopathic geeks to create malware. Thus, the
      mere
      existence of such a proof-of-concept on the Internet heralds the need
      for
      increased vigilance.
      (Many of the more common OS 8/9 viruses were simply minor updates of
      the same two or three viruses.)

      There are a ton of Word and Excel macro
      viruses that are cross platform. Literally hundreds of them. Of
      course, these are no threat whatsoever to you if you don't have
      Microsoft Office. If you turn on "Macro Virus Protection" in Word
      and Excel, macros can't run automatically, giving you great
      protection, as long as you don't make a wrong choice and allow a
      malicious macro to run.

      There are classic viruses (for OS 8/9) that can infect Classic running
      under OS X, but they have become very rare because they were designed to
      propagate via floppy, and Macs haven't used floppies in ages. (Folks
      don't seem to share user-recorded CD's like they did floppies.)

      So, your chances of encountering any malware at all, if you are running
      OS X, is miniscule. But Mac malware does exist. Most Mac users feel
      that using anti-viral software
      is a waste of money, and I don't disagree. However, some folks
      simply must have anti-virus software, for various reasons. One is
      that they are running a business and their date is very valuable/
      important and they are required to do everything necessary to protect
      it. In fact, if anything happened to some business users' data, and
      it was discovered that they did not have anti-virus software
      installed, they could be considered to be negligent just by that fact
      alone. The other instance is if you are on a business network. Many
      companies require you to have anti-virus software. It doesn't matter
      that you have a Mac, they don't want to hear it, you must have AV
      software.

      Also, some folks want to be among the very earliest to receive
      protection if a new, very malicious and virulent threat arises. Good
      commercial AV companies, like Intego, as I said previously, band
      together with others to find new threats, test them, and share them,
      as early as possible. The ClamAV project isn't part of this effort.
      When a new threat is discovered, users of a good commercial AV
      product might receive updated definitions automatically via the
      Internet as much as a week before folks on discussion lists and Mac
      news sites even hear about the new threat!

      I have used anti-virus software religiously for at
      least the last couple of decades, and its been a long while since it
      flagged anything other than a Windows virus that has shown up as an
      e-mail attachment. (Windows viruses are completely harmless to
      Macs.) But I have client files on my computer. I can't be without
      AV software. Being without it would be per se negligent.


      > > ClamXav *is* good at scanning for, and detecting Windows viruses on
      > > your Macintosh, but that is of questionable value, as these are
      > > harmless on the Mac, and they are easy to detect and just trash.
      > > (Usually they manifest themselves as gibberish e-mail
      > attachments.) A
      > > Macintosh is highly unlikely to spread Windows viruses to Windows
      > > users, so software to detect Windows viruses resident on a Mac is of
      > > questionable value.
      >
      > They're harmless on the Mac unless you pass them along to another
      > Windows user. A Mac can spread Microsoft macro viruses to PCs as
      > fast as a PC can.

      No, it can't; at least not if a normal user is involved. Many PC
      viruses, and almost all of the ones that show up on a Mac, are self-
      propagating. Since PC viruses don't run on a Mac, they can't mail
      themselves out. That has to be done manually by the user for the
      virus to spread.

      A PC virus on a Mac is easy to spot. They are almost always a
      gibberish file attachment to an e-mail. You would either have to
      purposely want to send a viral attachment to someone else, or be
      foolish enough to forward a file that you haven't looked at and don't
      recognize to someone else, to spread a PC virus. I guess that both
      of these happen, but I doubt that they happen with any kind of
      significant frequency.

      The claim that "Macs spread PC viruses" is mostly just propaganda
      spread by Windows apologists hoping to keep Macs off their networks.

      ___________________________________________
      Randy B. Singer
      Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

      Macintosh OS X Routine Maintenance
      http://www.macattorney.com/ts.html
      ___________________________________________
    • John Rethorst
      ... That s true. John R.
      Message 2 of 17 , Sep 1, 2007
        --- In wordperfectmac@yahoogroups.com, "Randy B. Singer" <randy@...> wrote:

        > > They're harmless on the Mac unless you pass them along to another
        > > Windows user. A Mac can spread Microsoft macro viruses to PCs as
        > > fast as a PC can.
        >
        > No, it can't; at least not if a normal user is involved. Many PC
        > viruses, and almost all of the ones that show up on a Mac, are self-
        > propagating. Since PC viruses don't run on a Mac, they can't mail
        > themselves out. That has to be done manually by the user for the
        > virus to spread.

        That's true.

        John R.
      • Phillip Jones, C.E.T.
        I am trying the trial version of virusBarrierX after I installed I tried out the manual test and even though I know it just scans and doesn t repair; I noticed
        Message 3 of 17 , Sep 1, 2007
          I am trying the trial version of virusBarrierX

          after I installed I tried out the manual test and even though I know it
          just scans and doesn't repair; I noticed what it did was cycle back and
          forth. It counted from 100% down to 0 Percent% it had gone through this
          twice before I notice it cycling back and forth. Is this normal. Looks
          Like it would count files to determine how many there are to look at
          then count to 100% to test. then when you get to 100% check it would
          shut down. Should I have just let it cycle back and forth?
        • Randy B. Singer
          ... I really don t know what you are referring to. But then again, once you have installed VB, you never have to do a manual scan again. So if you can live
          Message 4 of 17 , Sep 1, 2007
            On Sep 1, 2007, at 11:19 AM, Phillip Jones, C.E.T. wrote:

            > after I installed I tried out the manual test and even though I
            > know it
            > just scans and doesn't repair; I noticed what it did was cycle back
            > and
            > forth. It counted from 100% down to 0 Percent% it had gone through
            > this
            > twice before I notice it cycling back and forth. Is this normal. Looks
            > Like it would count files to determine how many there are to look at
            > then count to 100% to test. then when you get to 100% check it would
            > shut down. Should I have just let it cycle back and forth?

            I really don't know what you are referring to.

            But then again, once you have installed VB, you never have to do a
            manual scan again. So if you can live with what it is doing, and it
            can get through a scan, you're good.

            There is a test (harmless) virus that you can download to see if the
            program works:

            EICAR virus
            http://www.eicar.org/anti_virus_test_file.htm


            ___________________________________________
            Randy B. Singer
            Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

            Macintosh OS X Routine Maintenance
            http://www.macattorney.com/ts.html
            ___________________________________________
          • Phillip Jones, C.E.T.
            Nope I think I ll leave the harmless test virus alone. For some reason it found some type of OS 9 Virus on my OS9 drive even though there is no way to set for
            Message 5 of 17 , Sep 2, 2007
              Nope I think I'll leave the harmless test virus alone. For some reason
              it found some type of OS 9 Virus on my OS9 drive even though there is no
              way to set for a particular drive. It found 2 OS9 Viruses but took an
              hour and three quarters to check both drives.

              Randy B. Singer wrote:
              >
              >
              >
              > On Sep 1, 2007, at 11:19 AM, Phillip Jones, C.E.T. wrote:
              >
              > > after I installed I tried out the manual test and even though I
              > > know it
              > > just scans and doesn't repair; I noticed what it did was cycle back
              > > and
              > > forth. It counted from 100% down to 0 Percent% it had gone through
              > > this
              > > twice before I notice it cycling back and forth. Is this normal. Looks
              > > Like it would count files to determine how many there are to look at
              > > then count to 100% to test. then when you get to 100% check it would
              > > shut down. Should I have just let it cycle back and forth?
              >
              > I really don't know what you are referring to.
              >
              > But then again, once you have installed VB, you never have to do a
              > manual scan again. So if you can live with what it is doing, and it
              > can get through a scan, you're good.
              >
              > There is a test (harmless) virus that you can download to see if the
              > program works:
              >
              > EICAR virus
              > http://www.eicar.org/anti_virus_test_file.htm
              > <http://www.eicar.org/anti_virus_test_file.htm>
              >
              > ___________________________________________
              > Randy B. Singer
              > Co-author of The Macintosh Bible (4th, 5th, and 6th editions)
              >
              > Macintosh OS X Routine Maintenance
              > http://www.macattorney.com/ts.html <http://www.macattorney.com/ts.html>
              > ___________________________________________
              >
              >

              --
              ------------------------------------------------------------------------
              Phillip M. Jones, CET |LIFE MEMBER: VPEA ETA-I, NESDA, ISCET, Sterling
              616 Liberty Street |Who's Who. PHONE:276-632-5045, FAX:276-632-0868
              Martinsville Va 24112 |pjones@..., ICQ11269732, AIM pjonescet
              ------------------------------------------------------------------------

              If it's "fixed", don't "break it"!

              mailto:pjones@...

              <http://www.kimbanet.com/~pjones/default.htm>
              <http://www.kimbanet.com/~pjones/90th_Birthday/index.htm>
              <http://www.kimbanet.com/~pjones/Fulcher/default.html>
              <http://www.kimbanet.com/~pjones/Harris/default.htm>
              <http://www.kimbanet.com/~pjones/Jones/default.htm>

              <http://www.vpea.org>
            • John Rethorst
              ... ClamXAV does not let you scan the entire startup disk, since Apple includes a symbolic link to that disk on that disk. When the scan reaches the link it
              Message 6 of 17 , Sep 2, 2007
                --- In wordperfectmac@yahoogroups.com, "Phillip Jones, C.E.T." <pjones1@...> wrote:
                >
                > I am trying the trial version of virusBarrierX
                >
                > after I installed I tried out the manual test and even though I know it
                > just scans and doesn't repair; I noticed what it did was cycle back and
                > forth. It counted from 100% down to 0 Percent% it had gone through this
                > twice before I notice it cycling back and forth. Is this normal. Looks
                > Like it would count files to determine how many there are to look at
                > then count to 100% to test. then when you get to 100% check it would
                > shut down. Should I have just let it cycle back and forth?

                ClamXAV does not let you scan the entire startup disk, since Apple
                includes a symbolic link to that disk on that disk. When the scan
                reaches the link it begins to scan the disk again, recursively. With
                Clam, you can effectively scan the entire startup disk by selecting
                every visible item on the disk, in the Select dialog. VirusBarrierX
                might have the same issue.

                John R.
              • Randy B. Singer
                ... Well, that s what you use an anti-virus program for. ... As I said, once you install VirusBarrier, you only ever have to do a scan of your complete drive
                Message 7 of 17 , Sep 2, 2007
                  On Sep 2, 2007, at 7:40 AM, Phillip Jones, C.E.T. wrote:

                  > Nope I think I'll leave the harmless test virus alone. For some reason
                  > it found some type of OS 9 Virus on my OS9 drive even though there
                  > is no
                  > way to set for a particular drive.

                  Well, that's what you use an anti-virus program for.

                  > It found 2 OS9 Viruses but took an
                  > hour and three quarters to check both drives.

                  As I said, once you install VirusBarrier, you only ever have to do a
                  scan of your complete drive once. From then on it works
                  automatically to check any new or changed software.

                  ___________________________________________
                  Randy B. Singer
                  Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

                  Macintosh OS X Routine Maintenance
                  http://www.macattorney.com/ts.html
                  ___________________________________________
                Your message has been successfully submitted and would be delivered to recipients shortly.