Loading ...
Sorry, an error occurred while loading the content.

[OT] The sad state of anti-virus protection

Expand Messages
  • John R
    http://www.nytimes.com/2013/01/01/technology/antivirus-makers-work-on-software-to-catch-malware-more-effectively.html John R.
    Message 1 of 15 , Jan 1, 2013
    • 0 Attachment
    • Randy B. Singer
      ... That article really has little to do with the Macintosh malware scene. The malware situation for Windows and for the Mac are quite different, and you
      Message 2 of 15 , Jan 7, 2013
      • 0 Attachment
        On Jan 1, 2013, at 3:47 PM, John R wrote:

        > http://www.nytimes.com/2013/01/01/technology/antivirus-makers-work-on-software-to-catch-malware-more-effectively.html

        That article really has little to do with the Macintosh malware scene. The malware situation for Windows and for the Mac are quite different, and you can't really extrapolate from what is happening on Windows and project it onto the Macintosh.

        Thomas Reed maintains an excellent Web site on the topic of Macintosh malware (with an associated Macintosh Malware catalog):
        http://www.reedcorner.net/mmg-threats/
        http://www.reedcorner.net/mmg-catalog/

        Thomas has published online the results of a huge comparison test between a large number of Macintosh anti-virus programs:
        http://www.reedcorner.net/mac-av-detection-rates/

        You can download the raw data in a table here:
        http://www.reedcorner.net/downloads/malware_detections.pdf

        Interesting tidbits from the results:
        - None of the AV programs were 100% effective at detecting all malware
        - ClamXav is surprisingly ineffective
        - Sophos AV, Dr. Web Light, and Virus Barrier Express, all free, are quite good
        - MacKeeper, MacScan, and Kaperski are all just about worthless

        An interesting update on this...
        As a result of that comparison test Thomas Reed reports that ClamXav has since been updated to identify just about all of the malware that it couldn't detect.

        Thomas has been in contact with a number of the other AV software vendors as a result of his comparison test, and he expects to run the test again in a few months, as several of the vendors have or will be updating their products.

        ___________________________________________
        Randy B. Singer
        Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

        Macintosh OS X Routine Maintenance
        http://www.macattorney.com/ts.html
        ___________________________________________





        [Non-text portions of this message have been removed]
      • John R
        ... This is on http://www.reedcorner.net/a-look-back-at-12-years-of-mac-malware/ John R.
        Message 3 of 15 , Jan 8, 2013
        • 0 Attachment
          Nice links. Glad to have them, since I noticed he says:

          > of all the Mac malware that has appeared over the last 12 years,
          > almost 1/3 appeared in 2012, with 2011 in second place with 1/6
          > of appearances. If this trend continues, Mac users will need to
          > take security far more seriously than they do now.

          This is on http://www.reedcorner.net/a-look-back-at-12-years-of-mac-malware/

          John R.



          --- In wordperfectmac@yahoogroups.com, "Randy B. Singer" wrote:
          >
          >
          > On Jan 1, 2013, at 3:47 PM, John R wrote:
          >
          > > http://www.nytimes.com/2013/01/01/technology/antivirus-makers-work-on-software-to-catch-malware-more-effectively.html
          >
          > That article really has little to do with the Macintosh malware scene. The malware situation for Windows and for the Mac are quite different, and you can't really extrapolate from what is happening on Windows and project it onto the Macintosh.
          >
          > Thomas Reed maintains an excellent Web site on the topic of Macintosh malware (with an associated Macintosh Malware catalog):
          > http://www.reedcorner.net/mmg-threats/
          > http://www.reedcorner.net/mmg-catalog/
          >
          > Thomas has published online the results of a huge comparison test between a large number of Macintosh anti-virus programs:
          > http://www.reedcorner.net/mac-av-detection-rates/
          >
          > You can download the raw data in a table here:
          > http://www.reedcorner.net/downloads/malware_detections.pdf
          >
          > Interesting tidbits from the results:
          > - None of the AV programs were 100% effective at detecting all malware
          > - ClamXav is surprisingly ineffective
          > - Sophos AV, Dr. Web Light, and Virus Barrier Express, all free, are quite good
          > - MacKeeper, MacScan, and Kaperski are all just about worthless
          >
          > An interesting update on this...
          > As a result of that comparison test Thomas Reed reports that ClamXav has since been updated to identify just about all of the malware that it couldn't detect.
          >
          > Thomas has been in contact with a number of the other AV software vendors as a result of his comparison test, and he expects to run the test again in a few months, as several of the vendors have or will be updating their products.
          >
          > ___________________________________________
          > Randy B. Singer
          > Co-author of The Macintosh Bible (4th, 5th, and 6th editions)
          >
          > Macintosh OS X Routine Maintenance
          > http://www.macattorney.com/ts.html
          > ___________________________________________
          >
          >
          >
          >
          >
          > [Non-text portions of this message have been removed]
          >
        • Randy B. Singer
          ... Most of the malware that has appeared in the last year was targeted by China at Himalayan activists and has been essentially non-existant in the West.
          Message 4 of 15 , Jan 8, 2013
          • 0 Attachment
            On Jan 8, 2013, at 1:01 PM, John R wrote:

            > Nice links. Glad to have them, since I noticed he says:
            >
            > > of all the Mac malware that has appeared over the last 12 years,
            > > almost 1/3 appeared in 2012, with 2011 in second place with 1/6
            > > of appearances. If this trend continues, Mac users will need to
            > > take security far more seriously than they do now.

            Most of the malware that has appeared in the last year was targeted by China at Himalayan activists and has been essentially non-existant in the West. Even with all the resources of an entire country behind creating such malware, the Mac has been kept updated by Apple to keep it secure.

            At quick look at Thomas' malware catalog at:
            http://www.reedcorner.net/mmg-catalog/
            shows two things:

            1) That there are only 35 known pieces of malware for the Macintosh. Compare that list to the *over a million* (!) pieces of malware for Windows:
            http://news.bbc.co.uk/2/hi/technology/7340315.stm
            and the over 95,000 new threats for Windows *every day*!
            http://www.sophos.com/security/topic/security-threat-report-2011.html

            2) Only a couple of the pieces of malware in Thomas' catalog have a threat level as high as "low." The rest have a threat level of "very low" and most have a threat level of "none."

            The Macintosh is now more secure than it has ever been.

            Experts: OS X now much more secure than rivals
            http://www.macnn.com/articles/11/07/23/leapfrogs.windows.7.linux.but.still.not.perfect/
            or
            http://is.gd/20R6VD

            Lion Security: Building on the iOS Foundation
            http://tidbits.com/article/12417
            "...we have security options never before available to consumers"

            Major overhaul makes OS X Lion king of security
            http://www.theregister.co.uk/2011/07/21/mac_os_x_lion_security/

            Windows bigots have been saying that there will be lots of nasty malware for the mac "any day now" for as long as OS X has been around. However, OS X has been around for over a decade now. We shouldn't have listened to them then, and we don't need to listen to them now. There is no indication that OS X is going to be beset with malware anytime soon.

            Here is a fun article. It is simply entitled "Wolf." It is about the press crying "wolf" for the past decade with regard to the "coming wave of Mac malware."

            Daring Fireball: Wolf!
            http://daringfireball.net/2011/05/wolf

            Here's an interesting article about Mac Defender (the threat that everyone got all worked up about) and what Apple did behind the scenes:

            Mac Malware 'Explosion' Missing In Action
            http://www.tuaw.com/2011/07/21/mac-malware-explosion-missing-in-action/

            ___________________________________________
            Randy B. Singer
          • mxytsplyk
            Thank you, Randy, for putting this in perspective. There are reasons we use Macs and an operating system designed with security in mind (as BSD Unix was), is
            Message 5 of 15 , Jan 8, 2013
            • 0 Attachment
              Thank you, Randy, for putting this in perspective. There are reasons we use Macs and an operating system designed with security in mind (as BSD Unix was), is one of them.
            • John Kaufmann
              Randy, I echo the thanks expressed for your perspective. As a one-time Windows programmer, I was keenly aware of exploitable flaws that simply did not exist
              Message 6 of 15 , Jan 8, 2013
              • 0 Attachment
                Randy,

                I echo the thanks expressed for your perspective. As a one-time Windows
                programmer, I was keenly aware of exploitable flaws that simply did not
                exist in the more robust Mac system architectures. That said, I was struck
                by one of your assertions:

                In a message dated 2013-0108 20:32 -0500, Randy B. Singer wrote:
                > The Macintosh is now more secure than it has ever been.

                Ever? Was there ever malware for the pre-OSX "classic" Mac OS? [I'm not
                suggesting it was a better OS - there are many things that OSX does better
                - just that security was not an obvious motivation for the switch.]

                John K
              • Randy B. Singer
                ... When I said that the Macintosh is now more secure than it has ever been, I meant that OS X has been continually made more secure. As of Lion there were
                Message 7 of 15 , Jan 8, 2013
                • 0 Attachment
                  On Jan 8, 2013, at 7:11 PM, John Kaufmann wrote:

                  > Ever? Was there ever malware for the pre-OSX "classic" Mac OS? [I'm not
                  > suggesting it was a better OS - there are many things that OSX does better
                  > - just that security was not an obvious motivation for the switch.]

                  When I said that the Macintosh is now more secure than it has ever been, I meant that OS X has been continually made more secure. As of Lion there were major improvements made with regard to security.

                  Note that "improvements in security" doesn't mean that here are more threats around, or more severe threats. It just means that Apple has been pro-active.

                  To directly answer your question though, yes, there was malware for the classic OS (OS 9 and earlier). At least 27 examples by my count:

                  See:
                  http://www.faqs.org/faqs/computer-virus/macintosh-faq/
                  Section 7

                  In fact, the fact that there were a significant number of viruses for the classic Mac OS is a great piece of evidence to refute the lie that Windows bigots like to spread that OS X doesn't have lots of viruses because it doesn't have a big enough market share. Back in the days of the classic OS the Mac had a much smaller market share than it does now, yet there was no lack of malware (but nothing like what existed for the PC). So it clearly isn't the case that virus-writing sociopaths are only interested in writing malware for a platform with a certain level of market penetration. The reason the Mac has so many fewer pieces of malware than Windows is, and always has been, that it is much harder to write malware for the Mac.

                  Have a look at these fun articles:

                  Broken Windows
                  http://daringfireball.net/2004/06/broken_windows

                  So Witty (followup to Broken Windows)
                  http://daringfireball.net/2004/06/so_witty

                  ___________________________________________
                  Randy B. Singer
                  Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

                  Macintosh OS X Routine Maintenance
                  http://www.macattorney.com/ts.html
                  ___________________________________________





                  [Non-text portions of this message have been removed]
                • Randy B. Singer
                  As of today, all Mac malware is either extinct or cannot infect a properly-updated machine. Although there are situations that can lead to infection, they
                  Message 8 of 15 , Jan 8, 2013
                  • 0 Attachment
                    "As of today, all Mac malware is either extinct or cannot infect a properly-updated machine. Although there are situations that can lead to infection, they require dangerous behavior on the user�s part, such as not updating their systems or downloading software from bad sources, such as through most torrent applications. Right now, anti-virus software is still not necessary for most users."
                    http://www.reedcorner.net/a-look-back-at-12-years-of-mac-malware/


                    ___________________________________________
                    Randy B. Singer
                    Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

                    Macintosh OS X Routine Maintenance
                    http://www.macattorney.com/ts.html
                    ___________________________________________
                  • Randy B. Singer
                    As of today, all Mac malware is either extinct or cannot infect a properly-updated machine. Although there are situations that can lead to infection, they
                    Message 9 of 15 , Jan 8, 2013
                    • 0 Attachment
                      "As of today, all Mac malware is either extinct or cannot infect a properly-updated machine. Although there are situations that can lead to infection, they require dangerous behavior on the user�s part, such as not updating their systems or downloading software from bad sources, such as through most torrent applications. Right now, anti-virus software is still not necessary for most users."
                      http://www.reedcorner.net/a-look-back-at-12-years-of-mac-malware/


                      ___________________________________________
                      Randy B. Singer
                      Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

                      Macintosh OS X Routine Maintenance
                      http://www.macattorney.com/ts.html
                      ___________________________________________
                    • John R
                      I know very little about this, but couldn t help taking seriously this caution from the Department of Homeland Security:
                      Message 10 of 15 , Jan 22, 2013
                      • 0 Attachment
                        I know very little about this, but couldn't help taking seriously this caution from the Department of Homeland Security:

                        http://bits.blogs.nytimes.com/2013/01/14/department-of-homeland-security-disable-java-unless-it-is-absolutely-necessary/

                        which includes:

                        "Last April, hackers exploited a Java vulnerability to infect more than half a million Apple computers with a vicious form of malware in what was the largest-scale attack on the OS X operating system to date. The exploit was particularly disconcerting because it let attackers download a malicious program onto its victims' machines without prompting."

                        It's just a guess, but when malware went from being the province of the teenage hacker/vandal to become the province of professional thieves, it was bound to become worse. Mac market share is growing, making Macs increasingly plausible targets.

                        According to the article, Apple now ships Macs with Java disabled, and has remotely disabled Java where it has been installed. I disabled Java on my machine as soon as I read this (for whatever reason, it had not been remotely disabled). But a day later I was on the New York Times' chess page, which featured an interactive game; I clicked on it and a dialog said I had to install Java, giving me a button to click to do so. I might not have known about the vulnerability.

                        Half a million Macs aren't very many, but I'm glad mine wasn't one of them. Hope this info helps someone.

                        John R.
                      • Randy B. Singer
                        ... That exploit was called Flashback, and whether or not it really infected half a million Macs is a matter of intense debate. I m on about a dozen Mac
                        Message 11 of 15 , Jan 23, 2013
                        • 0 Attachment
                          On Jan 22, 2013, at 8:48 PM, John R wrote:

                          > I know very little about this, but couldn't help taking seriously this caution from the Department of Homeland Security:
                          >
                          > http://bits.blogs.nytimes.com/2013/01/14/department-of-homeland-security-disable-java-unless-it-is-absolutely-necessary/
                          >
                          > which includes:
                          >
                          > "Last April, hackers exploited a Java vulnerability to infect more than half a million Apple computers...

                          That exploit was called Flashback, and whether or not it really infected half a million Macs is a matter of intense debate. I'm on about a dozen Mac discussion lists, frequented by tens of thousands of Mac users, and among all of those users we could not find a single first-hand account of anyone having encountered Flashback.

                          It's true that Java is full of security holes and it is risky to have Java installed and active on your Mac. However, that point is moot for the overwhelming majority of Mac users at this point.

                          Mountain Lion didn't ship with Java at all. For those who were using an earlier version of OS X with Java installed, Apple has already pushed out patches to all Macs running OS X 10.6 through 10.8 that disables Java.

                          http://www.reedcorner.net/about-the-flashback-malware/
                          http://www.reedcorner.net/apple-and-mozilla-act-fast-to-secure-java/
                          http://www.macobserver.com/tmo/article/apple-remote-disables-java-on-macs-after-major-security-alert

                          If you haven't allowed Software Update to update your Mac with security updates, you should. If you have re-enabled/installed Oracle's version of Java on your Mac because you need it to access a particular Web site (some courts require Java to be able to file documents via the Web, for instance), you should turn Java off in your Web browser until, and only when, you specifically need Java.

                          In Safari, go to:
                          Safari menu --> Preferences --> Security --> uncheck Enable Java

                          As before, it's best not to use Web sites written by sources that don't really understand the Macintosh as your primary source of information about what is going on with the Macintosh. Especially with regard to security. They tend to be overly alarmist and not entirely accurate.

                          You can always find the latest info, written in language that ordinary folks can understand, and offered by a source that isn't trying to sell you anti-virus software, here:
                          http://www.reedcorner.net/mmg/

                          ___________________________________________
                          Randy B. Singer
                          Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

                          Macintosh OS X Routine Maintenance
                          http://www.macattorney.com/ts.html
                          ___________________________________________
                        • John Kaufmann
                          ... Firefox users have the option of the QuickJava extension, which gives button-based toggling of Java and other potential vulnerabilities (JS, Flash, ...),
                          Message 12 of 15 , Jan 23, 2013
                          • 0 Attachment
                            In a message dated 2013-0123 06:13 -0500, Randy B. Singer wrote:

                            > ... If you have re-enabled/installed Oracle's version of Java on your Mac because you need it to access a particular Web site (some courts require Java to be able to file documents via the Web, for instance), you should turn Java off in your Web browser until, and only when, you specifically need Java.
                            >
                            > In Safari, go to:
                            > Safari menu --> Preferences --> Security --> uncheck Enable Java

                            Firefox users have the option of the QuickJava extension, which gives
                            button-based toggling of Java and other potential vulnerabilities (JS, Flash,
                            ...), making it very easy to enable on a per-site, or even per-page, basis.

                            John
                          • Rick Albright
                            ... What about JavaSCRIPT? That s a separate option. Should that be unchecked, as well, Don t a lot of web pages use JavaScript? What are the implications of
                            Message 13 of 15 , Jan 25, 2013
                            • 0 Attachment
                              On Jan 23, 2013, at 6:13 AM, Randy B. Singer wrote:

                              > In Safari, go to:
                              > Safari menu --> Preferences --> Security --> uncheck Enable Java

                              What about JavaSCRIPT? That's a separate option. Should that be unchecked, as well, Don't a lot of web pages use JavaScript? What are the implications of turning this off? Will it cause a lot of problems accessing web pages?

                              Thanks,
                              Rick

                              ===========================================================
                              Rick Albright
                              logres@...

                              Writing the Past, Writing the Future: Time and Narrative in Gothic and Sensation Fiction
                              http://www.powells.com/biblio/72-9780980149647-0
                            • J.J. McVeigh
                              ... No. You can leave that be. Apples and Oranges. -- John Joseph McVeigh, Attorney at Law Butler, Maryland 21023-0128 Practice before the Federal
                              Message 14 of 15 , Jan 25, 2013
                              • 0 Attachment
                                At 23:01 -0500 25.01.2013, Rick Albright wrote:

                                > > In Safari, go to:
                                >> Safari menu --> Preferences --> Security --> uncheck Enable Java
                                >
                                >What about JavaSCRIPT? That's a separate option. Should that be
                                >unchecked, as well[?]

                                No. You can leave that be. Apples and Oranges.

                                --
                                John Joseph McVeigh, Attorney at Law
                                Butler, Maryland 21023-0128
                                Practice before the Federal Communications Commission
                                Member: NY; DC; and USPTO Bars
                              • Sam Storch
                                While it is now considered good practice to disable Java (except by you for known specific purposes that you trust) you may need to have Javascript enabled to
                                Message 15 of 15 , Jan 26, 2013
                                • 0 Attachment
                                  While it is now considered good practice to disable Java (except by you for known specific purposes that you trust) you may need to have Javascript enabled to do just about any work beyond text-only websites.

                                  Despite having similar names, Java and Javascript are two entirely different things. You can get better clarification than my simple statement by searching recent discussions on macintouch.com which is reliable in this sort of stuff.

                                  Cheers!
                                Your message has been successfully submitted and would be delivered to recipients shortly.