Loading ...
Sorry, an error occurred while loading the content.

Re: [wpmac] [OT] The sad state of anti-virus protection

Expand Messages
  • Randy B. Singer
    ... That article really has little to do with the Macintosh malware scene. The malware situation for Windows and for the Mac are quite different, and you
    Message 1 of 15 , Jan 7, 2013
    • 0 Attachment
      On Jan 1, 2013, at 3:47 PM, John R wrote:

      > http://www.nytimes.com/2013/01/01/technology/antivirus-makers-work-on-software-to-catch-malware-more-effectively.html

      That article really has little to do with the Macintosh malware scene. The malware situation for Windows and for the Mac are quite different, and you can't really extrapolate from what is happening on Windows and project it onto the Macintosh.

      Thomas Reed maintains an excellent Web site on the topic of Macintosh malware (with an associated Macintosh Malware catalog):
      http://www.reedcorner.net/mmg-threats/
      http://www.reedcorner.net/mmg-catalog/

      Thomas has published online the results of a huge comparison test between a large number of Macintosh anti-virus programs:
      http://www.reedcorner.net/mac-av-detection-rates/

      You can download the raw data in a table here:
      http://www.reedcorner.net/downloads/malware_detections.pdf

      Interesting tidbits from the results:
      - None of the AV programs were 100% effective at detecting all malware
      - ClamXav is surprisingly ineffective
      - Sophos AV, Dr. Web Light, and Virus Barrier Express, all free, are quite good
      - MacKeeper, MacScan, and Kaperski are all just about worthless

      An interesting update on this...
      As a result of that comparison test Thomas Reed reports that ClamXav has since been updated to identify just about all of the malware that it couldn't detect.

      Thomas has been in contact with a number of the other AV software vendors as a result of his comparison test, and he expects to run the test again in a few months, as several of the vendors have or will be updating their products.

      ___________________________________________
      Randy B. Singer
      Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

      Macintosh OS X Routine Maintenance
      http://www.macattorney.com/ts.html
      ___________________________________________





      [Non-text portions of this message have been removed]
    • John R
      ... This is on http://www.reedcorner.net/a-look-back-at-12-years-of-mac-malware/ John R.
      Message 2 of 15 , Jan 8, 2013
      • 0 Attachment
        Nice links. Glad to have them, since I noticed he says:

        > of all the Mac malware that has appeared over the last 12 years,
        > almost 1/3 appeared in 2012, with 2011 in second place with 1/6
        > of appearances. If this trend continues, Mac users will need to
        > take security far more seriously than they do now.

        This is on http://www.reedcorner.net/a-look-back-at-12-years-of-mac-malware/

        John R.



        --- In wordperfectmac@yahoogroups.com, "Randy B. Singer" wrote:
        >
        >
        > On Jan 1, 2013, at 3:47 PM, John R wrote:
        >
        > > http://www.nytimes.com/2013/01/01/technology/antivirus-makers-work-on-software-to-catch-malware-more-effectively.html
        >
        > That article really has little to do with the Macintosh malware scene. The malware situation for Windows and for the Mac are quite different, and you can't really extrapolate from what is happening on Windows and project it onto the Macintosh.
        >
        > Thomas Reed maintains an excellent Web site on the topic of Macintosh malware (with an associated Macintosh Malware catalog):
        > http://www.reedcorner.net/mmg-threats/
        > http://www.reedcorner.net/mmg-catalog/
        >
        > Thomas has published online the results of a huge comparison test between a large number of Macintosh anti-virus programs:
        > http://www.reedcorner.net/mac-av-detection-rates/
        >
        > You can download the raw data in a table here:
        > http://www.reedcorner.net/downloads/malware_detections.pdf
        >
        > Interesting tidbits from the results:
        > - None of the AV programs were 100% effective at detecting all malware
        > - ClamXav is surprisingly ineffective
        > - Sophos AV, Dr. Web Light, and Virus Barrier Express, all free, are quite good
        > - MacKeeper, MacScan, and Kaperski are all just about worthless
        >
        > An interesting update on this...
        > As a result of that comparison test Thomas Reed reports that ClamXav has since been updated to identify just about all of the malware that it couldn't detect.
        >
        > Thomas has been in contact with a number of the other AV software vendors as a result of his comparison test, and he expects to run the test again in a few months, as several of the vendors have or will be updating their products.
        >
        > ___________________________________________
        > Randy B. Singer
        > Co-author of The Macintosh Bible (4th, 5th, and 6th editions)
        >
        > Macintosh OS X Routine Maintenance
        > http://www.macattorney.com/ts.html
        > ___________________________________________
        >
        >
        >
        >
        >
        > [Non-text portions of this message have been removed]
        >
      • Randy B. Singer
        ... Most of the malware that has appeared in the last year was targeted by China at Himalayan activists and has been essentially non-existant in the West.
        Message 3 of 15 , Jan 8, 2013
        • 0 Attachment
          On Jan 8, 2013, at 1:01 PM, John R wrote:

          > Nice links. Glad to have them, since I noticed he says:
          >
          > > of all the Mac malware that has appeared over the last 12 years,
          > > almost 1/3 appeared in 2012, with 2011 in second place with 1/6
          > > of appearances. If this trend continues, Mac users will need to
          > > take security far more seriously than they do now.

          Most of the malware that has appeared in the last year was targeted by China at Himalayan activists and has been essentially non-existant in the West. Even with all the resources of an entire country behind creating such malware, the Mac has been kept updated by Apple to keep it secure.

          At quick look at Thomas' malware catalog at:
          http://www.reedcorner.net/mmg-catalog/
          shows two things:

          1) That there are only 35 known pieces of malware for the Macintosh. Compare that list to the *over a million* (!) pieces of malware for Windows:
          http://news.bbc.co.uk/2/hi/technology/7340315.stm
          and the over 95,000 new threats for Windows *every day*!
          http://www.sophos.com/security/topic/security-threat-report-2011.html

          2) Only a couple of the pieces of malware in Thomas' catalog have a threat level as high as "low." The rest have a threat level of "very low" and most have a threat level of "none."

          The Macintosh is now more secure than it has ever been.

          Experts: OS X now much more secure than rivals
          http://www.macnn.com/articles/11/07/23/leapfrogs.windows.7.linux.but.still.not.perfect/
          or
          http://is.gd/20R6VD

          Lion Security: Building on the iOS Foundation
          http://tidbits.com/article/12417
          "...we have security options never before available to consumers"

          Major overhaul makes OS X Lion king of security
          http://www.theregister.co.uk/2011/07/21/mac_os_x_lion_security/

          Windows bigots have been saying that there will be lots of nasty malware for the mac "any day now" for as long as OS X has been around. However, OS X has been around for over a decade now. We shouldn't have listened to them then, and we don't need to listen to them now. There is no indication that OS X is going to be beset with malware anytime soon.

          Here is a fun article. It is simply entitled "Wolf." It is about the press crying "wolf" for the past decade with regard to the "coming wave of Mac malware."

          Daring Fireball: Wolf!
          http://daringfireball.net/2011/05/wolf

          Here's an interesting article about Mac Defender (the threat that everyone got all worked up about) and what Apple did behind the scenes:

          Mac Malware 'Explosion' Missing In Action
          http://www.tuaw.com/2011/07/21/mac-malware-explosion-missing-in-action/

          ___________________________________________
          Randy B. Singer
        • mxytsplyk
          Thank you, Randy, for putting this in perspective. There are reasons we use Macs and an operating system designed with security in mind (as BSD Unix was), is
          Message 4 of 15 , Jan 8, 2013
          • 0 Attachment
            Thank you, Randy, for putting this in perspective. There are reasons we use Macs and an operating system designed with security in mind (as BSD Unix was), is one of them.
          • John Kaufmann
            Randy, I echo the thanks expressed for your perspective. As a one-time Windows programmer, I was keenly aware of exploitable flaws that simply did not exist
            Message 5 of 15 , Jan 8, 2013
            • 0 Attachment
              Randy,

              I echo the thanks expressed for your perspective. As a one-time Windows
              programmer, I was keenly aware of exploitable flaws that simply did not
              exist in the more robust Mac system architectures. That said, I was struck
              by one of your assertions:

              In a message dated 2013-0108 20:32 -0500, Randy B. Singer wrote:
              > The Macintosh is now more secure than it has ever been.

              Ever? Was there ever malware for the pre-OSX "classic" Mac OS? [I'm not
              suggesting it was a better OS - there are many things that OSX does better
              - just that security was not an obvious motivation for the switch.]

              John K
            • Randy B. Singer
              ... When I said that the Macintosh is now more secure than it has ever been, I meant that OS X has been continually made more secure. As of Lion there were
              Message 6 of 15 , Jan 8, 2013
              • 0 Attachment
                On Jan 8, 2013, at 7:11 PM, John Kaufmann wrote:

                > Ever? Was there ever malware for the pre-OSX "classic" Mac OS? [I'm not
                > suggesting it was a better OS - there are many things that OSX does better
                > - just that security was not an obvious motivation for the switch.]

                When I said that the Macintosh is now more secure than it has ever been, I meant that OS X has been continually made more secure. As of Lion there were major improvements made with regard to security.

                Note that "improvements in security" doesn't mean that here are more threats around, or more severe threats. It just means that Apple has been pro-active.

                To directly answer your question though, yes, there was malware for the classic OS (OS 9 and earlier). At least 27 examples by my count:

                See:
                http://www.faqs.org/faqs/computer-virus/macintosh-faq/
                Section 7

                In fact, the fact that there were a significant number of viruses for the classic Mac OS is a great piece of evidence to refute the lie that Windows bigots like to spread that OS X doesn't have lots of viruses because it doesn't have a big enough market share. Back in the days of the classic OS the Mac had a much smaller market share than it does now, yet there was no lack of malware (but nothing like what existed for the PC). So it clearly isn't the case that virus-writing sociopaths are only interested in writing malware for a platform with a certain level of market penetration. The reason the Mac has so many fewer pieces of malware than Windows is, and always has been, that it is much harder to write malware for the Mac.

                Have a look at these fun articles:

                Broken Windows
                http://daringfireball.net/2004/06/broken_windows

                So Witty (followup to Broken Windows)
                http://daringfireball.net/2004/06/so_witty

                ___________________________________________
                Randy B. Singer
                Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

                Macintosh OS X Routine Maintenance
                http://www.macattorney.com/ts.html
                ___________________________________________





                [Non-text portions of this message have been removed]
              • Randy B. Singer
                As of today, all Mac malware is either extinct or cannot infect a properly-updated machine. Although there are situations that can lead to infection, they
                Message 7 of 15 , Jan 8, 2013
                • 0 Attachment
                  "As of today, all Mac malware is either extinct or cannot infect a properly-updated machine. Although there are situations that can lead to infection, they require dangerous behavior on the user�s part, such as not updating their systems or downloading software from bad sources, such as through most torrent applications. Right now, anti-virus software is still not necessary for most users."
                  http://www.reedcorner.net/a-look-back-at-12-years-of-mac-malware/


                  ___________________________________________
                  Randy B. Singer
                  Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

                  Macintosh OS X Routine Maintenance
                  http://www.macattorney.com/ts.html
                  ___________________________________________
                • Randy B. Singer
                  As of today, all Mac malware is either extinct or cannot infect a properly-updated machine. Although there are situations that can lead to infection, they
                  Message 8 of 15 , Jan 8, 2013
                  • 0 Attachment
                    "As of today, all Mac malware is either extinct or cannot infect a properly-updated machine. Although there are situations that can lead to infection, they require dangerous behavior on the user�s part, such as not updating their systems or downloading software from bad sources, such as through most torrent applications. Right now, anti-virus software is still not necessary for most users."
                    http://www.reedcorner.net/a-look-back-at-12-years-of-mac-malware/


                    ___________________________________________
                    Randy B. Singer
                    Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

                    Macintosh OS X Routine Maintenance
                    http://www.macattorney.com/ts.html
                    ___________________________________________
                  • John R
                    I know very little about this, but couldn t help taking seriously this caution from the Department of Homeland Security:
                    Message 9 of 15 , Jan 22, 2013
                    • 0 Attachment
                      I know very little about this, but couldn't help taking seriously this caution from the Department of Homeland Security:

                      http://bits.blogs.nytimes.com/2013/01/14/department-of-homeland-security-disable-java-unless-it-is-absolutely-necessary/

                      which includes:

                      "Last April, hackers exploited a Java vulnerability to infect more than half a million Apple computers with a vicious form of malware in what was the largest-scale attack on the OS X operating system to date. The exploit was particularly disconcerting because it let attackers download a malicious program onto its victims' machines without prompting."

                      It's just a guess, but when malware went from being the province of the teenage hacker/vandal to become the province of professional thieves, it was bound to become worse. Mac market share is growing, making Macs increasingly plausible targets.

                      According to the article, Apple now ships Macs with Java disabled, and has remotely disabled Java where it has been installed. I disabled Java on my machine as soon as I read this (for whatever reason, it had not been remotely disabled). But a day later I was on the New York Times' chess page, which featured an interactive game; I clicked on it and a dialog said I had to install Java, giving me a button to click to do so. I might not have known about the vulnerability.

                      Half a million Macs aren't very many, but I'm glad mine wasn't one of them. Hope this info helps someone.

                      John R.
                    • Randy B. Singer
                      ... That exploit was called Flashback, and whether or not it really infected half a million Macs is a matter of intense debate. I m on about a dozen Mac
                      Message 10 of 15 , Jan 23, 2013
                      • 0 Attachment
                        On Jan 22, 2013, at 8:48 PM, John R wrote:

                        > I know very little about this, but couldn't help taking seriously this caution from the Department of Homeland Security:
                        >
                        > http://bits.blogs.nytimes.com/2013/01/14/department-of-homeland-security-disable-java-unless-it-is-absolutely-necessary/
                        >
                        > which includes:
                        >
                        > "Last April, hackers exploited a Java vulnerability to infect more than half a million Apple computers...

                        That exploit was called Flashback, and whether or not it really infected half a million Macs is a matter of intense debate. I'm on about a dozen Mac discussion lists, frequented by tens of thousands of Mac users, and among all of those users we could not find a single first-hand account of anyone having encountered Flashback.

                        It's true that Java is full of security holes and it is risky to have Java installed and active on your Mac. However, that point is moot for the overwhelming majority of Mac users at this point.

                        Mountain Lion didn't ship with Java at all. For those who were using an earlier version of OS X with Java installed, Apple has already pushed out patches to all Macs running OS X 10.6 through 10.8 that disables Java.

                        http://www.reedcorner.net/about-the-flashback-malware/
                        http://www.reedcorner.net/apple-and-mozilla-act-fast-to-secure-java/
                        http://www.macobserver.com/tmo/article/apple-remote-disables-java-on-macs-after-major-security-alert

                        If you haven't allowed Software Update to update your Mac with security updates, you should. If you have re-enabled/installed Oracle's version of Java on your Mac because you need it to access a particular Web site (some courts require Java to be able to file documents via the Web, for instance), you should turn Java off in your Web browser until, and only when, you specifically need Java.

                        In Safari, go to:
                        Safari menu --> Preferences --> Security --> uncheck Enable Java

                        As before, it's best not to use Web sites written by sources that don't really understand the Macintosh as your primary source of information about what is going on with the Macintosh. Especially with regard to security. They tend to be overly alarmist and not entirely accurate.

                        You can always find the latest info, written in language that ordinary folks can understand, and offered by a source that isn't trying to sell you anti-virus software, here:
                        http://www.reedcorner.net/mmg/

                        ___________________________________________
                        Randy B. Singer
                        Co-author of The Macintosh Bible (4th, 5th, and 6th editions)

                        Macintosh OS X Routine Maintenance
                        http://www.macattorney.com/ts.html
                        ___________________________________________
                      • John Kaufmann
                        ... Firefox users have the option of the QuickJava extension, which gives button-based toggling of Java and other potential vulnerabilities (JS, Flash, ...),
                        Message 11 of 15 , Jan 23, 2013
                        • 0 Attachment
                          In a message dated 2013-0123 06:13 -0500, Randy B. Singer wrote:

                          > ... If you have re-enabled/installed Oracle's version of Java on your Mac because you need it to access a particular Web site (some courts require Java to be able to file documents via the Web, for instance), you should turn Java off in your Web browser until, and only when, you specifically need Java.
                          >
                          > In Safari, go to:
                          > Safari menu --> Preferences --> Security --> uncheck Enable Java

                          Firefox users have the option of the QuickJava extension, which gives
                          button-based toggling of Java and other potential vulnerabilities (JS, Flash,
                          ...), making it very easy to enable on a per-site, or even per-page, basis.

                          John
                        • Rick Albright
                          ... What about JavaSCRIPT? That s a separate option. Should that be unchecked, as well, Don t a lot of web pages use JavaScript? What are the implications of
                          Message 12 of 15 , Jan 25, 2013
                          • 0 Attachment
                            On Jan 23, 2013, at 6:13 AM, Randy B. Singer wrote:

                            > In Safari, go to:
                            > Safari menu --> Preferences --> Security --> uncheck Enable Java

                            What about JavaSCRIPT? That's a separate option. Should that be unchecked, as well, Don't a lot of web pages use JavaScript? What are the implications of turning this off? Will it cause a lot of problems accessing web pages?

                            Thanks,
                            Rick

                            ===========================================================
                            Rick Albright
                            logres@...

                            Writing the Past, Writing the Future: Time and Narrative in Gothic and Sensation Fiction
                            http://www.powells.com/biblio/72-9780980149647-0
                          • J.J. McVeigh
                            ... No. You can leave that be. Apples and Oranges. -- John Joseph McVeigh, Attorney at Law Butler, Maryland 21023-0128 Practice before the Federal
                            Message 13 of 15 , Jan 25, 2013
                            • 0 Attachment
                              At 23:01 -0500 25.01.2013, Rick Albright wrote:

                              > > In Safari, go to:
                              >> Safari menu --> Preferences --> Security --> uncheck Enable Java
                              >
                              >What about JavaSCRIPT? That's a separate option. Should that be
                              >unchecked, as well[?]

                              No. You can leave that be. Apples and Oranges.

                              --
                              John Joseph McVeigh, Attorney at Law
                              Butler, Maryland 21023-0128
                              Practice before the Federal Communications Commission
                              Member: NY; DC; and USPTO Bars
                            • Sam Storch
                              While it is now considered good practice to disable Java (except by you for known specific purposes that you trust) you may need to have Javascript enabled to
                              Message 14 of 15 , Jan 26, 2013
                              • 0 Attachment
                                While it is now considered good practice to disable Java (except by you for known specific purposes that you trust) you may need to have Javascript enabled to do just about any work beyond text-only websites.

                                Despite having similar names, Java and Javascript are two entirely different things. You can get better clarification than my simple statement by searching recent discussions on macintouch.com which is reliable in this sort of stuff.

                                Cheers!
                              Your message has been successfully submitted and would be delivered to recipients shortly.