Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.sys.mac.apps > #8946 > unrolled thread

Decent AV for Mac OS X

Started by*Hemidactylus* <ecphoric@hotmail.com>
First post2012-04-05 18:46 -0400
Last post2012-04-06 09:58 -0700
Articles 20 on this page of 47 — 18 participants

Back to article view | Back to comp.sys.mac.apps


Contents

  Decent AV for Mac OS X *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-05 18:46 -0400
    Re: Decent AV for Mac OS X Jolly Roger <jollyroger@pobox.com> - 2012-04-05 15:58 -0700
      Re: Decent AV for Mac OS X briang@panix.com (Brian Gordon) - 2012-04-05 23:01 +0000
        Re: Decent AV for Mac OS X HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-06 11:42 +1200
          Re: Decent AV for Mac OS X Warren Oates <warren.oates@gmail.com> - 2012-04-06 08:41 -0400
            Re: Decent AV for Mac OS X HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-07 10:30 +1200
              Re: Decent AV for Mac OS X Patty Winter <patty1@wintertime.com> - 2012-04-06 23:48 +0000
                Re: Decent AV for Mac OS X HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-07 12:46 +1200
              Re: Decent AV for Mac OS X dempson@actrix.gen.nz (David Empson) - 2012-04-07 12:28 +1200
                Re: Decent AV for Mac OS X Paul Sture <paul@sture.ch> - 2012-04-07 11:55 +0200
                  Re: Decent AV for Mac OS X Jolly Roger <jollyroger@pobox.com> - 2012-04-07 08:28 -0700
                Re: Decent AV for Mac OS X Patty Winter <patty1@wintertime.com> - 2012-04-07 17:09 +0000
                  Re: Decent AV for Mac OS X Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-07 14:19 -0400
        Re: Decent AV for Mac OS X jamiekg@wizardling.geek.nz (Jamie Kahn Genet) - 2012-04-06 14:58 +1200
          Re: Decent AV for Mac OS X *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-05 23:46 -0400
            Re: Decent AV for Mac OS X *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-06 00:10 -0400
          Re: Decent AV for Mac OS X Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-07 14:28 -0400
            Re: Decent AV for Mac OS X jamiekg@wizardling.geek.nz (Jamie Kahn Genet) - 2012-04-08 09:46 +1200
              Re: Decent AV for Mac OS X *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-07 18:33 -0400
                Re: Decent AV for Mac OS X Paul Sture <paul@sture.ch> - 2012-04-08 12:51 +0200
                  Re: Decent AV for Mac OS X Ant <ant@zimage.comANT> - 2012-04-08 06:41 -0700
                  Re: Decent AV for Mac OS X Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-08 14:00 -0400
                    Re: Decent AV for Mac OS X Paul Sture <paul@sture.ch> - 2012-04-09 08:35 +0200
                Re: Decent AV for Mac OS X Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-08 14:17 -0400
              Re: Decent AV for Mac OS X dempson@actrix.gen.nz (David Empson) - 2012-04-08 10:34 +1200
                Re: Decent AV for Mac OS X *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-07 19:08 -0400
                  Re: Decent AV for Mac OS X PhillipJones <pjones1@kimbanet.com> - 2012-04-07 22:11 -0400
                Re: Decent AV for Mac OS X Paul Sture <paul@sture.ch> - 2012-04-09 08:57 +0200
                  Re: Decent AV for Mac OS X Michelle Steiner <michelle@michelle.org> - 2012-04-09 08:23 -0700
                    Re: Decent AV for Mac OS X Paul Sture <paul@sture.ch> - 2012-04-10 09:30 +0200
                      Re: Decent AV for Mac OS X HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-11 09:22 +1200
                        Re: Decent AV for Mac OS X jamiekg@wizardling.geek.nz (Jamie Kahn Genet) - 2012-04-11 10:03 +1200
                        Re: Decent AV for Mac OS X dorayme <dorayme@optusnet.com.au> - 2012-04-11 08:16 +1000
                          Re: Decent AV for Mac OS X HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-11 13:18 +1200
                            Re: Decent AV for Mac OS X dorayme <dorayme@optusnet.com.au> - 2012-04-11 12:24 +1000
              Re: Decent AV for Mac OS X Paul Sture <paul@sture.ch> - 2012-04-08 12:45 +0200
                Re: Decent AV for Mac OS X "Geoffrey S. Mendelson" <gsm@mendelson.com> - 2012-04-08 11:49 +0000
                Re: Decent AV for Mac OS X jamiekg@wizardling.geek.nz (Jamie Kahn Genet) - 2012-04-09 11:36 +1200
              Re: Decent AV for Mac OS X Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-08 13:53 -0400
                Re: Decent AV for Mac OS X Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-08 14:02 -0400
                  Re: Decent AV for Mac OS X Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-08 14:19 -0400
                    Re: Decent AV for Mac OS X Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-08 14:50 -0400
                      Re: Decent AV for Mac OS X Steve Thompson <smt@vgersoft.com> - 2012-04-08 14:59 -0400
                        Re: Decent AV for Mac OS X Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-08 15:18 -0400
                        Re: Decent AV for Mac OS X Paul Sture <paul@sture.ch> - 2012-04-09 09:02 +0200
    Re: Decent AV for Mac OS X Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-05 19:56 -0400
    Re: Decent AV for Mac OS X "Mr. Strat" <rag@nospam.techline.com> - 2012-04-06 09:58 -0700

Page 2 of 3 — ← Prev page 1 [2] 3  Next page →


#9080

FromAnt <ant@zimage.comANT>
Date2012-04-08 06:41 -0700
Message-ID<XsmdndYNoY47CBzSnZ2dnUVZ_qydnZ2d@earthlink.com>
In reply to#9071
On 4/8/2012 3:51 AM PT, Paul Sture typed:

>> [flamebait] One thing Mac OS X really needs is a registry [/flamebait]
>
> LOL!  The idea of having things like program settings in a central
> location could have been a good idea when compared to the gazillions
> of .INI files which used to be scattered around a Windows system.

I hate registry. I'd rather have a bunch of pure INI/configuration text 
files.
-- 
"He who cannot pick up an ant, and wants to pick up an elephant will 
some day see his folly." --African
    /\___/\         Ant(Dude) @ http://antfarm.ma.cx (Personal Web Site)
   / /\ /\ \                Ant's Quality Foraged Links: http://aqfl.net
  | |o   o| |
     \ _ /        If crediting, then use Ant nickname and AQFL URL/link.
      ( )         If e-mailing, then axe ANT from its address if needed.
Ant is currently not listening to any songs on this computer.

[toc] | [prev] | [next] | [standalone]


#9085

FromWes Groleau <Groleau+news@FreeShell.org>
Date2012-04-08 14:00 -0400
Message-ID<jlsjn2$c97$1@dont-email.me>
In reply to#9071
On 04-08-2012 06:51, Paul Sture wrote:
> LOL!  The idea of having things like program settings in a central
> location could have been a good idea when compared to the gazillions
> of .INI files which used to be scattered around a Windows system.

Which have now been reduced to zillions.
And which are understandable with notepad

-- 
Wes Groleau

   Pat's Polemics
   http://Ideas.Lang-Learn.us/barrett

[toc] | [prev] | [next] | [standalone]


#9097

FromPaul Sture <paul@sture.ch>
Date2012-04-09 08:35 +0200
Message-ID<bica59-9l7.ln1@news.sture.ch>
In reply to#9085
On Sun, 08 Apr 2012 14:00:02 -0400, Wes Groleau wrote:

> On 04-08-2012 06:51, Paul Sture wrote:
>> LOL!  The idea of having things like program settings in a central
>> location could have been a good idea when compared to the gazillions of
>> .INI files which used to be scattered around a Windows system.
> 
> Which have now been reduced to zillions. And which are understandable
> with notepad

Which means you can search them by both filename and content.

I recall someone doing an analysis of the Registry editor code back in 
1997 and concluding that it was a bloated mess, with large chunks of code 
copied from some other program which were never used.

The position today is that for some combination of installation and
software update, possibly one of the Service Packs, I saw something
like 100,000 registry updates tick past during a reboot.  That
has _got_ to be a serious maintentance problem whichever way you
look at it.

-- 
Paul Sture

[toc] | [prev] | [next] | [standalone]


#9087

FromAlan Browne <alan.browne@FreelunchVideotron.ca>
Date2012-04-08 14:17 -0400
Message-ID<C_qdnbdgVsWuSxzSnZ2dnUVZ_tydnZ2d@giganews.com>
In reply to#9058
On 2012-04-07 18:33 , *Hemidactylus* wrote:
> On 04/07/2012 05:46 PM, Jamie Kahn Genet wrote:
>> Alan Browne<alan.browne@FreelunchVideotron.ca> wrote:
>>
>>> On 2012-04-05 22:58 , Jamie Kahn Genet wrote:
>>>> Brian Gordon<briang@panix.com> wrote:
>>>>
>>>>> In article<jollyroger-B30D29.15580505042012@news.individual.net>,
>>>>> Jolly Roger<jollyroger@pobox.com> wrote:
>>>>>> In article<h7KdnRHJ_uhMvePSnZ2dnUVZ_jSdnZ2d@giganews.com>,
>>>>>> *Hemidactylus*<ecphoric@hotmail.com> wrote:
>>>>>>
>>>>>>> [crossposted to comp.sys.mac.system and comp.sys.mac.apps)
>>>>>>>
>>>>>>> After reading about the Flashback thingy I wondered if I should look
>>>>>>> into some sort of AV for my MacMini (using Lion). I read
>>>>>>> something on
>>>>>>> Forbes online recently that suggested Sophos for Mac, but since my
>>>>>>> experience level with Mac is low, I would prefer to hear some
>>>>>>> feedback
>>>>>>> from the old-timers.
>>>>>>>
>>>>>>> http://www.forbes.com/sites/adriankingsleyhughes/2012/04/05/why-you-sho
>>>>>>>
>>>>>>> uld-ins tall-antivirus-on-your-mac/
>>>>>>
>>>>>> Not needed.
>>>>>>
>>>>>> Waste of time and money.
>>>>>>
>>>>>
>>>>> For no cost and very little time, look at ClamXav. Free and well
>>>>> maintained.
>>>>
>>>> It's a free and easy way to slow your Mac down, sure :-)
>>>
>>> AV s/w doesn't slow down machines much at all. They check for viruses
>>> on file load and then the program runs as always. Load time impact is
>>> in the single digits (percent).
>>>
>>> The only instance where they do slow a machine down is when doing "all
>>> file" sweeps. On my PC's I do that every 3 months or so overnight.
>>>
>>> I don't use AV on the Mac (except under WinXP/Fusion when it's running).
>>
>> I've used many AV programs in Windows and while you're right - most of
>> the slowdown is when opening files and apps, as well as system startup,
>> I find those slowdowns to be particularly noticeable. Running a
>> background scan actually has less overall impact on performance for my
>> work. YMMV :-)
>>
>> Anyway - all a Mac user need do in this situation is either run software
>> update or disable Java in his web browser and other apps like email and
>> RSS reader (in the unlikely event they're daft enough to enable Java in
>> them in the first place - the good ones never have by default, and even
>> some web browsers such as Camino don't by default). Running an AV app is
>> overkill IMO.
>
> But Mac users miss out on the fun that Windows users have running an AV
> scan that mostly finds tracking cookies, then a anti-malware scan so
> powerful that it sometimes turns up false positives on registry keys
> that could do funny things to your system if deleted. Between both scans
> time taken 1-1.5 hours. It's kinda like a video game really.
>
> And it's cool to use the free-versions that nag you to upgrade to the
> paid version.
>
> [flamebait] One thing Mac OS X really needs is a registry [/flamebait]

Pretty poor bait.  MS really screwed up with that.  It appeared after 
Win 3.1 (IIRC) which was really a simple system (that worked, mostly) on 
top of DOS.  Windows got hopelessly (and needlessly) complex once the 
registry was added.

For some reason it wasn't clear to the idiots at MS that the file 
structure under System was more than adequate management for program 
setting storage.  It would have been okay for Windows to provide methods 
(editors and system calls) to view/modify settings - but they should 
have been located with the applications.  May have needed a parallel 
structure for user accounts on a given machine.

I recall removing Norton (or McAfee) AV from a machine and that required 
several hours of hunting down settings in the registry.

-- 
"I was gratified to be able to answer promptly, and I did.
  I said I didn't know."
                           -Samuel Clemens.

[toc] | [prev] | [next] | [standalone]


#9059

Fromdempson@actrix.gen.nz (David Empson)
Date2012-04-08 10:34 +1200
Message-ID<1ki8a3z.1g3qfb3otloiuN%dempson@actrix.gen.nz>
In reply to#9056
Jamie Kahn Genet <jamiekg@wizardling.geek.nz> wrote:

> Alan Browne <alan.browne@FreelunchVideotron.ca> wrote:
> 
> > On 2012-04-05 22:58 , Jamie Kahn Genet wrote:
> > > Brian Gordon<briang@panix.com>  wrote:
> > >
> > >> In article<jollyroger-B30D29.15580505042012@news.individual.net>,
> > >> Jolly Roger<jollyroger@pobox.com>  wrote:
> > >>> In article<h7KdnRHJ_uhMvePSnZ2dnUVZ_jSdnZ2d@giganews.com>,
> > >>> *Hemidactylus*<ecphoric@hotmail.com>  wrote:
> > >>>
> > >>>> [crossposted to comp.sys.mac.system and comp.sys.mac.apps)
> > >>>>
> > >>>> After reading about the Flashback thingy I wondered if I should look
> > >>>> into some sort of AV for my MacMini (using Lion). I read something on
> > >>>> Forbes online recently that suggested Sophos for Mac, but since my
> > >>>> experience level with Mac is low, I would prefer to hear some feedback
> > >>>> from the old-timers.
> > >>>>
> > >>>> http://www.forbes.com/sites/adriankingsleyhughes/2012/04/05/why-you-sho
> > >>>> uld-ins tall-antivirus-on-your-mac/
> > >>>
> > >>> Not needed.
> > >>>
> > >>> Waste of time and money.
> > >>>
> > >>
> > >> For no cost and very little time, look at ClamXav.  Free and well
> > >>maintained.
> > >
> > > It's a free and easy way to slow your Mac down, sure :-)
> > 
> > AV s/w doesn't slow down machines much at all.  They check for viruses
> > on file load and then the program runs as always.  Load time impact is
> > in the single digits (percent).
> > 
> > The only instance where they do slow a machine down is when doing "all
> > file" sweeps.  On my PC's I do that every 3 months or so overnight.
> > 
> > I don't use AV on the Mac (except under WinXP/Fusion when it's running).
> 
> I've used many AV programs in Windows and while you're right - most of
> the slowdown is when opening files and apps, as well as system startup,
> I find those slowdowns to be particularly noticeable. Running a
> background scan actually has less overall impact on performance for my
> work. YMMV :-)
> 
> Anyway - all a Mac user need do in this situation is either run software
> update or disable Java in his web browser and other apps like email and
> RSS reader (in the unlikely event they're daft enough to enable Java in
> them in the first place - the good ones never have by default, and even
> some web browsers such as Camino don't by default). Running an AV app is
> overkill IMO.

That will only prevent future infection. If the computer had already
acquired the Flashback trojan, something would be needed to detect and
remove it.

Apple's Xprotect mechanism might be able to catch it, but having a look
through the current definitions, it is only looking for Flashback A, B
and C variants, not the one that exploits the Java vulnerability
(Flashback K). I suspect that at least part of this trojan cannot be
intercepted by Xprotect because it loads alongside other applications as
a dynamic library, rather than being a malicious application you run
directly. I've also seen mention that some Flashback variants disable
Xprotect.

This appears to be a case where running a full scan with an anti-virus
is a good idea.

The most important point is to get the Java updated installed, to block
future infection. Lion users only need to worry about this if they have
installed Java, since it is not installed by default.

Those on Leopard and earlier systems should seriously consider disabling
Java completely (using Java Preferences), and certainly disable it in
their web browser.

-- 
David Empson
dempson@actrix.gen.nz

[toc] | [prev] | [next] | [standalone]


#9060

From*Hemidactylus* <ecphoric@hotmail.com>
Date2012-04-07 19:08 -0400
Message-ID<EuSdnbt7Q992VR3SnZ2dnUVZ_rydnZ2d@giganews.com>
In reply to#9059
On 04/07/2012 06:34 PM, David Empson wrote:
> Jamie Kahn Genet<jamiekg@wizardling.geek.nz>  wrote:
>
>> Alan Browne<alan.browne@FreelunchVideotron.ca>  wrote:
>>
>>> On 2012-04-05 22:58 , Jamie Kahn Genet wrote:
>>>> Brian Gordon<briang@panix.com>   wrote:
>>>>
>>>>> In article<jollyroger-B30D29.15580505042012@news.individual.net>,
>>>>> Jolly Roger<jollyroger@pobox.com>   wrote:
>>>>>> In article<h7KdnRHJ_uhMvePSnZ2dnUVZ_jSdnZ2d@giganews.com>,
>>>>>> *Hemidactylus*<ecphoric@hotmail.com>   wrote:
>>>>>>
>>>>>>> [crossposted to comp.sys.mac.system and comp.sys.mac.apps)
>>>>>>>
>>>>>>> After reading about the Flashback thingy I wondered if I should look
>>>>>>> into some sort of AV for my MacMini (using Lion). I read something on
>>>>>>> Forbes online recently that suggested Sophos for Mac, but since my
>>>>>>> experience level with Mac is low, I would prefer to hear some feedback
>>>>>>> from the old-timers.
>>>>>>>
>>>>>>> http://www.forbes.com/sites/adriankingsleyhughes/2012/04/05/why-you-sho
>>>>>>> uld-ins tall-antivirus-on-your-mac/
>>>>>>
>>>>>> Not needed.
>>>>>>
>>>>>> Waste of time and money.
>>>>>>
>>>>>
>>>>> For no cost and very little time, look at ClamXav.  Free and well
>>>>> maintained.
>>>>
>>>> It's a free and easy way to slow your Mac down, sure :-)
>>>
>>> AV s/w doesn't slow down machines much at all.  They check for viruses
>>> on file load and then the program runs as always.  Load time impact is
>>> in the single digits (percent).
>>>
>>> The only instance where they do slow a machine down is when doing "all
>>> file" sweeps.  On my PC's I do that every 3 months or so overnight.
>>>
>>> I don't use AV on the Mac (except under WinXP/Fusion when it's running).
>>
>> I've used many AV programs in Windows and while you're right - most of
>> the slowdown is when opening files and apps, as well as system startup,
>> I find those slowdowns to be particularly noticeable. Running a
>> background scan actually has less overall impact on performance for my
>> work. YMMV :-)
>>
>> Anyway - all a Mac user need do in this situation is either run software
>> update or disable Java in his web browser and other apps like email and
>> RSS reader (in the unlikely event they're daft enough to enable Java in
>> them in the first place - the good ones never have by default, and even
>> some web browsers such as Camino don't by default). Running an AV app is
>> overkill IMO.
>
> That will only prevent future infection. If the computer had already
> acquired the Flashback trojan, something would be needed to detect and
> remove it.
>
> Apple's Xprotect mechanism might be able to catch it, but having a look
> through the current definitions, it is only looking for Flashback A, B
> and C variants, not the one that exploits the Java vulnerability
> (Flashback K). I suspect that at least part of this trojan cannot be
> intercepted by Xprotect because it loads alongside other applications as
> a dynamic library, rather than being a malicious application you run
> directly. I've also seen mention that some Flashback variants disable
> Xprotect.
>
> This appears to be a case where running a full scan with an anti-virus
> is a good idea.
>
> The most important point is to get the Java updated installed, to block
> future infection. Lion users only need to worry about this if they have
> installed Java, since it is not installed by default.
>
> Those on Leopard and earlier systems should seriously consider disabling
> Java completely (using Java Preferences), and certainly disable it in
> their web browser.

I have Lion, thus no Java, yet my Safari security preference has Enable 
Java checked. I unchecked it for good measure, but wonder if that was 
necessary.


-- 
*Hemidactylus*

[toc] | [prev] | [next] | [standalone]


#9063

FromPhillipJones <pjones1@kimbanet.com>
Date2012-04-07 22:11 -0400
Message-ID<jlqs48$fci$1@news.albasani.net>
In reply to#9060
*Hemidactylus* wrote:
> On 04/07/2012 06:34 PM, David Empson wrote:
>> Jamie Kahn Genet<jamiekg@wizardling.geek.nz> wrote:
>>
>>> Alan Browne<alan.browne@FreelunchVideotron.ca> wrote:
>>>
>>>> On 2012-04-05 22:58 , Jamie Kahn Genet wrote:
>>>>> Brian Gordon<briang@panix.com> wrote:
>>>>>
>>>>>> In article<jollyroger-B30D29.15580505042012@news.individual.net>,
>>>>>> Jolly Roger<jollyroger@pobox.com> wrote:
>>>>>>> In article<h7KdnRHJ_uhMvePSnZ2dnUVZ_jSdnZ2d@giganews.com>,
>>>>>>> *Hemidactylus*<ecphoric@hotmail.com> wrote:
>>>>>>>
>>>>>>>> [crossposted to comp.sys.mac.system and comp.sys.mac.apps)
>>>>>>>>
>>>>>>>> After reading about the Flashback thingy I wondered if I should
>>>>>>>> look
>>>>>>>> into some sort of AV for my MacMini (using Lion). I read
>>>>>>>> something on
>>>>>>>> Forbes online recently that suggested Sophos for Mac, but since my
>>>>>>>> experience level with Mac is low, I would prefer to hear some
>>>>>>>> feedback
>>>>>>>> from the old-timers.
>>>>>>>>
>>>>>>>> http://www.forbes.com/sites/adriankingsleyhughes/2012/04/05/why-you-sho
>>>>>>>>
>>>>>>>> uld-ins tall-antivirus-on-your-mac/
>>>>>>>
>>>>>>> Not needed.
>>>>>>>
>>>>>>> Waste of time and money.
>>>>>>>
>>>>>>
>>>>>> For no cost and very little time, look at ClamXav. Free and well
>>>>>> maintained.
>>>>>
>>>>> It's a free and easy way to slow your Mac down, sure :-)
>>>>
>>>> AV s/w doesn't slow down machines much at all. They check for viruses
>>>> on file load and then the program runs as always. Load time impact is
>>>> in the single digits (percent).
>>>>
>>>> The only instance where they do slow a machine down is when doing "all
>>>> file" sweeps. On my PC's I do that every 3 months or so overnight.
>>>>
>>>> I don't use AV on the Mac (except under WinXP/Fusion when it's
>>>> running).
>>>
>>> I've used many AV programs in Windows and while you're right - most of
>>> the slowdown is when opening files and apps, as well as system startup,
>>> I find those slowdowns to be particularly noticeable. Running a
>>> background scan actually has less overall impact on performance for my
>>> work. YMMV :-)
>>>
>>> Anyway - all a Mac user need do in this situation is either run software
>>> update or disable Java in his web browser and other apps like email and
>>> RSS reader (in the unlikely event they're daft enough to enable Java in
>>> them in the first place - the good ones never have by default, and even
>>> some web browsers such as Camino don't by default). Running an AV app is
>>> overkill IMO.
>>
>> That will only prevent future infection. If the computer had already
>> acquired the Flashback trojan, something would be needed to detect and
>> remove it.
>>
>> Apple's Xprotect mechanism might be able to catch it, but having a look
>> through the current definitions, it is only looking for Flashback A, B
>> and C variants, not the one that exploits the Java vulnerability
>> (Flashback K). I suspect that at least part of this trojan cannot be
>> intercepted by Xprotect because it loads alongside other applications as
>> a dynamic library, rather than being a malicious application you run
>> directly. I've also seen mention that some Flashback variants disable
>> Xprotect.
>>
>> This appears to be a case where running a full scan with an anti-virus
>> is a good idea.
>>
>> The most important point is to get the Java updated installed, to block
>> future infection. Lion users only need to worry about this if they have
>> installed Java, since it is not installed by default.
>>
>> Those on Leopard and earlier systems should seriously consider disabling
>> Java completely (using Java Preferences), and certainly disable it in
>> their web browser.
>
> I have Lion, thus no Java, yet my Safari security preference has Enable
> Java checked. I unchecked it for good measure, but wonder if that was
> necessary.
>
>
Actually when you run installer and choose custom install you can 
install Java and the system will maintain it.  But java is not 
installed. and the first time it required it will be installed.

[toc] | [prev] | [next] | [standalone]


#9098

FromPaul Sture <paul@sture.ch>
Date2012-04-09 08:57 +0200
Message-ID<orda59-9l7.ln1@news.sture.ch>
In reply to#9059
On Sun, 08 Apr 2012 10:34:57 +1200, David Empson wrote:

> Jamie Kahn Genet <jamiekg@wizardling.geek.nz> wrote:
> 
>> Anyway - all a Mac user need do in this situation is either run
>> software update or disable Java in his web browser and other apps like
>> email and RSS reader (in the unlikely event they're daft enough to
>> enable Java in them in the first place - the good ones never have by
>> default, and even some web browsers such as Camino don't by default).
>> Running an AV app is overkill IMO.
> 
> That will only prevent future infection. If the computer had already
> acquired the Flashback trojan, something would be needed to detect and
> remove it.
> 
> Apple's Xprotect mechanism might be able to catch it, but having a look
> through the current definitions, it is only looking for Flashback A, B
> and C variants, not the one that exploits the Java vulnerability
> (Flashback K). I suspect that at least part of this trojan cannot be
> intercepted by Xprotect because it loads alongside other applications as
> a dynamic library, rather than being a malicious application you run
> directly. I've also seen mention that some Flashback variants disable
> Xprotect.
> 
> This appears to be a case where running a full scan with an anti-virus
> is a good idea.
> 
> The most important point is to get the Java updated installed, to block
> future infection. Lion users only need to worry about this if they have
> installed Java, since it is not installed by default.
> 
> Those on Leopard and earlier systems should seriously consider disabling
> Java completely (using Java Preferences), and certainly disable it in
> their web browser.

I'll go further and say that for Lion where Java is optional:

o - If you don't need Java, then don't install it.
o . If you have already installed Java, consider removing it.

From February 2011:

"Oracle gives 21 (new) reasons to uninstall Java

Oracle this week pushed an updated version of its Java runtime 
environment that fixes 21 security vulnerabilities, 19 of which allow 
attackers to remotely install malicious software on end-user machines.

...

Bootnote

No, OpenOffice does not require Java. Per the official OpenOffice Wiki, 
Java is required merely to complete OpenOffice. Most OpenOffice functions 
work just fine on machines that don't have Java installed."

<http://www.theregister.co.uk/2011/02/17/java_security_threat/>

From the OpenOffice site:

<http://wiki.services.openoffice.org/wiki/Java_and_OpenOffice.org>

"Java is required for complete OpenOffice.org functionality. Java is 
mainly required to use the new embedded Java technology based HSQLDB 
database engine, or to make use of accessibility and assistive 
technologies. If you do not require database tables or accessibility 
integration or some wizards, then you do not need to download and install 
Java. Base (the database component) for example completely relies on Java 
technologies to run, but other programs (like Writer, Calc, and Impress) 
only need Java for special functionality (see below). "

And from the LibreOffice Wiki:

<https://en.wikipedia.org/wiki/Libreoffice#Initial_release>

"Also underway is the reduction of Java dependency."

-- 
Paul Sture

[toc] | [prev] | [next] | [standalone]


#9102

FromMichelle Steiner <michelle@michelle.org>
Date2012-04-09 08:23 -0700
Message-ID<michelle-4CC481.08231309042012@news.eternal-september.org>
In reply to#9098
In article <orda59-9l7.ln1@news.sture.ch>, Paul Sture <paul@sture.ch> 
wrote:

> From February 2011:
> 
> "Oracle gives 21 (new) reasons to uninstall Java
> 
> Oracle this week pushed an updated version of its Java runtime 
> environment that fixes 21 security vulnerabilities, 19 of which allow 
> attackers to remotely install malicious software on end-user machines.

That sounds like 21 reasons were removed.

-- 
Tea Party Patriots is to Patriotism as 
People's Democratic Republic is to Democracy.

[toc] | [prev] | [next] | [standalone]


#9118

FromPaul Sture <paul@sture.ch>
Date2012-04-10 09:30 +0200
Message-ID<b54d59-1qe.ln1@news.sture.ch>
In reply to#9102
On Mon, 09 Apr 2012 08:23:13 -0700, Michelle Steiner wrote:

> In article <orda59-9l7.ln1@news.sture.ch>, Paul Sture <paul@sture.ch>
> wrote:
> 
>> From February 2011:
>> 
>> "Oracle gives 21 (new) reasons to uninstall Java
>> 
>> Oracle this week pushed an updated version of its Java runtime
>> environment that fixes 21 security vulnerabilities, 19 of which allow
>> attackers to remotely install malicious software on end-user machines.
> 
> That sounds like 21 reasons were removed.

Yes, but this was at a time when Java and Adobe Flash were consistently 
the top of the charts of products with security flaws.

-- 
Paul Sture

[toc] | [prev] | [next] | [standalone]


#9126

FromHelpfulHarry@BusyWorking.com (Helpful Harry)
Date2012-04-11 09:22 +1200
Message-ID<HelpfulHarry-1104120922210001@203-118-187-188.dsl.dyn.ihug.co.nz>
In reply to#9118
For those who don't like tinkering in the Terminal, according to
MacRumors.com there's now an application you can run to check for the
supposed Flashback malware. https://github.com/jils/FlashbackChecker/wiki

It does NOT remove it, just tells you if the files are on your computer
... and I'd almost be willing to bet that nobody here finds anything.

Helpful Harry  :o)

[toc] | [prev] | [next] | [standalone]


#9128

Fromjamiekg@wizardling.geek.nz (Jamie Kahn Genet)
Date2012-04-11 10:03 +1200
Message-ID<1kidt35.1lhpksyvh1rlsN%jamiekg@wizardling.geek.nz>
In reply to#9126
Helpful Harry <HelpfulHarry@BusyWorking.com> wrote:

> For those who don't like tinkering in the Terminal, according to
> MacRumors.com there's now an application you can run to check for the
> supposed Flashback malware. https://github.com/jils/FlashbackChecker/wiki
> 
> It does NOT remove it, just tells you if the files are on your computer
> ... and I'd almost be willing to bet that nobody here finds anything.
> 
> Helpful Harry  :o)

Just for fun I checked manually and my Mac is not compromised. But it
wouldn't be as I already used browser, email and RSS clients that allow
disabling of Java/never allow it in the first place.
-- 
If you're not part of the solution, you're part of the precipitate.

[toc] | [prev] | [next] | [standalone]


#9129

Fromdorayme <dorayme@optusnet.com.au>
Date2012-04-11 08:16 +1000
Message-ID<dorayme-EBFFF0.08164711042012@news.albasani.net>
In reply to#9126
In article 
<HelpfulHarry-1104120922210001@203-118-187-188.dsl.dyn.ihug.co.nz>,
 HelpfulHarry@BusyWorking.com (Helpful Harry) wrote:

> For those who don't like tinkering in the Terminal, according to
> MacRumors.com there's now an application you can run to check for the
> supposed Flashback malware. https://github.com/jils/FlashbackChecker/wiki
> 
> It does NOT remove it, just tells you if the files are on your computer
> ... and I'd almost be willing to bet that nobody here finds anything.

How very cautious of you! I would promise to eat a hat.

-- 
dorayme

[toc] | [prev] | [next] | [standalone]


#9131

FromHelpfulHarry@BusyWorking.com (Helpful Harry)
Date2012-04-11 13:18 +1200
Message-ID<HelpfulHarry-1104121318450001@203-118-187-198.dsl.dyn.ihug.co.nz>
In reply to#9129
In article <dorayme-EBFFF0.08164711042012@news.albasani.net>, dorayme
<dorayme@optusnet.com.au> wrote:
> In article 
> <HelpfulHarry-1104120922210001@203-118-187-188.dsl.dyn.ihug.co.nz>,
>  HelpfulHarry@BusyWorking.com (Helpful Harry) wrote:
> > 
> > For those who don't like tinkering in the Terminal, according to
> > MacRumors.com there's now an application you can run to check for the
> > supposed Flashback malware. https://github.com/jils/FlashbackChecker/wiki
> > 
> > It does NOT remove it, just tells you if the files are on your computer
> > ... and I'd almost be willing to bet that nobody here finds anything.
> 
> How very cautious of you! I would promise to eat a hat.

It *IS* the Internet, so there's bound to be a few fools around who visit
pirate and porn websites and may well have infected their computer with
some malware or other, but then they get what they deserve really.

Helpful Harry  :o)

[toc] | [prev] | [next] | [standalone]


#9135

Fromdorayme <dorayme@optusnet.com.au>
Date2012-04-11 12:24 +1000
Message-ID<dorayme-ABE173.12243311042012@news.albasani.net>
In reply to#9131
In article 
<HelpfulHarry-1104121318450001@203-118-187-198.dsl.dyn.ihug.co.nz>,
 HelpfulHarry@BusyWorking.com (Helpful Harry) wrote:

> In article <dorayme-EBFFF0.08164711042012@news.albasani.net>, dorayme
> <dorayme@optusnet.com.au> wrote:
> > In article 
> > <HelpfulHarry-1104120922210001@203-118-187-188.dsl.dyn.ihug.co.nz>,
> >  HelpfulHarry@BusyWorking.com (Helpful Harry) wrote:
> > > 
> > > For those who don't like tinkering in the Terminal, according to
> > > MacRumors.com there's now an application you can run to check for the
> > > supposed Flashback malware. https://github.com/jils/FlashbackChecker/wiki
> > > 
> > > It does NOT remove it, just tells you if the files are on your computer
> > > ... and I'd almost be willing to bet that nobody here finds anything.
> > 
> > How very cautious of you! I would promise to eat a hat.
> 
> It *IS* the Internet, so there's bound to be a few fools around who visit
> pirate and porn websites and may well have infected their computer with
> some malware or other, but then they get what they deserve really.

Who "here" would remotely likely be reading about alternatives to 
Terminal yet who might "well have infected their computer". Even our 
resident sheep rooter who posts here (he reads "Lovely Sheep", a 
popular porn mag for sheepophiles ) is unlikely to. 

I say to your face, Mister - yes, I am looking at you and I am staring 
direct into your eyes - you should join me in offering to eat hats 
instead of taking your pussyfooting hesitant "almost" line.

-- 
dorayme

[toc] | [prev] | [next] | [standalone]


#9070

FromPaul Sture <paul@sture.ch>
Date2012-04-08 12:45 +0200
Message-ID<0r6859-fm1.ln1@news.sture.ch>
In reply to#9056
On Sun, 08 Apr 2012 09:46:20 +1200, Jamie Kahn Genet wrote:

> I've used many AV programs in Windows and while you're right - most of
> the slowdown is when opening files and apps, as well as system startup,
> I find those slowdowns to be particularly noticeable. Running a
> background scan actually has less overall impact on performance for my
> work. YMMV

I've seen reports that some AV programs are bloatware in their own right.

Startup is a particular pain.  Since I installed F-Secure on my XP system 
(free from my ISP so why not?), it takes so long to get to the point 
where the system is usable that I'll do something which involves walking 
away from my desk like grabbing a cup of coffee.

Boot the same system into Linux, and it's worth sitting in front of the 
system to start work.

-- 
Paul Sture

[toc] | [prev] | [next] | [standalone]


#9076

From"Geoffrey S. Mendelson" <gsm@mendelson.com>
Date2012-04-08 11:49 +0000
Message-ID<slrnjo2uj7.tiv.gsm@cable.mendelson.com>
In reply to#9070
Paul Sture wrote:

> Startup is a particular pain.  Since I installed F-Secure on my XP system 
> (free from my ISP so why not?), it takes so long to get to the point 
> where the system is usable that I'll do something which involves walking 
> away from my desk like grabbing a cup of coffee.

That's a configuration option. The default is to a scan of the registry,
boot blocks, windows and program files directories and probably a few more
at startup.

You can just turn it off, and boot will go back to normal.

As for F-Secure, I don't know much about it, but every time someone brings
me a computer to look at, I run the standalone bootable AVG and it finds
infected files the others have missed.

On friends computers, I ask first and then uninstall their old antivirus
and install the free AVG, on random computers brought to me by friend's
of friends I don't. 

Geoff.

-- 
Geoffrey S. Mendelson,  N3OWJ/4X1GM
My high blood pressure medicine reduces my midichlorian count. :-(

[toc] | [prev] | [next] | [standalone]


#9092

Fromjamiekg@wizardling.geek.nz (Jamie Kahn Genet)
Date2012-04-09 11:36 +1200
Message-ID<1kia7mi.rqku471dbz668N%jamiekg@wizardling.geek.nz>
In reply to#9070
Paul Sture <paul@sture.ch> wrote:

> On Sun, 08 Apr 2012 09:46:20 +1200, Jamie Kahn Genet wrote:
> 
> > I've used many AV programs in Windows and while you're right - most of
> > the slowdown is when opening files and apps, as well as system startup,
> > I find those slowdowns to be particularly noticeable. Running a
> > background scan actually has less overall impact on performance for my
> > work. YMMV
> 
> I've seen reports that some AV programs are bloatware in their own right.
> 
> Startup is a particular pain.  Since I installed F-Secure on my XP system
> (free from my ISP so why not?), it takes so long to get to the point 
> where the system is usable that I'll do something which involves walking
> away from my desk like grabbing a cup of coffee.
> 
> Boot the same system into Linux, and it's worth sitting in front of the
> system to start work.

Same here - booting into OSX, Linux or a BSD Unix takes less than a
minute. But booting into WinXP with AV takes SEVERAL minutes before it
becomes responsive. I should time it one day, but I've restarted into
WinXP, got up, walked to kitchen, made a milo (hot chocolate), heated it
in microwave for two minutes, and come back to my desk to find the
notification area of the taskbar still being populated, and the start
menu still not being immediately responsive.

That said the AV with the least system impact I ever used was Nod32 (it
was also the most unobtrusive and well designed IMO), but I longer pay
for AV given it's nothing more than an early warning system for
infection in Windows nowadays, and one can rarely ever be sure it's
cleaned an infection, if it's able to try in the first place. With
rootkits and the like it's easier and safer to just wipe the Windows
partition and restore from backup.
-- 
If you're not part of the solution, you're part of the precipitate.

[toc] | [prev] | [next] | [standalone]


#9082

FromAlan Browne <alan.browne@FreelunchVideotron.ca>
Date2012-04-08 13:53 -0400
Message-ID<Nq-dnehSFJ0-TRzSnZ2dnUVZ_qSdnZ2d@giganews.com>
In reply to#9056
On 2012-04-07 17:46 , Jamie Kahn Genet wrote:
> Alan Browne<alan.browne@FreelunchVideotron.ca>  wrote:
>
>> On 2012-04-05 22:58 , Jamie Kahn Genet wrote:
>>> Brian Gordon<briang@panix.com>   wrote:
>>>
>>>> In article<jollyroger-B30D29.15580505042012@news.individual.net>,
>>>> Jolly Roger<jollyroger@pobox.com>   wrote:
>>>>> In article<h7KdnRHJ_uhMvePSnZ2dnUVZ_jSdnZ2d@giganews.com>,
>>>>> *Hemidactylus*<ecphoric@hotmail.com>   wrote:
>>>>>
>>>>>> [crossposted to comp.sys.mac.system and comp.sys.mac.apps)
>>>>>>
>>>>>> After reading about the Flashback thingy I wondered if I should look
>>>>>> into some sort of AV for my MacMini (using Lion). I read something on
>>>>>> Forbes online recently that suggested Sophos for Mac, but since my
>>>>>> experience level with Mac is low, I would prefer to hear some feedback
>>>>>> from the old-timers.
>>>>>>
>>>>>> http://www.forbes.com/sites/adriankingsleyhughes/2012/04/05/why-you-sho
>>>>>> uld-ins tall-antivirus-on-your-mac/
>>>>>
>>>>> Not needed.
>>>>>
>>>>> Waste of time and money.
>>>>>
>>>>
>>>> For no cost and very little time, look at ClamXav.  Free and well
>>>> maintained.
>>>
>>> It's a free and easy way to slow your Mac down, sure :-)
>>
>> AV s/w doesn't slow down machines much at all.  They check for viruses
>> on file load and then the program runs as always.  Load time impact is
>> in the single digits (percent).
>>
>> The only instance where they do slow a machine down is when doing "all
>> file" sweeps.  On my PC's I do that every 3 months or so overnight.
>>
>> I don't use AV on the Mac (except under WinXP/Fusion when it's running).
>
> I've used many AV programs in Windows and while you're right - most of
> the slowdown is when opening files and apps, as well as system startup,
> I find those slowdowns to be particularly noticeable. Running a

They are usually single digit percent.  If you run windows, you are 
silly not to use them.  For really large apps (Photoshop), the impact on 
load is about 3 seconds on 50 (my old 2.4 GHz dual core AMD system).

> background scan actually has less overall impact on performance for my
> work. YMMV :-)

Significantly.  Along with everyone else and lab tests.

>
> Anyway - all a Mac user need do in this situation is either run software
> update or disable Java in his web browser and other apps like email and
> RSS reader (in the unlikely event they're daft enough to enable Java in
> them in the first place - the good ones never have by default, and even
> some web browsers such as Camino don't by default). Running an AV app is
> overkill IMO.

For Mac yes.  But at some point, if these attacks mount in number AV 
apps will be the best way to manage.  But they should be ground-up Mac 
apps and not adaptations of Windows AV apps.

I'd guess the day is at least 3 years off - OTOH, these things can 
snowball.  As hackers try more and more ways to attack Macs, they may 
stumble on more effective, difficult to guard against and difficult to 
remove strategies.  At that point AV apps will be the better management 
approach to them.

Wish it weren't so.

-- 
"I was gratified to be able to answer promptly, and I did.
  I said I didn't know."
                           -Samuel Clemens.

[toc] | [prev] | [next] | [standalone]


#9086

FromWes Groleau <Groleau+news@FreeShell.org>
Date2012-04-08 14:02 -0400
Message-ID<jlsjru$c97$2@dont-email.me>
In reply to#9082
On 04-08-2012 13:53, Alan Browne wrote:
> For Mac yes.  But at some point, if these attacks mount in number AV
> apps will be the best way to manage.  But they should be ground-up Mac
> apps and not adaptations of Windows AV apps.

and not _ground_up_ Windows apps?

-- 
Wes Groleau

   Pat's Polemics
   http://Ideas.Lang-Learn.us/barrett

[toc] | [prev] | [next] | [standalone]


Page 2 of 3 — ← Prev page 1 [2] 3  Next page →

Back to top | Article view | comp.sys.mac.apps


csiph-web