Mac OS X 10.6 Question

i2azor · 6 May 2011 at 14:57

Hello

I just got my new MBP 13" 2011 version.

Moved from desktop gaming pc down to a mac, so still getting used to the software.

Just wondering, how easy is it to get a virus on the mac?
Such as keyloggers,malware,trojans.

Like, isit possible to get a keylogger, or malware on my mac, if i visited a dodgy website? or downloaded software?

Would macs security do a good job blocking that or isnt there much keyloggers,malware & viruses out there that can get on macs like PC.

I dont have my firewall turned on my mac isit worth turning that on?

Thanks

Brian8bit · 6 May 2011 at 14:59

Always turn your firewall on. It's common sense that if it's there, you use it. Security on OS X is like security on any other operating system. If you're stupid about it, you'll catch something. Watch where you browse, watch what you download, watch what permissions you give applications you install. Much the same as you should do on Windows or any form of *nix.

theheyes · 6 May 2011 at 17:15

It's becoming increasingly more common, but on a relative scale the chances are still extremely low.

Even on Windows you can avoid 99.9% of viruses by not going to dodgy sites, knowing where your software comes from and keeping your software up to date. Just apply the same logic to Macs and you shouldn't have a problem.

iraiguana · 6 May 2011 at 17:29

Clamxav - antivirus software for mac which is actually very light weight.

Generally common sense as above though, doing dodgy things will put you at risk of compromising your machine.

Rainmaker · 6 May 2011 at 20:00

As above, turn on your incoming firewall (System Preferences > Security > Firewall), add an outgoing firewall (Little Snitch), and consider turning on FileVault while you're at it.

Personally I run Sophos Free Mac OS X Antivirus because it's so tiny there's no reason not to. It protects against all Mac malware, as well as catching Windows and Linux malware. It scans in real time (including the web), and doesn't cost a penny. What's to lose?

Sophos also have a nice regularly updated Security Blog that's full of interesting stuff and has its own Apple section.

i2azor · 6 May 2011 at 20:19

Ok great

Thanks guys

zetec452 · 6 May 2011 at 20:22

The Sophos AV is good, I just turned off real time scanning and set a weekly scan. I only put Sophos on because my Mrs kept sending my W7 machine Java viruses.

Brian8bit · 6 May 2011 at 20:41

I installed Sophos since it was recommended here and decided to follow them on Twitter. The article below was posted by Sophos. If you're into security stuff (I am) it's not anything you don't know anyway, but the article below is a good read for those who want to know a bit more about OS X security.

http://www.zdnet.com/blog/bott/why-malware-for-macs-is-on-its-way/3243?tag=mantle_skin;content

NickK · 7 May 2011 at 09:54

All computers are susceptible to viruses and malware.

Even in secure environments it's usually the security by levels argument that is used. Ie it's the number of levels that has to be breeched before the problem occurs, where each level indicates a chance for detection and protection.

I tend to run lightweight - with little snitch providing in/out firewall in addition to the apple firewall. I do have clamx.

Common sense - installing software from the internet is a major attack vector. I've had software that has requested authentication which it shouldn't have needed. I rejected and thus didn't install the software - good thing as a further search on the internet resulted in the fact that the software actually exports your address book to their servers!! (this is legitimate demo software - dragon naturally speaking).

The only issue is that by installing additional software - you're actually providing additional attack vectors. This includes antivirus software. OS vendors are becoming more savvy in the wholescale way to protect their users.

Sophos et al do have a vested interest so you can't really treat them as being an independent view point.

Do anti-virus apps protect you? Yes, usually because they are faster to release protective patches, however the main problems are often patched by OS vendors as they're a risk to the greater user-base. Once this is the case, the protection offered by the anti-virus app is just duplication of a non-existant threat.

One of the first things you should do for Safari is disable "Open safe files" in the preferences so that dmg files etc are not automatically opened.

Feek · 7 May 2011 at 09:59

I've never ever felt the need to enable a software firewall, even when using Windows. I have a hardware firewall in the router, why use a software one as well?

tntcoder · 7 May 2011 at 12:47

Feek said:
I've never ever felt the need to enable a software firewall, even when using Windows. I have a hardware firewall in the router, why use a software one as well?

2 reasons:

- If you don't trust other client boxes on the same LAN as you (in the home this shouldn't be an issue)

- If you're paranoid and want outbound application filtering capabilities - e.g getting notified when an application wants to phone home and be able to block it. This is generally pointless as it's trivial for malware to piggyback out on legit traffic leaving you none the wiser.

IMO there's no point in host based firewalls in a home environment, assuming your internet router has one included (as most do).

Ev0 · 7 May 2011 at 12:56

Software firewalls are there more to stop any dodgy outgoing traffic from your machine.

Say you get a trojan or are exploited some other way that means the threat is with traffic coming out of your machine, will your hardware firewall stop that? Or does it only look at what's coming in?

When it comes to firewalls et al people are way too concerned with the incoming side and neglect the outgoing.

That said I don't run any extra host based stuff at home, my MBP just has the apple one switched on, as said above I don't feel I need it on my home network.

I remember a story told by a very senior US military chap about how they only caught some chinese hackers in one of their networks as they noticed some outgoing traffic one day when checking something they didn't usually check.

Turned out the chinese had been in the network for a long time already but no one knew!

And the reason they checked? They had found that some of thing on the network had been patched and couldn't work out how or why it had been, as no one there had done it.

The chinese had been patching the stuff themselves to make sure that the network remained up/stable so they could keep their access