Disabling Sandbox
Hi
i am doing a project for my univ. i am writing an applet that reads info from a database and change the names in checkboxes. there isnt much security threat since only 2 of the computers are going to use this program. School doesnt want the applet to be digitally signed since it costs a lot. Is there any security feature that i can turn off so that applet would run in IE or netscape without any problems. Right now my program runs fine in applet viewer but in IE and netscape it just shows the buttons and not the data i got from database.
Well, the ristriction you violated could be the one about server connection. Applet is only allowed to connect the same server it was loaded from so if your database is situated somewhere else it's not possible to connect to it directly from applet. The solution is to use some sort of application server software on your web-server, which applet is loaded from. For example, it can be some script, redirecting applet requests to db server.
Similar Messages
-
Multiple Panics, Lock Ups and Freezes
My MacBook Pro running 10.8.3 has been having some random shut downs and lock ups lately, the latest of which took the internal boot drive totally offline. I was able to recover it after booting to my external recovery drive and running DiskWarrior 4 as Disk Utility simply said I needed to repair the drive before mounting it, but then said it was unrepairable after attempting to do so.
After the DiskWarrior repair, the Mac booted from it's internal drive like there was nothing wrong, but an hour or so later, I had another lock up where everything froze up and was unresponsive and then after a restart I got another hour or so before it shut itself down and then restarted itself, so I'm obviously less than thrilled with the situation.
This is the factory drive which came with the MacBook Pro when purchased new in January of this year, so I have a hard time believing the drive is physically bad, though I guess anything is possible. Another thing that has me thinking it's not the hardware is that the machine runs fine when booted to the external recovery drive and has no errors or any of the symptoms I've been experiencing.
Anyway, I've been looking at the panic reports, but I'm honestly not well versed in what any of this means, so I'm hoping one of the experts can chime in and maybe point me in the right direction as I'm running out of ideas :/
Interval Since Last Panic Report: 2467 sec
Panics Since Last Report: 1
Anonymous UUID: BBC20339-6AE8-82EA-4368-DCBBCC912FF4
Anonymous UUID: BBC20339-6AE8-82EA-4368-DCBBCC912FF4
Thu May 2 13:44:42 2013
panic(cpu 6 caller 0xffffff8025cb7e95): Kernel trap at 0xffffff7fa741c064, type 14=page fault, registers:
CR0: 0x0000000080010033, CR2: 0x0000000000000010, CR3: 0x00000000443ae021, CR4: 0x00000000001606e0
RAX: 0x0000000000000001, RBX: 0xffffff81c60a6000, RCX: 0xffffff8048c44000, RDX: 0xffffff81f7773a38
RSP: 0xffffff81f7773b60, RBP: 0xffffff81f7773b60, RSI: 0x0000000000000000, RDI: 0x0000000000000000
R8: 0x0000000000000000, R9: 0x00000000000003ff, R10: 0xffffffffffffffff, R11: 0x00000000ffffffff
R12: 0xffffff81c60a6000, R13: 0x0000000000000000, R14: 0x0000000000000002, R15: 0x0000000000000000
RFL: 0x0000000000010246, RIP: 0xffffff7fa741c064, CS: 0x0000000000000008, SS: 0x0000000000000010
Fault CR2: 0x0000000000000010, Error code: 0x0000000000000000, Fault CPU: 0x6
Backtrace (CPU 6), Frame : Return Address
0xffffff81f7773800 : 0xffffff8025c1d626
0xffffff81f7773870 : 0xffffff8025cb7e95
0xffffff81f7773a40 : 0xffffff8025ccd4dd
0xffffff81f7773a60 : 0xffffff7fa741c064
0xffffff81f7773b60 : 0xffffff7fa7405d64
0xffffff81f7773bb0 : 0xffffff7fa7405cba
0xffffff81f7773bd0 : 0xffffff7fa73e17ae
0xffffff81f7773c00 : 0xffffff7fa62b03a0
0xffffff81f7773c40 : 0xffffff7fa62b030f
0xffffff81f7773c60 : 0xffffff7fa62b575c
0xffffff81f7773cf0 : 0xffffff7fa62ade50
0xffffff81f7773d20 : 0xffffff7fa62feb8b
0xffffff81f7773d70 : 0xffffff8026032e7b
0xffffff81f7773dc0 : 0xffffff80260634f7
0xffffff81f7773e30 : 0xffffff8025c97fef
0xffffff81f7773e80 : 0xffffff8025c20aed
0xffffff81f7773eb0 : 0xffffff8025c10448
0xffffff81f7773f00 : 0xffffff8025c1961b
0xffffff81f7773f70 : 0xffffff8025ca5dd6
0xffffff81f7773fb0 : 0xffffff8025ccdd43
Kernel Extensions in backtrace:
com.apple.iokit.IOGraphicsFamily(2.3.7)[74E3E50F-E50A-3073-8C96-06F854292A91]@0 xffffff7fa62a4000->0xffffff7fa62dbfff
dependency: com.apple.iokit.IOPCIFamily(2.7.3)[1D668879-BEF8-3C58-ABFE-FAC6B3E9A292]@0xffff ff7fa6266000
com.apple.NVDAResman(8.1)[A26D2A3D-C06F-3A0F-BCFF-901A98C93C3D]@0xffffff7fa62fb 000->0xffffff7fa6608fff
dependency: com.apple.iokit.IOPCIFamily(2.7.3)[1D668879-BEF8-3C58-ABFE-FAC6B3E9A292]@0xffff ff7fa6266000
dependency: com.apple.iokit.IONDRVSupport(2.3.7)[38C214C0-83C8-3594-8A4C-DC6AC3FEC163]@0xff ffff7fa62e7000
dependency: com.apple.iokit.IOGraphicsFamily(2.3.7)[74E3E50F-E50A-3073-8C96-06F854292A91]@0 xffffff7fa62a4000
com.apple.GeForce(8.1)[A15BB65E-3501-340F-87CB-2FD2BAD33E35]@0xffffff7fa73de000 ->0xffffff7fa74aafff
dependency: com.apple.NVDAResman(8.1.0)[A26D2A3D-C06F-3A0F-BCFF-901A98C93C3D]@0xffffff7fa62 fb000
dependency: com.apple.iokit.IONDRVSupport(2.3.7)[38C214C0-83C8-3594-8A4C-DC6AC3FEC163]@0xff ffff7fa62e7000
dependency: com.apple.iokit.IOPCIFamily(2.7.3)[1D668879-BEF8-3C58-ABFE-FAC6B3E9A292]@0xffff ff7fa6266000
dependency: com.apple.iokit.IOGraphicsFamily(2.3.7)[74E3E50F-E50A-3073-8C96-06F854292A91]@0 xffffff7fa62a4000
BSD process name corresponding to current thread: WindowServer
Mac OS version:
12D78
Kernel version:
Darwin Kernel Version 12.3.0: Sun Jan 6 22:37:10 PST 2013; root:xnu-2050.22.13~1/RELEASE_X86_64
Kernel UUID: 3EB7D8A7-C2D3-32EC-80F4-AB37D61492C6
Kernel slide: 0x0000000025a00000
Kernel text base: 0xffffff8025c00000
System model name: MacBookPro9,1 (Mac-4B7AC7E43945597E)
System uptime in nanoseconds: 187720354206
last loaded kext at 185678984299: com.apple.driver.AudioAUUC 1.60 (addr 0xffffff7fa768f000, size 32768)
loaded kexts:
com.kaspersky.nke 1.0.1d41
com.kaspersky.kext.klif 3.0.0d23
com.apple.driver.AudioAUUC 1.60
com.apple.iokit.IOBluetoothSerialManager 4.1.3f3
com.apple.filesystems.autofs 3.0
com.apple.driver.AGPM 100.12.87
com.apple.driver.ApplePlatformEnabler 2.0.6d1
com.apple.driver.X86PlatformShim 1.0.0
com.apple.driver.AppleMikeyHIDDriver 122
com.apple.driver.AppleHDAHardwareConfigDriver 2.3.7fc4
com.apple.driver.AppleHDA 2.3.7fc4
com.apple.GeForce 8.1.0
com.apple.iokit.IOBluetoothUSBDFU 4.1.3f3
com.apple.driver.AppleUpstreamUserClient 3.5.10
com.apple.driver.ACPI_SMC_PlatformPlugin 1.0.0
com.apple.iokit.BroadcomBluetoothHCIControllerUSBTransport 4.1.3f3
com.apple.driver.AppleMikeyDriver 2.3.7fc4
com.apple.nvidia.NVDAStartup 8.1.0
com.apple.driver.SMCMotionSensor 3.0.3d1
com.apple.driver.AppleSMCLMU 2.0.3d0
com.apple.driver.AppleIntelHD4000Graphics 8.1.0
com.apple.driver.AppleIntelFramebufferCapri 8.1.0
com.apple.iokit.IOUserEthernet 1.0.0d1
com.apple.Dont_Steal_Mac_OS_X 7.0.0
com.apple.driver.ApplePolicyControl 3.3.0
com.apple.driver.AppleSMCPDRC 1.0.0
com.apple.driver.AppleLPC 1.6.0
com.apple.driver.AppleMuxControl 3.3.0
com.apple.driver.AppleBacklight 170.2.5
com.apple.driver.AppleMCCSControl 1.1.11
com.apple.driver.AppleUSBTCButtons 237.1
com.apple.driver.AppleIRController 320.15
com.apple.driver.AppleUSBTCKeyEventDriver 237.1
com.apple.driver.AppleUSBTCKeyboard 237.1
com.apple.driver.AppleFileSystemDriver 3.0.1
com.apple.AppleFSCompression.AppleFSCompressionTypeDataless 1.0.0d1
com.apple.AppleFSCompression.AppleFSCompressionTypeZlib 1.0.0d1
com.apple.BootCache 34
com.apple.iokit.SCSITaskUserClient 3.5.5
com.apple.driver.XsanFilter 404
com.apple.iokit.IOAHCIBlockStorage 2.3.1
com.apple.driver.AppleUSBHub 5.5.5
com.apple.driver.AppleSDXC 1.4.0
com.apple.iokit.AppleBCM5701Ethernet 3.6.0b1
com.apple.driver.AirPort.Brcm4331 614.20.16
com.apple.driver.AppleFWOHCI 4.9.6
com.apple.driver.AppleAHCIPort 2.5.1
com.apple.driver.AppleUSBEHCI 5.5.0
com.apple.driver.AppleUSBXHCI 5.5.5
com.apple.driver.AppleEFINVRAM 1.7
com.apple.driver.AppleSmartBatteryManager 161.0.0
com.apple.driver.AppleACPIButtons 1.7
com.apple.driver.AppleRTC 1.5
com.apple.driver.AppleHPET 1.8
com.apple.driver.AppleSMBIOS 1.9
com.apple.driver.AppleACPIEC 1.7
com.apple.driver.AppleAPIC 1.6
com.apple.driver.AppleIntelCPUPowerManagementClient 196.0.0
com.apple.nke.applicationfirewall 4.0.39
com.apple.security.quarantine 2
com.apple.driver.AppleIntelCPUPowerManagement 196.0.0
com.apple.iokit.IOSerialFamily 10.0.6
com.apple.kext.triggers 1.0
com.apple.driver.DspFuncLib 2.3.7fc4
com.apple.iokit.IOAudioFamily 1.8.9fc11
com.apple.kext.OSvKernDSPLib 1.6
com.apple.nvidia.gk100hal 8.1.0
com.apple.NVDAResman 8.1.0
com.apple.iokit.IOFireWireIP 2.2.5
com.apple.driver.IOPlatformPluginLegacy 1.0.0
com.apple.iokit.AppleBluetoothHCIControllerUSBTransport 4.1.3f3
com.apple.driver.AppleThunderboltEDMSink 1.1.8
com.apple.driver.AppleThunderboltEDMSource 1.1.8
com.apple.driver.AppleThunderboltDPOutAdapter 1.8.9
com.apple.driver.X86PlatformPlugin 1.0.0
com.apple.driver.AppleHDAController 2.3.7fc4
com.apple.iokit.IOHDAFamily 2.3.7fc4
com.apple.iokit.IOAcceleratorFamily 30.14
com.apple.iokit.IOSurface 86.0.4
com.apple.iokit.IOBluetoothFamily 4.1.3f3
com.apple.driver.AppleSMC 3.1.4d2
com.apple.driver.IOPlatformPluginFamily 5.3.0d51
com.apple.driver.AppleSMBusPCI 1.0.11d0
com.apple.driver.AppleGraphicsControl 3.3.0
com.apple.driver.AppleBacklightExpert 1.0.4
com.apple.iokit.IONDRVSupport 2.3.7
com.apple.driver.AppleSMBusController 1.0.11d0
com.apple.iokit.IOGraphicsFamily 2.3.7
com.apple.driver.AppleThunderboltDPInAdapter 1.8.9
com.apple.driver.AppleThunderboltDPAdapterFamily 1.8.9
com.apple.driver.AppleThunderboltPCIDownAdapter 1.2.6
com.apple.driver.AppleUSBMultitouch 237.3
com.apple.iokit.IOUSBHIDDriver 5.2.5
com.apple.driver.AppleUSBMergeNub 5.5.5
com.apple.driver.AppleUSBComposite 5.2.5
com.apple.iokit.IOSCSIMultimediaCommandsDevice 3.5.5
com.apple.iokit.IOBDStorageFamily 1.7
com.apple.iokit.IODVDStorageFamily 1.7.1
com.apple.iokit.IOCDStorageFamily 1.7.1
com.apple.iokit.IOAHCISerialATAPI 2.5.1
com.apple.iokit.IOSCSIArchitectureModelFamily 3.5.5
com.apple.driver.AppleThunderboltNHI 1.6.3
com.apple.iokit.IOThunderboltFamily 2.2.6
com.apple.iokit.IOUSBUserClient 5.5.5
com.apple.iokit.IOEthernetAVBController 1.0.2b1
com.apple.iokit.IO80211Family 522.4
com.apple.iokit.IONetworkingFamily 3.0
com.apple.iokit.IOFireWireFamily 4.5.5
com.apple.iokit.IOAHCIFamily 2.3.1
com.apple.iokit.IOUSBFamily 5.5.5
com.apple.driver.AppleEFIRuntime 1.7
com.apple.iokit.IOHIDFamily 1.8.1
com.apple.iokit.IOSMBusFamily 1.1
com.apple.security.sandbox 220.2
com.apple.kext.AppleMatch 1.0.0d1
com.apple.security.TMSafetyNet 7
com.apple.driver.DiskImages 345
com.apple.iokit.IOStorageFamily 1.8
com.apple.driver.AppleKeyStore 28.21
com.apple.driver.AppleACPIPlatform 1.7
com.apple.iokit.IOPCIFamily 2.7.3
com.apple.iokit.IOACPIFamily 1.4
com.apple.kec.corecrypto 1.0
System Profile:
Model: MacBookPro9,1, BootROM MBP91.00D3.B08, 4 processors, Intel Core i7, 2.6 GHz, 16 GB, SMC 2.1f173
Graphics: Intel HD Graphics 4000, Intel HD Graphics 4000, Built-In, 384 MB
Graphics: NVIDIA GeForce GT 650M, NVIDIA GeForce GT 650M, PCIe, 1024 MB
Memory Module: BANK 0/DIMM0, 8 GB, DDR3, 1600 MHz, 0x0000, 0x4B4238475F44335F534F31363030434C3130
Memory Module: BANK 1/DIMM0, 8 GB, DDR3, 1600 MHz, 0x0000, 0x4B4238475F44335F534F31363030434C3130
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0xF5), Broadcom BCM43xx 1.0 (5.106.98.100.16)
Bluetooth: Version 4.1.3f3 11349, 2 service, 11 devices, 1 incoming serial ports
Network Service: Ethernet, Ethernet, en0
Serial ATA Device: APPLE HDD TOSHIBA MK7559GSXF, 750.16 GB
Serial ATA Device: HL-DT-ST DVDRW GS31N
USB Device: hub_device, 0x8087 (Intel Corporation), 0x0024, 0x1a100000 / 2
USB Device: FaceTime HD Camera (Built-in), apple_vendor_id, 0x8509, 0x1a110000 / 3
USB Device: hub_device, 0x8087 (Intel Corporation), 0x0024, 0x1d100000 / 2
USB Device: hub_device, 0x0424 (SMSC), 0x2513, 0x1d180000 / 3
USB Device: Apple Internal Keyboard / Trackpad, apple_vendor_id, 0x0252, 0x1d183000 / 6
USB Device: IR Receiver, apple_vendor_id, 0x8242, 0x1d182000 / 5
USB Device: BRCM20702 Hub, 0x0a5c (Broadcom Corp.), 0x4500, 0x1d181000 / 4
USB Device: Bluetooth USB Host Controller, apple_vendor_id, 0x821d, 0x1d181300 / 8
Model: MacBookPro9,1, BootROM MBP91.00D3.B08, 4 processors, Intel Core i7, 2.6 GHz, 16 GB, SMC 2.1f173
Graphics: Intel HD Graphics 4000, Intel HD Graphics 4000, Built-In, 384 MB
Graphics: NVIDIA GeForce GT 650M, NVIDIA GeForce GT 650M, PCIe, 1024 MB
Memory Module: BANK 0/DIMM0, 8 GB, DDR3, 1600 MHz, 0x0000, 0x4B4238475F44335F534F31363030434C3130
Memory Module: BANK 1/DIMM0, 8 GB, DDR3, 1600 MHz, 0x0000, 0x4B4238475F44335F534F31363030434C3130
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0xF5), Broadcom BCM43xx 1.0 (5.106.98.100.16)
Bluetooth: Version 4.1.3f3 11349, 2 service, 11 devices, 1 incoming serial ports
Network Service: Ethernet, Ethernet, en0
Serial ATA Device: APPLE HDD TOSHIBA MK7559GSXF, 750.16 GB
Serial ATA Device: HL-DT-ST DVDRW GS31N
USB Device: hub_device, 0x8087 (Intel Corporation), 0x0024, 0x1a100000 / 2
USB Device: FaceTime HD Camera (Built-in), apple_vendor_id, 0x8509, 0x1a110000 / 3
USB Device: hub_device, 0x8087 (Intel Corporation), 0x0024, 0x1d100000 / 2
USB Device: hub_device, 0x0424 (SMSC), 0x2513, 0x1d180000 / 3
USB Device: Apple Internal Keyboard / Trackpad, apple_vendor_id, 0x0252, 0x1d183000 / 6
USB Device: IR Receiver, apple_vendor_id, 0x8242, 0x1d182000 / 5
USB Device: BRCM20702 Hub, 0x0a5c (Broadcom Corp.), 0x4500, 0x1d181000 / 4
USB Device: Bluetooth USB Host Controller, apple_vendor_id, 0x821d, 0x1d181300 / 81. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
It can easily be disabled or overridden by the user.
A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to bypass Apple's oversight, or the oversight could fail in a particular case due to human error.
For most purposes, applications recognized by Gatekeeper as signed, including App Store products, can be considered safe. Note, however, that at least one trojan for iOS (not for OS X) was briefly distributed by a developer in Russia through the iTunes App Store. That store is under the same oversight by Apple as the Mac App Store, so the protection shouldn't be considered absolute. App Store products may prompt for access to private data, such as your contacts. Think before granting that access. OS X security is based on user input. Never click anything reflexively.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is presumably effective against known attacks, but maybe not against unknown attacks. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. Beyond XProtect, Gatekeeper, and MRT, there’s no evidence of any benefit from other automated protection against malware. The first and best line of defense is always your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
That means, in practice, that you never use software that comes from an untrustworthy source, or that does something inherently untrustworthy. How do you know what is trustworthy?
Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
Software that purports to help you do something that's illegal or that infringes copyright, such as saving streamed audio or video for reuse without permission, is unsafe. All YouTube "downloaders" are in this category, though not all are necessarily harmful.
Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
Even signed applications should not be trusted if they do something unexpected, such as asking for permission to access your contacts or your location for no apparent reason.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
Follow the above guidelines, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself from malware.
7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
Why shouldn't you use commercial "anti-virus" products?
Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
8. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
9. The greatest harm done by security software, in my opinion, is in its effect on human behavior. It does little or nothing to protect people from emerging threats, but if they get a false sense of security from it, they may feel free to do things that expose them to higher risk. Nothing can lessen the need for safe computing practices.
10. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default. -
I am having a slow system. Running Yosemite on Macbook Pro.
EtreCheck version: 2.0.11 (98)
Report generated November 19, 2014 at 19:26:11 GMT
Hardware Information: ℹ️
MacBook Pro (13-inch, Early 2011) (Verified)
MacBook Pro - model: MacBookPro8,1
1 2.7 GHz Intel Core i7 CPU: 2-core
4 GB RAM Upgradeable
BANK 0/DIMM0
2 GB DDR3 1333 MHz ok
BANK 1/DIMM0
2 GB DDR3 1333 MHz ok
Bluetooth: Old - Handoff/Airdrop2 not supported
Wireless: en1: 802.11 a/b/g/n
Video Information: ℹ️
Intel HD Graphics 3000 - VRAM: 384 MB
Color LCD 1280 x 800
System Software: ℹ️
OS X 10.10.1 (14B25) - Uptime: 0:41:3
Disk Information: ℹ️
TOSHIBA MK5065GSXF disk0 : (500.11 GB)
S.M.A.R.T. Status: Verified
EFI (disk0s1) <not mounted> : 210 MB
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
Macintosh HD (disk1) / [Startup]: 498.88 GB (148.10 GB free)
Encrypted AES-XTS Unlocked
Core Storage: disk0s2 499.25 GB Online
MATSHITADVD-R UJ-8A8
USB Information: ℹ️
Apple Inc. FaceTime HD Camera (Built-in)
Apple Inc. Apple Internal Keyboard / Trackpad
Apple Inc. BRCM2070 Hub
Apple Inc. Bluetooth USB Host Controller
Apple Computer, Inc. IR Receiver
Thunderbolt Information: ℹ️
Apple Inc. thunderbolt_bus
Gatekeeper: ℹ️
Mac App Store and identified developers
Kernel Extensions: ℹ️
/Applications/WiTopia.app
[loaded] com.viscosityvpn.Viscosity.tap (1.0) Support
[loaded] com.viscosityvpn.Viscosity.tun (1.0) Support
/Library/Application Support/Kaspersky Lab/KAV/Bases
[loaded] com.kaspersky.kext.kimul.44 (44) Support
/Library/Extensions
[loaded] com.kaspersky.kext.klif (3.0.3a23) Support
[loaded] com.kaspersky.nke (1.6.3a13) Support
[not loaded] foo.tap (1.0) Support
[not loaded] foo.tun (1.0) Support
/System/Library/Extensions
[loaded] com.Cycling74.driver.Soundflower (1.6.6 - SDK 10.6) Support
[not loaded] com.NovatelWireless.driver.NovatelWirelessUSBCDCECMControl (3.0.13) Support
[not loaded] com.NovatelWireless.driver.NovatelWirelessUSBCDCECMData (3.0.13) Support
[not loaded] com.ZTE.driver.ZTEUSBCDCACMData (1.3.35) Support
[not loaded] com.ZTE.driver.ZTEUSBMassStorageFilter (1.3.35) Support
[not loaded] com.devguru.driver.SamsungComposite (1.4.20 - SDK 10.6) Support
[not loaded] com.driver.JRDMassStorageDriver32 (1.0.1) Support
[not loaded] com.driver.JRDMassStorageDriver64 (1.0.1) Support
[not loaded] com.driver.JRDUSBModemData32 (1.0.1) Support
[not loaded] com.driver.JRDUSBModemData64 (4.0.8) Support
[not loaded] com.eltima.ElmediaPlayer.kext (1.58 - SDK 10.4) Support
[loaded] com.epson.driver.EPSONProjectorUDAudio (1.30 - SDK 10.4) Support
[not loaded] com.jrdcom.driver.JRDECMControlDriver32 (1) Support
[not loaded] com.jrdcom.driver.JRDECMControlDriver64 (1) Support
[not loaded] com.jrdcom.driver.JRDECMDataDriver32 (1) Support
[not loaded] com.jrdcom.driver.JRDECMDataDriver64 (1) Support
[not loaded] com.jrdcom.driver.JRDUSBCDC32 (1) Support
[not loaded] com.jrdcom.driver.JRDUSBCDC64 (1) Support
[not loaded] com.novamedia.driver.IceraUSB_MSD_Bypass (1.3.0) Support
[not loaded] com.novatelwireless.driver.3G (3.0.13) Support
[not loaded] com.novatelwireless.driver.DisableAutoInstall (3.0.13) Support
[not loaded] com.option.driver.Option72 (2.15.0) Support
[not loaded] com.option.driver.OptionHS (3.26.0) Support
[not loaded] com.option.driver.OptionMSD (1.21.0) Support
[not loaded] com.option.driver.OptionQC (1.11.0) Support
[not loaded] com.quark.driver.Tether (1.1.0d3 - SDK 10.4) Support
[loaded] com.quark.driver.Tether64 (1.1.0d3 - SDK 10.6) Support
[loaded] com.rim.driver.BlackBerryUSBDriverInt (0.0.67) Support
[not loaded] com.rim.driver.BlackBerryUSBDriverVSP (0.0.67) Support
[not loaded] com.splashtop.driver.SRXDisplayCard (1.6 - SDK 10.7) Support
[not loaded] com.splashtop.driver.SRXFrameBufferConnector (1.6 - SDK 10.7) Support
[not loaded] com.vodafone.driver (3.0.9) Support
[not loaded] com.zte.driver.cdc_ecm_qmi (1.0.26) Support
[not loaded] com.zte.driver.cdc_usb_bus (1.0.26) Support
[not loaded] de.novamedia.driver.NMSamsung (0.0.2) Support
[not loaded] de.novamedia.driver.NMSmartplugSCSIDevice (1.0.1) Support
[not loaded] de.novamedia.oem.vodafone.vtp.huawei.cdc (0.0.2) Support
[not loaded] net.pocketmac.driver.BlackberryUSB (3.2.0) Support
[not loaded] net.pocketmac.driver.BlackberryUSBDev (3.2.0) Support
/System/Library/Extensions/NMHuaweiPhonesVTPCDC_106.kext/Contents/PlugIns
[not loaded] de.novamedia.driver.NMUSBCDCACMControl (3.2.12) Support
/System/Library/Extensions/NMSamsungDriver_106.kext/Contents/PlugIns
[not loaded] de.novamedia.driver.NMUSBCDCACMData (3.2.12) Support
/System/Library/Extensions/NovatelWireless3G.kext/Contents/PlugIns
[not loaded] com.novatelwireless.driver.3GData (3.0.13) Support
/System/Library/Extensions/Vodafone.kext/Contents/PlugIns
[not loaded] com.vodafone.driver.Data (3.0.9) Support
/System/Library/Extensions/ssuddrv.kext/Contents/PlugIns
[not loaded] com.devguru.driver.SamsungACMControl (1.4.20 - SDK 10.6) Support
[not loaded] com.devguru.driver.SamsungACMData (1.4.20 - SDK 10.6) Support
[not loaded] com.devguru.driver.SamsungMTP (1.4.20 - SDK 10.5) Support
[not loaded] com.devguru.driver.SamsungSerial (1.4.20 - SDK 10.6) Support
Startup Items: ℹ️
HW_CreateNetwork: Path: /Library/StartupItems/HW_CreateNetwork
HWNetMgr: Path: /Library/StartupItems/HWNetMgr
HWPortDetect_driver: Path: /Library/StartupItems/HWPortDetect_driver
SMC: Path: /Library/StartupItems/SMC
StartOuc: Path: /Library/StartupItems/StartOuc
tap: Path: /Library/StartupItems/tap
tun: Path: /Library/StartupItems/tun
Startup items are obsolete and will not work in future versions of OS X
Launch Agents: ℹ️
[not loaded] com.adobe.AAM.Updater-1.0.plist Support
[running] com.amazon.sendtokindle.launcher.plist Support
[running] com.babylon.activation.plist Support
[not loaded] com.google.keystone.agent.plist Support
[not loaded] com.hp.help.tocgenerator.plist Support
[invalid?] com.kaspersky.kav.gui.plist Support
[running] com.localphone.postlogon.VoIP.plist Support
[loaded] com.oracle.java.Java-Updater.plist Support
[invalid?] com.splashtop.streamer-for-root.plist Support
[invalid?] com.splashtop.streamer-for-user.plist Support
[running] de.novamedia.VodafoneDeviceObserver.plist Support
[running] HWPortCfg.plist Support
[loaded] org.gpgtools.Libmacgpg.xpc.plist Support
Launch Daemons: ℹ️
[loaded] com.adobe.fpsaud.plist Support
[loaded] com.creativebe.MainMenuHelper.plist Support
[running] com.eltima.ElmediaPlayer.daemon.plist Support
[loaded] com.google.keystone.daemon.plist Support
[running] com.kaspersky.kav.plist Support
[running] com.localphone.daemon.VoIP.plist Support
[loaded] com.microsoft.office.licensing.helper.plist Support
[loaded] com.oracle.java.Helper-Tool.plist Support
[loaded] com.oracle.java.JavaUpdateHelper.plist Support
[loaded] com.prosofteng.DriveGenius.locum.plist Support
[loaded] com.regularrateandrhythm.rowmotehelperaide.plist Support
[invalid?] com.splashtop.streamer-daemon.plist Support
[invalid?] com.splashtop.streamer-srioframebuffer.plist Support
[running] com.wyse.PocketCloud.plist Support
[running] net.witopia.WiTopiaHelper.plist Support
User Launch Agents: ℹ️
[loaded] com.adobe.AAM.Updater-1.0.plist Support
[loaded] com.adobe.ARM.[...].plist Support
[invalid?] com.citrixonline.GoToMeeting.G2MUpdate.plist Support
[not loaded] com.logos.LogosIndexer.plist Support
[running] com.microsoft.LaunchAgent.SyncServicesAgent.plist Support
[running] com.pia.pia_manager.plist Support
[invalid?] com.splashtop.streamer-for-user.plist Support
[invalid?] com.wrike.plugin.enable-bundles.plist Support
[invalid?] com.wrike.plugin.mail-monitor.plist Support
[invalid?] com.wrike.plugin.patch-uuid.plist Support
[invalid?] com.yourcompany.HSPA_USB_MODEM.plist Support
[running] com.yourcompany.uninstall.plist Support
User Login Items: ℹ️
WiTopia Application (/Applications/WiTopia.app)
TotalFinder Application (/Incompatible Software/TotalFinder.app)
Google Chrome ApplicationHidden (/Users/[redacted]/.Trash/Google Chrome.app)
RoboFormIcon Application (/Users/[redacted]/Library/Application Support/RoboForm/RoboFormIcon.app)
KiesAgent ApplicationHidden (/Applications/Kies.app/Contents/MacOS/KiesAgent.app)
fuspredownloader ApplicationHidden (/Users/[redacted]/Library/Application Support/.FUS/fuspredownloader.app)
USB Display Agent Application (/Applications/USB Display/USB Display.app/Contents/Resources/USB Display Agent.app)
Microsoft Database Daemon Application (/Applications/Microsoft Office 2011/Office/Microsoft Database Daemon.app)
Dropbox Application (/Applications/Dropbox.app)
HPEventHandler UNKNOWN (missing value)
Internet Plug-ins: ℹ️
o1dbrowserplugin: Version: 3.15.2.12038 Support
Default Browser: Version: 600 - SDK 10.10
AdobeAAMDetect: Version: AdobeAAMDetect 2.0.0.0 - SDK 10.7 Support
FlashPlayer-10.6: Version: 15.0.0.223 - SDK 10.6 Support
AdobePDFViewerNPAPI: Version: 11.0.09 - SDK 10.6 Support
Silverlight: Version: 5.1.30514.0 - SDK 10.6 Support
Flash Player: Version: 15.0.0.223 - SDK 10.6 Support
QuickTime Plugin: Version: 7.7.3
googletalkbrowserplugin: Version: 3.15.2.12038 Support
npgtpo3dautoplugin: Version: 0.1.44.24 - SDK 10.5 Support
AdobePDFViewer: Version: 11.0.09 - SDK 10.6 Support
SharePointBrowserPlugin: Version: 14.4.5 - SDK 10.6 Support
RL Secure Plug-In Layer: Version: (null) - SDK 10.5 Support
JavaAppletPlugin: Version: Java 7 Update 71 Check version
User Internet Plug-ins: ℹ️
VSeeDetection_x86_64: Version: Unknown
UploadManager: Version: (null) - SDK 10.5 Support
WbeTools64_14: Version: 1.0.22.49 © 2012 - SDK 10.6 Support
RocketEngine: Version: (null) - SDK 10.5 Support
fileEditTool64_15: Version: 1.0.33.62 © 2012 - SDK 10.6 Support
ContentManager: Version: (null) - SDK 10.5 Support
CitrixOnlineWebDeploymentPlugin: Version: 1.0.105 Support
Safari Extensions: ℹ️
RoboForm
Add To Amazon Wish List
TypePad Blog It
Evernote Web Clipper
ScribeFire
Clip to DEVONthink
Pearltrees Extension
Audio Plug-ins: ℹ️
EcammAudioLoader: Version: 1.0.3 - SDK 10.8 Support
CallRecorder: Version: v2.5.12 - SDK 10.8 Support
3rd Party Preference Panes: ℹ️
BlueHarvest Support
Flash Player Support
GPGPreferences Support
Java Support
MacFUSE Support
Time Machine: ℹ️
Auto backup: YES
Volumes being backed up:
Macintosh HD: Disk size: 498.88 GB Disk used: 350.78 GB
Destinations:
My Passport [Local]
Total size: 2.00 TB
Total number of backups: 0
Oldest backup: -
Last backup: -
Size of backup disk: Excellent
Backup size 2.00 TB > (Disk size 498.88 GB X 3)
Top Processes by CPU: ℹ️
6% WindowServer
1% pia_tray
0% kav
0% LpPjPhoneDaemon
0% Dropbox
Top Processes by Memory: ℹ️
172 MB kav
116 MB WiTopia
90 MB Dropbox
86 MB mds_stores
77 MB WindowServer
Virtual Memory Information: ℹ️
327 MB Free RAM
1.65 GB Active RAM
1.19 GB Inactive RAM
1.13 GB Wired RAM
4.12 GB Page-ins
5 MB Page-outsMac users often ask whether they should install "anti-virus" software. The answer usually given on ASC is "no." The answer is right, but it may give the wrong impression that there is no threat from what are loosely called "viruses." There is a threat, and you need to educate yourself about it.
1. This is a comment on what you should—and should not—do to protect yourself from malicious software ("malware") that circulates on the Internet and gets onto a computer as an unintended consequence of the user's actions. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the computer, or who has been able to take control of it remotely. That threat is in a different category, and there's no easy way to defend against it.
The comment is long because the issue is complex. The key points are in sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
☞ It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
☞ It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
☞ It can easily be disabled or overridden by the user.
☞ A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
☞ An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
Apple has taken far too long to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. Those lapses don't involve App Store products, however.
For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. Malware is a problem of human behavior, not machine behavior, and no technological fix alone is going to solve it. Trusting software to protect you will only make you more vulnerable.
The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and Internet criminals. If you're better informed than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
Software from an untrustworthy source
☞ Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, or your browser, or any other software. A genuine alert that Flash is outdated and blocked is shown on this support page. Follow the instructions on the support page in that case. Otherwise, assume that the alert is fake and someone is trying to scam you into installing malware. If you see such alerts on more than one website, ask for instructions.
☞ Software of any kind is distributed via BitTorrent, or Usenet, or on a website that also distributes pirated music or movies.
☞ Rogue websites such as Softonic, Soft32, and CNET Download distribute free applications that have been packaged in a superfluous "installer."
☞ The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.
Software that is plainly illegal or does something illegal
☞ High-priced commercial software such as Photoshop is "cracked" or "free."
☞ An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission. All "YouTube downloaders" are in this category, though not all are necessarily malicious.
Conditional or unsolicited offers from strangers
☞ A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
☞ A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
☞ You win a prize in a contest you never entered.
☞ Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
☞ A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
☞ Anything online that you would expect to pay for is "free."
Unexpected events
☞ A file is downloaded automatically when you visit a web page, with no other action on your part. Delete any such file without opening it.
☞ You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
☞ An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
☞ Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a padlock icon in the address bar when visiting a secure site.
Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
7. Never install any commercial "anti-virus" (AV) or "Internet security" products for the Mac, as they are all worse than useless. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store—nothing else.
Why shouldn't you use commercial AV products?
☞ To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. This technique is a proven failure, as a major AV software vendor has admitted. Most attacks are "zero-day"—that is, previously unknown. Recognition-based AV does not defend against such attacks, and the enterprise IT industry is coming to the realization that traditional AV software is worthless.
☞ Its design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere. In order to meet that nonexistent threat, commercial AV software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
☞ By modifying the operating system, the software may also create weaknesses that could be exploited by malware attackers.
☞ Most importantly, a false sense of security is dangerous.
8. An AV product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject low-level code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
An AV app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful, if at all, only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware.
Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. A malicious attachment in email is usually easy to recognize by the name alone. An actual example:
London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
You don't need software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's no reason to use recognition software unless an organizational policy requires it. Windows malware is so widespread that you should assume it's in every email attachment until proven otherwise. Nevertheless, ClamXav or a similar product from the App Store may serve a purpose if it satisfies an ill-informed network administrator who says you must run some kind of AV application. It's free and it won't handicap the system.
The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user, you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither can you assume that you will always be safe from exploitation, no matter what you do. Navigating the Internet is like walking the streets of a big city. It can be as safe or as dangerous as you choose to make it. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices. -
After the first few days of operating my new computer, Yosemite began to develop strange glitches. I tried to drag a folder from a Finder window. It zoomed upward on Desktop and stayed where it stopped—and nothing worked. Everything froze. The cursor left a jittery trail of ghost images within a Finder window. We had to relaunch Finder. This became a pattern: no dragging-dropping to move files. Only within a Finder window was it possible.
A day or two later, I began to notice—with increasing seriousness and frequency—open windows stuttering when I tried to move them around the desktop. They moved, but with halts and stutters.
When we opened Activity Monitor and saw 6 BG of 8BG memory used, we figured this is serious. After an EtreCheck we noticed we had to update a version of FlashPlayer, which we did. But our problem is still here. Help!
One probably rare item used with this computer is a Maltron Keyboard. This keyboard is made to be used with Macs and I found no issues relating to Yosemite on their website, but just thought I'd mention it.
EtreCheck version: 2.1.5 (108)
Report generated December 20, 2014 at 10:40:00 AM CST
Click the [Support] links for help with non-Apple products.
Click the [Details] links for more information about that line.
Click the [Adware] links for help removing adware.
Hardware Information: ℹ️
iMac (Retina 5K, 27-inch, Late 2014) (Verified)
iMac - model: iMac15,1
1 3.5 GHz Intel Core i5 CPU: 4-core
8 GB RAM Upgradeable
BANK 0/DIMM0
4 GB DDR3 1600 MHz ok
BANK 1/DIMM0
4 GB DDR3 1600 MHz ok
BANK 0/DIMM1
empty empty empty empty
BANK 1/DIMM1
empty empty empty empty
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en1: 802.11 a/b/g/n/ac
Video Information: ℹ️
AMD Radeon R9 M290X - VRAM: 2048 MB
iMac spdisplays_5120x2880Retina
System Software: ℹ️
OS X 10.10 (14A389) - Uptime: 2:25:40
Disk Information: ℹ️
APPLE SSD SM0512F disk0 : (500.28 GB)
EFI (disk0s1) <not mounted> : 210 MB
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
Macintosh HD (disk1) / : 499.10 GB (310.00 GB free)
Core Storage: disk0s2 499.42 GB Online
USB Information: ℹ️
PNY Technologies USB 3.0 FD 62.06 GB
USB30FD (disk2s1) /Volumes/USB30FD : 62.06 GB (61.85 GB free)
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Apple Inc. FaceTime HD Camera (Built-in)
MALTRON USB Keyboard
Thunderbolt Information: ℹ️
Apple Inc. thunderbolt_bus
Gatekeeper: ℹ️
Anywhere
Launch Daemons: ℹ️
[loaded] com.adobe.fpsaud.plist [Support]
User Launch Agents: ℹ️
[loaded] com.adobe.ARM.[...].plist [Support]
[invalid?] com.adobe.ARM.[...].plist [Support]
[loaded] com.google.keystone.agent.plist [Support]
User Login Items: ℹ️
AirPort Base Station Agent Application (/System/Library/CoreServices/AirPort Base Station Agent.app)
Internet Plug-ins: ℹ️
Flip4Mac WMV Plugin: Version: 2.2.2.3 [Support]
FlashPlayer-10.6: Version: 16.0.0.235 - SDK 10.6 [Support]
QuickTime Plugin: Version: 7.7.3
Flash Player: Version: 16.0.0.235 - SDK 10.6 [Support]
JavaAppletPlugin: Version: 15.0.0 - SDK 10.10 Check version
Default Browser: Version: 600 - SDK 10.10
RealPlayer Plugin: Version: Unknown [Support]
Silverlight: Version: 4.1.10329.0 [Support]
iPhotoPhotocast: Version: 7.0
Safari Extensions: ℹ️
AdBlock [Installed]
3rd Party Preference Panes: ℹ️
APC PowerChute Personal Edition [Support]
Flash Player [Support]
Flip4Mac WMV [Support]
Perian [Support]
Time Machine: ℹ️
Skip System Files: NO
Auto backup: YES
Volumes being backed up:
Macintosh HD: Disk size: 499.10 GB Disk used: 189.10 GB
Destinations:
LaCie [Local]
Total size: 0 B
Total number of backups: 0
Oldest backup: -
Last backup: -
Size of backup disk:
Top Processes by CPU: ℹ️
7% mds
2% WindowServer
1% fontd
0% taskgated
0% Finder
Top Processes by Memory: ℹ️
472 MB firefox
249 MB WindowServer
223 MB soffice
146 MB Finder
146 MB Activity Monitor
Virtual Memory Information: ℹ️
3.78 GB Free RAM
2.55 GB Active RAM
1.34 GB Inactive RAM
923 MB Wired RAM
1.94 GB Page-ins
0 B Page-outs
Diagnostics Information: ℹ️
Dec 20, 2014, 10:35:50 AM /Library/Logs/DiagnosticReports/Install Adobe Flash Player_2014-12-20-103550_[redacted].crash
Dec 20, 2014, 10:28:33 AM /Library/Logs/DiagnosticReports/Install Adobe Flash Player_2014-12-20-102833_[redacted].crash
Dec 20, 2014, 08:14:56 AM Self test - passedMac users often ask whether they should install "anti-virus" software. The answer usually given on ASC is "no." The answer is right, but it may give the wrong impression that there is no threat from what are loosely called "viruses." There is a threat, and you need to educate yourself about it.
1. This is a comment on what you should—and should not—do to protect yourself from malicious software ("malware") that circulates on the Internet and gets onto a computer as an unintended consequence of the user's actions. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the computer, or who has been able to take control of it remotely. That threat is in a different category, and there's no easy way to defend against it.
The comment is long because the issue is complex. The key points are in sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
☞ It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
☞ It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
☞ It can easily be disabled or overridden by the user.
☞ A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
☞ An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
Apple has taken far too long to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. Those lapses don't involve App Store products, however.
For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. Malware is a problem of human behavior, not machine behavior, and no technological fix alone is going to solve it. Trusting software to protect you will only make you more vulnerable.
The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and Internet criminals. If you're better informed than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
Software from an untrustworthy source
☞ Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, or your browser, or any other software. A genuine alert that Flash is outdated and blocked is shown on this support page. Follow the instructions on the support page in that case. Otherwise, assume that the alert is fake and someone is trying to scam you into installing malware. If you see such alerts on more than one website, ask for instructions.
☞ Software of any kind is distributed via BitTorrent, or Usenet, or on a website that also distributes pirated music or movies.
☞ Rogue websites such as Softonic, Soft32, and CNET Download distribute free applications that have been packaged in a superfluous "installer."
☞ The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.
Software that is plainly illegal or does something illegal
☞ High-priced commercial software such as Photoshop is "cracked" or "free."
☞ An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission. All "YouTube downloaders" are in this category, though not all are necessarily malicious.
Conditional or unsolicited offers from strangers
☞ A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
☞ A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
☞ You win a prize in a contest you never entered.
☞ Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
☞ A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
☞ Anything online that you would expect to pay for is "free."
Unexpected events
☞ A file is downloaded automatically when you visit a web page, with no other action on your part. Delete any such file without opening it.
☞ You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
☞ An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
☞ Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a padlock icon in the address bar when visiting a secure site.
Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
7. Never install any commercial "anti-virus" (AV) or "Internet security" products for the Mac, as they are all worse than useless. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store—nothing else.
Why shouldn't you use commercial AV products?
☞ To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. This technique is a proven failure, as a major AV software vendor has admitted. Most attacks are "zero-day"—that is, previously unknown. Recognition-based AV does not defend against such attacks, and the enterprise IT industry is coming to the realization that traditional AV software is worthless.
☞ Its design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere. In order to meet that nonexistent threat, commercial AV software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
☞ By modifying the operating system, the software may also create weaknesses that could be exploited by malware attackers.
☞ Most importantly, a false sense of security is dangerous.
8. An AV product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject low-level code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
An AV app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful, if at all, only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware.
Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. A malicious attachment in email is usually easy to recognize by the name alone. An actual example:
London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
You don't need software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's no reason to use recognition software unless an organizational policy requires it. Windows malware is so widespread that you should assume it's in every email attachment until proven otherwise. Nevertheless, ClamXav or a similar product from the App Store may serve a purpose if it satisfies an ill-informed network administrator who says you must run some kind of AV application. It's free and it won't handicap the system.
The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user, you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither can you assume that you will always be safe from exploitation, no matter what you do. Navigating the Internet is like walking the streets of a big city. It can be as safe or as dangerous as you choose to make it. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices. -
Just wondering if anyone can help me, I have only recently purchased my new mac. I was concerned when I didn't need any form of virus protection, so I downloaded Avasti and it had been working fine. Recently (past 6 weeks) three stranges pop-ups have been appearing, even though I have my 'pop up' block on. The first one which appears most commonly, is the one found in the top picture. This grey box saying download manager update only appears when I open google. The secod one appears on most webpages which I open, and it is the little green box pictured in the lower left of the screen, with the option to hide ad. And lastly, a random screen pops up offering businesses and bonuses which I have never even heard of.
Please if you know how to delete or get rid of this virus can you please let me know ASAP!"Avast" is perhaps the worst of the whole wretched lot of commercial "security" products for the Mac. Not only does it fail to protect you from any real danger, it throws false warnings, destabilizes and slows down your computer, and sometimes or always corrupts the network settings and the permissions of files in your home folder. Removing it may not repair all the damage, and neither will Disk Utility or even reinstalling OS X.
Back up all data, then remove "Avast" according to the developer's instructions. Restart.
If you tried to remove Avast by dragging an application to the Trash, you'll have to reinstall it and then follow the instructions linked above.
1. This is a comment on what you should and should not do to protect yourself from malicious software ("malware") that circulates on the Internet. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to your computer, or who has been able to log in to it remotely. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
If you find this comment too long or too technical, read only sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
It can easily be disabled or overridden by the user.
A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
Apple has so far failed to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. These failures don't involve App Store products, however.
For the reasons given, App Store products, and — to a lesser extent — other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the scam artists. If you're smarter than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
Software from an untrustworthy source
Software of any kind is distributed via BitTorrent. or Usenet, or on a website that also distributes pirated music or movies.
Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website.
Rogue websites such as Softonic and CNET Download distribute free applications that have been packaged in a superfluous "installer."
The software is advertised by means of spam or intrusive web ads.
Software that is plainly illegal or does something illegal
High-priced commercial software such as Photoshop is "cracked" or "free."
An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission.
Conditional or unsolicited offers from strangers
A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
You win a prize in a contest you never entered.
Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
Anything online that you would expect to pay for is "free."
Unexpected events
You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store — nothing else.
Why shouldn't you use commercial "anti-virus" products?
To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. New threats are emerging on a daily basis. Research has shown that most successful attacks are "zero-day" — that is, previously unknown. Recognition-based malware scanners do not defend against such attacks.
Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
8. An anti-malware product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
An anti-virus app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
A Windows malware attachment in email is usually easy to recognize without the need for any software; for example:
♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
Software may be able to tell you which particular trojan it is, but do you really care? In practice, there's seldom a reason to use recognition software unless an institutional policy requires it. Windows malware is so widespread that you should assume it's in every unknown email attachment until proven otherwise. Nevertheless, ClamXav or a similar App Store product may be useful if an uninformed network administrator says you must have some kind of "anti-virus" application.
The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither should you assume that you will always be safe from exploitation, no matter what you do. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. "Hmmmm, this torrent is a crack of that new game I want. I think I'll download it. It could be a trojan, but the antivirus will warn me if it is." Then they wonder why their Mac is so slow all of a sudden. It's slow because it's running flat out mining bitcoins for a hacker who has already sold their credit card number and banking passwords to a criminal gang. Maybe a week later the antivirus does warn them, but what good does that do?
Nothing can lessen the need for safe computing practices. -
Can anybody help? My Safari browser keeps crashing. The whole window just turns grey.
Can anybody help? My Safari browser keeps crashing on iMac 10.7.5. The whole window just turns grey. It started happening around the time of the new bookmarks menu upgrade recently which changed the bookmarks to be only on the side and makes it so you can see all your bookmarks while browsing. I know I have a lot of bookmarks, so I tried hiding them, but it still happens. I ALREADY TRIED CLEARING MY HISTORY, AND THAT DID NOT HELP, AND I HAVE NO EXTENSIONS FOR THIS BROWSER.
Does the fact that I am in Brasil have anything to do with it?
Thank you to anyone who can help. In case no one can come up with an answer, is there an easy way to transfer my bookmarks from safari to either firefox or chrome?
Much appreciated.1. This is a comment on what you should and should not do to protect yourself from malicious software ("malware") that circulates on the Internet. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
If you find this comment too long or too technical, read only sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
It can easily be disabled or overridden by the user.
A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
For the reasons given above, App Store products, and other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. OS X security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. The built-in security features of OS X reduce the risk of malware attack, but they're not absolute protection. The first and best line of defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
That means, in practice, that you always stay within a safe harbor of computing practices. How do you know what is safe?
Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is unsafe.
A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
Software that purports to help you do something that's illegal or that infringes copyright, such as saving streamed audio or video for reuse without permission, is unsafe. All YouTube "downloaders" are outside the safe harbor, though not all are necessarily harmful.
Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe. For instance, if a web page warns you that Flash is out of date, do not follow an offered link to an update. Go to the Adobe website to download it, if you need it at all.
Even signed applications, no matter what the source, should not be trusted if they do something unexpected, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
"FREE WI-FI !!!" networks in public places are unsafe unless you can verify that the network is not a trap (which you probably can't.) Even then, do not download any software or transmit any private information while connected to such a network, regardless of where it seems to come from or go to.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
Follow the above guidelines, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself from malware.
7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. Any database of known threats is always going to be out of date. Most of the danger is from unknown threats. If you need to be able to detect Windows malware in your files, use one of the free anti-virus products in the Mac App Store — nothing else.
Why shouldn't you use commercial "anti-virus" products?
Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. Most of the real-world danger of malware attack comes from highly targeted "zero-day" exploits that are not yet recognized.
By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
8. An anti-malware product from the App Store, such as "ClamXav," doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
An anti-virus app is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
Anti-virus software may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use the software unless a network administrator requires you to do it.
The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have the disadvantages mentioned in section 7.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user you don't have to live in fear that your computer is going to be infected every time you install an application, read email, or visit a web page. But neither should you have the false idea that you will always be safe, no matter what you do. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices. -
My iMac keeps crashing and I have no idea why
My iMac keeps crashing, and I don't know why. It started yesterday and for some reason just fails. I get an message saying it has shut down due to an error, and this is then the details of the error report it produces.
Can anyone please help and tell me what is wrong?
Huge thanks.
Hardware Overview:
Model Name: iMac
Model Identifier: iMac9,1
Processor Name: Intel Core 2 Duo
Processor Speed: 2.93 GHz
Number of Processors: 1
Total Number of Cores: 2
L2 Cache: 6 MB
Memory: 8 GB
Bus Speed: 1.07 GHz
Boot ROM Version: IM91.008D.B08
SMC Version (system): 1.45f0
Serial Number (system): VM******0TM
Software OS X 10.9 (13A603)
Error report as follows:
Anonymous UUID: 954FEFB3-53EC-843A-0739-711F6D804866
Sun Nov 24 16:20:47 2013
panic(cpu 0 caller 0xffffff801dadc19e): Kernel trap at 0xffffff7f9fdceef1, type 14=page fault, registers:
CR0: 0x000000008001003b, CR2: 0xffffff7f9fdceef1, CR3: 0x00000000012fe000, CR4: 0x0000000000000660
RAX: 0x0000000000000000, RBX: 0x0000000000000006, RCX: 0x0000000003000000, RDX: 0xffffff8034a5d960
RSP: 0xffffff810e0a3740, RBP: 0xffffff810e0a37a0, RSI: 0xffffff81004a1068, RDI: 0xffffff8034a5d960
R8: 0xffffff801e0d2b30, R9: 0xffffff81004a1068, R10: 0xffffff810e0a34b0, R11: 0x0000000000000206
R12: 0x0000000000000020, R13: 0xffffff810e0a3ab4, R14: 0xffffff8030a0ba08, R15: 0x0000000000000001
RFL: 0x0000000000010282, RIP: 0xffffff7f9fdceef1, CS: 0x0000000000000008, SS: 0x0000000000000010
Fault CR2: 0xffffff7f9fdceef1, Error code: 0x0000000000000010, Fault CPU: 0x0
Backtrace (CPU 0), Frame : Return Address
0xffffff810e0a33d0 : 0xffffff801da22f69
0xffffff810e0a3450 : 0xffffff801dadc19e
0xffffff810e0a3620 : 0xffffff801daf3606
0xffffff810e0a3640 : 0xffffff7f9fdceef1
0xffffff810e0a37a0 : 0xffffff7f9fdcfda2
0xffffff810e0a39b0 : 0xffffff7f9fde0077
0xffffff810e0a3a30 : 0xffffff801ddb3671
0xffffff810e0a3a90 : 0xffffff801dbdf80d
0xffffff810e0a3ae0 : 0xffffff801dbf4360
0xffffff810e0a3b80 : 0xffffff801dbe5f15
0xffffff810e0a3c30 : 0xffffff801dbe67d2
0xffffff810e0a3f50 : 0xffffff801de3de23
0xffffff810e0a3fb0 : 0xffffff801daf3e06
BSD process name corresponding to current thread: mds_stores
Mac OS version:
13A603
Kernel version:
Darwin Kernel Version 13.0.0: Thu Sep 19 22:22:27 PDT 2013; root:xnu-2422.1.72~6/RELEASE_X86_64
Kernel UUID: 1D9369E3-D0A5-31B6-8D16-BFFBBB390393
Kernel slide: 0x000000001d800000
Kernel text base: 0xffffff801da00000
System model name: iMac9,1 (Mac-F2218FA9)
System uptime in nanoseconds: 705898990026
last loaded kext at 511933163642: com.apple.filesystems.smbfs 2.0.0 (addr 0xffffff7f9e370000, size 335872)
last unloaded kext at 705842715414: com.trendmicro.kext.filehook 1.5.0 (addr 0xffffff7f9fdce000, size 98304)
loaded kexts:
com.trendmicro.kext.KERedirect 1.0.0
com.seagate.driver.PowSecLeafDriver_10_5 5.1.1
com.seagate.driver.PowSecDriverCore 5.1.1
com.apple.filesystems.smbfs 2.0.0
com.apple.filesystems.msdosfs 1.9
com.apple.filesystems.cddafs 2.6.0
com.apple.driver.AudioAUUC 1.60
com.apple.driver.AppleBluetoothMultitouch 80.14
com.apple.driver.AppleHWSensor 1.9.5d0
com.apple.driver.AGPM 100.14.11
com.apple.driver.AppleTyMCEDriver 1.0.2d2
com.apple.filesystems.autofs 3.0
com.apple.iokit.IOBluetoothSerialManager 4.2.0f6
com.apple.driver.AppleHDAHardwareConfigDriver 2.5.2fc2
com.apple.driver.AppleMikeyHIDDriver 124
com.apple.driver.AppleHDA 2.5.2fc2
com.apple.iokit.IOUserEthernet 1.0.0d1
com.apple.Dont_Steal_Mac_OS_X 7.0.0
com.apple.driver.AppleHWAccess 1
com.apple.iokit.IOBluetoothUSBDFU 4.2.0f6
com.apple.iokit.BroadcomBluetoothHostControllerUSBTransport 4.2.0f6
com.apple.driver.ACPI_SMC_PlatformPlugin 1.0.0
com.apple.driver.AppleMikeyDriver 2.5.2fc2
com.apple.driver.AppleLPC 1.7.0
com.apple.driver.AppleMuxControl 3.4.12
com.apple.driver.AppleBacklight 170.3.5
com.apple.GeForceTesla 8.1.8
com.apple.driver.AppleUpstreamUserClient 3.5.13
com.apple.driver.AppleMCCSControl 1.1.12
com.apple.nvidia.NVDAStartup 8.1.8
com.apple.driver.iPodSBCDriver 1.7.0
com.apple.driver.AppleIRController 325.7
com.apple.driver.AppleFileSystemDriver 3.0.1
com.apple.AppleFSCompression.AppleFSCompressionTypeDataless 1.0.0d1
com.apple.AppleFSCompression.AppleFSCompressionTypeZlib 1.0.0d1
com.apple.BootCache 35
com.apple.iokit.SCSITaskUserClient 3.6.0
com.apple.driver.XsanFilter 404
com.apple.iokit.IOAHCIBlockStorage 2.4.0
com.apple.nvenet 2.0.21
com.apple.driver.AppleFWOHCI 4.9.9
com.apple.driver.AirPort.Brcm4331 700.20.22
com.apple.driver.AppleUSBHub 650.4.4
com.apple.driver.AppleUSBEHCI 650.4.1
com.apple.driver.AppleAHCIPort 2.9.5
com.apple.driver.AppleUSBOHCI 650.4.1
com.apple.driver.AppleRTC 2.0
com.apple.driver.AppleHPET 1.8
com.apple.driver.AppleACPIButtons 2.0
com.apple.driver.AppleSMBIOS 2.0
com.apple.driver.AppleACPIEC 2.0
com.apple.driver.AppleAPIC 1.7
com.apple.driver.AppleIntelCPUPowerManagementClient 216.0.0
com.apple.nke.applicationfirewall 153
com.apple.security.quarantine 3
com.apple.driver.AppleIntelCPUPowerManagement 216.0.0
com.apple.driver.IOBluetoothHIDDriver 4.2.0f6
com.apple.driver.AppleMultitouchDriver 245.13
com.apple.AppleGraphicsDeviceControl 3.4.12
com.apple.kext.triggers 1.0
com.apple.iokit.IOSerialFamily 10.0.7
com.apple.driver.DspFuncLib 2.5.2fc2
com.apple.vecLib.kext 1.0.0
com.apple.iokit.IOAudioFamily 1.9.4fc11
com.apple.kext.OSvKernDSPLib 1.14
com.apple.iokit.IOSurface 91
com.apple.iokit.IOBluetoothFamily 4.2.0f6
com.apple.iokit.IOBluetoothHostControllerUSBTransport 4.2.0f6
com.apple.iokit.IOFireWireIP 2.2.5
com.apple.driver.AppleHDAController 2.5.2fc2
com.apple.iokit.IOHDAFamily 2.5.2fc2
com.apple.driver.AppleSMC 3.1.6d1
com.apple.driver.IOPlatformPluginLegacy 1.0.0
com.apple.driver.AppleSMBusPCI 1.0.12d1
com.apple.driver.IOPlatformPluginFamily 5.5.1d27
com.apple.driver.AppleGraphicsControl 3.4.12
com.apple.driver.AppleBacklightExpert 1.0.4
com.apple.nvidia.classic.NVDANV50HalTesla 8.1.8
com.apple.driver.AppleSMBusController 1.0.11d1
com.apple.nvidia.classic.NVDAResmanTesla 8.1.8
com.apple.iokit.IONDRVSupport 2.3.6
com.apple.iokit.IOGraphicsFamily 2.3.6
com.apple.iokit.IOUSBMassStorageClass 3.6.0
com.apple.driver.AppleUSBHIDKeyboard 170.15
com.apple.driver.AppleHIDKeyboard 170.15
com.apple.iokit.IOUSBHIDDriver 650.4.4
com.apple.driver.AppleUSBMergeNub 650.4.0
com.apple.driver.AppleUSBComposite 650.4.0
com.apple.iokit.IOSCSIMultimediaCommandsDevice 3.6.0
com.apple.iokit.IOBDStorageFamily 1.7
com.apple.iokit.IODVDStorageFamily 1.7.1
com.apple.iokit.IOCDStorageFamily 1.7.1
com.apple.iokit.IOAHCISerialATAPI 2.6.0
com.apple.iokit.IOFireWireSBP2 4.2.5
com.apple.iokit.IOSCSIBlockCommandsDevice 3.6.0
com.apple.iokit.IOSCSIArchitectureModelFamily 3.6.0
com.apple.iokit.IOFireWireFamily 4.5.5
com.apple.iokit.IO80211Family 600.34
com.apple.iokit.IONetworkingFamily 3.2
com.apple.iokit.IOUSBUserClient 650.4.4
com.apple.driver.AppleEFINVRAM 2.0
com.apple.driver.NVSMU 2.2.9
com.apple.driver.AppleEFIRuntime 2.0
com.apple.iokit.IOAHCIFamily 2.6.0
com.apple.iokit.IOUSBFamily 650.4.4
com.apple.iokit.IOHIDFamily 2.0.0
com.apple.iokit.IOSMBusFamily 1.1
com.apple.security.sandbox 278.10
com.apple.kext.AppleMatch 1.0.0d1
com.apple.security.TMSafetyNet 7
com.apple.driver.AppleKeyStore 2
com.apple.driver.DiskImages 371.1
com.apple.iokit.IOStorageFamily 1.9
com.apple.iokit.IOReportFamily 21
com.apple.driver.AppleFDEKeyStore 28.30
com.apple.driver.AppleACPIPlatform 2.0
com.apple.iokit.IOPCIFamily 2.8
com.apple.iokit.IOACPIFamily 1.4
com.apple.kec.pthread 1
com.apple.kec.corecrypto 1.0
Model: iMac9,1, BootROM IM91.008D.B08, 2 processors, Intel Core 2 Duo, 2.93 GHz, 8 GB, SMC 1.45f0
Graphics: NVIDIA GeForce GT 130, NVIDIA GeForce GT 130, PCIe, 512 MB
Memory Module: BANK 0/DIMM0, 4 GB, DDR3, 1333 MHz, 0x8783, 0x53524433344731333333534D414300000000
Memory Module: BANK 1/DIMM0, 4 GB, DDR3, 1333 MHz, 0x8783, 0x53524433344731333333534D414300000000
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x8E), Broadcom BCM43xx 1.0 (5.106.98.100.22)
Bluetooth: Version 4.2.0f6 12982, 3 services, 23 devices, 1 incoming serial ports
Network Service: Ethernet, Ethernet, en0
Serial ATA Device: ST31000342ASQ, 1 TB
Serial ATA Device: OPTIARC DVD RW AD-5670S, 295 MB
USB Device: Built-in iSight
USB Device: Keyboard Hub
USB Device: Apple Keyboard
USB Device: IR Receiver
USB Device: BRCM2046 Hub
USB Device: Bluetooth USB Host Controller
Thunderbolt Bus:
<Edited by Host>And what is wrong with Trend Micro Titanium as a package?
1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack, and what you should and should not do to protect yourself from that threat. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
If you find this comment too long or too technical, read only sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
It can easily be disabled or overridden by the user.
A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
For the reasons given above, App Store products, and other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. OS X security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. The built-in security features of OS X reduce the risk of malware attack, but they're not absolute protection. The first and best line of defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
That means, in practice, that you never use software that comes from an untrustworthy source, or that does something inherently untrustworthy. How do you know what is trustworthy?
Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
Software that purports to help you do something that's illegal or that infringes copyright, such as saving streamed audio or video for reuse without permission, is unsafe. All YouTube "downloaders" are in this category, though not all are necessarily harmful.
Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
Even signed applications, no matter what the source, should not be trusted if they do something unexpected, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
Follow the above guidelines, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself from malware.
7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. Any database of known threats is always going to be out of date. Most of the danger is from unknown threats. If you need to be able to detect Windows malware in your files, use one of the free anti-virus products in the Mac App Store — nothing else.
Why shouldn't you use commercial "anti-virus" products?
Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. Most of the real-world danger of malware attack comes from highly targeted "zero-day" exploits that are not yet recognized.
By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
8. An anti-malware product from the App Store, such as "ClamXav," doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
An anti-virus app is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
Anti-virus software may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use the software unless a network administrator requires you to do it.
The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have the disadvantages mentioned in section 7.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user you don't have to live in fear that your computer is going to be infected every time you install an application, read email, or visit a web page. But neither should you have the false idea that you will always be safe, no matter what you do. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices. -
Why is it do hard to get a straight answer on Mac security?
I have the latest OS, Yosemite. I don't download anything illegally or use software I don't trust. I basically only use my computer for personal reasons and limit what websites I go to and visit. I have gone to the apple store and talked to the staff there several times and there always seems to be this mentality of, "well you should be ok." I know there is no guarantee. Like a car, you have to trust the brakes will work if a mechanic tells you they will work, but there is never a guarantee. Just like how people used to say that Macs aren't vulnerable to viruses or Trojans and there is no guarantee to that. I guess what I am wondering is, does anyone have ways they know that for now, Macs are working normally and can be checked to see if they are ok"? Can someone at the apple store check certain things/operations to see if so far, so good?
Thanks.1. This is a comment on what you should—and should not—do to protect yourself from malicious software ("malware") that circulates on the Internet and gets onto a computer as an unintended consequence of the user's actions. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the computer, or who has been able to take control of it remotely. That threat is in a different category, and there's no easy way to defend against it.
The comment is long because the issue is complex. The key points are in sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
☞ It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
☞ It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
☞ It can easily be disabled or overridden by the user.
☞ A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
☞ An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
Apple has so far failed to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. These failures don't involve App Store products, however.
For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. Malware is a problem of human behavior, not machine behavior, and no technological fix alone is going to solve it. Trusting software to protect you will only make you more vulnerable.
The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and Internet criminals. If you're better informed than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
Software from an untrustworthy source
☞ Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, or your browser, or any other software. A genuine alert that Flash is outdated and blocked is shown on this support page. Follow the instructions on the support page in that case. Otherwise, assume that the alert is fake and someone is trying to scam you into installing malware. If you see such alerts on more than one website, ask for instructions.
☞ Software of any kind is distributed via BitTorrent, or Usenet, or on a website that also distributes pirated music or movies.
☞ Rogue websites such as Softonic, Soft32, and CNET Download distribute free applications that have been packaged in a superfluous "installer."
☞ The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.
Software that is plainly illegal or does something illegal
☞ High-priced commercial software such as Photoshop is "cracked" or "free."
☞ An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission. All "YouTube downloaders" are in this category, though not all are necessarily malicious.
Conditional or unsolicited offers from strangers
☞ A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
☞ A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
☞ You win a prize in a contest you never entered.
☞ Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
☞ A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
☞ Anything online that you would expect to pay for is "free."
Unexpected events
☞ A file is downloaded automatically when you visit a web page, with no other action on your part. Delete any such file without opening it.
☞ You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
☞ An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
☞ Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a padlock icon in the address bar when visiting a secure site.
Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
7. Never install any commercial "anti-virus" (AV) or "Internet security" products for the Mac, as they are all worse than useless. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store—nothing else.
Why shouldn't you use commercial AV products?
☞ To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. This technique is a proven failure, as a major AV software vendor has admitted. Most attacks are "zero-day"—that is, previously unknown. Recognition-based AV does not defend against such attacks, and the enterprise IT industry is coming to the realization that traditional AV software is worthless.
☞ Its design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere. In order to meet that nonexistent threat, commercial AV software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
☞ By modifying the operating system, the software may also create weaknesses that could be exploited by malware attackers.
☞ Most importantly, a false sense of security is dangerous.
8. An AV product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject low-level code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
An AV app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful, if at all, only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware.
Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. A malicious attachment in email is usually easy to recognize by the name alone. An actual example:
London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
You don't need software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's no reason to use recognition software unless an organizational policy requires it. Windows malware is so widespread that you should assume it's in every email attachment until proven otherwise. Nevertheless, ClamXav or a similar product from the App Store may serve a purpose if it satisfies an ill-informed network administrator who says you must run some kind of AV application. It's free and it won't handicap the system.
The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user, you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither can you assume that you will always be safe from exploitation, no matter what you do. Navigating the Internet is like walking the streets of a big city. It can be as safe or as dangerous as you choose to make it. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices. -
Can anyone tell me why my MacBook Pro screen crashes when I attempt to play any game?
The screen splits in two and scrambles. If I'm able to close the game, the screen goes back to normal. Is it the video card? Motherboard?
1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
If you find this comment too long or too technical, read only sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
It can easily be disabled or overridden by the user.
A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
For the reasons given above, App Store products, and other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. OS X security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is presumably effective against known attacks, but maybe not against unknown attacks. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. XProtect, Gatekeeper, and MRT reduce the risk of malware attack, but they're not absolute protection. The first and best line of defense is always your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
That means, in practice, that you never use software that comes from an untrustworthy source, or that does something inherently untrustworthy. How do you know what is trustworthy?
Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
Software that purports to help you do something that's illegal or that infringes copyright, such as saving streamed audio or video for reuse without permission, is unsafe. All YouTube "downloaders" are in this category, though not all are necessarily harmful.
Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
Even signed applications, no matter what the source, should not be trusted if they do something unexpected, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
Follow the above guidelines, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself from malware.
7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. Any database of known threats is always going to be out of date. Most of the danger is from unknown threats. If you need to be able to detect Windows malware in your files, use one of the free anti-virus products in the Mac App Store — nothing else.
Why shouldn't you use commercial "anti-virus" products?
Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
8. An anti-malware product from the App Store, such as "ClamXav," doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
An anti-virus app is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
Anti-virus software may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use the software unless a network administrator requires you to do it.
The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have the disadvantages mentioned in section 7.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user you don't have to live in fear that your computer is going to be infected every time you install an application, read email, or visit a web page. But neither should you have the false idea that you will always be safe, no matter what you do. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices. -
2012 Mac Mini becoming very slow when using finder
Hi!
I've had my 2012 Mac Mini (10.9 Mavericks, Dual Booted W/ Windows) since February 2014 (Late to the party, I know) and, up until about a week ago, it was fine.
Then, all of a sudden, it starts being unusabley slow the moment I try to do anything in finder. Relaunching finder makes it a bit more bareable, and rebooting fixes it completely until I next open finder. I thought this may have been one of those rare times when a Mac gets a virus, however, AVG found nothing. The next thing I found was that it was to do with the fact that my hard drive was full (it was quite full) and that if I was using all of my 4GB of RAM that my Mac would use virtual memory, and that this would effect the speed if I didn't have a lot of HDD space. However, despite removing nearly 1/2 of the things on my HDD, the problem still persists. I have basically ruled out visiting "the local" apple store, as I'm in the middle of nowhere. the nearest one is around 3 hours away.
Thanks,
Dan1. This is a comment on what you should—and should not—do to protect yourself from malicious software ("malware") that circulates on the Internet and gets onto a computer as an unintended consequence of the user's actions. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the computer, or who has been able to log in to it remotely. That threat is in a different category, and there's no easy way to defend against it.
If you find this comment too long or too technical, read only sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
It can easily be disabled or overridden by the user.
A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
Apple has so far failed to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. These failures don't involve App Store products, however.
For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. Malware is a problem of human behavior, and a technological fix is not going to solve it. Trusting software to protect you will only make you more vulnerable.
The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the scam artists. If you're smarter than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
Software from an untrustworthy source
Software of any kind is distributed via BitTorrent. or Usenet, or on a website that also distributes pirated music or movies.
Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, your browser, or anything else.
Rogue websites such as Softonic and CNET Download distribute free applications that have been packaged in a superfluous "installer."
The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.
Software that is plainly illegal or does something illegal
High-priced commercial software such as Photoshop is "cracked" or "free."
An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission.
Conditional or unsolicited offers from strangers
A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
You win a prize in a contest you never entered.
Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
Anything online that you would expect to pay for is "free."
Unexpected events
You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
7. Never install any commercial "anti-virus" (AV) or "Internet security" products for the Mac, as they are all worse than useless. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store—nothing else.
Why shouldn't you use commercial AV products?
To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. This technique is a proven failure, as a major AV software vendor has admitted. Most attacks are "zero-day"—that is, previously unknown. Recognition-based AV does not defend against such attacks, and the enterprise IT industry is coming to the realization that traditional AV software is worthless.
Its design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
In order to meet that nonexistent threat, commercial AV software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
Most importantly, a false sense of security is dangerous.
8. An AV product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject low-level code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
An AV app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful, if at all, only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware.
Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. A malicious attachment in email is usually easy to recognize by the name alone. An actual example:
London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
You don't need software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's no reason to use recognition software unless an institutional policy requires it. Windows malware is so widespread that you should assume it's in every email attachment until proven otherwise. Nevertheless, ClamXav or a similar product from the App Store may serve a purpose if it satisfies an ill-informed network administrator who says you must run some kind of AV application. It's free and it won't handicap the system.
The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither should you assume that you will always be safe from exploitation, no matter what you do. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices. -
My Mac keeps crashing--a newbie needs help
Lately, my Mac keeps crashing. It's an iMac, with the most recent updates of Yosemite.
I'll be working, I might have several things open, and then suddenly the screen will go black and I'll have the notification that it shut down and push to restart.
It has happened more than several times now, and I can't remember if it started doing it before Yosemite or not.
Not sure how to search out the problems, it's my first Mac. Are to many things open? There's no crash report when I restart.
thanks!Mac users often ask whether they should install "anti-virus" software. The answer usually given on ASC is "no." The answer is right, but it may give the wrong impression that there is no threat from what are loosely called "viruses." There is a threat, and you need to educate yourself about it.
1. This is a comment on what you should—and should not—do to protect yourself from malicious software ("malware") that circulates on the Internet and gets onto a computer as an unintended consequence of the user's actions. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the computer, or who has been able to take control of it remotely. That threat is in a different category, and there's no easy way to defend against it.
The comment is long because the issue is complex. The key points are in sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
☞ It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
☞ It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
☞ It can easily be disabled or overridden by the user.
☞ A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
☞ An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
Apple has so far failed to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. These failures don't involve App Store products, however.
For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. Malware is a problem of human behavior, not machine behavior, and no technological fix alone is going to solve it. Trusting software to protect you will only make you more vulnerable.
The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and Internet criminals. If you're better informed than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
Software from an untrustworthy source
☞ Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, or your browser, or any other software. A genuine alert that Flash is outdated and blocked is shown on this support page. Follow the instructions on the support page in that case. Otherwise, assume that the alert is fake and someone is trying to scam you into installing malware. If you see such alerts on more than one website, ask for instructions.
☞ Software of any kind is distributed via BitTorrent, or Usenet, or on a website that also distributes pirated music or movies.
☞ Rogue websites such as Softonic, Soft32, and CNET Download distribute free applications that have been packaged in a superfluous "installer."
☞ The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.
Software that is plainly illegal or does something illegal
☞ High-priced commercial software such as Photoshop is "cracked" or "free."
☞ An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission. All "YouTube downloaders" are in this category, though not all are necessarily malicious.
Conditional or unsolicited offers from strangers
☞ A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
☞ A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
☞ You win a prize in a contest you never entered.
☞ Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
☞ A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
☞ Anything online that you would expect to pay for is "free."
Unexpected events
☞ A file is downloaded automatically when you visit a web page, with no other action on your part. Delete any such file without opening it.
☞ You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
☞ An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
☞ Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a padlock icon in the address bar when visiting a secure site.
Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
7. Never install any commercial "anti-virus" (AV) or "Internet security" products for the Mac, as they are all worse than useless. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store—nothing else.
Why shouldn't you use commercial AV products?
☞ To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. This technique is a proven failure, as a major AV software vendor has admitted. Most attacks are "zero-day"—that is, previously unknown. Recognition-based AV does not defend against such attacks, and the enterprise IT industry is coming to the realization that traditional AV software is worthless.
☞ Its design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere. In order to meet that nonexistent threat, commercial AV software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
☞ By modifying the operating system, the software may also create weaknesses that could be exploited by malware attackers.
☞ Most importantly, a false sense of security is dangerous.
8. An AV product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject low-level code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
An AV app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful, if at all, only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware.
Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. A malicious attachment in email is usually easy to recognize by the name alone. An actual example:
London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
You don't need software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's no reason to use recognition software unless an organizational policy requires it. Windows malware is so widespread that you should assume it's in every email attachment until proven otherwise. Nevertheless, ClamXav or a similar product from the App Store may serve a purpose if it satisfies an ill-informed network administrator who says you must run some kind of AV application. It's free and it won't handicap the system.
The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user, you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither can you assume that you will always be safe from exploitation, no matter what you do. Navigating the Internet is like walking the streets of a big city. It can be as safe or as dangerous as you choose to make it. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices. -
Mac Mini shuts down unexpectedly
OS X Yosemite 10.10.2
Been having issues for the past few months, (oh, who am I kidding, it's been over a year) where Safari gets "hung up", spinning ball of death, blah blah blah. I've made sure to not install any weird apps that are not Apple approved, I have enough memory, I have Norton Anti-Virus, I have ClamAV and I clear out my history and data every evening, but suddenly she's going through menopause, or so it seems. ClamAV has discovered a gazillion Phishing and Trojans in my emails, so I enabled Fire Vault. Since I did that, this has happened at least 3 times in the past few days. I'll be in the middle of an important document, or cleaning out my email boxes from Mail when all of a sudden, screen goes blank. There is no chime, but a message pops up in several languages that says: "Your Mac had to restart unexpectedly" or something of that nature. When I sign back on this is the error report -
Anonymous UUID: 806A3201-5F4A-EFD6-2851-0263EB5B357C
Sun Apr 12 16:47:58 2015
*** Panic Report ***
panic(cpu 3 caller 0xffffff800581a46e): Kernel trap at 0xffffff7f863d6845, type 14=page fault, registers:
CR0: 0x0000000080010033, CR2: 0x0000000000006163, CR3: 0x0000000011981014, CR4: 0x00000000000626e0
RAX: 0x00000000ffffffe4, RBX: 0xffffff80685db0b0, RCX: 0x0000000000006163, RDX: 0x000000000000002f
RSP: 0xffffff80685dafb0, RBP: 0xffffff80685db3e0, RSI: 0x0000000000000000, RDI: 0xffffff7f863d7200
R8: 0x0000000000006163, R9: 0x000000000000001c, R10: 0xffffff801390be81, R11: 0xffffff801390be21
R12: 0x0000000000000000, R13: 0x0000000000000000, R14: 0x00000000fffffffd, R15: 0xffffff800d8e5280
RFL: 0x0000000000010286, RIP: 0xffffff7f863d6845, CS: 0x0000000000000008, SS: 0x0000000000000010
Fault CR2: 0x0000000000006163, Error code: 0x0000000000000000, Fault CPU: 0x3
Backtrace (CPU 3), Frame : Return Address
0xffffff80685dac60 : 0xffffff800572fe41
0xffffff80685dace0 : 0xffffff800581a46e
0xffffff80685daea0 : 0xffffff8005836683
0xffffff80685daec0 : 0xffffff7f863d6845
0xffffff80685db3e0 : 0xffffff7f863e6139
0xffffff80685db410 : 0xffffff7f863e527a
0xffffff80685db890 : 0xffffff7f863e4162
0xffffff80685db8e0 : 0xffffff7f863df3a0
0xffffff80685dba80 : 0xffffff8005d358fa
0xffffff80685dbad0 : 0xffffff80059454b6
0xffffff80685dbb10 : 0xffffff800595c20a
0xffffff80685dbd80 : 0xffffff80059516fb
0xffffff80685dbf50 : 0xffffff8005c4b386
0xffffff80685dbfb0 : 0xffffff8005836e86
Kernel Extensions in backtrace:
com.apple.kext.AppleMatch(1.0d1)[37AE7F31-8D85-37FE-AA63-2070F6FE115C]@0xffffff 7f863d5000->0xffffff7f863d9fff
com.apple.security.sandbox(300.0)[0DA39A0A-5AF4-3696-B397-8FA104465BC4]@0xfffff f7f863da000->0xffffff7f863f0fff
dependency: com.apple.driver.AppleMobileFileIntegrity(1.0.5)[B28E0B3E-38DF-380A-94C5-8FE108 57152B]@0xffffff7f863c8000
dependency: com.apple.kext.AppleMatch(1.0.0d1)[37AE7F31-8D85-37FE-AA63-2070F6FE115C]@0xffff ff7f863d5000
BSD process name corresponding to current thread: soagent
Mac OS version:
14C1514
Kernel version:
Darwin Kernel Version 14.1.0: Thu Feb 26 19:26:47 PST 2015; root:xnu-2782.10.73~1/RELEASE_X86_64
Kernel UUID: 270413F7-3B44-3602-894F-AC0D392FCF8E
Kernel slide: 0x0000000005400000
Kernel text base: 0xffffff8005600000
__HIB text base: 0xffffff8005500000
System model name: Macmini5,1 (Mac-8ED6AF5B48C039E1)
System uptime in nanoseconds: 51103467901342
last loaded kext at 4772333520260: com.apple.filesystems.smbfs 3.0.0 (addr 0xffffff7f86368000, size 393216)
last unloaded kext at 32755926531518: com.apple.driver.AppleUSBUHCI 656.4.1 (addr 0xffffff7f86650000, size 65536)
loaded kexts:
com.symantec.kext.SymAPComm 12.7.1f4
com.symantec.kext.fw 5.3.1f4
com.symantec.kext.ips 3.10.2f23
com.symantec.kext.pf 5.7.1f4
com.symantec.kext.internetSecurity 5.4f4
com.apple.filesystems.smbfs 3.0.0
com.apple.driver.AppleHWSensor 1.9.5d0
com.apple.driver.AppleBluetoothMultitouch 85.3
com.apple.driver.AGPM 100.15.5
com.apple.driver.ApplePlatformEnabler 2.1.7d1
com.apple.filesystems.autofs 3.0
com.apple.iokit.IOBluetoothSerialManager 4.3.2f6
com.apple.driver.AppleOSXWatchdog 1
com.apple.driver.AppleMikeyHIDDriver 124
com.apple.driver.AppleHDA 269.25
com.apple.iokit.IOUserEthernet 1.0.1
com.apple.driver.AppleUpstreamUserClient 3.6.1
com.apple.Dont_Steal_Mac_OS_X 7.0.0
com.apple.driver.AppleHWAccess 1
com.apple.driver.AppleHV 1
com.apple.driver.AppleMCCSControl 1.2.11
com.apple.driver.ACPI_SMC_PlatformPlugin 1.0.0
com.apple.driver.AppleIntelHD3000Graphics 10.0.0
com.apple.driver.AudioAUUC 1.70
com.apple.driver.AppleThunderboltIP 2.0.2
com.apple.driver.AppleLPC 1.7.3
com.apple.iokit.BroadcomBluetoothHostControllerUSBTransport 4.3.2f6
com.apple.driver.AppleMikeyDriver 269.25
com.apple.driver.AppleIntelSNBGraphicsFB 10.0.0
com.apple.driver.AppleSMCPDRC 1.0.0
com.apple.driver.AppleIRController 327.5
com.apple.AppleFSCompression.AppleFSCompressionTypeDataless 1.0.0d1
com.apple.AppleFSCompression.AppleFSCompressionTypeZlib 1.0.0d1
com.apple.BootCache 35
com.apple.driver.XsanFilter 404
com.apple.iokit.IOAHCIBlockStorage 2.7.0
com.apple.driver.AppleUSBHub 705.4.2
com.apple.driver.AppleFWOHCI 5.5.2
com.apple.driver.AirPort.Brcm4331 800.20.24
com.apple.iokit.AppleBCM5701Ethernet 10.1.3
com.apple.driver.AppleSDXC 1.6.5
com.apple.driver.AppleUSBEHCI 705.4.14
com.apple.driver.AppleAHCIPort 3.1.0
com.apple.driver.AppleACPIButtons 3.1
com.apple.driver.AppleRTC 2.0
com.apple.driver.AppleHPET 1.8
com.apple.driver.AppleSMBIOS 2.1
com.apple.driver.AppleACPIEC 3.1
com.apple.driver.AppleAPIC 1.7
com.apple.driver.AppleIntelCPUPowerManagementClient 218.0.0
com.apple.nke.applicationfirewall 161
com.apple.security.quarantine 3
com.apple.security.TMSafetyNet 8
com.apple.driver.AppleIntelCPUPowerManagement 218.0.0
com.apple.driver.AppleBluetoothHIDKeyboard 176.2
com.apple.driver.AppleHIDKeyboard 176.2
com.apple.driver.IOBluetoothHIDDriver 4.3.2f6
com.apple.driver.AppleMultitouchDriver 262.33.1
com.apple.AppleGraphicsDeviceControl 3.8.6
com.apple.kext.triggers 1.0
com.apple.iokit.IOSerialFamily 11
com.apple.driver.DspFuncLib 269.25
com.apple.kext.OSvKernDSPLib 1.15
com.apple.iokit.IOSurface 97.0.1
com.apple.driver.AppleHDAController 269.25
com.apple.iokit.IOHDAFamily 269.25
com.apple.driver.AppleSMC 3.1.9
com.apple.driver.IOPlatformPluginLegacy 1.0.0
com.apple.iokit.IONDRVSupport 2.4.1
com.apple.iokit.IOBluetoothHostControllerUSBTransport 4.3.2f6
com.apple.iokit.IOBluetoothFamily 4.3.2f6
com.apple.driver.AppleSMBusController 1.0.13d1
com.apple.driver.AppleSMBusPCI 1.0.12d1
com.apple.iokit.IOGraphicsFamily 2.4.1
com.apple.driver.IOPlatformPluginFamily 5.8.1d38
com.apple.iokit.IOUSBUserClient 705.4.0
com.apple.iokit.IOFireWireIP 2.2.6
com.apple.driver.AppleUSBAudio 295.23
com.apple.iokit.IOAudioFamily 203.3
com.apple.vecLib.kext 1.2.0
com.apple.driver.AppleUSBMergeNub 705.4.0
com.apple.iokit.IOSCSIBlockCommandsDevice 3.7.3
com.apple.iokit.IOUSBMassStorageClass 3.7.1
com.apple.iokit.IOSCSIArchitectureModelFamily 3.7.3
com.apple.iokit.IOUSBHIDDriver 705.4.0
com.apple.driver.AppleUSBComposite 705.4.9
com.apple.driver.CoreStorage 471.10.6
com.apple.driver.AppleThunderboltDPInAdapter 4.0.6
com.apple.driver.AppleThunderboltDPOutAdapter 4.0.6
com.apple.driver.AppleThunderboltDPAdapterFamily 4.0.6
com.apple.driver.AppleThunderboltPCIDownAdapter 2.0.2
com.apple.iokit.IOFireWireFamily 4.5.6
com.apple.driver.AppleThunderboltNHI 3.1.7
com.apple.iokit.IOThunderboltFamily 4.2.1
com.apple.iokit.IOEthernetAVBController 1.0.3b3
com.apple.iokit.IO80211Family 710.55
com.apple.driver.mDNSOffloadUserClient 1.0.1b8
com.apple.iokit.IONetworkingFamily 3.2
com.apple.iokit.IOAHCIFamily 2.7.5
com.apple.iokit.IOUSBFamily 710.4.14
com.apple.driver.AppleEFINVRAM 2.0
com.apple.iokit.IOHIDFamily 2.0.0
com.apple.driver.AppleEFIRuntime 2.0
com.apple.iokit.IOSMBusFamily 1.1
com.apple.security.sandbox 300.0
com.apple.kext.AppleMatch 1.0.0d1
com.apple.driver.AppleKeyStore 2
com.apple.driver.AppleMobileFileIntegrity 1.0.5
com.apple.driver.AppleCredentialManager 1.0
com.apple.driver.DiskImages 396
com.apple.iokit.IOStorageFamily 2.0
com.apple.iokit.IOReportFamily 31
com.apple.driver.AppleFDEKeyStore 28.30
com.apple.driver.AppleACPIPlatform 3.1
com.apple.iokit.IOPCIFamily 2.9
com.apple.iokit.IOACPIFamily 1.4
com.apple.kec.Libm 1
com.apple.kec.pthread 1
com.apple.kec.corecrypto 1.0Mac users often ask whether they should install "anti-virus" (AV) software. The usual answer is "no." That answer is right, but it may give the wrong impression that there is no threat from what are loosely called "viruses." There is a threat, and you need to educate yourself about it.
1. This is a comment on what you should—and should not—do to protect yourself from malicious software ("malware") that circulates on the Internet and gets onto a computer as an unintended consequence of the user's actions.
It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the computer, or who has been able to take control of it remotely. That threat is in a different category, and there's no easy way to defend against it. AV software is not intended to, and does not, defend against such attacks.
The comment is long because the issue is complex. The key points are in sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
☞ It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
☞ It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't been checked for security by Apple unless it comes from the App Store, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
☞ It can easily be disabled or overridden by the user.
☞ A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
☞ An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
Apple has taken far too long to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. Those lapses don't involve App Store products, however.
For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. Malware is a problem of human behavior, not machine behavior, and no technological fix alone is going to solve it. Trusting software to protect you will only make you more vulnerable.
The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and Internet criminals. If you're better informed than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
Software from an untrustworthy source
☞ Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, or your browser, or any other software. A genuine alert that Flash is outdated and blocked is shown on this support page. Follow the instructions on the support page in that case. Otherwise, assume that the alert is fake and someone is trying to scam you into installing malware. If you see such alerts on more than one website, ask for instructions.
☞ Software of any kind is distributed via BitTorrent, or Usenet, or on a website that also distributes pirated music or movies.
☞ Rogue websites such as Softonic, Soft32, and CNET Download distribute free applications that have been packaged in a superfluous "installer."
☞ The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.
Software that is plainly illegal or does something illegal
☞ High-priced commercial software such as Photoshop is "cracked" or "free."
☞ An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission. All "YouTube downloaders" are in this category, though not all are necessarily malicious.
Conditional or unsolicited offers from strangers
☞ A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
☞ A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
☞ You win a prize in a contest you never entered.
☞ Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
☞ A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
☞ Anything online that you would expect to pay for is "free."
Unexpected events
☞ A file is downloaded automatically when you visit a web page, with no other action on your part. Delete any such file without opening it.
☞ You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
☞ An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
☞ Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a padlock icon in the address bar when visiting a secure site.
Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
7. Never install any commercial AV or "Internet security" products for the Mac, as they are all worse than useless. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store—nothing else.
Why shouldn't you use commercial AV products?
☞ To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. This technique is a proven failure, as a major AV software vendor has admitted. Most attacks are "zero-day"—that is, previously unknown. Recognition-based AV does not defend against such attacks, and the enterprise IT industry is coming to the realization that traditional AV software is worthless.
☞ Its design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere. In order to meet that nonexistent threat, commercial AV software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
☞ By modifying the operating system, the software may also create weaknesses that could be exploited by malware attackers.
☞ Most importantly, a false sense of security is dangerous.
8. An AV product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject low-level code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
An AV app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful, if at all, only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware.
Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. A malicious attachment in email is usually easy to recognize by the name alone. An actual example:
London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
You don't need software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's no reason to use recognition software unless an organizational policy requires it. Windows malware is so widespread that you should assume it's in every email attachment until proven otherwise. Nevertheless, ClamXav or a similar product from the App Store may serve a purpose if it satisfies an ill-informed network administrator who says you must run some kind of AV application. It's free and it won't handicap the system.
The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user, you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither can you assume that you will always be safe from exploitation, no matter what you do. Navigating the Internet is like walking the streets of a big city. It can be as safe or as dangerous as you choose to make it. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices. -
What antivirus is better for those who work with mac and windows?
In my home I use an iMac, but in college I use Windows, and more than once I found an infected file. I know not affect iMac, but I prefer that viruses are removed. Right now I use ClamXv, but I don't know if it is effective.
Am I to continue using ClamXv? or, do I use another?
If there are others better AV for mac, what is most recommended?
**I have also used Sophos, but it makes the iMac go very slow.
Thanks for your attention.1. This is a comment on what you should and should not do to protect yourself from malicious software ("malware") that circulates on the Internet. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to your computer, or who has been able to log in to it remotely. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
If you find this comment too long or too technical, read only sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
It can easily be disabled or overridden by the user.
A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
For the reasons given above, App Store products, and other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandboxing security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. The built-in security features of OS X reduce the risk of malware attack, but they're not absolute protection. The first and best line of defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and Internet criminals. If you're smarter than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know what is safe?
Any website that prompts you to install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one, is unsafe.
A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
Software that purports to help you do something that's illegal or that infringes copyright, such as saving streamed audio or video for reuse without permission, is unsafe. All YouTube "downloaders," for example, are outside the safe harbor, though not all are malware.
Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe. For instance, if a web page warns you that Flash is out of date, do not follow an offered link to an update. Go to the Adobe website to download it, if you need it at all.
There is an increasing tendency for rogue websites such as "Softonic" and "CNET Download" to distribute free applications that have been packaged in a superfluous installer that also installs malware or something else that you don't want. Never visit those sites, and get all freeware directly from the developer's own site whenever possible.
Software attached to email that you didn't request is unsafe, even if it comes (or seems to come) from someone you trust.
Software advertised by means of spam is unsafe.
Unknown "free" software that a stranger on the Internet is eager for you to download is unsafe.
Even signed applications, no matter what the source, should not be trusted if they do something unexpected, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
"FREE WI-FI !!!" networks in public places are unsafe unless you can verify that the network is not a trap (which you probably can't.) Even then, do not download any software or transmit any private information while connected to such a network, regardless of where it seems to come from or go to.
I don't say that leaving the safe harbor just once will inevitably result in disaster, but making a habit of it will weaken your defenses against malware attack. Doing any of the things alluded to above should make you uncomfortable.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store — nothing else.
Why shouldn't you use commercial "anti-virus" products?
To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. New threats are emerging on a daily basis. Research has shown that most successful attacks are "zero-day" — that is, previously unknown. Recognition-based malware scanners do not defend against such attacks.
Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
8. An anti-malware product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
An anti-virus app is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware, and even for that use it's not completely effective. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
Anti-virus software may be able to tell you which particular trojan it is, but do you really care? In practice, there's seldom a reason to use the software unless an institutional policy requires it. Windows malware is so widespread that you should assume it's in every unknown email attachment until proven otherwise.
The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither should you assume that you will always be safe from exploitation, no matter what you do. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. "Hmmmm, this torrent is a crack of that new game I want. I think I'll download it. It could be a trojan, but the antivirus will warn me if it is." Then they wonder why their Mac is so slow all of a sudden. It's slow because it's running flat out mining bitcoins for a hacker who has already sold their credit card number and banking passwords to a criminal gang. Maybe a week later the antivirus does warn them, but what good does that do?
Nothing can lessen the need for safe computing practices. -
Do I need to have any type of anti-virus or malware, spyware protection for my Macbook Pro?
My Macbook is a year old. When I bought it, I was told by several people that I would not need any type of anti-virus software or anything to protect my computer because Mac did not get infected that often. However, I have had people today tell me that I do need protection for my computer. My Mac runs about as good as the day I got it, but I really don't want anything to happen to it. If I need to get an anti-virus, or malware/spyware software, what programs would y'all recomend? I am just looking for information. Thanks!
1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
If you find this comment too long or too technical, read only sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
It can easily be disabled or overridden by the user.
A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
For the reasons given above, App Store products, and other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. OS X security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is presumably effective against known attacks, but maybe not against unknown attacks. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. XProtect, Gatekeeper, and MRT reduce the risk of malware attack, but they're not absolute protection. The first and best line of defense is always your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
That means, in practice, that you never use software that comes from an untrustworthy source, or that does something inherently untrustworthy. How do you know what is trustworthy?
Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
Software that purports to help you do something that's illegal or that infringes copyright, such as saving streamed audio or video for reuse without permission, is unsafe. All YouTube "downloaders" are in this category, though not all are necessarily harmful.
Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
Even signed applications, no matter what the source, should not be trusted if they do something unexpected, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
Follow the above guidelines, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself from malware.
7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. Any database of known threats is always going to be out of date. Most of the danger is from unknown threats. If you need to be able to detect Windows malware in your files, use the free software ClamXav— nothing else.
Why shouldn't you use commercial "anti-virus" products?
Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
8. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user you don't have to live in fear that your computer is going to be infected every time you install an application, read email, or visit a web page. But neither should you have the false idea that you will always be safe, no matter what you do. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices. -
Black screen after login / after sleep
Hoping somebody can help, I've spent like the last two days straight at the genius bar without success. When I boot up I see my profile and the guest, it boots as normal (not the delayed boot with black screen others have mentioned), but then I log in, see my desktop, icons, and then the screen goes black.
If I let it sleep for a few hours, when I wake it up the screen is also black and there's nothing I can do except hold the power till it shuts down.
In both cases I can tell the computer is still on because the backlit keyboard stays lit.
I've tried resetting nvram, smc, deleting the library cache file, doing a is reinstall without wipe, and I only have one partition/HD so it's definitely the default boot disc.
I can boot into safe mode, and occasionally boot up regularly after being in safe mode for a bit.
I had the display replaced due to a physical defect just before this happened, but I also got 10.10.3, which I know has caused graphics glitches for other people.
Hope you guys have some ideas! Thank you!Mac users often ask whether they should install "anti-virus" (AV) software. The usual answer is "no." That answer is right, but it may give the wrong impression that there is no threat from what are loosely called "viruses." There is a threat, and you need to educate yourself about it.
1. This is a comment on what you should—and should not—do to protect yourself from malicious software ("malware") that circulates on the Internet and gets onto a computer as an unintended consequence of the user's actions.
It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the computer, or who has been able to take control of it remotely. That threat is in a different category, and there's no easy way to defend against it. AV software is not intended to, and does not, defend against such attacks.
The comment is long because the issue is complex. The key points are in sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
☞ It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
☞ It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't been checked for security by Apple unless it comes from the App Store, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
☞ It can easily be disabled or overridden by the user.
☞ A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
☞ An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
Apple has taken far too long to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. Those lapses don't involve App Store products, however.
For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. Malware is a problem of human behavior, not machine behavior, and no technological fix alone is going to solve it. Trusting software to protect you will only make you more vulnerable.
The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and Internet criminals. If you're better informed than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
Software from an untrustworthy source
☞ Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, or your browser, or any other software. A genuine alert that Flash is outdated and blocked is shown on this support page. Follow the instructions on the support page in that case. Otherwise, assume that the alert is fake and someone is trying to scam you into installing malware. If you see such alerts on more than one website, ask for instructions.
☞ Software of any kind is distributed via BitTorrent, or Usenet, or on a website that also distributes pirated music or movies.
☞ Rogue websites such as Softonic, Soft32, and CNET Download distribute free applications that have been packaged in a superfluous "installer."
☞ The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.
Software that is plainly illegal or does something illegal
☞ High-priced commercial software such as Photoshop is "cracked" or "free."
☞ An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission. All "YouTube downloaders" are in this category, though not all are necessarily malicious.
Conditional or unsolicited offers from strangers
☞ A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
☞ A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
☞ You win a prize in a contest you never entered.
☞ Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
☞ A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
☞ Anything online that you would expect to pay for is "free."
Unexpected events
☞ A file is downloaded automatically when you visit a web page, with no other action on your part. Delete any such file without opening it.
☞ You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
☞ An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
☞ Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a padlock icon in the address bar when visiting a secure site.
Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
7. Never install any commercial AV or "Internet security" products for the Mac, as they are all worse than useless. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store—nothing else.
Why shouldn't you use commercial AV products?
☞ To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. This technique is a proven failure, as a major AV software vendor has admitted. Most attacks are "zero-day"—that is, previously unknown. Recognition-based AV does not defend against such attacks, and the enterprise IT industry is coming to the realization that traditional AV software is worthless.
☞ Its design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere. In order to meet that nonexistent threat, commercial AV software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
☞ By modifying the operating system, the software may also create weaknesses that could be exploited by malware attackers.
☞ Most importantly, a false sense of security is dangerous.
8. An AV product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject low-level code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
An AV app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful, if at all, only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware.
Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. A malicious attachment in email is usually easy to recognize by the name alone. An actual example:
London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
You don't need software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's no reason to use recognition software unless an organizational policy requires it. Windows malware is so widespread that you should assume it's in every email attachment until proven otherwise. Nevertheless, ClamXav or a similar product from the App Store may serve a purpose if it satisfies an ill-informed network administrator who says you must run some kind of AV application. It's free and it won't handicap the system.
The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user, you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither can you assume that you will always be safe from exploitation, no matter what you do. Navigating the Internet is like walking the streets of a big city. It can be as safe or as dangerous as you choose to make it. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices.
Maybe you are looking for
-
How do you create your own them? Special SW? Please advice.
-
Reader XI freezes 2-3 seconds after I open it, every time!
This problem started when I downloaded reader XI. It didn't happen in reader 9, or whatever the previous version was on my computer. The little timer on the right moves clockwise 2-3 clicks and then it freezes. About 20 seconds after being frozen,
-
How do I delete emails in Mail App that are no longer on the server?
HI, I have configured the Mail App on my brand new iPad to receive emails from my provider GMX.net. It is a POP3 account. The emails stay on the server until I fetch them with Outlook 2003 on my PC. After retrieving emails with Outlook they are delet
-
Hi All, I am uploading data from a txt file into itab_infile and wants to update the table Zppprice based on itab_infile. It the record is existing it has to update and when it is a new record it has to insert the record. And I need to capture how ma
-
TS1363 my computer is not recognizing my iphone 5
I got a new computer and it was all working now my Iphone 5 wont recognise