Need advise on choosing anti-spy, malware, addware, and viru

Thanks AV; Over the last few months, my mac is seems alot slower than usual, and when an update comes for my Office 2004 program, I am denied access to the server-no matter what time of day, or which of any of the 3 browsers (netscape, safari, or explorer) I use. This has never happened before now-it's like something ie spy, or malware does not want me to get that update. I even tried to drag and drop the update from the ms site-to the desktop-got the samething, connection error. Never had that before???

Also, I'm getting all kinds of pop-ups and unwanted forwards-even though the blocker feature on my browsers are on.

The last OSX update I've been able to get is my current 10.4.11

Back to you guys... Michael.

without that problem?

What is the link (url) you are using?


P

Do you mean the link I used for the MS Office 2004 update, or where I'm at on my browser when I get the pop-ups and/or unexpected forwards?

Thanks, Michael.

Safari does not always do a good job of blocking popups

P

If you are using Tiger, the OSX.4.11 is the last one in the Tiger series. To go any higher, you would have to buy Leopard and/or Snow Leopard. But if you use the software update program in the Apple Menu, you should have received quite a few security updates for Apple software and Tiger. Have you tried to download them and if so, did it go smoothly? What version of Safari are you running? And have you tried to update using Firefox?

Yes; I have installed all of the updates. 10.4.11 auto-checks for updates once per week, and I just yesterday checked manually. It said "software up to date".
And yes, the OSX updates always goes smooth, and quickly.
Thanks, Michael.

Sorry; forgot to add-Safari version is 4.0.5

Is it still failing?


P

I have downloaded the free version of i A n t i v i r u s...yes that's right iAntivirus. I then immediately scanned my hard drive. Did not find anything untoward. I keep it running in the background. Using Snow Leopard on a MacBook Pro.
Norman

Hi, running AV on your mac is going to do absolutely nothing. It will never find a virus (or at least one that could harm your computer). The PC tools iAntivirus doesn't have any Mac virus definitions because there are non that work on OS X, now there were Mac viruses just a short time ago but those won't run anymore or are taken care of in the security updates offered by Apple. As far as I know, iAntivirus only has PC virus definitions, and the same is true of McAffe, and most others. There are no circulating viruses for Mac OS X, so running AV is pointless. If you want security, I would suggest you get a Firewall like Water Roof and a site Advisor or something. As for your "virus" problem, it is probably just a hardware problem, or an installation error, or just a common software bug. Update all your software and you'll live.

Close, but there's some bad info in here.

There are viruses for Mac OS X, it's just they are very few in number and are typically more of a proof of concept sort of thing right now.

Underneath it all, OS X can trace its lineage all the way back to the original BSD Unix. Under the pretty Aqua GUI is essentially a slightly modified FreeBSD known as Darwin. Apple actually had OS X certified as Unix a year or two back.

What this means, is that it takes advantage of around 30 years worth of trial by fire experience. There are a lot of things about any modern Unix OS that are the way they are because of some issue that was discovered many years ago.

It's harder to write an effective virus for a Unix system. Even though Apple isn't really doing people a lot of favors making accounts have admin level access by default, they do at least tend to restrict access to some key parts of the system even then. You're not given full root access unless you specifically enable it.

Moving along though, there's no way the reported problem could be hardware. I've probably repaired more systems than I would care to count in the past year and a half, and this symptom has none of the hallmarks of being hardware. Since it's only the one program that's affected, I'd say there's likely an issue with the install of MS Office rather than anything else.

Not really sure what getting a new firewall is going to accomplish either. OS X already has the BSD ipfw, which is widely regarded as one of the best out there, since the paranoid folks behind OpenBSD maintain it. Of course a firewall is only as good as the rules governing it, and when you start getting third party firewall programs you run into problems. In an effort to make you think they're doing something useful, they tend to pepper you with requests about whether or not you want to allow something. Sure, at first, you might actually read the messages, but sooner or later you're just going to start ignoring them and hitting the "Allow" button so you can get back to whatever it is you were doing. As soon as you start developing that habit, your firewall's security is compromised. At that point you'll start adding more and more unnecessary holes in its protection, and it becomes next to useless.

It's the other way around. Read theCNET Editors' Review on iAntiVirus. It does not cover PC viruses at all!
If you want something to do that, you should use ClamXav, where you can download updates at least once a day or more. ClamXav covers both PCs and Macs.
In the two months I had iAntiVirus it has always told me it is already and still up-to-date. Why? because there have been no new Trojans for Mac out. The little trickle that was underway since 2008 or so has since dried up. But my ClamXav downloads hundreds of signatures for PC viruses every day.
To quote from the CNET Editors' Review:
"iAntiVirus is a free app that will scan for Mac-specific viruses and malicious software, both on your hard-drive and during real-time Web browsing.Some anti-virus applications will scan for PC-specific threats as well (to make sure you're not passing on malicious software to PC users you interact with), but iAntiVirus is able to maintain a lower profile on your system by focusing on Mac threats only."

Sorry. Just remembered the thread initiator couldn't use iAntivirus in any case as he has Tiger.

There is often a confusion over the word virus. Some use it to include Trojans and spyware, as a generic term in the widest sense, others not. So basically the threat to Macs is the potential for new Trojans, not viruses.
With one exception. Word and Excel for Mac can catch Macro viruses from Microsoft PC documents. The reports on this said that Microsoft had stated that the problem would be removed with the forthcoming Office 2008 for Macs. I have not been able to find out whether MS kept its promises, but if past experience is a guide...
The Macro viruses were unable to leave the Office environment, merely infecting any new document created with Office. Usually the unpleasant consequences were limited to being unable to send such documents to others via Yahoo MIL. The MACRO viruses couldn't get any grip on the Mac OSX.

My bad. Your right, iAntivirus is Mac specific and does have Mac definitions. However, read this article from Mac update: http://www.macupdate.com/reviews.php?id=27854 I believe the first commenter stated that iAntivirus is no longer in development.
iAntivirus still doesn't find anything ever (except Ecar) because viruses for Mac OSX are not widespread.

I have just checked your reference and find that an unknown user claims iAntivirus is no longer updated, writing on May 11th. But he gives no evidence for it. Your claim that this AV "never finds anything" is contradicted by other users on the page you refer to, one claiming that it had rapidly found two Trojans that MacScan had been "unable to find". Some claim that if you use the continuous protection option it makes too high demands on the CPU, others that one should look at the major problems mentioned on the console. I never run it continuously and find no serious problems mentioned by Console. Basically I've set it to test once a day.The Trojan threat for macs is not serious enough to require more.
Your belief that it finds nothing seems to stem from your belief that "viruses for Mac OSX" are not widespread". Correction. In the wild they are non-existent. It is Trojans that are the threat, not viruses, and there are some 20 Trojans so far. The only viruses are the Word and Excel ones that can affect Office 2004, but they don't spread to the OS.
PC Tools is a reputable firm based in Australia with other offices in UK, Ireland, US, Ukraine and China. It employs over two hundred people. An independent German test firm recently tested its AV for PCs in a comparison test with half a dozen leading AV brands. PC Tools came out top of the bunch in success in virus detection. Its Spyware Doctor product also is very well known.
The only cause for concern might be that PC Tools was bought by Symantec of Cupertino in August 08. But it is encouraging to see that it has not been absorbed but retains a separate existence and identity under its previous CEO, who just reports back to a Symantec executive. If anyone has any real evidence of an intention to throttle iAntivirus, kindly pass on the reference here. Thanks.

No, because tracking cookies should have absolutely nothing to do with this. I'm also a bit skeptical of Microsoft's assessment, since their usual MO is to push the blame onto anyone/anything else they can. It's possible, but not sure I buy it really.

Now if this program found something more than just tracking cookies that would be another story, but tracking cookies alone would not cause your problem.

It seems to me that the really thousand and one dollar question is not whether tracker cookies were found but whether the DNS Changer Removal tool (which is not the same as MacScan even though it is produced by the same company) actually found the DNS Changer Trojan and removed it. It was that Trojan that MS blamed for the problem, not the tracker cookies. And mikie tells us he ran the Removal tool. He does not say whether it found the Trojan! Perhaps he can tell us what happened when he ran it?

As for MacScan, the man who writes the only blog totally devoted to Mac security is totally scathing and sceptical about it. As I have not the reference to his blog at hand, I will add it in a moment.

Meanwhile perhaps I can ask whether mikie has downloaded and run ClamXav and with what results?

The URL is as follows: http://mac-security.blogspot.com

A quick search shows his blog for April 28, 2o1o carries a scathing review for MacScan, but you will find plenty more from 2009 and perhaps even earlier.
I hope the following link will work:otherwise put MacScan in the search box at the top left of the blog.

http://mac-security.blogspot.com/search?q=MacScan

He did say that he ran the tool and it didn't fix the problem.

And unless I missed something, ClamAV still lacks an on access scanner, so you have to manually initiate scans. Which puts it at about 1995 for AV programs. I get that it's free and all, but I also get that it's really not intended as a general purpose AV program.

I'm also skeptical about any "blogger" who writes about security. Most people don't really know enough about security to properly vet things a person says, and a sad but true comment about people is that if you look/act/sound like you know what you're doing/talking about, people tend to believe you do.

A few days ago, on the Windows XP forum here, someone posted what I'm sure they thought was a brand new article, but it was just rehashing all the same misinformation about the XP firewall that people have been spreading for the last decade. It was based on an incorrect premise, and neither the author or the person who posted it ever took the time to really consider some of the large gaping holes in the thesis of the article. Giant gaping holes that have big flashing neon signs of fingers pointing, with the words, "Giant gaping hole". Something a person with average intelligence should be able to spot in a few seconds if they actually took those few seconds to think about it.

We live in the Great Age of Narcissism now with twitter and all the other "social networking" sites. Everyone who can type a few barely coherent stream of consciousness thoughts into a text box and hit a submit button now seems to think that anyone gives a crap what they have to say. That we're all completely and utterly fascinated about the mundane and boring details of their pathetic existence.

That kind of thinking makes it very easy to get a little full of yourself. You see it in the political polarization of the country these days. Everyone is so sure that they're right, they never even stop to consider some of the alternatives. They reach some conclusions which is personally appealing, and that's it. They completely forget about the part of writing an essay that involves addressing the points of the opposition, and explaining why those points are either wrong, overblown, or irrelevant. The part that serves to really make you consider the issue and the position on it you've taken.

So no offense, I know you're trying to help, but the world would probably be better off with a few less bloggers talking about things they know nothing about. This guy may be the exception, maybe he's not.

Case in point: Steve Gibson of GRC.com has a standing offer to play Chicken Little or the Boy Who Cried Wolf due to all the practice he has at it. He rushes out with a hasty conclusion, which is almost always proven wrong in about a week, but because he talks in a convincing way people believe what he says. You'd be amazed, and a little saddened, alarmed, etc, to see how many people come here talking about that site.

So to end my little rant here... I know you're trying to help, but the odds are the guy you're linking to is as big an idiot as Steve Gibson. Completely talking out of his neither regions none the less. Most people simply don't know enough about computer security to properly vet a person to see if what they say is trustworthy. And despite the fact that any schmuck with a computer and about 10 minutes can set up a blog, we still tend to collectively have this impression that not just anyone can put something on the Internet. Time was, you had to have a certain minimum skill level to do that, so if you cleared that hurdle, you probably had something worth saying. It hasn't been that way for probably 10 years, but social change takes a long time to filter through. It took virtually the entire 80s, and most of the 90s, before computers were readily accepted by people, so we probably have another 5-6 years to go on blogging.

I'm sorry, but the fact whether his Mac was infected with the Trojan or not does seem to me to be not totally irrelevant, in view of the fact that MS claims he was probably infected with it and that would be a reason for it not working. True he says that did not "cure the problem" but the question is just how sensitive to malware is the MS update system nowadays. To fail to give us exact info on what appears to be an important variable is a bit negligent. But then the gentleman concerned has seldom returned to give feedback, so we must be grateful for what we get.
As for David Currie, I find your technique of slagging him off quite astounding. Without even knowing the man, you argue basically in a long rant that: a lot of bloggers talk cobblers, so this man (whom you do not know ) is probably talking cobblers (logical non sequitur) and that therefore I am wasting Mikie's and your time even mentioning him. Perhaps before shooting off your mouth you might have had the humility to go and read him and form an opinion first. But humility is in short supply in your land now. A loser quality, n'est-ce pas?
As for Currie, if you ever bother to read him, you will see that he cuts like a knife through most of the puff advertising claims of the Mac security world. He was the first to reveal (late '9 that ClamXav had not received and included the signatures of the latest Trojans for Mac in its AV. And yet in May 2010 CNET Mac experts were still of the belief that ClamXav was enough to protect Mac users! Clearly they had not read him. If finally in late May 2009 Mark was able to obtain those signatures, Currie's campaign certainly contributed to a new awareness that made that possible. As for the available products on the market, Currie concludes they are all inadequate, and has recently listed various Mac Trojan variants that ClamXav and iAntiVirus still seem unable to detect. He tests them out himself against the various Mac Trojans and their variants. He recommends only one AV, a commercial and rather costly one, but berates them for what he calls FUD, distortion of the truth in their advertising techniques in order to spread "fear, uncertainty, despondency". I leave you to investigate yourself which one that is, rather than provide it all on a plate. He is actually a rather sharp man whose speciality it is to reveal the inadequacies of protection for Mac and yet expose the myths that are commonly spread with regard to Macs in the PC dominated media.
I regret to say that his techniques of argument are far less obfuscating than yours, if your recent reply to me is to be taken as evidence of your usual methods. I have learned more from reading Currie on Mac security than from any other journalist, and I've read a lot. But probably your hargne is directed less against him than against me, who rashly dared intervene in a discussion in which you felt the rightful king and judge. In a moment you will probably be citing your years of experience mending Macs. I hope not.

And yet you yourself expressed doubt about the veracity of the program used to detect said trojan based on the review of a different program made by the same company by the person you seem to idolize. You can't have it both ways here.

Again, we're talking about a single program being affected. No (reported anyway) redirected search requests, no other suspicious behavior. While not out of the question, what exactly is there to gain by blocking simply updates to MS Office? That's what doesn't add up to me. It's a lot of effort to go to in order to try and hold the door open for potential Office document based exploits.

You also misunderstood the point of my rant. It had nothing to do with the guy you seem so in love with, it was about how most people don't know enough about computer security to be able to properly vet anything someone says on the topic. Maybe the guy knows what he's talking about, maybe he doesn't. At this point, I don't really know what your level is in regards to computer security. All I can say right now is that he reviews products in a no-BS way. Doesn't mean he knows jack about security. I just encourage a healthy bit of skepticism in people. To actively engage the critical thinking parts of their brains.

But don't even get me started on Cnet. I have little to no respect for Cnet the publication company. I also don't really blame them. They are out to make money for parent company CBS. They clearly seem to be zeroing in on the Dilbert PHB type as their target audience. That's what they figure gives them the best chance of making money. I would say that history tends to disagree with them, or they wouldn't have been circling the drain before CBS rode in to save the day, but try talking sense into upper management of any company.

BTW, FUD was created by Eric S. Raymond, the once very public face of the whole open source movement. He defined it as Fear, Uncertainty, and Doubt. I believe it was coined in response to Microsoft's "Halloween Letters" which were some leaked documents about how Microsoft planned to wage a PR war against Linux using the three tactics that make up FUD. This was all back in like 1998-1999, something like that.

In any case, nothing you've said has really done anything to tell me about the guy's chops as a security expert. It's done quite the opposite really. I'm even less inclined to peruse the guy's site now than I was before. You can't even come up with a single concrete example while professing to the world how great he is. It just reads like a giant love letter.

And I don't need to quote years of experience. My actions will either bear out my knowledge and experience or they won't. I have nothing to prove to you, or anyone else. You... On the other hand... Seem to feel like you have a great many things to prove, and are in no small hurry to do so. You seem to think that I'm the one who's upset that you would join in on this discussion, yet it seems really to be you who's upset that I would dare say anything even remotely disparaging about this blogger you're infatuated with.

If you've got something worthwhile to contribute, by all means do so. I can't stop you, nor would I dream of doing so. There will, however, be some give and take. If you challenge me, or anyone else, you'd better be ready for us to challenge you right back.

Finally... Barging in and demanding people respect you never works. Respect has to be earned. Acting like an impetuous child does not help your case. If your answers are generally pretty good, people will take notice and respect your opinion. Brush the chip off your shoulder, and speak for yourself. If we want to know what David Currie has to say on a topic, we'll go read his blog ourselves.

It was you who started this bickering and demanded respect without sound argument. So, if your opponent got irritated by your rhetoric, it was not entirely his fault.

does have automated scanning. At least on downloads.

I'm sorry I was not more clear; I ran the DNS changer removal tool. It did find, and isolated the changer trojan-but I still could not download the Office 11.5.8 update.

I then ran the MacScan, and it found/removed over 2 scans (yesterday, and again this morning) 24 spyware programs, and in addition to the 20 tracker cookies from yesterday, 4 more on this morning's run.
Yesterday after the first run of MacScan, I was only then able to get the Office download using the MS "AutoUpdate" tool.

On the security programs-confirm, MacScan is a no-go, and I should go with the ClamX?

My philosophy is I expect to pay for a good or service, and I don't mind paying at all for a quality, qualified security program-I would'nt want to work for free either, so if I want to pay for a security program, which one is a good one?

Thanks, Michael.

That seems suspicious to me, because I wouldn't think there are even 24 individual spyware programs for the Mac to be removed. That's assuming you somehow managed to get hit with them all, which is pushing things quite a bit.

There are plenty of scam programs out there. In the Windows world they're called registry cleaners among other things. They report that you have some number of problems, which you don't, and usually they demand payment before they remove them.

Simple fact is, keeping a Mac largely secure is even easier than Windows. It won't remain this way forever, I'm sure, but for the time being you can likely get away without having any kind of AV program. Most of them exist for one of two reasons. Either 1) a company has an ill conceived "every computer must have an antivirus program installed" edict written by idiots in HR who can barely turn their computer's on in the morning, and AV companies are simply looking to cash in, or 2) the system is a server that is scanning files intended for Windows users.

So long as you keep up to date with security updates Apple pushes out, you're probably pretty safe from malware and viruses. So you can focus more on phishing and other social engineering scams. Along with the usual, like not running your mouth off in some of the darker corners of the Internet, not downloading programs from untrusted sources, not using pirated programs, the usual.

Personally, I'm inclined to think that it was probably just a server hiccup at Microsoft that was the source of your problems, and it's purely coincidental it started working again shortly after trying a few things. If you had some kind of DNS poisoning program on your system, you should have noticed that web searches and other things were being redirected as well. The fact that it was isolated to a single program like that, really points the finger more at an isolated incident with one of Microsoft's download servers. Kind of the way you sometimes get "Page Not Found" errors here, but if you try again, it works. Momentary glitch in the load balancer is all it is. Microsoft's Apple products division is probably a pretty low priority, and it's possible no one even noticed until the same server had an issue with some Windows download it also hosts.

On the spyware progs found, I was just reciting the stats that MacScan gave me??? When MacScan was running, it showed that it was checking for both spyware and spyware "ACTIVITY". Could be the stats provided were combined...

Thank you for this valuable feedback on the Trojans and spyware you had. The amount beggars belief.
I bought MacScan for several years but found it unsatisfactory in that it continually found the same tracking cookies and nothing else, and did not prevent the tracking cookies re-establishing themselves within hours. Nor did there seem any way of updating the signatures, except perhaps when one bought it again the following year when there was a new model. What amazed me and still amazes me is that the DNS changer remover was something you downloaded separately and was not integrated (at least then) into MacScan proper. Is it integrated even now?
If you are one of the few Mac owners prepared to pay for commercial AV, I persist and sign that you should see what Currie is recommending as best. And read about the inadequacies of the others.