leicaman
Veteran Member
I know that there are many bona fide websites where PC users can get their systems scanned for spyware/virus detction for free...
Is the any such website for MAC users?
Is the any such website for MAC users?
-
Welcome to the new forums! Please read this first. For known issues we are working to resolve, click here.
Is there an on-line spyware scanner for MAC systems?
- Thread starter leicaman
- Start date
C.Frank Powell
Active member
Don't need one!
Jim42
Active member
There are a couple of scanners available, but not the online type AFAIK. I guess the problem is still too small to warrant making such a thing. It's more of a threat than an actuality.
The threat concerns me too. I don't believe there is no spyware for the Mac. We're told to open only trusted downloads, though how that's to be done isn't clear.
Ian Eisenberg
Senior Member
There is NO SPYWARE FOR THE MAC!
You aren't clear how to only open trusted downloads?
OK, here is how it works. First, go to the Safari preferences and disable "Open safe files after downloading". If you receive a file that you were not expecting... don't open it. If you get are sent a file from a friend... ask them if they sent it BEFORE you open it. If you do forget and open a file and your Mac suddenly starts asking you if it OK to install software... click "Cancel".
Sorry for the sarcastic tone, but it is pretty straight-forward.
Jim42
Active member
If there's no spyware for Mac, then why do we have to be careful of unknown downloads? The threat that something could exist tomorrow, or what?
Not everyone agrees with that blanket statement anyway.
Yes, that's all basic stuff that I understand. Now, what if it's software that I'm installing? What to do? People sometimes get caught by things they trust. Even boxed software from major companies has been known to contain malware.
I once came within a double click of getting adware/spyware in a download from The United States Chess Federation. Can't get much more trusted than that. They thought their users wouldn't mind.
Watching for an unexpected request for password doesn't quite do it either. Spyware in a user account could be just as damaging.
That's Ok, I see lots of it on Mac boards. I haven't entered into the discussions before, though.
I don't matter what you believe, there isn't any at this point in time. In the future who knows but you can't write a scanner for something that doesn't exist because it would not know what to scan for.......
--
Charles
Ian Eisenberg
Senior Member
Actually they pretty much agree across the board.
Malware installed in a package from a vendor is not the same thing as malicious code installed as spware or viruses. If there is something installed by a program that you intentionally download and it is not explicitly noted by the vendor then you can raise holy h3ll with them and just delete it from your computer. Remember that it is far easier to remove apps on a Mac.
Not sure what you mean by this. An app can't be installed in a user account without entering the Admin password.
Jim42
Active member
I'm using the term malware to include all types of malicious software. The boxed software I'm referring to contained Windows viruses because the manufacturer or vendor were themselves infected. I know of course that doesn't affect the Mac, it just shows how "trusted" isn't the same as "safe".
Apple recently shipped a small number of iPods carrying a Windows virus. Same idea.
If you're saying that right now, today, there isn't any spyware for the Mac, I'll believe that. I see no reason it couldn't exist tomorrow, and I treat such threats as real. Sorry I wasn't clear on that.
?? I don't know what to say about that. I have several installed in a non-admin account. They didn't ask for a password.
JonE190246
Active member
Ok first off, the term 'spyware' is vague at best. There are several types of malware possible on mac and some need no permissions what so ever, because they work by the same way the systems do... by design. Just because they are not common does not mean they do not exist. The same can be said about Linux, AIX, Solaris etc. Just because they are not common... NEVER say they don't exist... Always be careful of that word.
1) Tracking cookies / image bugs / e-mail bugs etc...
w/o knowing the mechism not much can be done to prevent these since they work from collecting data from remote sites and cookies, downloading small images (ie bugs).
2) Trojans malware etc
To do damage, one does not need admin priviges. I can delete everythiing in your home directory, including your desktop very quickly and quitely (think something like 'rm -rfy ' (there is an intenional typo to keep it form working so nicely)
3) Worms
The first internet virus was an e-mail worm... Mac osx is based on Unix...
4) Exploits
Check it there are still a few remaining Safari expoits possible... just no one has openly exploited them. Some are in the SSL stack, some are in the browser itself. It also has several other open ports, programs etc accessable to outside world...
5) Remote - Brute force... as long as someone is paying attention to logs, then it may be caugh, but may not...
The more popular the platform, the bigger target it becomes. While the system does a fair job, but how many times does it ask for admin etc...
As for removing apps, go check in Libarary and Libary for 'add ons' that won't be deleted just by dragging the app into the trash... they are not always kept inside the app...
1) Tracking cookies / image bugs / e-mail bugs etc...
w/o knowing the mechism not much can be done to prevent these since they work from collecting data from remote sites and cookies, downloading small images (ie bugs).
2) Trojans malware etc
To do damage, one does not need admin priviges. I can delete everythiing in your home directory, including your desktop very quickly and quitely (think something like 'rm -rfy
3) Worms
The first internet virus was an e-mail worm... Mac osx is based on Unix...
4) Exploits
Check it there are still a few remaining Safari expoits possible... just no one has openly exploited them. Some are in the SSL stack, some are in the browser itself. It also has several other open ports, programs etc accessable to outside world...
5) Remote - Brute force... as long as someone is paying attention to logs, then it may be caugh, but may not...
The more popular the platform, the bigger target it becomes. While the system does a fair job, but how many times does it ask for admin etc...
As for removing apps, go check in Libarary and Libary for 'add ons' that won't be deleted just by dragging the app into the trash... they are not always kept inside the app...
Jim42
Active member
... about removing a nasty, when and if that becomes necessary.
Windows malware often makes itself unusually difficult to uninstall. The advice I see on Mac boards says just drag it to trash, and hunt down any stray files here and there.
But is it really likely to be so easy? Norton is difficult to uninstall from Macs - one has to download a special uninstaller. And if Norton can do it, others with malicious intent certainly could. And they wouldn't always offer an uninstaller.
It would have to somehow get the admin password I guess, either through "social engineering", or a privilege escalation flaw, or just sit around and wait until a password is entered on the keyboard.
?? I'm confused. I asked this question once before on a Mac board, and the answer I got was "Don't install Norton". I already knew that.
Windows malware often makes itself unusually difficult to uninstall. The advice I see on Mac boards says just drag it to trash, and hunt down any stray files here and there.
But is it really likely to be so easy? Norton is difficult to uninstall from Macs - one has to download a special uninstaller. And if Norton can do it, others with malicious intent certainly could. And they wouldn't always offer an uninstaller.
It would have to somehow get the admin password I guess, either through "social engineering", or a privilege escalation flaw, or just sit around and wait until a password is entered on the keyboard.
?? I'm confused. I asked this question once before on a Mac board, and the answer I got was "Don't install Norton". I already knew that.
leicaman
Veteran Member
I have heard "Virus Barrier" was a decent solution for MAC.
As good as it is now the market saturation and popularity of Intel MACs is growing very quickley.. so it's only a matter of time...
As good as it is now the market saturation and popularity of Intel MACs is growing very quickley.. so it's only a matter of time...
JonE190246
Active member
The Problem is that the 'hunt down other files' part can be difficult... for example go to something like (from terminal)
cd Library/Preferences
ls
Lot of files there, isn't there.. on my machine there are 495 directores containing some 1610 files representing something like 28 Megs... ouch.. I have no clue what most of those beasties are...
Norton is a beastie because when you install it (yea it does ask for admin password) it attaches as a kernel module, and then it's a bear to remove since it's running.
It would be pretty easy to create an app and call it a 'real time spell checker' (personally I would love) that has an extra function to look for something like 'password' or 'sswor' or some string like that and then just stash it back directory and occasionaly attaches to a server and send those strings... nasty.. and if you wasn't running a firewall or 'Little Nag' you would never know it...
cd
ls
Lot of files there, isn't there.. on my machine there are 495 directores containing some 1610 files representing something like 28 Megs... ouch.. I have no clue what most of those beasties are...
Norton is a beastie because when you install it (yea it does ask for admin password) it attaches as a kernel module, and then it's a bear to remove since it's running.
It would be pretty easy to create an app and call it a 'real time spell checker' (personally I would love) that has an extra function to look for something like 'password' or 'sswor' or some string like that and then just stash it back directory and occasionaly attaches to a server and send those strings... nasty.. and if you wasn't running a firewall or 'Little Nag' you would never know it...
leicaman
Veteran Member
Pardon me... but what is the "Little Nag" you are refering to?
Thanks...
Thanks...
JonE190246
Active member
Sorry... mixing the name of two diffrent programs together...
The program I was referring to was Little Snitch
http://www.obdev.at/products/littlesnitch/index.html
Fromt the web page:
Little Snitch tells you when a program tries to send info to the internet so you can see what's going on in the background!
... pretty cool program...
The program I was referring to was Little Snitch
http://www.obdev.at/products/littlesnitch/index.html
Fromt the web page:
Little Snitch tells you when a program tries to send info to the internet so you can see what's going on in the background!
... pretty cool program...
Jim42
Active member
JonE wrote:
...
Application xyz wants to connect to IP 111.222.33.44 for TCP on port 80
Allow, disallow, etc.?
And I can't run it in more than one account at a time (using fast-user switch) or it hangs the system. Hopefully they'll get it sorted out.
...
...
Yes. I use LittleSnitch and I like it. It's a bit geeky, one has to understand firewalls and be able to handle popups like
Application xyz wants to connect to IP 111.222.33.44 for TCP on port 80
Allow, disallow, etc.?
And I can't run it in more than one account at a time (using fast-user switch) or it hangs the system. Hopefully they'll get it sorted out.
Jim42
Active member
(shudder) Anyone going to all that trouble would probably also shut down LittleSnitch. That's already been done ... whether it was a real threat or just a proof of concept, it showed the direction things might go.
Do you know anything about Sonar?
http://www.versiontracker.com/dyn/moreinfo/macosx/27840
It's supposed to be able to track installations and report file changes. I might try it and see what the details are.
I had that capability on Windows. It was invaluable. Even with no nasties involved, it was good to know which apps are well-behaved and which ones make a mess all over the hard drive.
leicaman
Veteran Member
What would be great is a small program that would alret a MAC user if any personal information ( any words or number sequences specified by the user) was being sent out and by what and to where. That would be the simplest way to know if your were having a MAC attack... 
Just being alerted that Blah Blah was attempting to connect to an IP address really does not do much to alert to a specific attack... but if you see you passwords being grabbed or credit card numbers... that's an attention grabber.
I wonder if anything like that exists?
Just being alerted that Blah Blah was attempting to connect to an IP address really does not do much to alert to a specific attack... but if you see you passwords being grabbed or credit card numbers... that's an attention grabber.
I wonder if anything like that exists?
iacas
Well-known member
The closest is "Little Snitch" which will let you know if communication outside of a set of parameters (applications like Safari or your email client, unusual ports, etc.) is taking place.
Most applications would have no way of knowing whether "212448321" is your social security number or a random string of whatever, so no, there's likely no real way to know if "passwords" or "credit card numbers" are being "grabbed."
Erik J. Barzeski
http://nslog.com/
Most applications would have no way of knowing whether "212448321" is your social security number or a random string of whatever, so no, there's likely no real way to know if "passwords" or "credit card numbers" are being "grabbed."
--What would be great is a small program that would alret a MAC user
if any personal information ( any words or number sequences
specified by the user) was being sent out and by what and to where.
That would be the simplest way to know if your were having a MAC
attack...
Just being alerted that Blah Blah was attempting to connect to an
IP address really does not do much to alert to a specific attack...
but if you see you passwords being grabbed or credit card
numbers... that's an attention grabber.
I wonder if anything like that exists?
Erik J. Barzeski
http://nslog.com/
leicaman
Veteran Member
Actually the user would specify a group or list of specific words or numbers that would que an alert.
Keyboard shortcuts
- f
- Forum