Anti-Malware for the Mac OSX?
May 2, 2011 2:38 PM Subscribe
Do good anti-malware tools exist for Mac OSX?
I recently found out about MACDefender malware that specifically targets Mac OSX. Personally I try to follow best-practices by using a non-admin account and browsing without the "install safe apps" option, so I'm not that worried about this affecting me.
However, a part of me suspects that this eventually might not be enough. I'm a bit concerned by the reports posted here (macrumors url) about the malware bypassing prompts for passwords. The article at http://isc.sans.edu/diary.html?storyid=10813 mentions investing in a good anti-malware suite. Does this actually exist, or was the article more of a form-letter designed from past Windows exploits?
I recently found out about MACDefender malware that specifically targets Mac OSX. Personally I try to follow best-practices by using a non-admin account and browsing without the "install safe apps" option, so I'm not that worried about this affecting me.
However, a part of me suspects that this eventually might not be enough. I'm a bit concerned by the reports posted here (macrumors url) about the malware bypassing prompts for passwords. The article at http://isc.sans.edu/diary.html?storyid=10813 mentions investing in a good anti-malware suite. Does this actually exist, or was the article more of a form-letter designed from past Windows exploits?
Best answer: I also use ClamXav w/ClamXav Sentry. You can set it to scan any folder on your Mac. I use it to scan email, as well as the designated Downloads folder for browser downloads.
posted by Thorzdad at 3:57 PM on May 2, 2011 [1 favorite]
posted by Thorzdad at 3:57 PM on May 2, 2011 [1 favorite]
Been using Macs since they were called Apple II's and have not used AV or anti-malware software at all. Don't plan to unless this isolated incident turns out to be not so isolated and maybe not even then.
From what I understand about the current threat level and this latest threat, the Mac user needs to give permission for the software to install still. No permission = no install = no threat.
So, if a pop up pops up saying it needs to install something you didn't choose to install, don't give it permission. Simple.
As you say, eventually this may not be enough but eventually is still a ways off.
posted by fenriq at 4:13 PM on May 2, 2011 [1 favorite]
From what I understand about the current threat level and this latest threat, the Mac user needs to give permission for the software to install still. No permission = no install = no threat.
So, if a pop up pops up saying it needs to install something you didn't choose to install, don't give it permission. Simple.
As you say, eventually this may not be enough but eventually is still a ways off.
posted by fenriq at 4:13 PM on May 2, 2011 [1 favorite]
Keep in mind that all of the OSX-era Macintosh exploits have (to the best of my knowledge) all been more proof-of-concept than anything else, and frequently attached to press releases for Mac antivirus software.
That said...although your Mac itself should probably be safe, it is probably good manners to have some kind of antivirus running at least on your email.
Kaspersky is pretty awesome for the Windows side of things (my sysadmin friends swear by it), and they have a Macintosh port that is not terribly expensive.
http://usa.kaspersky.com/
posted by ivan ivanych samovar at 4:19 PM on May 2, 2011
That said...although your Mac itself should probably be safe, it is probably good manners to have some kind of antivirus running at least on your email.
Kaspersky is pretty awesome for the Windows side of things (my sysadmin friends swear by it), and they have a Macintosh port that is not terribly expensive.
http://usa.kaspersky.com/
posted by ivan ivanych samovar at 4:19 PM on May 2, 2011
Some of the exploits get through Safari's propensity to trust things it downloads, and Safari's use of OS X services allows those trusted downloads to do things they shouldn't. As much as I like Safari, Firefox and Chrome provide safer browsing.
posted by Blazecock Pileon at 4:41 PM on May 2, 2011
posted by Blazecock Pileon at 4:41 PM on May 2, 2011
Intego's Internet Security Barrier is a very comprehensive suite that includes antivirus, malware, firewall...
I've used other products from Intego in the past, and have found them quite robust, and easy to use.
posted by theKik at 4:46 PM on May 2, 2011
I've used other products from Intego in the past, and have found them quite robust, and easy to use.
posted by theKik at 4:46 PM on May 2, 2011
Integro has "VirusBarrier Plus" on sale in the Mac App Store (8 bucks) I was checking it out today. Integro's website makes little mention of their App Store versions, probably because they make a lot less money.
posted by chairface at 5:13 PM on May 2, 2011
posted by chairface at 5:13 PM on May 2, 2011
No permission = no install = no threat.
Until I install an app I think is trustworthy, but isn't. I don't use any malware detection either, so for all I know this has already happened to me.
posted by obiwanwasabi at 7:19 PM on May 2, 2011
Until I install an app I think is trustworthy, but isn't. I don't use any malware detection either, so for all I know this has already happened to me.
posted by obiwanwasabi at 7:19 PM on May 2, 2011
If you're not afraid of the command line, you could use chkrootkit.
posted by wayland at 8:57 PM on May 2, 2011
posted by wayland at 8:57 PM on May 2, 2011
I did help desk at a large University recently and we used the Sophos anti-virus product on the Macs. It seemed to work pretty well, wasn't too CPU intensive and during my tenure it did catch several viruses from various downloads.
posted by Poet_Lariat at 10:01 PM on May 2, 2011
posted by Poet_Lariat at 10:01 PM on May 2, 2011
Seconding Intego VB6. You get a robust firewall as well. There are differences between the App store product and the full product.
posted by PickeringPete at 6:45 AM on May 3, 2011
posted by PickeringPete at 6:45 AM on May 3, 2011
Response by poster: I think ClamXav is a good suggestion. Thanks! The idea about preventing malware from spreading to others is something I never really considered.
chkrootkit is something of interest to me, too. If there are other alternatives, I will check those out, as well.
posted by CancerMan at 1:01 PM on May 3, 2011
chkrootkit is something of interest to me, too. If there are other alternatives, I will check those out, as well.
posted by CancerMan at 1:01 PM on May 3, 2011
Response by poster: In case anyone checks on this, Apple announced a new security update and instructions on how to avoid/remove the malware.
http://support.apple.com/kb/HT4650
posted by CancerMan at 2:08 PM on May 25, 2011
http://support.apple.com/kb/HT4650
posted by CancerMan at 2:08 PM on May 25, 2011
This thread is closed to new comments.
posted by tommasz at 3:17 PM on May 2, 2011 [1 favorite]