Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.sys.mac.system > #102058 > unrolled thread

Mac Malware

Back to article view | Back to comp.sys.mac.system

Contents

  Mac Malware "David B." <DavidB@nomail.afraid.invalid> - 2017-03-08 08:44 +0000
    Re: Mac Malware android <here@there.was> - 2017-03-08 10:20 +0100
    Re: Mac Malware Krzysztof Mitko <invalid@kmitko.at.list.dot.pl> - 2017-03-08 10:38 +0100
    Re: Mac Malware Tim Streater <timstreater@greenbee.net> - 2017-03-08 09:39 +0000
      Re: Mac Malware "David B." <DavidB@nomail.afraid.invalid> - 2017-03-10 16:33 +0000
    Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-08 15:07 +0000
      Re: Mac Malware michaelunowho@gmail.com - 2017-03-09 14:34 -0800
      Re: Mac Malware FPP <fredp151@gmail.com> - 2017-03-09 18:22 -0500
        Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-09 23:27 +0000
          Re: Mac Malware FPP <fredp151@gmail.com> - 2017-03-10 03:23 -0500
            Re: Mac Malware android <here@there.was> - 2017-03-10 09:43 +0100
              Re: Mac Malware FPP <fredp151@gmail.com> - 2017-03-11 06:16 -0500
                Re: Mac Malware dcohenspam@talktalk.net (Daniel Cohen) - 2017-03-13 07:26 +0000
      Re: Mac Malware Alan Browne <alan.browne@freelunchvideotron.ca> - 2017-03-11 11:24 -0500
    Re: Mac Malware Davoud <star@sky.net> - 2017-03-08 11:17 -0500
      Re: Mac Malware dorayme <do_ray_me@bigpond.com> - 2017-03-09 07:43 +1100
      Re: Mac Malware "David B." <DavidB@nomail.afraid.invalid> - 2017-03-10 16:39 +0000
        Re: Mac Malware Davoud <star@sky.net> - 2017-03-10 18:55 -0500
    Re: Mac Malware Fred Moore <fmoore@gfcn.huh> - 2017-03-09 14:25 -0500
      Re: Mac Malware "David B." <DavidB@nomail.afraid.invalid> - 2017-03-10 16:31 +0000
        Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-10 11:44 -0500
        Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-10 16:45 +0000
          Knock-knock (Was: Re: Mac Malware) Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-11 11:10 +0000
          Re: Mac Malware Alan Browne <alan.browne@freelunchvideotron.ca> - 2017-03-11 11:28 -0500
            Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-11 16:32 +0000
              Re: Mac Malware Alan Browne <alan.browne@freelunchvideotron.ca> - 2017-03-11 11:53 -0500
        Re: Mac Malware Ken Springer <wordworks@greeleynet.com> - 2017-03-10 11:22 -0700
          Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-10 13:45 -0500
            Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-10 19:27 +0000
              Re: Mac Malware Alan Browne <alan.browne@freelunchvideotron.ca> - 2017-03-11 13:41 -0500
                Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-11 20:05 +0000
                  Re: Mac Malware Alan Browne <alan.browne@freelunchvideotron.ca> - 2017-03-11 19:39 -0500
                  Re: Mac Malware FPP <fredp151@gmail.com> - 2017-03-12 16:44 -0400
                    Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-12 16:55 -0400
                      Re: Mac Malware FPP <fredp151@gmail.com> - 2017-03-13 07:22 -0400
                        Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-13 14:42 +0000
                          Re: Mac Malware FPP <fredp151@gmail.com> - 2017-03-15 03:36 -0400
                            Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-15 09:59 -0400
                              Re: Mac Malware FPP <fredp151@gmail.com> - 2017-03-16 06:04 -0400
                                Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-16 14:46 +0000
                                Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-16 10:55 -0400
                            Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-15 15:45 +0000
                              Re: Mac Malware FPP <fredp151@gmail.com> - 2017-03-16 06:09 -0400
                                Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-16 14:48 +0000
                                Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-16 10:55 -0400
                        Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-13 11:50 -0400
                    Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-12 22:25 +0000
                      Re: Mac Malware FPP <fredp151@gmail.com> - 2017-03-13 07:26 -0400
                        Re: Mac Malware Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-13 14:06 +0000
                        Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-13 14:45 +0000
                          Re: Mac Malware FPP <fredp151@gmail.com> - 2017-03-15 03:38 -0400
                            Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-15 15:47 +0000
                              Re: Mac Malware Savageduck <savageduck1@{REMOVESPAM}me.com> - 2017-03-15 10:18 -0700
                                Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-15 13:21 -0400
                                  Re: Mac Malware FPP <fredp151@gmail.com> - 2017-03-16 06:13 -0400
                                    Re: Mac Malware Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-17 04:07 +0000
                                Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-15 17:25 +0000
                              Re: Mac Malware FPP <fredp151@gmail.com> - 2017-03-16 06:11 -0400
                                Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-16 10:55 -0400
                                  Re: Mac Malware FPP <fredp151@gmail.com> - 2017-03-17 07:14 -0400
                                    Re: Mac Malware Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-18 14:49 +0000
                        Re: Mac Malware "David B." <DavidB@nomail.afraid.invalid> - 2017-03-13 15:22 +0000
                          Re: Mac Malware "David B." <DavidB@nomail.afraid.invalid> - 2017-03-13 15:35 +0000
                        Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-13 11:50 -0400
                          Re: Mac Malware FPP <fredp151@gmail.com> - 2017-03-15 03:40 -0400
                        Re: Mac Malware YK <xxxxx@dialme.com> - 2017-04-03 12:19 -0400
            Re: Mac Malware Ken Springer <wordworks@greeleynet.com> - 2017-03-10 14:14 -0700
              Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-10 16:53 -0500
                Re: Mac Malware Ken Springer <wordworks@greeleynet.com> - 2017-03-11 09:04 -0700
                  Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-11 16:26 +0000
                    Re: Mac Malware Ken Springer <wordworks@greeleynet.com> - 2017-03-11 17:24 -0700
                  Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-11 12:54 -0500
                  Re: Mac Malware Davoud <star@sky.net> - 2017-03-11 17:01 -0500
                    Re: Mac Malware Ken Springer <wordworks@greeleynet.com> - 2017-03-11 17:21 -0700
                      Re: Mac Malware Davoud <star@sky.net> - 2017-03-11 23:23 -0500
                        Re: Mac Malware Ken Springer <wordworks@greeleynet.com> - 2017-03-12 04:23 -0600
          Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-10 19:25 +0000
            Re: Mac Malware Ken Springer <wordworks@greeleynet.com> - 2017-03-10 14:04 -0700
          Re: Mac Malware Doc O'Leary  <droleary@2015usenet1.subsume.com> - 2017-03-10 23:24 +0000
            Re: Mac Malware dorayme <do_ray_me@bigpond.com> - 2017-03-11 13:35 +1100
          Re: Mac Malware Don Bruder <Don@sonic.net> - 2017-03-10 19:07 -0800
            Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-10 22:11 -0500
            Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-11 08:14 +0000
            Re: Mac Malware Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-11 11:27 +0000
            Re: Mac Malware Tim McNamara <timmcn@bitstream.net> - 2017-03-11 12:13 -0600
              Re: Mac Malware Don Bruder <Don@sonic.net> - 2017-03-11 18:16 -0800
              Re: Mac Malware befr@eaglesoft.de (Bernd Fröhlich) - 2017-03-13 09:42 +0100
          Re: Mac Malware Alan Browne <alan.browne@freelunchvideotron.ca> - 2017-03-11 11:38 -0500
        Re: Mac Malware Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-11 11:03 +0000
          Re: Mac Malware "David B." <DavidB@nomail.afraid.invalid> - 2017-03-11 11:46 +0000
            Re: Mac Malware Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-11 13:55 +0000
            Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-11 14:17 +0000
              Re: Mac Malware "David B." <DavidB@nomail.afraid.invalid> - 2017-03-12 08:51 +0000
            Re: Mac Malware Doc O'Leary  <droleary@2015usenet1.subsume.com> - 2017-03-11 17:58 +0000
              Re: Mac Malware Tim Streater <timstreater@greenbee.net> - 2017-03-11 18:10 +0000
                Re: Mac Malware Doc O'Leary  <droleary@2015usenet1.subsume.com> - 2017-03-12 14:36 +0000
                  Re: Mac Malware Davoud <star@sky.net> - 2017-03-12 11:34 -0400
                    Re: Mac Malware Doc O'Leary  <droleary@2015usenet1.subsume.com> - 2017-03-13 22:46 +0000
                      Re: Mac Malware Davoud <star@sky.net> - 2017-03-16 13:27 -0400
                        Re: Mac Malware Doc O'Leary  <droleary@2017usenet1.subsume.com> - 2017-03-16 19:46 +0000
          Re: Mac Malware John Albert <j.albert@snet.net> - 2017-03-11 23:14 -0500
            Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-11 23:31 -0500
              Re: Mac Malware John Albert <j.albert@snet.net> - 2017-03-12 23:18 -0400
                Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-12 23:20 -0400
            Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-12 14:16 +0000
              Re: Mac Malware dcohenspam@talktalk.net (Daniel Cohen) - 2017-03-14 09:48 +0000
                Re: Mac Malware dempson@actrix.gen.nz (David Empson) - 2017-03-15 01:21 +1300
                Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-14 15:19 +0000
                  Re: Mac Malware gtr <xxx@yyy.zzz> - 2017-03-14 15:01 -0700
                    Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-14 22:13 +0000
                      Re: Mac Malware gtr <xxx@yyy.zzz> - 2017-03-14 15:35 -0700
                        Re: Mac Malware gtr <xxx@yyy.zzz> - 2017-03-14 15:45 -0700
                          Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-15 00:16 +0000
                            Re: Mac Malware gtr <xxx@yyy.zzz> - 2017-03-15 10:55 -0700
                        Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-15 00:14 +0000
                          Re: Mac Malware gtr <xxx@yyy.zzz> - 2017-03-15 10:54 -0700
                Re: Mac Malware FPP <fredp151@gmail.com> - 2017-03-15 03:43 -0400
            Re: Mac Malware Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-12 16:14 +0000
              Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-12 16:34 +0000
                Re: Mac Malware Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-12 20:33 +0000
                  Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-12 22:26 +0000
                    Re: Mac Malware FPP <fredp151@gmail.com> - 2017-03-13 07:31 -0400
                  Re: Mac Malware dcohenspam@talktalk.net (Daniel Cohen) - 2017-03-15 08:31 +0000
                    Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-15 09:59 -0400
                      Re: Mac Malware dcohenspam@talktalk.net (Daniel Cohen) - 2017-03-16 08:59 +0000
                        Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-16 10:55 -0400
                          Re: Mac Malware dcohenspam@talktalk.net (Daniel Cohen) - 2017-03-16 22:08 +0000
                            Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-16 18:48 -0400
                              Re: Mac Malware dcohenspam@talktalk.net (Daniel Cohen) - 2017-03-21 18:57 +0000
                    Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-15 15:00 +0000
                      Re: Mac Malware dcohenspam@talktalk.net (Daniel Cohen) - 2017-03-16 08:59 +0000
                        Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-16 14:16 +0000
                          Re: Mac Malware dcohenspam@talktalk.net (Daniel Cohen) - 2017-03-16 22:08 +0000
                            Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-16 18:48 -0400
                              Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-16 23:33 +0000
                            Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-16 23:33 +0000
                              Re: Mac Malware dempson@actrix.gen.nz (David Empson) - 2017-03-17 13:56 +1300
                                Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-17 16:01 +0000
                                  Re: Mac Malware dempson@actrix.gen.nz (David Empson) - 2017-03-18 10:17 +1300
                                    Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-17 21:53 +0000
                                    Re: Mac Malware Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-18 14:46 +0000
                                      Re: Mac Malware dempson@actrix.gen.nz (David Empson) - 2017-03-19 10:48 +1300
                                  Re: Mac Malware Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-18 14:23 +0000
                                    Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-18 11:17 -0400
                                      Re: Mac Malware Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-19 16:44 +0000
                                      Re: Mac Malware befr@eaglesoft.de (Bernd Fröhlich) - 2017-03-20 11:02 +0100
                          Re: Mac Malware Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-17 04:01 +0000
                            Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-17 15:30 +0000
                              Re: Mac Malware Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-18 14:10 +0000
                                Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-18 14:56 +0000
                                  Re: Mac Malware Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-19 16:43 +0000
                                    Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-19 16:57 +0000
                        Re: Mac Malware Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-17 03:59 +0000
                          Re: Mac Malware dcohenspam@talktalk.net (Daniel Cohen) - 2017-03-21 18:57 +0000
                            Re: Mac Malware nospam <nospam@nospam.invalid> - 2017-03-21 15:06 -0400
                              Re: Mac Malware dcohenspam@talktalk.net (Daniel Cohen) - 2017-03-23 07:51 +0000
                            Re: Mac Malware Jolly Roger <jollyroger@pobox.com> - 2017-03-21 20:42 +0000
                              Re: Mac Malware dcohenspam@talktalk.net (Daniel Cohen) - 2017-03-23 07:51 +0000
                            Re: Mac Malware Lewis <g.kreme@gmail.com.dontsendmecopies> - 2017-03-23 05:09 +0000
              Re: Mac Malware John Albert <j.albert@snet.net> - 2017-03-12 23:19 -0400

Page 2 of 8 — ← Prev page 1 [2] 3 4 5 6 7 8  Next page →

#102156

In article <DxAwA.144254$gG5.140098@fx08.fr7>, David B.
<DavidB@nomail.afraid.invalid> wrote:

> I've visited the Apple Communities site too. There, I get the distinct 
> impression that it is best NOT to use third-party AVs.

correct.

> If one doesn't have such a third-party program, how would anyone KNOW 
> they actually /had/ malware on their Apple machine, let alone have any 
> notion of how to remove same?!!!

even if one had a third party utility, there's no guarantee it will
find anything. malware is designed to avoid detection.

[toc] | [prev] | [next] | [standalone]

#102157

On 2017-03-10, David B. <DavidB@nomail.afraid.invalid> wrote:
>
> I've spent quite some time reviewing what is being discussed, but there 
> doesn't seem to be one overall consensus.

There definitely seems to be a consensus among all of the tech
professionals I know: almost none use anti-virus scanners on their Macs.

> I've visited the Apple Communities site too. There, I get the distinct 
> impression that it is best NOT to use third-party AVs.

The problem is Mac anti-virus utilities are notoriously buggy and
decrease both the stability and performance of the machine, and they
cannot protect you against zero-day exploits anyway. And more often than
not, they alert Mac users about Windows malware that won't run on Macs
anyway. It boils down to a whole lot of tax for very little gain in
practice.

> If one doesn't have such a third-party program, how would anyone KNOW 
> they actually /had/ malware on their Apple machine, let alone have any 
> notion of how to remove same?!!!

If MalwareBytes doesn't show anything, you are probably safe:

<https://www.malwarebytes.com>

KnockKnock will also show you things that are persistently installed on
your Mac:

<https://www.objective-see.com/products/knockknock.html>

Apple has included built-in malware protection features in macOS for
quite a while now, and keeps improving them. Combined with common sense
safe computing practices, there's little need for an anti-virus scanner
on a Mac.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#102189 — Knock-knock (Was: Re: Mac Malware)

In message <eig3gdFcsc7U1@mid.individual.net> Jolly Roger <jollyroger@pobox.com> wrote:
> KnockKnock will also show you things that are persistently installed on
> your Mac:

> <https://www.objective-see.com/products/knockknock.html>

Oh, now that is a nifty little tool.

-- 
"I don't care if Bill Gates is the world's biggest philanthropist. The
pain he has inflicted on the world in the past 20 years through lousy
products easily outweighs any good he has done.... Apple is as arrogant
as Microsoft but at least its stuff works as advertised" - Graem Philipson

[toc] | [prev] | [next] | [standalone]

#102198

On 2017-03-10 11:45, Jolly Roger wrote:

> KnockKnock will also show you things that are persistently installed on
> your Mac:
>
> <https://www.objective-see.com/products/knockknock.html>

Interesting.

Have you been using this?

Does it have a removal tool (I don't see it mentioned on that site)?


-- 
"If war is God's way of teaching Americans geography, then
recession is His way of teaching everyone a little economics."
   ..Raj Patel, The Value of Nothing.

[toc] | [prev] | [next] | [standalone]

#102199

On 2017-03-11, Alan Browne <alan.browne@freelunchvideotron.ca> wrote:
> On 2017-03-10 11:45, Jolly Roger wrote:
>
>> KnockKnock will also show you things that are persistently installed on
>> your Mac:
>>
>> <https://www.objective-see.com/products/knockknock.html>
>
> Interesting.
>
> Have you been using this?

Of course. It's handy and free.

> Does it have a removal tool (I don't see it mentioned on that site)?

Nope; it's strictly informational. It just reports the persistent
software it sees on the system and assigns a VirusTotal score to each
item.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#102201

On 2017-03-11 11:32, Jolly Roger wrote:
> On 2017-03-11, Alan Browne <alan.browne@freelunchvideotron.ca> wrote:
>> On 2017-03-10 11:45, Jolly Roger wrote:
>>
>>> KnockKnock will also show you things that are persistently installed on
>>> your Mac:
>>>
>>> <https://www.objective-see.com/products/knockknock.html>
>>
>> Interesting.
>>
>> Have you been using this?
>
> Of course. It's handy and free.
>
>> Does it have a removal tool (I don't see it mentioned on that site)?
>
> Nope; it's strictly informational. It just reports the persistent
> software it sees on the system and assigns a VirusTotal score to each
> item.
>

Thanks - downloading.

-- 
"If war is God's way of teaching Americans geography, then
recession is His way of teaching everyone a little economics."
   ..Raj Patel, The Value of Nothing.

[toc] | [prev] | [next] | [standalone]

#102159

On 3/10/17 9:31 AM, David B. wrote:
> On 09/03/2017 19:25, Fred Moore wrote:
>> On 3/8/17 3:44 a, David B. wrote:
>>> Would anyone like to discuss the material mentioned here?
>>>
>>> https://www.intego.com/mac-security-blog/month-in-review-apple-security-in-february-2017/
>>>
>>>
>>> Do YOU use any kind of AV product on your Apple device(s)?
>>
>> There is a current and useful thread going on on Macintouch right now
>> which may be of interest to you. Here is the beginning:
>>
>> <https://www.macintouch.com/forums/showthread.php?tid=161>
>>
>> Just scan through the posts to see whatever interests you about the
>> various AV products and approaches.
>
> Thank you so much for that, Fred. :-)
>
> I've spent quite some time reviewing what is being discussed, but there
> doesn't seem to be one overall consensus.
>
> I've visited the Apple Communities site too. There, I get the distinct
> impression that it is best NOT to use third-party AVs.
>
> If one doesn't have such a third-party program, how would anyone KNOW
> they actually /had/ malware on their Apple machine, let alone have any
> notion of how to remove same?!!!

Herein is the crux of your question.  If you don't look, how do you 
know?  And the corollary, how good is the tool you use to look with?  :-)

nospam is correct.  Using a third-party program may not find any issues. 
  But *not* using one or more *guarantees* you will not find anything.

I will stipulate to JR's statement about Apple professionals not using 
AV scanners.  But, professionals will not be the cause of problems in 
the normal course of the day.  It will be the home/casual user that will 
do the wrong thing and potentially cause someone problems.

In a previous malware thread, one poster said that any Windows malware 
that he/she accidentally passes along is not his problem, it's the next 
person's problem.  If that's someone I've been calling a friend, and 
this is the attitude towards me, then do I want that person as a friend?

+1 on JR's Malwarebyte's comment.

FWIW, JR's observation that Mac AV software has problems may be true. 
The vendors obviously won't have years of experience with Macs like they 
do with Windows.  But I'm also confident that the quality vendors will 
fix the bugs as time goes by.

Like most things in life, there's no perfect answer.  The best you can 
do is research, learn, then make the best choice for you.  Some will 
agree with your decision, some will oppose your decision.  But the 
bottom line is, it's your system, not theirs.


-- 
Ken
Mac OS X 10.11.6
Firefox 51.0.1  (64 bit)
Thunderbird 45.7.1
"My brain is like lightning, a quick flash
      and it's gone!"

[toc] | [prev] | [next] | [standalone]

#102160

In article <o9uqtb$jg7$1@news.albasani.net>, Ken Springer
<wordworks@greeleynet.com> wrote:

> > If one doesn't have such a third-party program, how would anyone KNOW
> > they actually /had/ malware on their Apple machine, let alone have any
> > notion of how to remove same?!!!
> 
> Herein is the crux of your question.  If you don't look, how do you 
> know?  And the corollary, how good is the tool you use to look with?  :-)
> 
> nospam is correct.  Using a third-party program may not find any issues. 
>   But *not* using one or more *guarantees* you will not find anything.

it also means that you are *more* vulnerable because anti-malware
utilities *must* hook into the lowest levels of the system (where
malware will attack) and if they don't get it exactly right, you're
worse off.

this is not theoretical either. it actually happens, and sadly, rather
frequently. 

for instance, someone who installed eset antivirus 6 *added* a vector
of attack:

<http://seclists.org/fulldisclosure/2017/Feb/68>
  Vulnerable versions of ESET Endpoint Antivirus 6 are statically
  linked with an outdated XML parsing library and do not perform 
  proper server authentication, allowing for remote unauthenticated
  attackers to perform arbitrary code execution as root on vulnerable
  clients.

going back a few years, there was a mac antivirus utility (i think
norton) which decided that the virtual memory swap files were malware
and quarantined them. needless to say, that did not end well. 

> I will stipulate to JR's statement about Apple professionals not using 
> AV scanners.  But, professionals will not be the cause of problems in 
> the normal course of the day.  It will be the home/casual user that will 
> do the wrong thing and potentially cause someone problems.

home/casual users aren't going to be downloading and installing sketchy
apps, overriding system defaults to do so, which means they're actually
*less* at risk than a 'pro user' who knows how (or thinks he does).

> In a previous malware thread, one poster said that any Windows malware 
> that he/she accidentally passes along is not his problem, it's the next 
> person's problem.  If that's someone I've been calling a friend, and 
> this is the attitude towards me, then do I want that person as a friend?

if you're going to dissolve a friendship over something as ridiculous
as that, then they weren't really a friend to begin with.

expecting other people to run antivirus apps on their systems to
protect you is utterly ridiculous. maybe you should insist that they
take antibiotics and megadoses of vitamins before visiting you, while
you're at it.

[toc] | [prev] | [next] | [standalone]

#102162

On 2017-03-10, nospam <nospam@nospam.invalid> wrote:
>
> for instance, someone who installed eset antivirus 6 *added* a vector
> of attack:
>
><http://seclists.org/fulldisclosure/2017/Feb/68>
>   Vulnerable versions of ESET Endpoint Antivirus 6 are statically
>   linked with an outdated XML parsing library and do not perform 
>   proper server authentication, allowing for remote unauthenticated
>   attackers to perform arbitrary code execution as root on vulnerable
>   clients.
>
> going back a few years, there was a mac antivirus utility (i think
> norton) which decided that the virtual memory swap files were malware
> and quarantined them. needless to say, that did not end well. 

I remember that! : )

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#102206

On 2017-03-10 14:27, Jolly Roger wrote:
> On 2017-03-10, nospam <nospam@nospam.invalid> wrote:
>>
>> for instance, someone who installed eset antivirus 6 *added* a vector
>> of attack:
>>
>> <http://seclists.org/fulldisclosure/2017/Feb/68>
>>   Vulnerable versions of ESET Endpoint Antivirus 6 are statically
>>   linked with an outdated XML parsing library and do not perform
>>   proper server authentication, allowing for remote unauthenticated
>>   attackers to perform arbitrary code execution as root on vulnerable
>>   clients.
>>
>> going back a few years, there was a mac antivirus utility (i think
>> norton) which decided that the virtual memory swap files were malware
>> and quarantined them. needless to say, that did not end well.
>
> I remember that! : )

I recall trying to remove Norton from a PC.  The removal "app" didn't do 
it so I received detailed instructions for regedit.  Took about 4 hours 
going through hundreds of reg keys and pruning.

Never again will I even look at a Norton product.

-- 
"If war is God's way of teaching Americans geography, then
recession is His way of teaching everyone a little economics."
   ..Raj Patel, The Value of Nothing.

[toc] | [prev] | [next] | [standalone]

#102207

On 2017-03-11, Alan Browne <alan.browne@freelunchvideotron.ca> wrote:
> On 2017-03-10 14:27, Jolly Roger wrote:
>> On 2017-03-10, nospam <nospam@nospam.invalid> wrote:
>>>
>>> for instance, someone who installed eset antivirus 6 *added* a vector
>>> of attack:
>>>
>>> <http://seclists.org/fulldisclosure/2017/Feb/68>
>>>   Vulnerable versions of ESET Endpoint Antivirus 6 are statically
>>>   linked with an outdated XML parsing library and do not perform
>>>   proper server authentication, allowing for remote unauthenticated
>>>   attackers to perform arbitrary code execution as root on vulnerable
>>>   clients.
>>>
>>> going back a few years, there was a mac antivirus utility (i think
>>> norton) which decided that the virtual memory swap files were malware
>>> and quarantined them. needless to say, that did not end well.
>>
>> I remember that! : )
>
> I recall trying to remove Norton from a PC.  The removal "app" didn't do 
> it so I received detailed instructions for regedit.  Took about 4 hours 
> going through hundreds of reg keys and pruning.

Good, old Microsoft. Just can't bring themselves to get rid of the
monstrosity that is the registry. Meanwhile, their customers suffer,
year after year. I'll take Apple's common-sense methods of keeping track
of application preferences and states over that *any* day. : )

> Never again will I even look at a Norton product.

Lots of Windows stuff is deprecated in my home. : )

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#102211

On 2017-03-11 15:05, Jolly Roger wrote:
> On 2017-03-11, Alan Browne <alan.browne@freelunchvideotron.ca> wrote:
>> On 2017-03-10 14:27, Jolly Roger wrote:
>>> On 2017-03-10, nospam <nospam@nospam.invalid> wrote:
>>>>
>>>> for instance, someone who installed eset antivirus 6 *added* a vector
>>>> of attack:
>>>>
>>>> <http://seclists.org/fulldisclosure/2017/Feb/68>
>>>>   Vulnerable versions of ESET Endpoint Antivirus 6 are statically
>>>>   linked with an outdated XML parsing library and do not perform
>>>>   proper server authentication, allowing for remote unauthenticated
>>>>   attackers to perform arbitrary code execution as root on vulnerable
>>>>   clients.
>>>>
>>>> going back a few years, there was a mac antivirus utility (i think
>>>> norton) which decided that the virtual memory swap files were malware
>>>> and quarantined them. needless to say, that did not end well.
>>>
>>> I remember that! : )
>>
>> I recall trying to remove Norton from a PC.  The removal "app" didn't do
>> it so I received detailed instructions for regedit.  Took about 4 hours
>> going through hundreds of reg keys and pruning.
>
> Good, old Microsoft. Just can't bring themselves to get rid of the
> monstrosity that is the registry. Meanwhile, their customers suffer,
> year after year. I'll take Apple's common-sense methods of keeping track
> of application preferences and states over that *any* day. : )

Plists?  Seems well thought out and logical to me.  Certainly modular.


>> Never again will I even look at a Norton product.
>
> Lots of Windows stuff is deprecated in my home. : )

I still have WinXP running in a VM on this mac in order to use a single 
old slide show app that is simple, clean and fast and suits my needs.

And again at work where I have an accounting program (that my accountant 
likes) in a Win7 VM.  I may dump that in 2018.  But I said the same 
about it for 2017... oh well.  Sunk cost and all that.

That said I use Mac Excel and Word on a daily and extensive basis. 
Powerpoint less so.  I consider them to be excellent products from MS 
(if you can forgive some of the cartoonishness).

-- 
"If war is God's way of teaching Americans geography, then
recession is His way of teaching everyone a little economics."
   ..Raj Patel, The Value of Nothing.

[toc] | [prev] | [next] | [standalone]

#102231

On 2017-03-11 20:05:11 +0000, Jolly Roger <jollyroger@pobox.com> said:

> On 2017-03-11, Alan Browne <alan.browne@freelunchvideotron.ca> wrote:
>> On 2017-03-10 14:27, Jolly Roger wrote:
>>> On 2017-03-10, nospam <nospam@nospam.invalid> wrote:
>>>> 
>>>> for instance, someone who installed eset antivirus 6 *added* a vector
>>>> of attack:
>>>> 
>>>> <http://seclists.org/fulldisclosure/2017/Feb/68>
>>>> Vulnerable versions of ESET Endpoint Antivirus 6 are statically
>>>> linked with an outdated XML parsing library and do not perform
>>>> proper server authentication, allowing for remote unauthenticated
>>>> attackers to perform arbitrary code execution as root on vulnerable
>>>> clients.
>>>> 
>>>> going back a few years, there was a mac antivirus utility (i think
>>>> norton) which decided that the virtual memory swap files were malware
>>>> and quarantined them. needless to say, that did not end well.
>>> 
>>> I remember that! : )
>> 
>> I recall trying to remove Norton from a PC.  The removal "app" didn't do
>> it so I received detailed instructions for regedit.  Took about 4 hours
>> going through hundreds of reg keys and pruning.
> 
> Good, old Microsoft. Just can't bring themselves to get rid of the
> monstrosity that is the registry. Meanwhile, their customers suffer,
> year after year. I'll take Apple's common-sense methods of keeping track
> of application preferences and states over that *any* day. : )
> 
>> Never again will I even look at a Norton product.
> 
> Lots of Windows stuff is deprecated in my home. : )

I use AppDelete.  Drop an application onto the icon, and it displays 
all the files associated with that application.
You can then deal with them as you like, within the app...

It isn't free... but that wasn't the chief concern. Identifying all the 
detritus that's left behind when deleting an app was.
-- 
White House: "Don't call it Trumpcare." 3-8-17
"How bad does something have to be, that Donald Trump doesn't want to 
put his name on it?"  -SNL 3-11-17

[toc] | [prev] | [next] | [standalone]

#102232

In article <oa4br1$fhs$1@dont-email.me>, FPP <fredp151@gmail.com> wrote:

> 
> I use AppDelete.  Drop an application onto the icon, and it displays 
> all the files associated with that application.
> You can then deal with them as you like, within the app...
> 
> It isn't free... but that wasn't the chief concern. Identifying all the 
> detritus that's left behind when deleting an app was.

none of it has any ill effect.

[toc] | [prev] | [next] | [standalone]

#102256

On 2017-03-12 20:55:44 +0000, nospam <nospam@nospam.invalid> said:

> In article <oa4br1$fhs$1@dont-email.me>, FPP <fredp151@gmail.com> wrote:
> 
>> 
>> I use AppDelete.  Drop an application onto the icon, and it displays
>> all the files associated with that application.
>> You can then deal with them as you like, within the app...
>> 
>> It isn't free... but that wasn't the chief concern. Identifying all the
>> detritus that's left behind when deleting an app was.
> 
> none of it has any ill effect.

Clutter is an ill effect.

On our work Mac, there was so much crap left behind we started having 
problems with slow downs and problems with restarts.

Turning on verbose mode showed us that there were some files leftover 
from an old Wacom tablet that kept hanging up the restart.

We cleaned out the old crap, and the restart problem went away.  I 
couldn't swear that was the problem with the slowdowns, but that seemed 
better, too.
-- 
White House: "Don't call it Trumpcare." 3-8-17
"How bad does something have to be, that Donald Trump doesn't want to 
put his name on it?"  -SNL 3-11-17

[toc] | [prev] | [next] | [standalone]

#102262

On 2017-03-13, FPP <fredp151@gmail.com> wrote:
> On 2017-03-12 20:55:44 +0000, nospam <nospam@nospam.invalid> said:
>
>> In article <oa4br1$fhs$1@dont-email.me>, FPP <fredp151@gmail.com> wrote:
>> 
>>> I use AppDelete.  Drop an application onto the icon, and it displays
>>> all the files associated with that application.
>>> You can then deal with them as you like, within the app...
>>> 
>>> It isn't free... but that wasn't the chief concern. Identifying all the
>>> detritus that's left behind when deleting an app was.
>> 
>> none of it has any ill effect.
>
> Clutter is an ill effect.
>
> On our work Mac, there was so much crap left behind we started having 
> problems with slow downs and problems with restarts.
>
> Turning on verbose mode showed us that there were some files leftover 
> from an old Wacom tablet that kept hanging up the restart.

So it wasn't that "so much crap" had been left behind by numerous apps;
it's that one piece of software for Wacom tablet drivers wasn't
completely removed. I get the attraction to utilities that go looking
for cruft to remove; but the fact is this problem you encountered is
easily avoided by following the removal instructions recommended by the
manufacturer of said software. If you always use the recommended removal
procedure, you won't have this issue. I'm living proof of this, BTW. : )

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

#102350

On 2017-03-13 14:42:08 +0000, Jolly Roger <jollyroger@pobox.com> said:

> On 2017-03-13, FPP <fredp151@gmail.com> wrote:
>> On 2017-03-12 20:55:44 +0000, nospam <nospam@nospam.invalid> said:
>> 
>>> In article <oa4br1$fhs$1@dont-email.me>, FPP <fredp151@gmail.com> wrote:
>>> 
>>>> I use AppDelete.  Drop an application onto the icon, and it displays
>>>> all the files associated with that application.
>>>> You can then deal with them as you like, within the app...
>>>> 
>>>> It isn't free... but that wasn't the chief concern. Identifying all the
>>>> detritus that's left behind when deleting an app was.
>>> 
>>> none of it has any ill effect.
>> 
>> Clutter is an ill effect.
>> 
>> On our work Mac, there was so much crap left behind we started having
>> problems with slow downs and problems with restarts.
>> 
>> Turning on verbose mode showed us that there were some files leftover
>> from an old Wacom tablet that kept hanging up the restart.
> 
> So it wasn't that "so much crap" had been left behind by numerous apps;
> it's that one piece of software for Wacom tablet drivers wasn't
> completely removed. I get the attraction to utilities that go looking
> for cruft to remove; but the fact is this problem you encountered is
> easily avoided by following the removal instructions recommended by the
> manufacturer of said software. If you always use the recommended removal
> procedure, you won't have this issue. I'm living proof of this, BTW. : )

Well, one piece for sure.  We cleaned out everything because we're in 
the business of printing, and not in the business of playing with 
computers.

We didn't even KNOW somebody had installed the Wacom software.  I have 
to assume it was done on an off-shift by someone who was using his 
tablet on his own time.

In work, our Macs are just tools... they're no different from a hammer, 
to my boss.  One of them still runs Snow Leopard, for fuck's sake!  We 
even have an old blue and white G3 that runs OS9 in "classic" mode - 
just so we can run an old version of Fontographer.

And before you ask, we only use it to make the .afm files our old 
Packaging software requires.  My supervisor isn't going to authorize 
spending another $400.00 just to make an .afm file a couple of times a 
year.
-- 
White House: "Don't call it Trumpcare." 3-8-17
"How bad does something have to be, that Donald Trump doesn't want to 
put his name on it?"  -SNL 3-11-17

[toc] | [prev] | [next] | [standalone]

#102359

In article <oaaqou$5m2$1@dont-email.me>, FPP <fredp151@gmail.com> wrote:

> > 
> > So it wasn't that "so much crap" had been left behind by numerous apps;
> > it's that one piece of software for Wacom tablet drivers wasn't
> > completely removed. I get the attraction to utilities that go looking
> > for cruft to remove; but the fact is this problem you encountered is
> > easily avoided by following the removal instructions recommended by the
> > manufacturer of said software. If you always use the recommended removal
> > procedure, you won't have this issue. I'm living proof of this, BTW. : )
> 
> Well, one piece for sure.  We cleaned out everything because we're in 
> the business of printing, and not in the business of playing with 
> computers.
> 
> We didn't even KNOW somebody had installed the Wacom software.  I have 
> to assume it was done on an off-shift by someone who was using his 
> tablet on his own time.

why did an off-shift employee have admin access, which gave him the
ability to install stuff?

[toc] | [prev] | [next] | [standalone]

#102409

On 2017-03-15 13:59:53 +0000, nospam <nospam@nospam.invalid> said:

> In article <oaaqou$5m2$1@dont-email.me>, FPP <fredp151@gmail.com> wrote:
> 
>>> 
>>> So it wasn't that "so much crap" had been left behind by numerous apps;
>>> it's that one piece of software for Wacom tablet drivers wasn't
>>> completely removed. I get the attraction to utilities that go looking
>>> for cruft to remove; but the fact is this problem you encountered is
>>> easily avoided by following the removal instructions recommended by the
>>> manufacturer of said software. If you always use the recommended removal
>>> procedure, you won't have this issue. I'm living proof of this, BTW. : )
>> 
>> Well, one piece for sure.  We cleaned out everything because we're in
>> the business of printing, and not in the business of playing with
>> computers.
>> 
>> We didn't even KNOW somebody had installed the Wacom software.  I have
>> to assume it was done on an off-shift by someone who was using his
>> tablet on his own time.
> 
> why did an off-shift employee have admin access, which gave him the
> ability to install stuff?

Because we're a 24 hour operation, and nobody wants to come back at 4 
in the morning to input a password to connect to a remote server.
-- 
White House: "Don't call it Trumpcare." 3-8-17
"How bad does something have to be, that Donald Trump doesn't want to 
put his name on it?"  -SNL 3-11-17

[toc] | [prev] | [next] | [standalone]

#102414

On 2017-03-16, FPP <fredp151@gmail.com> wrote:
> On 2017-03-15 13:59:53 +0000, nospam <nospam@nospam.invalid> said:
>
>> In article <oaaqou$5m2$1@dont-email.me>, FPP <fredp151@gmail.com> wrote:
>> 
>>>> 
>>>> So it wasn't that "so much crap" had been left behind by numerous apps;
>>>> it's that one piece of software for Wacom tablet drivers wasn't
>>>> completely removed. I get the attraction to utilities that go looking
>>>> for cruft to remove; but the fact is this problem you encountered is
>>>> easily avoided by following the removal instructions recommended by the
>>>> manufacturer of said software. If you always use the recommended removal
>>>> procedure, you won't have this issue. I'm living proof of this, BTW. : )
>>> 
>>> Well, one piece for sure.  We cleaned out everything because we're in
>>> the business of printing, and not in the business of playing with
>>> computers.
>>> 
>>> We didn't even KNOW somebody had installed the Wacom software.  I have
>>> to assume it was done on an off-shift by someone who was using his
>>> tablet on his own time.
>> 
>> why did an off-shift employee have admin access, which gave him the
>> ability to install stuff?
>
> Because we're a 24 hour operation, and nobody wants to come back at 4 
> in the morning to input a password to connect to a remote server.

Connecting to remote servers has absolutely nothing to do with whether
all employees have administrative rights. You sound confused.

-- 
E-mail sent to this address may be devoured by my ravenous SPAM filter.
I often ignore posts from Google. Use a real news client instead.

JR

[toc] | [prev] | [next] | [standalone]

Page 2 of 8 — ← Prev page 1 [2] 3 4 5 6 7 8  Next page →

Back to top | Article view | comp.sys.mac.system

csiph-web