[kevs]

My Cable provider says that now Macs may need spyware. What's the story on this? thanks.
10.4.2

[Grrr]

No computers need spyware.. Macs or not.

[Big Mac]

Neither spyware nor spyware detectors are necessary on the Mac.

[ghporter]

Who is your cable provider, so we can all point our fingers and laugh at their ignorance? Really, nobody is bothering to try writing much in the way of malware of any kind for Macs right now, and least of all spyware. I run Symantec AV (NOT Norton!) on our iBook, but I haven't even bothered looking seriously for a spyware detector-and the last time I even casually looked, I couldn't find anything!

Your cable provider is probably interested in selling you something. Do NOT buy.

[outsourced]

Just install Virtual PC with any version of Windows. Make sure there is an internet connection, and visit as many websites as possible. It is very important to click on any and all banner ads. You can then obtain as much spyware as you want.

Also, get a copy of the Anti-Norton Virus software.

Then, using Microsoft Entourage -- better yet Outlook for Windows via your Virtual PC, send spam to the CIA. Make sure the spam includes special codewords like: Usama, kill, nuke, president bush (or any former pres.), Capital, biological warfare, cocaine, etc.

Shortly thereafter, the CIA will covertly install spyware on your system FREE of charge.

Hell! You ought to get SOMETHING for your tax dollars!

I couldn't help myself.

[Millennium]

There are no reputable anti-spyware programs for the Mac. It's kind of hard to build a reputation when there's nothing to look for. Only one piece of spyware is known to exist -it's a port of LimeShop- but even the makers of that program don't distribute it anymore.

This said, it would be wise to keep your ear to the ground. Eventually, something will be written for the Mac: we're lightyears better than Windows in terms of security but we are not invincible. When that time comes, you'll need something.

[ShotgunEd]

Reputable spyware? Sounds like a contradiction.

[wataru]

Originally Posted by kevs

My Cable provider says that now Macs may need spyware. What's the story on this? thanks.
10.4.2

Do you even read what you type?

[ghporter]

Originally Posted by Millennium

This said, it would be wise to keep your ear to the ground. Eventually, something will be written for the Mac: we're lightyears better than Windows in terms of security but we are not invincible. When that time comes, you'll need something.

Thanks for keeping me from being the "lone voice in the wilderness" on security. It WILL happen, and a lot of people will be very sorry they didn't think about it beforehand. No doom and gloom, just being as prepared as one makes oneself by locking one's front door.

[Toyin]

Originally Posted by Millennium

There are no reputable anti-spyware programs for the Mac. It's kind of hard to build a reputation when there's nothing to look for. Only one piece of spyware is known to exist -it's a port of LimeShop- but even the makers of that program don't distribute it anymore.

This said, it would be wise to keep your ear to the ground. Eventually, something will be written for the Mac: we're lightyears better than Windows in terms of security but we are not invincible. When that time comes, you'll need something.

What about little snitch? Wouldn't this count as a spyware program?

[PubGuy]

There is no way for people to "prepare" for something that doesn't exist. That goes along with all that FUD about virus's on the Mac. If I bought a copy of Norton AV, Virex or whatever and installed it on my Mac, exactly what will I be protected from --- nothing! There are no virus's on the Mac and thus no way for the programs to detect what's not there. The virus scanner is only good AFTER a virus is identified and in the wild and the virus definitions are updated. Then and only then, does the software do you any good. So until that happens, the logic fails.

That being said, I don't want to be a "carrier" to pass a potentially infected file (which does not impact my Mac) onto my Windows friends. Since there are over 87,000 viruse for Windows, I installed ClamXav (FREE) onto my Mac to scan my desktop, downloads folder and inbox to keep my Mac clean of even Window's infected files (although I can tell you I've still not encountered any). There is a companion product designed for Windows that i also installed on my Virtual PC images. Just doing my part to be a good citizen!

[- - e r i k - -]

Originally Posted by PubGuy

There is no way for people to "prepare" for something that doesn't exist. That goes along with all that FUD about virus's on the Mac. If I bought a copy of Norton AV, Virex or whatever and installed it on my Mac, exactly what will I be protected from --- nothing! There are no virus's on the Mac and thus no way for the programs to detect what's not there. The virus scanner is only good AFTER a virus is identified and in the wild and the virus definitions are updated. Then and only then, does the software do you any good. So until that happens, the logic fails.

Quoted for using reason instead of paranoia.

If and WHEN such an event as a mac virus outbreak happens I'll download and use antivirus software. I remember when the last time there was any kind of threat to the mac platform and that was the AutoStart-worm back in os 8 (or was that 7 even?)! Two things happened: FREE specialized AutoStart-killers appeared instantly on the web and the solution was to turn of AutoStart in QuickTime.

AV is no good if it doesn't know what to look for, hence no point in getting AV until after such an event happens. And as for the "good network citizen"-argument for cleaning up Windows-viruses, common sense takes care of 99% of those cases (i.e. do not forward mails with unknown attachments etc.)

[yukon]

Keep a copy of ClamAV (ClamXAV.com) available. When a virus exists, it'll include it in it's updated definitions, and you'll be able to diagnose or remove current/future infections. An infected machine may prevent installation or net access. It's not much but it's some level of protection.

Spyware, sorry, there's no anti-spyware program for the Mac AFAIK, just use a secure browser, a secure system, and wait then research before you install anything.

[stinch]

Os x is a big and complicated bit of software. It will contain many vulnerabilities that can be exploited.
While there are a lot of mac users that are educated and sensible there is a sizeable section that are fairly naive when it comes to security. To borrow the door locking analogy it's like a whole neighbourhood where people never lock the front door. While not as big a target as windows it's still attractive.
The first big os x virus/worm could well kick up quite the media frenzy. Your unlikely to get the same press attention targeting windows unless you manage to bring a down a large organisation or two.

I'm not saying panic and run out and buy AV protection which btw can be proactive instead of just using a dictionary of known viruses.
Just be aware there may be a problem in the future and take a few sensible precautions. Use good passwords, be wary of downloading apps from untrusted sources, run software update every now and then, etc.

[ghporter]

There are apparently a lot of people posting on this thread that don't understand what AV software does, or how it does it.

When a new virus is detected, the AV companies build a "definition" of that virus, which allows their software to identify it. In most cases new viruses (for PCs) show up on corporate networks first-they're on 24/7 and busy much of that time-and corporate network managers identify problems and pass them to AV companies on a real-time basis. That means that the AV companies have the ID of the new virus-and can have a definition made up-before most of us wake our computers up in the morning.

By configuring an AV client on your computer to check for updates as soon as you wake the computer, (and before you check email or surf) you can basically be protected from something that didn't exist when you and your computer went to sleep the night before.

On my PC I have Symantec AV check for updates every day, and the program has a rich library of "virus activity" signatures to compare suspicious activity to, so even a new virus that comes out before the update is likely to be caught.

In other words, having an AV program running already CAN protect you from something that is not yet a threat. It DOES work.

As for waiting for "fixes," that's sort of like depending on your health insurance instead of looking both ways before crossing the street-why not just avoid that big truck in the first place, and not have your insurance cover your broken leg?

[Tyre MacAdmin]

I have found viruses and spyware on my Mac... it's just been windows viruses. However some were java based so it might still be possible for them to work in that form on OS X.

I use ClamAV to scan. If you don't think you can't get a virus on a Mac just go to a bunch of porn sites and then scan your home directories with ClamAV for OS X after you finsh. You'll find something garanteed.

[yukon]

Agreed, I had windows viruses on my drive, all of them were given to be my a specific person that "lives with" the viruses.

Also, many virus scanners include heuristic methods of diagnosis...it's difficult to do, it'll give more false positives than an actual definiton, and it's not foolproof, but it adds another layer of security. With that, you don't necessarily need the definitions for the virus, it can identify some new viruses. I've actually seen it in action on Windows, it caught a brand new virus, and identified it as a possible w32.Klez variant, when it was from new code. I'm not sure what's available on the mac, I don't believe ClamAV implements it, I believe Virex did.

[Millennium]

Originally Posted by Toyin

What about little snitch? Wouldn't this count as a spyware program?

Spyware or anti-spyware?

LS isn't spyware, because it never installs itself without the user's permission or knowledge, nor as part of any other software package as far as I'm aware. This said, once it's been installed, it uses some of the mechanisms which true spyware might someday use after it had been installed.

LS isn't really anti-spyware either, though. Although it could in theory be used to block spyware from doing anything, it doesn't actively seek out spyware on a user's hard drive. Even if it finds spyware activity it can't remove the spyware itself. It makes a good second line of defense -firewalls being the first- but it's still not a complete solution.

Essentially, you need four lines of defense against malware:

• Prevention - Keeping malware from getting onto your hard drive in the first place. Not running IE/Windows or Outlook is enough to prevent much of this problem, because ActiveX is so fundamentally flawed that spyware can use it to install itself without you doing anything at all. However, it won't prevent everything, because a lot of spyware piggybacks on other programs' installers to itself. Here, the only thing you can really do is watch what you install.
  
  Port-based firewalls, like the ones which now come with both OSX and Windows, also play a role in prevention, by helping to stave off automated attacks.
• Mitigation - Keeping malware which does get onto your hard drive from being able to do a lot of damage. Never log in as root in OSX; because spyware runs with the same permissions as the user who launched it, this alone will severely limit what it can do.You really shouldn't run as an Administrator either, because Administrator-class users can modify /Applications and /Library without entering a password; other users need to enter an Administrator password to modify these folders. On the Windows side, the first account on a machine (the "Owner") is an Administrator by default; switch to a regular user immediately. Only use Administrator-class users on either platform to install software. This can be harder to do on Windows, because a lot of software on that platform is so badly designed that it won't run for non-Administrator users even though there's no reason for them to require such privileges, but you shouldn't run as an Administrator unless you have to.
  
  Application-level firewalls are also good for mitigation. ZoneAlarm is the most popular such software on Windows. Little Snitch isn't really billed as an application-level firewall, but it can be used as one. These programs allow you to deny particular applications access to the Internet, which keeps spyware from being able to relay anything back to The Mothership (tm). Combined with not running as an Administrator, this basically limits spyware to being able to mess with the Home folders of the users who install it. Obviously this is still bad, but not nearly as bad as it could otherwise be, because it only affects one user instead of all of the users, and it doesn't allow information to leak out even for the users it affects (if you have an application-level firewall installed).
• Detection - Making sure that if spyware does get onto your machine, you know it's there. Application-level firewalls can provide clues about these things if you check their logs, but dedicated scanners are the best way to be sure. Again, there are no reputable spyware scanners on OSX at the moment, because there isn't really anything to scan for just yet.
• Removal - Getting rid of spyware that gets through your other defenses. Although spyware can be removed by hand if you know how, this is difficult and tedious work. Spyware-removal programs do a better job, and they do it more quickly. Most antispyware software combines the scanning and removal functions into a single application. Again, though, there are no reputable spyware-removal programs on OSX.

The bottom line is that although Mac users cannot yet practice good detection and removal habits (as there is not yet anything to detect or remove), we can and should still practice good prevention and mitigation habits. OSX makes some of these measures very easy: we don't have IE/Win, we have a good port-based firewall built in, you can't log in as root without significant effort, and I've yet to see a program refuse to run just because the user didn't have Administrator access. I'd like to see a good application-level firewall built in alongside the port-based one, but that's really my only complaint.

[Toyin]

Originally Posted by Millennium

Spyware or anti-spyware?

LS isn't spyware, because it never installs itself without the user's permission or knowledge, nor as part of any other software package as far as I'm aware. This said, once it's been installed, it uses some of the mechanisms which true spyware might someday use after it had been installed.

LS isn't really anti-spyware either, though. Although it could in theory be used to block spyware from doing anything, it doesn't actively seek out spyware on a user's hard drive. Even if it finds spyware activity it can't remove the spyware itself. It makes a good second line of defense -firewalls being the first- but it's still not a complete solution.

Essentially, you need four lines of defense against malware:

• Prevention - Keeping malware from getting onto your hard drive in the first place. Not running IE/Windows or Outlook is enough to prevent much of this problem, because ActiveX is so fundamentally flawed that spyware can use it to install itself without you doing anything at all. However, it won't prevent everything, because a lot of spyware piggybacks on other programs' installers to itself. Here, the only thing you can really do is watch what you install.
  
  Port-based firewalls, like the ones which now come with both OSX and Windows, also play a role in prevention, by helping to stave off automated attacks.
• Mitigation - Keeping malware which does get onto your hard drive from being able to do a lot of damage. Never log in as root in OSX; because spyware runs with the same permissions as the user who launched it, this alone will severely limit what it can do.You really shouldn't run as an Administrator either, because Administrator-class users can modify /Applications and /Library without entering a password; other users need to enter an Administrator password to modify these folders. On the Windows side, the first account on a machine (the "Owner") is an Administrator by default; switch to a regular user immediately. Only use Administrator-class users on either platform to install software. This can be harder to do on Windows, because a lot of software on that platform is so badly designed that it won't run for non-Administrator users even though there's no reason for them to require such privileges, but you shouldn't run as an Administrator unless you have to.
  
  Application-level firewalls are also good for mitigation. ZoneAlarm is the most popular such software on Windows. Little Snitch isn't really billed as an application-level firewall, but it can be used as one. These programs allow you to deny particular applications access to the Internet, which keeps spyware from being able to relay anything back to The Mothership (tm). Combined with not running as an Administrator, this basically limits spyware to being able to mess with the Home folders of the users who install it. Obviously this is still bad, but not nearly as bad as it could otherwise be, because it only affects one user instead of all of the users, and it doesn't allow information to leak out even for the users it affects (if you have an application-level firewall installed).
• Detection - Making sure that if spyware does get onto your machine, you know it's there. Application-level firewalls can provide clues about these things if you check their logs, but dedicated scanners are the best way to be sure. Again, there are no reputable spyware scanners on OSX at the moment, because there isn't really anything to scan for just yet.
• Removal - Getting rid of spyware that gets through your other defenses. Although spyware can be removed by hand if you know how, this is difficult and tedious work. Spyware-removal programs do a better job, and they do it more quickly. Most antispyware software combines the scanning and removal functions into a single application. Again, though, there are no reputable spyware-removal programs on OSX.

The bottom line is that although Mac users cannot yet practice good detection and removal habits (as there is not yet anything to detect or remove), we can and should still practice good prevention and mitigation habits. OSX makes some of these measures very easy: we don't have IE/Win, we have a good port-based firewall built in, you can't log in as root without significant effort, and I've yet to see a program refuse to run just because the user didn't have Administrator access. I'd like to see a good application-level firewall built in alongside the port-based one, but that's really my only complaint.

I meant anti-spyware program. Thank you for the breakdown, it was succinct and clear.

[CaptainHaddock]

1. The risk of spyware ever coming into existence and getting on my Mac is small. The risk of me getting said spyware before free eradication tools pop up is very small.

2. The risk of an anti-spyware or anti-virus program causing problems or hogging resources on my Mac, hampering my productivity, is significant.

Therefore, until risk #1 exceeds risk #2, I will not use any anti-virus or anti-spyware software. A computer should just work, like toasters just work. And Macs are generally that good. (Whereas Windows is a fetid, rotting cesspool of malware.)

[ghporter]

CaptainHaddock, for the record my PC's antivirus software is well behaved and is less intrusive than you might think. In fact, I NEVER notice it, and it does NOT in any way noticably affect the performance of the machine (an AMD AthlonXP 2400-based system with 1GB of RAM). The only time we notice Symantec AV on our iBook is when we mount a device like a USB "thumb drive" or a new program's ".dmg" and it is automatically virus scanned. There is ABSOLUTELY NO PRODUCTIVITY HIT from either of these programs.

There's a lot of FUD* about how much of a computer's resources AV/antispyware software uses, but as a former computer security professional with a LOT of experience with all sorts of different security software, all the FUD is BUNK. Unless you're trying to use Photoshop on a 500MHz G3 iBook while simultaneously doing forty or more other tasks, you won't notice any hit from good security software.

*"Fear, Uncertainty and Doubt"

[CaptainHaddock]

All the FUD is bunk? Then why have I encountered dozens of computers completely hosed by Norton anti-virus? Why does my gaming friend's weekly virus scan slow his AMD64 system to a crawl? Why does my PC-cillin on my parents' Dell always give them annoying pop-up messages?

I've never seen a PC anti-virus package that didn't annoy you at least a little with pop-ups, update alerts, or occasional intensive scans. Maybe some don't, but my point is that the risk of interrupting me and my computer use is greater with an anti-virus product than it is with me just taking my chances. Both risks are > 0, but the latter risk is minuscule while the former is not. I don't care how cool such-and-such AV program is.

[yukon]

Yes. Because Norton is terrible. "Norton Crashguard has crashed, fix with Norton Crashguard?'. Because a weekly virus scan isn't necessary as files are scanned as accessed or written, if you want it should be scanning at 4am or somethin. Because PC-cillin is some antivirus that came with some hardware driver CDs of mine (along with the worst software in existance).

I don't have much exposure to Windows Anti-Virus, other than VirusScan 6, 7, 8, McAfee 2004, and Virus Scan Enterprise 7 and 8.1, because those work....the commercial offerings I use at home have the candy UI which I don't like, but it works fine and in the background....There is good antivirus software, and bad software, as with everything else. As an aside, you can reduce CPU usage by adding exemptions to scanning, like log files that get accessed/written often.

[ghporter]

I have to agree with yukon about Norton AV and other Norton tools. But Symantec's are high quality and do not hose up a system. How Symantec, which owns the Norton name, could come out with two products that are supposed to do the same thing and have one pure crap while the other rocks I do not know, but there it is. Symantec Client Security for Mac works well, is unobtrusive, and does not crash. It costs more, but not much more, and is obviously worth the extra money when compared to the Norton product. I can't vouch for Clam AV or any of the others, but a lot of people like them. and the ONLY AV product I've ever heard bad stories like this about has been Norton. Go figure.

[lenox]

One thing that I think contributes to the lack of viruses and spyware on mac, is that...we're mac users, we care enough to choose our platform intelligently...I believe that viruses and spyware pray on the folks who really don't understand much about computers, and are using windows by default.

also: os x is a bit more straightforward when it comes to user interaction....whereas windows tries to keep every little detail hidden from the user, os x makes it a point to keep you involved in the most inobtrusive and elegant way possible. when there's not so much crunk to hide behind, a virus or spyware would be easily found and fixed...

So, I think that part of the reason that we don't see this sort of thing is that the userbase and operating system itself discourage any would-be malware-maker.

[ghporter]

Originally Posted by lenox

One thing that I think contributes to the lack of viruses and spyware on mac, is that...we're mac users, we care enough to choose our platform intelligently...I believe that viruses and spyware pray on the folks who really don't understand much about computers, and are using windows by default.

also: os x is a bit more straightforward when it comes to user interaction....whereas windows tries to keep every little detail hidden from the user, os x makes it a point to keep you involved in the most inobtrusive and elegant way possible. when there's not so much crunk to hide behind, a virus or spyware would be easily found and fixed...

So, I think that part of the reason that we don't see this sort of thing is that the userbase and operating system itself discourage any would-be malware-maker.

Actually, I think the proportion of "computer savvy" Mac users is only just a bit higher than computer savvy Windows users. It's the OS design that makes it harder to write bugs for it, and so, fortunately, we haven't seen a real world test of how easily Mac users can be conned into helping the virus guys out.

I'll admit that a lot of Mac users are aware of the superiority of the operating system and stay with it because of that. But there are a lot that buy the computers because of their cool styling, or because ONE app they need or like is Mac only. And though I used to think like you about Mac users, frankly I've seen more than my share of "challenged" Mac users.

As for the OS being "more straightforward in user interaction," that's debatable. How many people have only one user configured on their Macs? That sort of obviates the utility of having a root user with super powers, because the ONLY user will by default be an admin.

The virus writers are stubborn and will eventually write some very bad things for Macs, but they haven't yet put their combined attention to that task. When they start doing that we WILL see viruses. The question is what the user community will do about it-I'm hoping that collectively we show a bit more snap than early Windows users did.

[kevs]

thanks.
I'm with Adelphia cable in Los Angles.

The "tech" was not offering to sell anything. Appreciate the feedback.