Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.sys.mac.system > #23339 > unrolled thread

Decent AV for Mac OS X

Started by*Hemidactylus* <ecphoric@hotmail.com>
First post2012-04-05 18:46 -0400
Last post2012-04-06 09:58 -0700
Articles 20 on this page of 47 — 18 participants

Back to article view | Back to comp.sys.mac.system


Contents

  Decent AV for Mac OS X *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-05 18:46 -0400
    Re: Decent AV for Mac OS X Jolly Roger <jollyroger@pobox.com> - 2012-04-05 15:58 -0700
      Re: Decent AV for Mac OS X briang@panix.com (Brian Gordon) - 2012-04-05 23:01 +0000
        Re: Decent AV for Mac OS X HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-06 11:42 +1200
          Re: Decent AV for Mac OS X Warren Oates <warren.oates@gmail.com> - 2012-04-06 08:41 -0400
            Re: Decent AV for Mac OS X HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-07 10:30 +1200
              Re: Decent AV for Mac OS X Patty Winter <patty1@wintertime.com> - 2012-04-06 23:48 +0000
                Re: Decent AV for Mac OS X HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-07 12:46 +1200
              Re: Decent AV for Mac OS X dempson@actrix.gen.nz (David Empson) - 2012-04-07 12:28 +1200
                Re: Decent AV for Mac OS X Paul Sture <paul@sture.ch> - 2012-04-07 11:55 +0200
                  Re: Decent AV for Mac OS X Jolly Roger <jollyroger@pobox.com> - 2012-04-07 08:28 -0700
                Re: Decent AV for Mac OS X Patty Winter <patty1@wintertime.com> - 2012-04-07 17:09 +0000
                  Re: Decent AV for Mac OS X Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-07 14:19 -0400
        Re: Decent AV for Mac OS X jamiekg@wizardling.geek.nz (Jamie Kahn Genet) - 2012-04-06 14:58 +1200
          Re: Decent AV for Mac OS X *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-05 23:46 -0400
            Re: Decent AV for Mac OS X *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-06 00:10 -0400
          Re: Decent AV for Mac OS X Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-07 14:28 -0400
            Re: Decent AV for Mac OS X jamiekg@wizardling.geek.nz (Jamie Kahn Genet) - 2012-04-08 09:46 +1200
              Re: Decent AV for Mac OS X *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-07 18:33 -0400
                Re: Decent AV for Mac OS X Paul Sture <paul@sture.ch> - 2012-04-08 12:51 +0200
                  Re: Decent AV for Mac OS X Ant <ant@zimage.comANT> - 2012-04-08 06:41 -0700
                  Re: Decent AV for Mac OS X Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-08 14:00 -0400
                    Re: Decent AV for Mac OS X Paul Sture <paul@sture.ch> - 2012-04-09 08:35 +0200
                Re: Decent AV for Mac OS X Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-08 14:17 -0400
              Re: Decent AV for Mac OS X dempson@actrix.gen.nz (David Empson) - 2012-04-08 10:34 +1200
                Re: Decent AV for Mac OS X *Hemidactylus* <ecphoric@hotmail.com> - 2012-04-07 19:08 -0400
                  Re: Decent AV for Mac OS X PhillipJones <pjones1@kimbanet.com> - 2012-04-07 22:11 -0400
                Re: Decent AV for Mac OS X Paul Sture <paul@sture.ch> - 2012-04-09 08:57 +0200
                  Re: Decent AV for Mac OS X Michelle Steiner <michelle@michelle.org> - 2012-04-09 08:23 -0700
                    Re: Decent AV for Mac OS X Paul Sture <paul@sture.ch> - 2012-04-10 09:30 +0200
                      Re: Decent AV for Mac OS X HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-11 09:22 +1200
                        Re: Decent AV for Mac OS X jamiekg@wizardling.geek.nz (Jamie Kahn Genet) - 2012-04-11 10:03 +1200
                        Re: Decent AV for Mac OS X dorayme <dorayme@optusnet.com.au> - 2012-04-11 08:16 +1000
                          Re: Decent AV for Mac OS X HelpfulHarry@BusyWorking.com (Helpful Harry) - 2012-04-11 13:18 +1200
                            Re: Decent AV for Mac OS X dorayme <dorayme@optusnet.com.au> - 2012-04-11 12:24 +1000
              Re: Decent AV for Mac OS X Paul Sture <paul@sture.ch> - 2012-04-08 12:45 +0200
                Re: Decent AV for Mac OS X "Geoffrey S. Mendelson" <gsm@mendelson.com> - 2012-04-08 11:49 +0000
                Re: Decent AV for Mac OS X jamiekg@wizardling.geek.nz (Jamie Kahn Genet) - 2012-04-09 11:36 +1200
              Re: Decent AV for Mac OS X Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-08 13:53 -0400
                Re: Decent AV for Mac OS X Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-08 14:02 -0400
                  Re: Decent AV for Mac OS X Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-08 14:19 -0400
                    Re: Decent AV for Mac OS X Wes Groleau <Groleau+news@FreeShell.org> - 2012-04-08 14:50 -0400
                      Re: Decent AV for Mac OS X Steve Thompson <smt@vgersoft.com> - 2012-04-08 14:59 -0400
                        Re: Decent AV for Mac OS X Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-08 15:18 -0400
                        Re: Decent AV for Mac OS X Paul Sture <paul@sture.ch> - 2012-04-09 09:02 +0200
    Re: Decent AV for Mac OS X Alan Browne <alan.browne@FreelunchVideotron.ca> - 2012-04-05 19:56 -0400
    Re: Decent AV for Mac OS X "Mr. Strat" <rag@nospam.techline.com> - 2012-04-06 09:58 -0700

Page 1 of 3  [1] 2 3  Next page →


#23339 — Decent AV for Mac OS X

From*Hemidactylus* <ecphoric@hotmail.com>
Date2012-04-05 18:46 -0400
SubjectDecent AV for Mac OS X
Message-ID<h7KdnRHJ_uhMvePSnZ2dnUVZ_jSdnZ2d@giganews.com>
[crossposted to comp.sys.mac.system and comp.sys.mac.apps)

After reading about the Flashback thingy I wondered if I should look 
into some sort of AV for my MacMini (using Lion). I read something on 
Forbes online recently that suggested Sophos for Mac, but since my 
experience level with Mac is low, I would prefer to hear some feedback 
from the old-timers.

http://www.forbes.com/sites/adriankingsleyhughes/2012/04/05/why-you-should-install-antivirus-on-your-mac/

-- 
*Hemidactylus*

[toc] | [next] | [standalone]


#23343

FromJolly Roger <jollyroger@pobox.com>
Date2012-04-05 15:58 -0700
Message-ID<jollyroger-B30D29.15580505042012@news.individual.net>
In reply to#23339
In article <h7KdnRHJ_uhMvePSnZ2dnUVZ_jSdnZ2d@giganews.com>,
 *Hemidactylus* <ecphoric@hotmail.com> wrote:

> [crossposted to comp.sys.mac.system and comp.sys.mac.apps)
> 
> After reading about the Flashback thingy I wondered if I should look 
> into some sort of AV for my MacMini (using Lion). I read something on 
> Forbes online recently that suggested Sophos for Mac, but since my 
> experience level with Mac is low, I would prefer to hear some feedback 
> from the old-timers.
> 
> http://www.forbes.com/sites/adriankingsleyhughes/2012/04/05/why-you-should-ins
> tall-antivirus-on-your-mac/

Not needed. 

Waste of time and money.

-- 
Send responses to the relevant news group rather than email to me.
E-mail sent to this address may be devoured by my very hungry SPAM
filter. Due to Google's refusal to prevent spammers from posting
messages through their servers, I often ignore posts from Google
Groups. Use a real news client if you want me to see your posts.

JR

[toc] | [prev] | [next] | [standalone]


#23344

Frombriang@panix.com (Brian Gordon)
Date2012-04-05 23:01 +0000
Message-ID<jll88v$8kk$1@reader1.panix.com>
In reply to#23343
In article <jollyroger-B30D29.15580505042012@news.individual.net>,
Jolly Roger  <jollyroger@pobox.com> wrote:
>In article <h7KdnRHJ_uhMvePSnZ2dnUVZ_jSdnZ2d@giganews.com>,
> *Hemidactylus* <ecphoric@hotmail.com> wrote:
>
>> [crossposted to comp.sys.mac.system and comp.sys.mac.apps)
>> 
>> After reading about the Flashback thingy I wondered if I should look 
>> into some sort of AV for my MacMini (using Lion). I read something on 
>> Forbes online recently that suggested Sophos for Mac, but since my 
>> experience level with Mac is low, I would prefer to hear some feedback 
>> from the old-timers.
>> 
>> http://www.forbes.com/sites/adriankingsleyhughes/2012/04/05/why-you-should-ins
>> tall-antivirus-on-your-mac/
>
>Not needed. 
>
>Waste of time and money.
>

For no cost and very little time, look at ClamXav.  Free and well maintained.


-- 
| Brian Gordon     -->briang@panix.com<--     brian dot gordon at cox dot net |
+ brianggordon@hotmail.com   Bass: Lexington "Main Street Harmonizers" chorus +
|                   Singing Valentines 803.339.9054                           |

[toc] | [prev] | [next] | [standalone]


#23348

FromHelpfulHarry@BusyWorking.com (Helpful Harry)
Date2012-04-06 11:42 +1200
Message-ID<HelpfulHarry-0604121142090001@203-118-187-186.dsl.dyn.ihug.co.nz>
In reply to#23344
In article <jll88v$8kk$1@reader1.panix.com>, briang@panix.com (Brian
Gordon) wrote:
> In article <jollyroger-B30D29.15580505042012@news.individual.net>,
> Jolly Roger  <jollyroger@pobox.com> wrote:
> >In article <h7KdnRHJ_uhMvePSnZ2dnUVZ_jSdnZ2d@giganews.com>,
> > *Hemidactylus* <ecphoric@hotmail.com> wrote:
> >
> >> [crossposted to comp.sys.mac.system and comp.sys.mac.apps)
> >> 
> >> After reading about the Flashback thingy I wondered if I should look 
> >> into some sort of AV for my MacMini (using Lion). I read something on 
> >> Forbes online recently that suggested Sophos for Mac, but since my 
> >> experience level with Mac is low, I would prefer to hear some feedback 
> >> from the old-timers.
> >> 
> >>
http://www.forbes.com/sites/adriankingsleyhughes/2012/04/05/why-you-should-ins
> >> tall-antivirus-on-your-mac/
> >
> >Not needed. 
> >
> >Waste of time and money.
> 
> For no cost and very little time, look at ClamXav.  Free and well maintained.

But still unnecessary and still uses up hard drive space and processor
time. As well as chewing through Internet datacap limits continually
downloading malware definition updates that are 99.9% for Windows only.

So far the "reports" I've seen of this Flashback "malware" have consisted
of reported claims from a bunch of hackers and "tech" support from people
selling anti-malware software. There's no real evidence that it even
exists, and little real chance of most people actually getting it if it
does - unless you're a regular visitor to porn and pirate software
websites.

Helpful Harry  :o)

[toc] | [prev] | [next] | [standalone]


#23368

FromWarren Oates <warren.oates@gmail.com>
Date2012-04-06 08:41 -0400
Message-ID<4f7ee461$0$2240$c3e8da3$3a1a2348@news.astraweb.com>
In reply to#23348
In article 
<HelpfulHarry-0604121142090001@203-118-187-186.dsl.dyn.ihug.co.nz>,
 HelpfulHarry@BusyWorking.com (Helpful Harry) wrote:

> So far the "reports" I've seen of this Flashback "malware" have consisted
> of reported claims from a bunch of hackers and "tech" support from people
> selling anti-malware software. There's no real evidence that it even
> exists, and little real chance of most people actually getting it if it
> does - unless you're a regular visitor to porn and pirate software
> websites.

<http://www.techweekeurope.co.uk/news/mac-flashback-600000-infected-apple
-71604>
-- 

... do not cover a warm kettle or your stock may sour. -- Julia Child

[toc] | [prev] | [next] | [standalone]


#23390

FromHelpfulHarry@BusyWorking.com (Helpful Harry)
Date2012-04-07 10:30 +1200
Message-ID<HelpfulHarry-0704121030540001@203-118-187-203.dsl.dyn.ihug.co.nz>
In reply to#23368
In article <4f7ee461$0$2240$c3e8da3$3a1a2348@news.astraweb.com>, Warren
Oates <warren.oates@gmail.com> wrote:
> In article 
> <HelpfulHarry-0604121142090001@203-118-187-186.dsl.dyn.ihug.co.nz>,
>  HelpfulHarry@BusyWorking.com (Helpful Harry) wrote:
> >
> > So far the "reports" I've seen of this Flashback "malware" have consisted
> > of reported claims from a bunch of hackers and "tech" support from people
> > selling anti-malware software. There's no real evidence that it even
> > exists, and little real chance of most people actually getting it if it
> > does - unless you're a regular visitor to porn and pirate software
> > websites.
> 
> <http://www.techweekeurope.co.uk/news/mac-flashback-600000-infected-apple
> -71604>

As far as I can see that's just a re-hash of the same old story (the usual
lazy "journalism" technique: copy-paste) and the so-called "reports" come
from Dr Web and F-Secure - both of whom sell Mac anti-malware software.

As usual, there's still no reports from any real users and no mention of
how this suposed mal-ware can infect your system.

Helpful Harry   :o)

[toc] | [prev] | [next] | [standalone]


#23393

FromPatty Winter <patty1@wintertime.com>
Date2012-04-06 23:48 +0000
Message-ID<4f7f80d2$0$16176$742ec2ed@news.sonic.net>
In reply to#23390
In article <HelpfulHarry-0704121030540001@203-118-187-203.dsl.dyn.ihug.co.nz>,
Helpful Harry <HelpfulHarry@BusyWorking.com> wrote:
>
>As far as I can see that's just a re-hash of the same old story (the usual
>lazy "journalism" technique: copy-paste) and the so-called "reports" come
>from Dr Web and F-Secure - both of whom sell Mac anti-malware software.

Well, so does Kapersky, so I guess you won't like their report, either:

http://www.pcmag.com/article2/0,2817,2402715,00.asp
https://www.securelist.com/en/blog/208193441/Flashfake_Mac_OS_X_botnet_confirmed


Patty

[toc] | [prev] | [next] | [standalone]


#23396

FromHelpfulHarry@BusyWorking.com (Helpful Harry)
Date2012-04-07 12:46 +1200
Message-ID<HelpfulHarry-0704121246290001@203-118-187-46.dsl.dyn.ihug.co.nz>
In reply to#23393
In article <4f7f80d2$0$16176$742ec2ed@news.sonic.net>, Patty Winter
<patty1@wintertime.com> wrote:
> In article <HelpfulHarry-0704121030540001@203-118-187-203.dsl.dyn.ihug.co.nz>,
> Helpful Harry <HelpfulHarry@BusyWorking.com> wrote:
> >
> >As far as I can see that's just a re-hash of the same old story (the usual
> >lazy "journalism" technique: copy-paste) and the so-called "reports" come
> >from Dr Web and F-Secure - both of whom sell Mac anti-malware software.
> 
> Well, so does Kapersky, so I guess you won't like their report, either:
> 
> http://www.pcmag.com/article2/0,2817,2402715,00.asp
> https://www.securelist.com/en/blog/208193441
Flashfake_Mac_OS_X_botnet_confirmed

Yep, the same bandwagon-jumping by yet another seller of anti-malware software.

The SUPPOSED malware may well exist, but if nodoby is actually being
infected (which os far seems to be the case) then it's a complete
non-issue, as has been the case with every other so-called report before.

Helpful Harry  :o)

[toc] | [prev] | [next] | [standalone]


#23395

Fromdempson@actrix.gen.nz (David Empson)
Date2012-04-07 12:28 +1200
Message-ID<1ki6jyx.1sm4dk513j2ksfN%dempson@actrix.gen.nz>
In reply to#23390
Helpful Harry <HelpfulHarry@BusyWorking.com> wrote:

> In article <4f7ee461$0$2240$c3e8da3$3a1a2348@news.astraweb.com>, Warren
> Oates <warren.oates@gmail.com> wrote:
> > In article 
> > <HelpfulHarry-0604121142090001@203-118-187-186.dsl.dyn.ihug.co.nz>,
> >  HelpfulHarry@BusyWorking.com (Helpful Harry) wrote:
> > >
> > > So far the "reports" I've seen of this Flashback "malware" have consisted
> > > of reported claims from a bunch of hackers and "tech" support from people
> > > selling anti-malware software. There's no real evidence that it even
> > > exists, and little real chance of most people actually getting it if it
> > > does - unless you're a regular visitor to porn and pirate software
> > > websites.
> > 
> > <http://www.techweekeurope.co.uk/news/mac-flashback-600000-infected-apple
> > -71604>
> 
> As far as I can see that's just a re-hash of the same old story (the usual
> lazy "journalism" technique: copy-paste) and the so-called "reports" come
> from Dr Web and F-Secure - both of whom sell Mac anti-malware software.
> 
> As usual, there's still no reports from any real users and no mention of
> how this suposed mal-ware can infect your system.

John Gruber of Daring Fireball (who is a pretty reliable source, in my
opinion) said that several of his readers have reported they were
affected by this. The problem really is out there, but the number of
infected machines may be up for debate.

http://daringfireball.net/

Find the heading for Thursday 5 April 2010, then below that "Flashback
Trojan Reportedly Controls Half a Million Macs and Counting"

"UPDATE 2: Via email and public Twitter replies, I've seen reports from
about a dozen or so DF readers who've been hit by this. And they all
seem like typical DF readers — sophisticated, experienced, if not
downright expert Mac users. It's not an epidemic, but it's definitely
real, and insidious."

The details of what it does are out there if you read the reports from
the anti-virus vendors. For the moment it appears to be limited to
"phone home" and injecting code into certain web sites, but once the
trojan is installed it can download new code at will from the home base,
so could do anything in future.

-- 
David Empson
dempson@actrix.gen.nz

[toc] | [prev] | [next] | [standalone]


#23404

FromPaul Sture <paul@sture.ch>
Date2012-04-07 11:55 +0200
Message-ID<4hf559-ibv.ln1@news.sture.ch>
In reply to#23395
On Sat, 07 Apr 2012 12:28:56 +1200, David Empson wrote:

> John Gruber of Daring Fireball (who is a pretty reliable source, in my
> opinion) said that several of his readers have reported they were
> affected by this. The problem really is out there, but the number of
> infected machines may be up for debate.
> 
> http://daringfireball.net/
> 
> Find the heading for Thursday 5 April 2010, then below that "Flashback
> Trojan Reportedly Controls Half a Million Macs and Counting"
> 
> "UPDATE 2: Via email and public Twitter replies, I've seen reports from
> about a dozen or so DF readers who've been hit by this. And they all
> seem like typical DF readers — sophisticated, experienced, if not
> downright expert Mac users. It's not an epidemic, but it's definitely
> real, and insidious."
> 
> The details of what it does are out there if you read the reports from
> the anti-virus vendors. For the moment it appears to be limited to
> "phone home" and injecting code into certain web sites, but once the
> trojan is installed it can download new code at will from the home base,
> so could do anything in future.

Another Ars Technica report from yesterday evening (I assume US time)

<http://arstechnica.com/apple/news/2012/04/new-analysis-backs-half-
million-mac-infection-estimate.ars>

And Ars Technica has expanded on F-Secure's original text (though I note 
that like the rest they have still blindly copied the first bit of the 
instructions - points 2 and 3 are the wrong way round).

<http://arstechnica.com/apple/news/2012/04/how-to-check-forand-get-rid-
ofa-mac-flashback-infection.ars>

Disabling Java on your Mac with screen shots:

<http://www.f-secure.com/weblog/archives/00002330.html>
-- 
Paul Sture

[toc] | [prev] | [next] | [standalone]


#23406

FromJolly Roger <jollyroger@pobox.com>
Date2012-04-07 08:28 -0700
Message-ID<jollyroger-4EB0D3.08284907042012@news.individual.net>
In reply to#23404
In article <4hf559-ibv.ln1@news.sture.ch>, Paul Sture <paul@sture.ch> 
wrote:

> On Sat, 07 Apr 2012 12:28:56 +1200, David Empson wrote:
> 
> > John Gruber of Daring Fireball (who is a pretty reliable source, in my
> > opinion) said that several of his readers have reported they were
> > affected by this. The problem really is out there, but the number of
> > infected machines may be up for debate.
> > 
> > http://daringfireball.net/
> > 
> > Find the heading for Thursday 5 April 2010, then below that "Flashback
> > Trojan Reportedly Controls Half a Million Macs and Counting"
> > 
> > "UPDATE 2: Via email and public Twitter replies, I've seen reports from
> > about a dozen or so DF readers who've been hit by this. And they all
> > seem like typical DF readers ‹ sophisticated, experienced, if not
> > downright expert Mac users. It's not an epidemic, but it's definitely
> > real, and insidious."
> > 
> > The details of what it does are out there if you read the reports from
> > the anti-virus vendors. For the moment it appears to be limited to
> > "phone home" and injecting code into certain web sites, but once the
> > trojan is installed it can download new code at will from the home base,
> > so could do anything in future.
> 
> Another Ars Technica report from yesterday evening (I assume US time)
> 
> <http://arstechnica.com/apple/news/2012/04/new-analysis-backs-half-
> million-mac-infection-estimate.ars>
> 
> And Ars Technica has expanded on F-Secure's original text (though I note 
> that like the rest they have still blindly copied the first bit of the 
> instructions - points 2 and 3 are the wrong way round).
> 
> <http://arstechnica.com/apple/news/2012/04/how-to-check-forand-get-rid-
> ofa-mac-flashback-infection.ars>
> 
> Disabling Java on your Mac with screen shots:
> 
> <http://www.f-secure.com/weblog/archives/00002330.html>

Typically, Apple fixes this sort of thing and we all forget about it in 
a month or two. 

Of course, I don't expect these so-called "security firms" (a.k.a. 
security software peddlers) to actually tell anyone if the number of 
machines on these bot nets decreases over time due to Apple's software 
updates.

-- 
Send responses to the relevant news group rather than email to me.
E-mail sent to this address may be devoured by my very hungry SPAM
filter. Due to Google's refusal to prevent spammers from posting
messages through their servers, I often ignore posts from Google
Groups. Use a real news client if you want me to see your posts.

JR

[toc] | [prev] | [next] | [standalone]


#23421

FromPatty Winter <patty1@wintertime.com>
Date2012-04-07 17:09 +0000
Message-ID<4f8074b0$0$16170$742ec2ed@news.sonic.net>
In reply to#23395
In article <1ki6jyx.1sm4dk513j2ksfN%dempson@actrix.gen.nz>,
David Empson <dempson@actrix.gen.nz> wrote:
>
>John Gruber of Daring Fireball (who is a pretty reliable source, in my
>opinion) said that several of his readers have reported they were
>affected by this. The problem really is out there, but the number of
>infected machines may be up for debate.

Was the honey pot set up by the Kaspersky folks a valid way to 
estimate the number of active bots from this trojan? If so, then
wouldn't their 600,000 figure be pretty accurate?


Patty

[toc] | [prev] | [next] | [standalone]


#23431

FromAlan Browne <alan.browne@FreelunchVideotron.ca>
Date2012-04-07 14:19 -0400
Message-ID<QeadnRaxKOGuGB3SnZ2dnUVZ_jCdnZ2d@giganews.com>
In reply to#23421
On 2012-04-07 13:09 , Patty Winter wrote:
> In article<1ki6jyx.1sm4dk513j2ksfN%dempson@actrix.gen.nz>,
> David Empson<dempson@actrix.gen.nz>  wrote:
>>
>> John Gruber of Daring Fireball (who is a pretty reliable source, in my
>> opinion) said that several of his readers have reported they were
>> affected by this. The problem really is out there, but the number of
>> infected machines may be up for debate.
>
> Was the honey pot set up by the Kaspersky folks a valid way to
> estimate the number of active bots from this trojan? If so, then
> wouldn't their 600,000 figure be pretty accurate?

It would be safer to say that the 600K is a lower bound - but because 
it's a very specific test, the upper bound would not be very much 
higher.  They can't tell how many Macs were exposed to the honeypot (not 
on, not connected, etc.).

IAC, it seems easy enough for Mac users with even low skill levels to 
detect and eradicate - and of course do a software update from Apple to 
put up the wall on it.

-- 
"I was gratified to be able to answer promptly, and I did.
  I said I didn't know."
                           -Samuel Clemens.

[toc] | [prev] | [next] | [standalone]


#23358

Fromjamiekg@wizardling.geek.nz (Jamie Kahn Genet)
Date2012-04-06 14:58 +1200
Message-ID<1ki4xkt.m6xp7c1dcvgfpN%jamiekg@wizardling.geek.nz>
In reply to#23344
Brian Gordon <briang@panix.com> wrote:

> In article <jollyroger-B30D29.15580505042012@news.individual.net>,
> Jolly Roger  <jollyroger@pobox.com> wrote:
> >In article <h7KdnRHJ_uhMvePSnZ2dnUVZ_jSdnZ2d@giganews.com>,
> > *Hemidactylus* <ecphoric@hotmail.com> wrote:
> >
> >> [crossposted to comp.sys.mac.system and comp.sys.mac.apps)
> >> 
> >> After reading about the Flashback thingy I wondered if I should look
> >> into some sort of AV for my MacMini (using Lion). I read something on
> >> Forbes online recently that suggested Sophos for Mac, but since my
> >> experience level with Mac is low, I would prefer to hear some feedback
> >> from the old-timers.
> >> 
> >> http://www.forbes.com/sites/adriankingsleyhughes/2012/04/05/why-you-sho
> >> uld-ins tall-antivirus-on-your-mac/
> >
> >Not needed. 
> >
> >Waste of time and money.
> >
> 
> For no cost and very little time, look at ClamXav.  Free and well maintained.

It's a free and easy way to slow your Mac down, sure :-)
-- 
If you're not part of the solution, you're part of the precipitate.

[toc] | [prev] | [next] | [standalone]


#23360

From*Hemidactylus* <ecphoric@hotmail.com>
Date2012-04-05 23:46 -0400
Message-ID<P-WdneU0OtZi--PSnZ2dnUVZ_t-dnZ2d@giganews.com>
In reply to#23358
On 04/05/2012 10:58 PM, Jamie Kahn Genet wrote:
> Brian Gordon<briang@panix.com>  wrote:
>
>> In article<jollyroger-B30D29.15580505042012@news.individual.net>,
>> Jolly Roger<jollyroger@pobox.com>  wrote:
>>> In article<h7KdnRHJ_uhMvePSnZ2dnUVZ_jSdnZ2d@giganews.com>,
>>> *Hemidactylus*<ecphoric@hotmail.com>  wrote:
>>>
>>>> [crossposted to comp.sys.mac.system and comp.sys.mac.apps)
>>>>
>>>> After reading about the Flashback thingy I wondered if I should look
>>>> into some sort of AV for my MacMini (using Lion). I read something on
>>>> Forbes online recently that suggested Sophos for Mac, but since my
>>>> experience level with Mac is low, I would prefer to hear some feedback
>>>> from the old-timers.
>>>>
>>>> http://www.forbes.com/sites/adriankingsleyhughes/2012/04/05/why-you-sho
>>>> uld-ins tall-antivirus-on-your-mac/
>>>
>>> Not needed.
>>>
>>> Waste of time and money.
>>>
>>
>> For no cost and very little time, look at ClamXav.  Free and well maintained.
>
> It's a free and easy way to slow your Mac down, sure :-)

Ok already I get the picture! The performance hit isn't worth it. 
Message received.

I did load some Linux versions of AV long ago and even ran scans, before 
I came to my senses.

I have AVG on my Droid phone. Not exactly sure if is really doing 
anything or if Lookout is better. But I don't really think wiping my 
phone and reinstalling from an ISO is an option :-)

But I still baby my Mac, which is why I wasn't overly concerned about 
Flashback. On Linux if I f'd up and landed on a bad site all I have to 
do is wipe in Gparted and reinstall. I've heard Linux old-timers say 
they laugh at Windows geared "your system is infected" scareware popups, 
which is probably the case if it happens in Mac OS X too. They always 
make the popup look like Windows Explorer and stuff that you'd see on a 
Windows filesystem. It sure don't look look a GNOME or KDE environment 
with a Linux filesystem.

I really don't feel like going to the Genius Bar with my Mini even if I 
have the 3 year coverage plan. Yet in the past 4 years all I've seen is 
one flagged Trojan and that was on Windows Vista (flagged by McAfee).

And if I see a domain I'm unsure of I run it by 
http://aceinsight.websense.com/ and see what results.

-- 
*Hemidactylus*

[toc] | [prev] | [next] | [standalone]


#23361

From*Hemidactylus* <ecphoric@hotmail.com>
Date2012-04-06 00:10 -0400
Message-ID<O_6dnZFCz7ZO8ePSnZ2dnUVZ_rqdnZ2d@giganews.com>
In reply to#23360
On 04/05/2012 11:46 PM, *Hemidactylus* wrote:

[snip]

> I've heard Linux old-timers say
> they laugh at Windows geared "your system is infected" scareware popups,
> which is probably the case if it happens in Mac OS X too. They always
> make the popup look like Windows Explorer and stuff that you'd see on a
> Windows filesystem. It sure don't look look a GNOME or KDE environment
> with a Linux filesystem.
>
> I really don't feel like going to the Genius Bar with my Mini even if I
> have the 3 year coverage plan. Yet in the past 4 years all I've seen is
> one flagged Trojan and that was on Windows Vista (flagged by McAfee).


In case that's confusing I should clarify that I've seen none of the 
scareware on my Windows machines so far, but I've seen plenty on Windows 
machines of other people and have tried to help rid them of that 
nonsense to the best of my ability. That crap is ubiquitous.

And if I can damn Redmond with faint praise for anything it is their 
militant attitude in taking down botnets.

http://securitywatch.pcmag.com/microsoft/295850-microsoft-s-botnet-takedowns-disrupt-zeus-operations


-- 
*Hemidactylus*

[toc] | [prev] | [next] | [standalone]


#23432

FromAlan Browne <alan.browne@FreelunchVideotron.ca>
Date2012-04-07 14:28 -0400
Message-ID<dI-dnYuJ1OPNGh3SnZ2dnUVZ_s6dnZ2d@giganews.com>
In reply to#23358
On 2012-04-05 22:58 , Jamie Kahn Genet wrote:
> Brian Gordon<briang@panix.com>  wrote:
>
>> In article<jollyroger-B30D29.15580505042012@news.individual.net>,
>> Jolly Roger<jollyroger@pobox.com>  wrote:
>>> In article<h7KdnRHJ_uhMvePSnZ2dnUVZ_jSdnZ2d@giganews.com>,
>>> *Hemidactylus*<ecphoric@hotmail.com>  wrote:
>>>
>>>> [crossposted to comp.sys.mac.system and comp.sys.mac.apps)
>>>>
>>>> After reading about the Flashback thingy I wondered if I should look
>>>> into some sort of AV for my MacMini (using Lion). I read something on
>>>> Forbes online recently that suggested Sophos for Mac, but since my
>>>> experience level with Mac is low, I would prefer to hear some feedback
>>>> from the old-timers.
>>>>
>>>> http://www.forbes.com/sites/adriankingsleyhughes/2012/04/05/why-you-sho
>>>> uld-ins tall-antivirus-on-your-mac/
>>>
>>> Not needed.
>>>
>>> Waste of time and money.
>>>
>>
>> For no cost and very little time, look at ClamXav.  Free and well maintained.
>
> It's a free and easy way to slow your Mac down, sure :-)

AV s/w doesn't slow down machines much at all.  They check for viruses 
on file load and then the program runs as always.  Load time impact is 
in the single digits (percent).

The only instance where they do slow a machine down is when doing "all 
file" sweeps.  On my PC's I do that every 3 months or so overnight.

I don't use AV on the Mac (except under WinXP/Fusion when it's running).

-- 
"I was gratified to be able to answer promptly, and I did.
  I said I didn't know."
                           -Samuel Clemens.

[toc] | [prev] | [next] | [standalone]


#23441

Fromjamiekg@wizardling.geek.nz (Jamie Kahn Genet)
Date2012-04-08 09:46 +1200
Message-ID<1ki87v6.rdrwbpv3rdt6N%jamiekg@wizardling.geek.nz>
In reply to#23432
Alan Browne <alan.browne@FreelunchVideotron.ca> wrote:

> On 2012-04-05 22:58 , Jamie Kahn Genet wrote:
> > Brian Gordon<briang@panix.com>  wrote:
> >
> >> In article<jollyroger-B30D29.15580505042012@news.individual.net>,
> >> Jolly Roger<jollyroger@pobox.com>  wrote:
> >>> In article<h7KdnRHJ_uhMvePSnZ2dnUVZ_jSdnZ2d@giganews.com>,
> >>> *Hemidactylus*<ecphoric@hotmail.com>  wrote:
> >>>
> >>>> [crossposted to comp.sys.mac.system and comp.sys.mac.apps)
> >>>>
> >>>> After reading about the Flashback thingy I wondered if I should look
> >>>> into some sort of AV for my MacMini (using Lion). I read something on
> >>>> Forbes online recently that suggested Sophos for Mac, but since my
> >>>> experience level with Mac is low, I would prefer to hear some feedback
> >>>> from the old-timers.
> >>>>
> >>>> http://www.forbes.com/sites/adriankingsleyhughes/2012/04/05/why-you-sho
> >>>> uld-ins tall-antivirus-on-your-mac/
> >>>
> >>> Not needed.
> >>>
> >>> Waste of time and money.
> >>>
> >>
> >> For no cost and very little time, look at ClamXav.  Free and well
> >>maintained.
> >
> > It's a free and easy way to slow your Mac down, sure :-)
> 
> AV s/w doesn't slow down machines much at all.  They check for viruses
> on file load and then the program runs as always.  Load time impact is
> in the single digits (percent).
> 
> The only instance where they do slow a machine down is when doing "all
> file" sweeps.  On my PC's I do that every 3 months or so overnight.
> 
> I don't use AV on the Mac (except under WinXP/Fusion when it's running).

I've used many AV programs in Windows and while you're right - most of
the slowdown is when opening files and apps, as well as system startup,
I find those slowdowns to be particularly noticeable. Running a
background scan actually has less overall impact on performance for my
work. YMMV :-)

Anyway - all a Mac user need do in this situation is either run software
update or disable Java in his web browser and other apps like email and
RSS reader (in the unlikely event they're daft enough to enable Java in
them in the first place - the good ones never have by default, and even
some web browsers such as Camino don't by default). Running an AV app is
overkill IMO.
-- 
If you're not part of the solution, you're part of the precipitate.

[toc] | [prev] | [next] | [standalone]


#23443

From*Hemidactylus* <ecphoric@hotmail.com>
Date2012-04-07 18:33 -0400
Message-ID<MPadnVMgyIdXXR3SnZ2dnUVZ_vadnZ2d@giganews.com>
In reply to#23441
On 04/07/2012 05:46 PM, Jamie Kahn Genet wrote:
> Alan Browne<alan.browne@FreelunchVideotron.ca>  wrote:
>
>> On 2012-04-05 22:58 , Jamie Kahn Genet wrote:
>>> Brian Gordon<briang@panix.com>   wrote:
>>>
>>>> In article<jollyroger-B30D29.15580505042012@news.individual.net>,
>>>> Jolly Roger<jollyroger@pobox.com>   wrote:
>>>>> In article<h7KdnRHJ_uhMvePSnZ2dnUVZ_jSdnZ2d@giganews.com>,
>>>>> *Hemidactylus*<ecphoric@hotmail.com>   wrote:
>>>>>
>>>>>> [crossposted to comp.sys.mac.system and comp.sys.mac.apps)
>>>>>>
>>>>>> After reading about the Flashback thingy I wondered if I should look
>>>>>> into some sort of AV for my MacMini (using Lion). I read something on
>>>>>> Forbes online recently that suggested Sophos for Mac, but since my
>>>>>> experience level with Mac is low, I would prefer to hear some feedback
>>>>>> from the old-timers.
>>>>>>
>>>>>> http://www.forbes.com/sites/adriankingsleyhughes/2012/04/05/why-you-sho
>>>>>> uld-ins tall-antivirus-on-your-mac/
>>>>>
>>>>> Not needed.
>>>>>
>>>>> Waste of time and money.
>>>>>
>>>>
>>>> For no cost and very little time, look at ClamXav.  Free and well
>>>> maintained.
>>>
>>> It's a free and easy way to slow your Mac down, sure :-)
>>
>> AV s/w doesn't slow down machines much at all.  They check for viruses
>> on file load and then the program runs as always.  Load time impact is
>> in the single digits (percent).
>>
>> The only instance where they do slow a machine down is when doing "all
>> file" sweeps.  On my PC's I do that every 3 months or so overnight.
>>
>> I don't use AV on the Mac (except under WinXP/Fusion when it's running).
>
> I've used many AV programs in Windows and while you're right - most of
> the slowdown is when opening files and apps, as well as system startup,
> I find those slowdowns to be particularly noticeable. Running a
> background scan actually has less overall impact on performance for my
> work. YMMV :-)
>
> Anyway - all a Mac user need do in this situation is either run software
> update or disable Java in his web browser and other apps like email and
> RSS reader (in the unlikely event they're daft enough to enable Java in
> them in the first place - the good ones never have by default, and even
> some web browsers such as Camino don't by default). Running an AV app is
> overkill IMO.

But Mac users miss out on the fun that Windows users have running an AV 
scan that mostly finds tracking cookies, then a anti-malware scan so 
powerful that it sometimes turns up false positives on registry keys 
that could do funny things to your system if deleted. Between both scans 
time taken 1-1.5 hours. It's kinda like a video game really.

And it's cool to use the free-versions that nag you to upgrade to the 
paid version.

[flamebait] One thing Mac OS X really needs is a registry [/flamebait]

-- 
*Hemidactylus*

[toc] | [prev] | [next] | [standalone]


#23472

FromPaul Sture <paul@sture.ch>
Date2012-04-08 12:51 +0200
Message-ID<p57859-fm1.ln1@news.sture.ch>
In reply to#23443
On Sat, 07 Apr 2012 18:33:36 -0400, *Hemidactylus* wrote:

> [flamebait] One thing Mac OS X really needs is a registry [/flamebait]

LOL!  The idea of having things like program settings in a central 
location could have been a good idea when compared to the gazillions 
of .INI files which used to be scattered around a Windows system.

Pity about the implementation.  From someone who reverse engineered the 
registry to write their own utilities:

"Why the Windows Registry sucks … technically"

<http://rwmj.wordpress.com/2010/02/18/why-the-windows-registry-sucks-
technically/>

1. It’s a half-arsed implementation of a filesystem
2. Hello Microsoft programmers, a memory dump is not a file format
3. The implementation of reading/writing the Registry in Windows NT 
   is poor
4. Types are not well specified
5. Interchange formats are not well specified
6. The Registry arrangement is a mess
7. The Registry is a filesystem
8. Security, ha ha, let’s pretend
9. The Registry is obsolete, sorta



-- 
Paul Sture

[toc] | [prev] | [next] | [standalone]


Page 1 of 3  [1] 2 3  Next page →

Back to top | Article view | comp.sys.mac.system


csiph-web