Path: csiph.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Jolly Roger <jollyroger@pobox.com>
Newsgroups: comp.sys.mac.system
Subject: Re: Could Mac Files be Ransomwared via Windows XP Running in a VM?
Date: 15 May 2017 03:20:05 GMT
Lines: 32
Message-ID: <ensl35Frf2tU1@mid.individual.net>
References: <0001HW.D53CC867004C47F0B02919BF@news.astraweb.com> <enpaugF4hcqU1@mid.individual.net> <of8d8o$h5t$1@news.albasani.net> <enq7unFadupU1@mid.individual.net> <ofa5vi$ep8$1@news.albasani.net> <enroprFle3lU1@mid.individual.net> <ofabrk$vp8$1@gioia.aioe.org> <140520172116564213%timstreater@greenbee.net> <slrnohi2gt.mpt.g.kreme@snow.local>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Trace: individual.net GH4A/iI1ZEx9J22LP6SghQ29W3hnVta0z7eqUPbm0EUOK2/s+U
Cancel-Lock: sha1:vcpfpMxGlpOrHSKTgrrppUg74ZU= sha1:f9aZQFMShAEtd/8USTJU/MUFtX4=
User-Agent: NewsTap/5.2.6 (iPhone/iPod Touch)
Xref: csiph.com comp.sys.mac.system:106870

Lewis <g.kreme@gmail.com.dontsendmecopies> wrote:
> In message <140520172116564213%timstreater@greenbee.net> Tim Streater
> <timstreater@greenbee.net> wrote:
>> And, en plus, does OS X anyway not come with Apple's built-in
>> anti-malware that is automatically updated to counter what few threats
>> there are? So why should I use anything else?
> 
> XProtect is very good, but it is reactive. It did nothing for the people
> who downloaded the infested Handbrake this month before the issue was
> discovered (what was that, 4 days worth of downloads?).

Antivirus software did nothing for them either. It's also reactive by that
definition.

> Most "anti-virus" software is nothing more than a rootkit that pwns your
> computer, however that is not at all what MalwareBytes is, it's simple a
> scanner. No kernel extensions. I don't even think it installs launch
> services unless you setup periodic scans.

Malwarebytes also did nothing to protect against the Handbrake Trojan
though. It would only see it after you ran a scan after being infected. 

The Handbrake trojan displayed an unsolicited dialog box asking for a
password. It turns out using the safe computing practice of refraining from
entering your password in that unsolicited dialog box is the best way to
prevent infection. Go figure...

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR