Mac OS X Virus... at last?

[Dan Millar]

Well, it's here! The first malicious trojan for Mac is in the wild. See here for more details:

http://www.macrumors.com/2010/10/27/new-java-based-malware-targets-mac-os-x-but-threat-level-disputed/

As you can tell from the article's title, the trojan is not altogether successful.

As I think I may have mentioned just over a thousand times, it was only a matter of time.

ClamX AV is the only software I can recommend right now for Mac Antivirus software, as I haven't tested/reviewed the alternatives in over two years. There are others, but I frankly do not put much faith in the vendors - but I will have a quick look to see if there are any I can still recommend - last time I did that, only Intego's Virus Barrier was as effective as ClamX.

You can get Clam X AV here:

http://www.clamxav.com/

I am still using version 1.1.1 on my pre-SL Macs, and I am testing version 2.0.7beta on my SL-equipped Macs. So far, so good. I don't know if the AV database has been updated for this trojan yet, but if past experience is a guide - ClamX and Intego will be first to do so.

In the meantime - do NOT click on any suspicious links, or messages that ask you to trust an unknown security certificate as this trojan - like most Mac OS X malware - will require your permission to propagate.

Happy Mac'ing!!!

Dan

[z-mac]

The Web browser has been a source of insecurity for operating systems (especially for M-Windows). There have been a few Safari exploits that put OS X at risk, so this one is not the first. It is however interesting that it uses Java.

Java applets are not common. Users can disable Java in the browser. No need to wait for an update to an anti-virus program.

Safari : Preferences>Security>Java - uncheck
Firefox: Add-ons>Plugins>Java - disable

As an aside, the only Java applet that I've ever required was for accessing CRA's Web site.

[Dan Millar]

... or you could just not allow the applet to run. Seems like common sense when it says "this certificate not to be trusted".

Ironic that just days after Apple announces they will no longer support their own Java implementation, someone targets that very mechanism to deliver their payload.

Unfortunately, like a lot of Mac versions of PC software, this trojan/worm isn't very well written and does not function properly. Once again, this malware requires the user to allow it to work. If this is the best malware they can come up with, we don't seem to have much to worry about. So...

Happy Mac'ing!

Dan

[Dan Millar]

Sophos, one of the most respected antivirus makers in the IT world, has released their Mac AV software for free to individual users. Here's the link:

http://www.sophos.com/products/free-tools/free-mac-anti-virus/

I could never recommend Sophos for Mac, as it was never offered as a standalone product, but rather as part of a suite, and required, as a minimum, that you purchase a five-seat license. Other than that small gotcha, Sophos has ranked as one of the best, if not the best AV product for mixed-platform networks. Their software consumes minimal resources, and the updater is live - updates are pushed out to users immediately, in comparison to most other AV software that requires user initiation, or scheduled updates that may leave your machine vulnerable in the first few hours of a new threat emerging.

Of course, the chances of encountering a virus on your Mac are just about nil, and most other nasties like Trojans require user-interaction to work, so we're pretty safe from this stuff in general. You could, however, potentially forward an email containing a nasty Windows payload to one of your un-enlightened friends (read "pc users"). Even this "threat" is minimal - in the past ten years I can think of only a couple of instances where this actually happened. It seems to me, I have seen more "macro" viruses in that period of time than actual payload viruses. These are embedded macros in various MicroSoft/SmallLimp products like Word and Excel, and for Mac users, pose more of a real threat than so-called "real" viruses. Detecting these macros can be done with a good email scanner, or by installing "bad-macro-detection" software from MS themselves (oh great) - I prefer the third-party route.

So, one feature you should definitely pay attention to when selecting AV software for your Mac is the email scanning function. This will depend somewhat on which Mail client you use - Mail, Thunderbird, Outlook, etc., as they all seem to have their own unique way of storing your mail, and some are not amenable to "live" scanning, i.e scanning emails as they arrive on your machine.

So, long story short, my propellor-topped beanie hat goes off to Sophos for making this available to all of us. You now have two choices:

• wait 'til a credible threat arises, then jump on the AV software bandwagon, or
• get it now, and never have to worry about it.

What's it gonna be boys? (girls too of course!)

Happy Mac'ing!

Dan

[Antoine]

Thanks for posting this info Dan. Can anyone explain if this trojan could be the reason why I have lost ALL my contacts from both my Address Book and Entourage. I'm using a G5 tower running OS X v10.5.8.

Is there a way to get them back?

Thx very much,

Neil