New MalWare for MAC users

[WriteKnight]

Mac users, take note.

http://tech.yahoo.com/blogs/null/117188

Looks like a nasty one.

 

[DamaNegra]

I've always wondered, what antivirus suites are available for the Macs? I did a search some time ago to install something on my cousin's new computer (god knows she's the only person in the planet able to get her computer infected without ever using an internet connection), but I couldn't find any. Maybe I just suck at searching for stuff?

 

[WriteKnight]

That link I posted has some links for various malware sweeps. As always, due dillegence.

 

[kuwisdelu]

Currently, the only things in the wild are trojans, no viruses.

This week provided two particularly scary trojans. However unless you routinely steal software, you have nothing to worry about.

Torrents of iWork 09' and Adobe CS4 that can be illegaly downloaded from Bittorent contain the new trojans. Just don't download them (which you shouldn't be doing anyway). Here is more info, along with Terminal command steps to remove the trojan. In the Mac community, this is largely being considered by legitimate software purchasers as a good "you get what you deserve" lesson for pirates.

Trojans have been on OS X before. In the past, the only notable malware for Macs in recent memory have been another trojan hidden in a fake movie "codec" certain porn sites required you to download in order to view their movies.

Currently, there are still no viruses, and security holes are routinely patched. Virus suites can usually only scan for Windows viruses and needlessly take up system resources. I don't use any and wouldn't recommend it until there is more of a threat than trojans. Safest idea? Maybe not, but imo it's not worth it yet; just practice ordinary safe internet logic and use and don't download something you don't think you can trust.

 

[maestrowork]

What kuwi said. BTW, there are antivirus software for the Mac, but mostly unnecessary. McAfee, I believe, has (or used to have) one.

 

[kuwisdelu]

What kuwi said. BTW, there are antivirus software for the Mac, but mostly unnecessary. McAfee, I believe, has (or used to have) one.

McAfee has one. Norton does (or did) too, but I hear it's the worst.

 

[maestrowork]

Anyway, it's always a good idea to not download software from unknown sources, and if you do, make sure it's not any kind of trojan. Otherwise, you probably deserve to be struck.

 

[DamaNegra]

In my experience, having Norton is worse than having a computer full of viruses. So I take there are no free options for Mac antispyware?

 

[kuwisdelu]

In my experience, having Norton is worse than having a computer full of viruses. So I take there are no free options for Mac antispyware?

I have ClamXav. It's free and doesn't scan in the background. You can set it to automatically scan any new files in a certain folder, if needed, though (say, your download folder). Like most Mac virus scanners, it mostly just looks for Windows viruses.

I used to have it set to scan my downloads folder, but that got annoying, so I just turned it off. I just keep it around to scan a file if I think it might be questionable before passing it on to a Windows user.

 

[maestrowork]

In my experience, having Norton is worse than having a computer full of viruses. So I take there are no free options for Mac antispyware?

It really is not worth the trouble unless you've had enough malware problems. I've used my Macs for almost 5 years and I have yet to encounter any. I used to have McAfee but I took it off. The malware situation simply is not the same on the Mac as on the PC, so the mindset is quite different.

 

[DamaNegra]

Hmmm, well, I asked because my cousin has a Mac and no budget. Don't worry, she'll find any new viruses made specifically for the Mac. I'm.... kind of turned off by the ClamXav site, but I'll still pass it on to her. Thanks!

 

[KikiteNeko]

When I bought my mac two years ago, I asked the sales guy about virus software and he assured me I wouldn't need it. I hope he was right. So far no problems. This thing has probably done something glitchy or frozen up on me less than half a dozen times in the two years I've had it.

 

[Cassiopeia]

I use Avast! for both my pc and my mac. I'm very impressed.

 

[maestrowork]

When I bought my mac two years ago, I asked the sales guy about virus software and he assured me I wouldn't need it. I hope he was right. So far no problems. This thing has probably done something glitchy or frozen up on me less than half a dozen times in the two years I've had it.

Yeah, again, like kuwi said, these "viruses" are really just trojans -- rogue programs masquerading as something else. As long as you don't download applications from unknown sites or P2P such as BitTorrent, or run them indiscriminately, you should be fine. I mean, an iWork app that is 200K big should be your first suspicion, especially when it comes from Joe Buddy somewhere in China.

 

[maestrowork]

I use Avast! for both my pc and my mac. I'm very impressed.

Avast! is only necessary on a Mac (as with other antivirus software) if you also run Windows on your Mac. Again, the viruses are Windows stuff.

 

[Cassiopeia]

Avast! is only necessary on a Mac (as with other antivirus software) if you also run Windows on your Mac. Again, the viruses are Windows stuff.

I do run a both Mac OS and XP on my laptop.

 

[kuwisdelu]

Hmmm, well, I asked because my cousin has a Mac and no budget. Don't worry, she'll find any new viruses made specifically for the Mac. I'm.... kind of turned off by the ClamXav site, but I'll still pass it on to her. Thanks!

It's not flashy, but it gets the job done. There's a detail or two of the installation that's slightly tricky (as tricky as drag-and-drop can get...) but it's still easy. And it stays out of your way when you want it to, which is my favorite part.

When I bought my mac two years ago, I asked the sales guy about virus software and he assured me I wouldn't need it. I hope he was right. So far no problems. This thing has probably done something glitchy or frozen up on me less than half a dozen times in the two years I've had it.

As Ray said, as long as you don't frequent porn sites and download their questionable video formats or download software illegally, you're fine.

 

[Cassiopeia]

It's not flashy, but it gets the job done. There's a detail or two of the installation that's slightly tricky (as tricky as drag-and-drop can get...) but it's still easy. And it stays out of your way when you want it to, which is my favorite part.



As Ray said, as long as you don't frequent porn sites and download their questionable video formats or download software illegally, you're fine.

Except for the concern if you are on a network and you don't have a firewall on your pc that blocks invading viruses and what not from someone else on your network.

 

[kuwisdelu]

Except for the concern if you are on a network and you don't have a firewall on your pc that blocks invading viruses and what not from someone else on your network.

Except it's not a virus and can't spread on it's own. The trojans in question requires the user to enter an administrator password to install itself as a startup item. Even if someone handed it to you on a USB drive, you'd need to manually run it to be in any danger.

However, you do bring up a good point. Anyone who hasn't should go into System Preferences->Security and turn on the Leopard firewall.

 

[Deleted member 42]

There are two more variants of this installer Trojan, both in PhotoShop. Again, don't use illegal software, whether from a download/BitTorrent site, or your bestest bud.

Since the Trojan is in an installer, which will of course ask for Admin access in order to run, then the Trojan installs itself, and the illegal copy, I suspect people have in fact installed it and not realized.

http://theappleandi.com/2009/01/25/pirate-iwork-09-with-trojan/

 

[maestrowork]

Except for the concern if you are on a network and you don't have a firewall on your pc that blocks invading viruses and what not from someone else on your network.

But that's the thing, they just don't spread like that on the Mac platform. Now, if you run Windows on your Mac and stick it on the network, then yes, you're susceptible to viruses and spyware just the same. These viruses run off Windows OS...

Again, people need to realize that viruses simply don't work the same on the Mac...

Still, yeah, it's always a good idea to protect yourself with firewalls, sharing, etc. and be cautious around suspicious software, installers, etc. For example, some people downloaded iPhone firmware updates from unreputable sites and they got screwed. If you don't know what you're downloading and where it comes from, please don't run it.

 

[Cassiopeia]

I just don't get why people steal software or music or anything, really. Because they can?

Maestrowork, I actually only use the XP as a virtual environment as well and I'm not using it to connect to the internet. I have it for programs that I need to occasionally run when my pc is down. It's like my back up for photoshop (which I paid for, people through the academic stores).

One thing I'm concerned about though, are we saying that these things only come from porn sites or ill gotten software?

 

[WriteKnight]

List of MAC viruses

http://antivirus.about.com/od/macintoshresource/g/macvirus.htm

Email is another source, not just downloads.

 

[maestrowork]

It's actually kind of funny how short the list is and many of the viruses affect older systems. Melissa was probably the most famous one, which was spread via email... But now people are smart enough not to click or open anything passed from email.

 

[kuwisdelu]

List of MAC viruses

http://antivirus.about.com/od/macintoshresource/g/macvirus.htm

Email is another source, not just downloads.

Not only does that list viruses alongside trojans, but all of the true viruses are either a) classic Mac OS (pre-OS X) viruses that won't do a thing to OS X or b) MS Office macro viruses, that only go after MS Office and Office documents.

There was another more recent macro virus than Melissa that could spread to Macs, too, but again, it only affects MS Office and Office documents.