Virus confusion

Similar Messages

• Confusion on trojan/virus download

  I was going over to Hotmail and a pop up came up on my iMac stating that a possible trojan was detected. Having my guard down -- being on an iMac -- I hit "download," which when finished immediately prompted five more downloads to start. I immediately shut down the computer and am wondering what I can do now to "save" my iMac before turning it back on. (I have time machine/capsule, too, but would a backup also have the trojan downloaded on that, as well?)

  You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Privacy, useful:
  http://discussions.apple.com/thread.jspa?threadID=1764179&tstart=0
  Regarding MacScan, First update the MacScan malware definitions before scanning. You can also contact their support team for any additional support - [email protected]
  Security of OS X generally:
  http://www.apple.com/macosx/security/
  http://www.nsa.gov/ia/_files/os/applemac/I731-007R-2007.pdf
  Security Configuration for Version 10.5 Leopard:
  http://images.apple.com/server/macosx/docs/LeopardSecurity_Config_2ndEd.pdf
  This Blog entry is also worth a read:
  http://blog.damballa.com/?p=1055
  Other sources of malware include sites like Facebook and Hotmail.

• My iMac has some virus and when I turn it on it has a blue or black screen?? Very confused, My iMac has some virus and when I turn it on it has a blue or black screen?? Very confused

  The question discussion is above

  It is not a virus
  More details would be helpful.
  Do you heard the startup chime when you startit up?
  You posted in the iMac(Intel) forum but your profile says you have a PowerBook running 8.6 or earlier.
  Exactly what hardware are you talking about here?
  What version of operating system is it running.
  Allan

• My computer had a virus and needed to be wiped clean. all my itunes docs are stored on an external hard-drive so i downloaded a new itunes but it over-wrote my old one - how can i restore this without wiping my iphone? please help :(

  Hi there,
  My windows xp computer got a virus and needed to be wiped.
  As i store all of my itunes and iphone stuff on an external hardrive i thought this would not cause a problem.
  Got a bit confused when i tried to open itunes again from the back-up hardrive as it would not open.
  Wrongly assumed that the best option would be to re-download itunes and move my old itunes info across - silly silly thing to do :/
  The new download just over-wrote the old one and after trying a few of the suggestions on here to get my old library back - i still cant work out if its possible as it has been over-written.
  I don't want to plug my iphone4 into my computer as i have heard that this can wipe your phone completely, so before i do anything, does anyone know what is the best thing to do from here? or how i could posibly recover my old library, playlists, apps, podcasts e.t.c
  please please help
  mappy1970

  thisisdavid wrote:
  i have all of my music on my external hard drive, and would like to be able to listen to it on itunes without it copying to the computer.
  go iTunes > preferences > advanced and temporarily disable the copy files ... when adding option.
  from the file menu, choose add to library and select the folder on the external containing your content, or drag the folder to the automatically add to iTunes folder inside the iTunes folder.
  when iTunes has finished the operation, go back to preferences > advanced and point iTunes media folder location to the external so that future additions to your library are put there. also, re-enable the copy files ... when adding option.

• Pop-Up Virus

  Just wondering if anyone can help me, I have only recently purchased my new mac. I was concerned when I didn't need any form of virus protection, so I downloaded Avasti and it had been working fine. Recently (past 6 weeks) three stranges pop-ups have been appearing, even though I have my 'pop up' block on. The first one which appears most commonly, is the one found in the top picture. This grey box saying download manager update only appears when I open google. The secod one appears on most webpages which I open, and it is the little green box pictured in the lower left of the screen, with the option to hide ad. And lastly, a random screen pops up offering businesses and bonuses which I have never even heard of.
  Please if you know how to delete or get rid of this virus can you please let me know ASAP!

  "Avast" is perhaps the worst of the whole wretched lot of commercial "security" products for the Mac. Not only does it fail to protect you from any real danger, it throws false warnings, destabilizes and slows down your computer, and sometimes or always corrupts the network settings and the permissions of files in your home folder. Removing it may not repair all the damage, and neither will Disk Utility or even reinstalling OS X.
  Back up all data, then remove "Avast" according to the developer's instructions. Restart.
  If you tried to remove Avast by dragging an application to the Trash, you'll have to reinstall it and then follow the instructions linked above.
  1. This is a comment on what you should and should not do to protect yourself from malicious software ("malware") that circulates on the Internet. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to your computer, or who has been able to log in to it remotely. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
  If you find this comment too long or too technical, read only sections 5, 6, and 10.
  OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
  The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
  It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
     3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
  Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
  It can easily be disabled or overridden by the user.
  A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
  An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
  Apple has so far failed to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. These failures don't involve App Store products, however.
     For the reasons given, App Store products, and — to a lesser extent — other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
  4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
  5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the scam artists. If you're smarter than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
  Software from an untrustworthy source
  Software of any kind is distributed via BitTorrent. or Usenet, or on a website that also distributes pirated music or movies.
  Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website.
  Rogue websites such as Softonic and CNET Download distribute free applications that have been packaged in a superfluous "installer."
  The software is advertised by means of spam or intrusive web ads.
  Software that is plainly illegal or does something illegal
  High-priced commercial software such as Photoshop is "cracked" or "free."
  An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission.
  Conditional or unsolicited offers from strangers
  A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
  You win a prize in a contest you never entered.
  Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
  A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
  Anything online that you would expect to pay for is "free."
  Unexpected events
  You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
  An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
  Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
  I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
     6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
  Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
  Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers.
  Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
  Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
  7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store — nothing else.
  Why shouldn't you use commercial "anti-virus" products?
  To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. New threats are emerging on a daily basis. Research has shown that most successful attacks are "zero-day" — that is, previously unknown. Recognition-based malware scanners do not defend against such attacks.
  Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
  In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
  8. An anti-malware product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
  An anti-virus app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
  A Windows malware attachment in email is usually easy to recognize without the need for any software; for example:
  ♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
  Software may be able to tell you which particular trojan it is, but do you really care? In practice, there's seldom a reason to use recognition software unless an institutional policy requires it. Windows malware is so widespread that you should assume it's in every unknown email attachment until proven otherwise. Nevertheless, ClamXav or a similar App Store product may be useful if an uninformed network administrator says you must have some kind of "anti-virus" application.
  The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
  10. As a Mac user you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither should you assume that you will always be safe from exploitation, no matter what you do. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. "Hmmmm, this torrent is a crack of that new game I want. I think I'll download it. It could be a trojan, but the antivirus will warn me if it is." Then they wonder why their Mac is so slow all of a sudden. It's slow because it's running flat out mining bitcoins for a hacker who has already sold their credit card number and banking passwords to a criminal gang. Maybe a week later the antivirus does warn them, but what good does that do?
  Nothing can lessen the need for safe computing practices.

• Network Magic Confusion

  Hi – My problem is that NWM is confused and thinks that I do not have a link to my router.  Also, following changes to my network the map has not been updated.  How do I get Network Magic to update it’s map? 
  Last night I tried to upgrade the FW on my BEFSR41 and ended up with a brick – not sure why, but I have been unable to revive it.  I had this Dlink DI-624 which I was using simply as an access point, and I then moved over to be the Gateway.  I was going to replace the BEFSR41 with another one, but instead got a WRT160 which I put in place of the DLink to act as the Access point.  All network functionality seems fine, but Network Magic is confused.  Besides not recognizing that the DLINK router has been moved, it also does not see the new Linksys WRT160.  This is the same on all three computers running NWM. 
  Any suggestions would be appreciated.  Below is the requested info re: my network. 
  TIA – Tom
  1. Your Network Magic Version installed: example: 5.1.9055.0-Pure0
  2. The type of connection to the Internet, - Cable
  3. The Brand of Modem and its Model Number  - ARRIS TM502G VOIP Modem
  4. The Brand, Model, Hardware Revision of your Router and include the Firmware Version: D-Link DI-624 Rev C, FW 2.76
  5. The Method of connection your problem computer has to the Router: Wired
  6. The Connection in use on the problem computer: Ethernet Port is a PCI Adapter Card, Linksys WMP54G v4.1
  7. Operating system and version and Service Pack Level - Windows XP Professional SP3
  8. Software Firewall in use: McAfee Personal Firewall 10.3 Build 10.3.111
  9. Also if any Anti-Virus Program or Spyware Program is actively protecting your computer. McAfee VirusScan 13.3.127
  10. Include your location in the post or fill out your Profile for this forum and include the location.  Northern Kentucky/Metro Cincinnati
  11. Post the link to your Router Model – http://support.dlink.com/products/view.asp?productid=DI%2D624%5FrevC 
  12 – Normal Network Devices -  2 Desktop PCs running WinXP SP 3, 1 Vista SP1 Laptop, 1 NetGear NAS, Linksys Print Server, 1 WD MyBook World, Wii, iPod, PPC & various other transient wireless clients
  Solved!
  Go to Solution.

  THX for the reply, Augie.  Uninstalling Network Magic, then ckeaning out the remnants and finally reinstalling Network Magic on all three computers did in fact allow the program to recognize the topology changes.  This, however, seems like a cumbersome solution to the discovery & mapping of topology changes.
  Reagrds - Tom

• I've got OSX/Genieo.A virus on my mac and don't know how to get rid of it and why I have it

  I've got OSX/Genieo.A virus on my mac and don't know how to get rid of it and w I have it

  There is no need to download anything to solve this problem.
  You installed the "Genieo" malware. The product is a fraud, and the developer knowingly distributes an uninstaller that doesn't work. I suggest the procedure below to disable Genieo. This procedure may leave a few small files behind, but it will permanently deactivate the malware (as long as you never reinstall it.)
  Malware is always changing to get around the defenses against it. These instructions are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
  Back up all data before proceeding.
  Step 1
  Triple-click anywhere in the line below on this page to select it:
  /Library/Frameworks/GenieoExtra.framework
  Right-click or control-click the line and select
            Services ▹ Reveal in Finder (or just Reveal)
  from the contextual menu.
  If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
  A folder should open with an item named "GenieoExtra.framework" selected. Move that item to the Trash. You'll be prompted for your administrator password.
  Move each of these items to the Trash in the same way:
  /Applications/Genieo.app
  /Applications/Reset Search.app
  /Applications/Uninstall Genieo.app
  /Library/LaunchAgents/com.genieo.completer.update.plist
  /Library/LaunchAgents/com.genieo.engine.plist
  /Library/LaunchAgents/com.genieoinnovation.macextension.plist
  /Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist
  /Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client
  /usr/lib/libgenkit.dylib
  /usr/lib/libgenkitsa.dylib
  /usr/lib/libimckit.dylib
  /usr/lib/libimckitsa.dylib
  ~/Library/Application Support/com.genieoinnovation.Installer
  ~/Library/LaunchAgents/com.genieo.completer.download.plist
  ~/Library/LaunchAgents/com.genieo.completer.update.plist
  If there are other items with a name that includes "Genieo" or "genieo" alongside any of those listed above, move them as well. Some of these items will be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
  Restart and empty the Trash. Don't try to empty the Trash until you have restarted.
  Step 2
  From the Safari menu bar, select
            Safari ▹ Preferences... ▹ Extensions
  Uninstall any extensions you don't know you need, including ones called "Genieo" or "Omnibar," and any that have the word "Spigot" or "InstallMac" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
  Your web browser(s) should now be working, and you should be able to reset the home page and search engine. If not, stop here and post your results.
  Make sure you don't repeat the mistake that led you to install this trojan. Chances are you got it from an Internet cesspit such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad has a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If youever download a file that isn't obviously what you expected, delete it immediately.
  You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that this Internet criminal has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
  Finally, be forewarned that when Genieo is mentioned on this site, the attacker sometimes shows up under the name "Genieo support." He will tell you to run a fake "uninstaller." As he intends, the uninstaller does not completely remove the malware, and is in fact malware itself.

• Hard Drive Problems or Virus?

  I was working on my four-year-old MacBook Pro with an external keyboard (Logitech), when it suddenly began typing in capital letters. I pushed the CAPS LOCK button, but that didn't fix it. When I used my external mouse (also Logitech) to insert my cursor in some text, it automatically highlighted a block of text.
  I then tried typing with the MacBook Pro's keyboard, and it worked fine. However, my computer is serious scr*wed up. When I reboot it, it opens up a "Safe Boot" screen.
  I can't connect to the Internet because the little WiFi icon that's supposed to appear at the top right is gone. Nor can I connect with my Verizon modem. When I click the Verizon Manager icon, the VAAccess manager window opens, but the button I'm supposed to click to connect to the Internet never becomes active.
  So I'm thoroughly confused. My computer has been acting a little odd for the last few weeks or months. It seems to be a little sluggish. Dreamweaver, especially, frequently freezes up for a long time when I'm working with it.
  On several occasions, my entire computer froze. I couldn't move the cursor, and it didn't respond to any key or combination of keys I pushed on my keyboard. I have no choice but manually turn it off.
  I generally use Opera or Chrome browsers, often with lots of tabs open. I think these are the biggest drains on my computer's memory. I sometimes get some sort of error message on Chrome, which invites me to open a new tab to some resource that's supposed to fix it. The only way to close the error message is to open the new tab, which I then close. I don't know if this might be related to my problem or not.
  Anyway, does anyone have a clue what's going on? Is there a simple test I can do to determine whether the problem is related to the hard drive or a virus?
  Thank you.
  II

  Hi
  +"Anyway, does anyone have a clue what's going on? Is there a simple test I can do to determine whether the problem is related to the hard drive or a virus?"+
  Highly unlikely it would be a virus as Barry says. A simple 'test' could be creating another admin account, logging in with it and seeing if the sluggishness you've noticed in your other account is still there. If things appear to be improved odds are confused/corrupted caches and/or damaged/corrupted preferences or plists are the culprits. Then again this could be an indication of a failing hard drive? As a matter of course you should boot from the Installer DVD that came with your laptop and use Disk Utility to repair the disk and/or Repair privileges and permissions. Although you can repair P/P normally when logged in. There are hundreds of threads on these boards detailing what can be thrown away in terms of caches etc.
  You say you've had the laptop for 4 years? Presumably you've never 'serviced' it in all that time? What constitutes a 'service' varies from person to person. But what I normally do is every 18-24 months is backup (something you should be doing anyway), reformat/reinstall and migrate everything back again. Depending on usage you may want to either shorten or lengthen that period. Then again you could boot from a Drive/Directory Repair Utility such as DiskWarrior. For some people that works equally as well. No need for a reinstall that way.
  My 2p.
  Tony

• I'm confused...think the MBA had anything to do with this?

  Hiya,
  All righty...well, it's been about a week since I've had my MBA, and I have to say, this computer is awesome. However, I've had this very odd Internet problem and I'm not sure if it's the MBA'S fault--or, rather, my fault, given the way I used the MBA at home, in this case--that this happened. I don't know if anyone here would have any idea of what happened, regardless of whether it was actually connected to the MBA and what I did with it to get it online, but here goes....
  I currently don't have working wi-fi so I'm stuck with one computer that can go online via ethernet and the DSL modem at home. When I went online with my MBA for the first time this week, I just unplugged the Ethernet from the home PC and plugged it into the MBA with the usb-to-ethernet dongle. The Internet worked fine on the MBA. And for a few hours, the Internet also worked fine on the regular home PC as well. But the next time I turned the PC on, something strange happened: Almost no Internet pages would load on Firefox or IE. Oddly enough, MSN worked, and YouTube worked, of all websites, but neither browser wanted to load up any other kind of webpage.
  At first I figured that spyware/adware must've had something to do with this, so I started running my usual virus/spyware/adware checks to see if they would find anything. In the meantime, I plugged the Ethernet cable into the MBA and assumed the Internet would work just fine on it. It didn't--it had the exact same problem as the home PC! It was very odd--I was having the same problem across two different computers and two different platforms.
  Long story short, my spyware/adware/virus checks on the PC came up clean. I was able to get one of my more computer-savvy friends to come over to my house and help fix the problem. We worked with the home PC and tweaked the firewall slightly. Oddly enough, after we tweaked the firewall on the home PC and got the Internet to work properly on it, the Internet also started working fine on the MBA as well when we tried plugging it in. My friend was left as confused as I was about all this--we really don't know what caused this problem to start with, since I hadn't encountered this problem at all until I plugged the MBA into the DSL modem. My friend's best guess is that perhaps, something in my PC had "told" the modem to not allow either computer to properly access the Web after I plugged in the MBA, but he really wasn't sure because he'd never encountered a problem like this.
  All in all, I've had an exciting but very strange week. For anyone more computer savvy out there--anyone encounter this kind of problem before? I'll be happy to provide other details on the kind of PC I'm using, along with security programs and my current Internet setup. If needed, I'll get more specific about what me and my friend had done to attempt fixing the problem too.

  Hiya!
  Thanks for the suggestions, Sagesse and Brian. Um...actually, on the day this had happened, my DSL modem got restarted at least three times--twice in my own attempt to fix it and once when I brought in my neighbor to help me fix the computer. I think I've got quite a bit more time to explain specifically what I and my neighbor did, so here goes....
  First, as I said earlier, I plugged the MBA into my DSL modem and the Internet worked great. It worked great for a day or so before the Internet went wonky on me last Monday.
  When I plugged the modem into my PC and booted up last Monday, then saw the Internet wasn't working right at all, the first thing I did was turn off and unplug my modem from my PC and from the wall for about five minutes. (Overkill, I know now--the neighbor who helped me fix my connection told me that all I needed was a minute and I didn't necessarily need to unplug it.) That didn't work. So I did the following in the next day or so till I could get ahold of my neighbor:
  --ran spyware/adware scans using Spybot, Ad-Aware, Spyware Doctor. I found two cookies, all in all, and quarantining them both didn't solve the problem.
  --ran McAfee's virus scan, which came up clean
  --launched Windows Live Messenger--when it didn't log me on and launched its troubleshooting utility instead, I tried letting that run so it could try telling me what the problem was. It kept saying there was a problem with my hosts file, and I clicked on "Repair" several times to get the utility to fix the problem, but no dice--it just didn't work.
  --I checked my network connections in Windows and found my Ethernet connection, then clicked on "Repair" and tried to have Windows attempt to fix the problem for me. It sort of helped--I could log onto Windows Live Messenger, but my Internet browsers (IE and Firefox) were acting very strangely. Basically, only one of the two browsers would semi-work. For example...after having Windows attempt to repair my connection, I opened up Firefox and it didn't work at all--nothing would load properly on it. Then, out of curiosity, I opened IE and tried going to a variety of sites--a couple of banking websites that require login information to access personal banking info, cnn.com, consumerist.com, gizmodo.com, youtube.com--and out of all of those, only youtube loaded properly. IE definitely didn't like anything requiring a login. It didn't like "complicated" sites like CNN's or AOL's site either--when I tried loading either page, what I got were really simple-looking sites that resembled the kinds of pages I'd see on my BlackBerry when I'd load the mobile versions of either site on it. And it got weirder after a few hours of just leaving the computer alone--after a while, IE didn't want to work properly, but Firefox would suddenly start working somewhat, but it would act the same way IE did when it was working.
  --When none of this stuff worked, I finally tried resetting my firewall back to its default settings. This didn't improve things for me either.
  After trying all this out on Monday and some of Tuesday, I finally got ahold of my neighbor. After hearing how freaked out I was at all of this, he suggested that we go out and get some lunch in the neighborhood so we could talk, I could calm down, and I could tell him all about what had happened. We settled on a place with a wi-fi hotspot and I brought the MBA along--we both agreed that if the MBA worked perfectly fine at this restaurant we went to, then the problem I was having was most likely isolated to my house. Lo and behold, the MBA worked just fine outside of my home, so we were more certain now: The problem was at my home.
  After lunch, my neighbor went back to his house and brought me a spare modem and a spare Internet cable in case there really was a problem with my own modem. And then he got a look at my PC and did some of the same things I already did. He turned my modem off and on, and that didn't work. He tried taking advantage of Windows Messenger Live's troubleshooting utility to have it attempt to fix my problem. (No dice--didn't work.) He tried repairing my Network connection. (Didn't work either.) And then he went into my firewall and started tinkering around with it. We learned one big thing about McAfee's free firewall that AOL provides: It is COMPLICATED. And no wonder, we both figured, as we stumbled through screen after screen, trying to figure out what might've been wrong: We figured that McAfee probably made things really hard to understand on purpose so that I'd be forced to go talk to them--and to talk to them, I'd have to pay for it.
  My neighbor accidentally fixed the problem in an attempt to turn off my firewall, actually. He clicked this one checkbox in a list of "ignored problems" and assumed he had turned off the firewall. But he didn't--he fixed the problem instead. We don't actually understand how the item he had checked ("Firewall protection is disabled," which was originally not checkmarked and was not an ignored problem until we checkmarked it...) had solved anything. But the Internet just started working fine on either browser, and we don't understand how that fixed anything at all, but okay...that's for McAfee to answer, not the folks here. As my neighbor and I tested out IE and Firefox, loading up various sites, he said that the only thing he could guess in terms of what happened was, maybe my PC had "told" the DSL modem to not let any computer go online after I plugged in my MBA. And even that was a pretty wild guess for him--he admitted it readily--but he couldn't understand how that could have really been the problem here.
  And...for now, that's all that's happened with my Internet connection. I got my connection fixed Tuesday night, after about two hours of me and my neighbor stumbling through Windows and, in particular, McAfee's security suite. I haven't had any problems with the Internet since then, but I'm still baffled at what had happened to start with. At this point, I still don't think this happened because of the MBA specifically, but I don't know what did happen to cause this problem. I do know that I had never had this kind of problem before until I plugged the MBA in, though. So in a vague way, I think the MBA had something to do with all this. I don't know what, though. :S
  Message was edited by: Sayuri Nitta

• I need to know if I have a virus or malware on my laptop. How do I do that?

  Hello. I am new to this community and process so apologies for any errors in protocol. I have a MacBook Pro purchased in early 2011 operating with 4 GB 1333 MHz DDR3 for memory and using OS X Yosemite 10.10.2. Processor is 2.3 GHz Intel Core i5. This past week or so the computer has been slowing down, freezing up, and shooting up all sorts of pop-ups that flash and scream (literally; really loud). Do I have a virus or some sort of malware, and if so, what can I do about it?
  Thanks for any assistance.
  Scott

  There is no need to download anything to solve this problem.
  You may have installed one or more of the common types of ad-injection malware. Follow the instructions on this Apple Support page to remove it. It's been reported that some variants of the "VSearch" malware block access to the page. If that happens, start in safe mode by holding down the shift key at the startup chime, then try again.
  Back up all data before making any changes.
  One of the steps in the article is to remove malicious Safari extensions. Do the equivalent in the Chrome and Firefox browsers, if you use either of those. If Safari crashes on launch, skip that step and come back to it after you've done everything else.
  If you don't find any of the files or extensions listed, or if removing them doesn't stop the ad injection, ask for further instructions.
  Make sure you don't repeat the mistake that led you to install the malware. It may have come from an Internet cesspit such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad would probably have included a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.
  Malware is also found on websites that traffic in pirated content such as video. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
  In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere  should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
  Still in System Preferences, open the App Store or Software Update pane and check the box marked
            Install system data files and security updates (OS X 10.10 or later)
  or
            Download updates automatically (OS X 10.9 or earlier)
  if it's not already checked.

• Please help, mixed reports, malware ? virus ? neither ? I am truly stuck

  I am having a problem with my relatively new 6month old imac.
  Please I am hoping to find some really smart (& hopefully patient)  mac users for help. I  appreciate all the time mac uers help members with there questions. Yuy guys really are an invaluable resource.
  So here's my situation a few wks back i started noticing my imac seemed to be running slow, after that different programs like Firefox, and Safari seemed to be freezing and appear to "not respond". But things have been busy and just put it on the side.
  Now around July or so Safari seems to be almost totally unstable. i starting being subjected to constant Safari problems like the browser constantly closing, yet FireFox (14.0.1) appeared to be relatively problem-free.
  My wife starting finding strang emails that were supposedly quarantined so I decided to run a virus Scan. I went to the app's store to see which virus Scans were popular and downloaded Norton from the  store. I have gotten  mixed results from: my poor Mac being possibly sickened with: Malware (This was what was shown "Sokobanbuild.xsl")  than sometimes the scan appeared to report no problems, and i have been unable to find such a file on my Harddrive
  I was under the very naive impression that Mac's were rarely affected to these types of virus and such. I am by no means a mac guru so please be gentle. I tried to search on here and got even more confused, I looked for update to the OS as i thought there was somekind of download avaiklable, but became more confused and frustrated.
  Thanks so much in advance, i really appreciate the prescious time everyone takes to read this or help myself or other users.
  please I am in a real bind here, and hoping for some sort of solution that doesn't involve me having to re-format the Harddrivre and re-install everything, or booting up with a cd. I was also hoping to upgrade to the new Mountain Lion OS, which I assume I should wait till this gets fixed.
  please any and all help would be greatly appreciated, thanks so much in advance !!!!!!
  FYI: If this helps here are some of my mac's info:
  OS: 10.7.4 (MAc OS only, no windows)
  Processor: 2.5 GHz Intel Core i5
  Memory: 4 GB
  Firefox 14.0.1
  thanks again
  - iamTheMustangGuy

  In reply to a recent post of mine, madmacs0 responded with an assessment of Norton ... and a more balanced and informative post would be hard to find.   Do read it.
  I need to preface my remarks to explain why I have not spoken up on this subject here before.
  I was an early adopter of Norton Anti-Virus when Peter Norton owned it. It, along with the even better Norton Utilities saved my bacon more than once when running Apple's Classic OS. At the time I would have recommended it to most any Mac user. Then Symantec bought Peter out and things went rapidly down hill. The last chance I gave them to get it back on track was SystemWorks 2.0 and Internet Security 1.0 back in the OS 9 era. Despite a number of bug fix releases, I had to disable most of it and then remove it entirely. That's the last time I actually ran a Norton product on any of my Macs.
  So I have no current experience with either NAV or the new iAntiVirus at this point and can't speak with authority on their worth. So feel free to ignore anything else I may have to say here.
  I guess my bottom line would be that I think it has an undeserved bad reputation based on user experience from many years ago. I don't remember the last time I read a first person account of individual user issues in modern times. You chose your words carefully, which is appropriate, but I'll bet there are a lot of "experts" here who condemn it without ever having recent hands on experience.
  There are a lot of reasons for their reputation, most well deserved. It's been said that Symantec never invented a single piece of software (not sure that's true any more, either), but rather purchased the works of others to either kill the competition or enhance their bottom line. They were a very different company in those days, with a different management style, etc.
  So I wouldn't be surprised if it turned out to be at least as good as whatever has the best reputation among Commercial Mac A-V vendors today. They seem to be on top of most all the OS X malware, even though they don't spend a lot of time blogging about it. I know a lot of IT professionals who swear by their enterprise level software. I suspect that their software no longer behaves any worse than the others that operate at the kernel extension level (always dangerous for third parties). But their reputation seems to be their unending albatross.
  I hope madmacs0 will not mind me copying his post like this.

• Do I need to have any type of anti-virus or malware, spyware protection for my Macbook Pro?

  My Macbook is a year old. When I bought it, I was told by several people that I would not need any type of anti-virus software or anything to protect my computer because Mac did not get infected that often. However, I have had people today tell me that I do need protection for my computer. My Mac runs about as good as the day I got it, but I really don't want anything to happen to it. If I need to get an anti-virus, or malware/spyware software, what programs would y'all recomend? I am just looking for information. Thanks!

  1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
  If you find this comment too long or too technical, read only sections 5, 6, and 10.
  OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
  It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
  Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
  It can easily be disabled or overridden by the user.
  A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
  An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
  For the reasons given above, App Store products, and other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. OS X security is based on user input. Never click through any request for authorization without thinking.
  4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is presumably effective against known attacks, but maybe not against unknown attacks. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
  5. XProtect, Gatekeeper, and MRT reduce the risk of malware attack, but they're not absolute protection. The first and best line of defense is always your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
  That means, in practice, that you never use software that comes from an untrustworthy source, or that does something inherently untrustworthy. How do you know what is trustworthy?
  Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
  A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
  Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
  Software that purports to help you do something that's illegal or that infringes copyright, such as saving streamed audio or video for reuse without permission, is unsafe. All YouTube "downloaders" are in this category, though not all are necessarily harmful.
  Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
  Even signed applications, no matter what the source, should not be trusted if they do something unexpected, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
  6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
  Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
  Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers.
  Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
  Follow the above guidelines, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself from malware.
  7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. Any database of known threats is always going to be out of date. Most of the danger is from unknown threats. If you need to be able to detect Windows malware in your files, use the free software  ClamXav— nothing else.
  Why shouldn't you use commercial "anti-virus" products?
  Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
  In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
  8. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
  ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
  A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
  ♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
  ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
  10. As a Mac user you don't have to live in fear that your computer is going to be infected every time you install an application, read email, or visit a web page. But neither should you have the false idea that you will always be safe, no matter what you do. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices.

• I recently had my computer fixed. there was a million viruses in it, but when i got home and logged onto my second apple id, i found that bonjour was no longer installed. could someone please advise me on how to install bonjour onto my computer?thnx

  i recently had my computer fixed as it was loaded with viruses. Also I finally got my IPad 1 back from someone who had "borrowed" it for a year. It no longer worked, but in the case i had written down my old apple id. i had purchased 3 other ipad's since then and changed my id. i typed the old id and was delighted to see that i had over $1000 worth of dowmloaded media. i want to use this old acct number on one of my other IPads to avoid confusing two accts, but when i attempted transferring media onto computer it said i needed to first download bonjour. i have been trying to figure out how, but computer genius i am NOT. could someone please help me? i really appreciate any advice you could offer steering me in the right direction with this. thank you, stacey v

  Hey staceylynn261!
  Bonjour is a program that is installed on your computer along with iTunes, so you will want to first uninstall iTunes and all of its related components:
  Removing and reinstalling iTunes and other software components for Windows Vista, Windows 7, or Windows 8
  http://support.apple.com/kb/HT1923
  You will then want to visit this link to download and install the latest version of iTunes:
  Apple - iTunes - Download iTunes Now
  http://www.apple.com/itunes/download/
  Thanks for using the Apple Support Communities. Have a good one!
  -Braden

• How do I get rid of viruses on my MAcBook Pro

  How do I get rid of viruses on my MAcBook Pro

  A
  It may not be malware, a Web scam that only affects your browser, and only temporarily. There are several ways to recover.
  1. Some of those scam pages can be dismissed very easily. Press the key combination command-W to close the tab or window. A huge box will pop up. Press the return key and both the box and the page will close. If that doesn't happen, continue.
  2. Press and hold command-W. You may hear repeating alert sounds. While holding the keys, click the OK button in the popup. A different popup may appear, which you can cancel out of as usual.
  3. From the Safari menu bar, select
            Safari ▹ Preferences... ▹ Security
  and uncheck the box marked Enable JavaScript. Leave the preferences dialog open.
  Close the malicious window or tab.
  Re-enable JavaScript and close the preferences dialog.
  4. If the Preferences menu item is grayed out, quit Safari. Force quit if necessary. Relaunch it by holding down the shift key and clicking its icon in the Dock. None of the windows and tabs will reopen.
  After closing the malicious page, from the menu bar, select
            Safari ▹ Preferences... ▹ Privacy ▹ Remove All Website Data
  to get rid of any cookies or other data left by the server. Open your Downloads folder and delete anything you don't recognize.
  B
  If the above step doesn't solve the problem, you may have installed one or more of the common types of ad-injection malware. Follow the instructions on this Apple Support page to remove it. It's been reported that some variants of the "VSearch" malware block access to the page. If that happens, start in safe mode by holding down the shift key at the startup chime, then try again.
  Back up all data before making any changes.
  One of the steps in the article is to remove malicious Safari extensions. Do the equivalent in the Chrome and Firefox browsers, if you use either of those. If Safari crashes on launch, skip that step and come back to it after you've done everything else.
  If you don't find any of the files or extensions listed, or if removing them doesn't stop the ad injection, ask for further instructions.
  Make sure you don't repeat the mistake that led you to install the malware. It may have come from an Internet cesspit such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad would probably have included a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.
  Malware is also found on websites that traffic in pirated content such as video. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
  In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere  should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
  Still in System Preferences, open the App Store or Software Update pane and check the box marked
            Install system data files and security updates (OS X 10.10 or later)
  or
            Download updates automatically (OS X 10.9 or earlier)
  if it's not already checked.

• DO I need Anti-Virus for my Macbook Pro w/Retina Display?

  I am currently awaiting a MacBook Pro w/Retina Display and I am having an ongoing discussion with some work colleagues, since the Flashback Trojan appeared to infiltrate Mac's back in early 2012... DO I need Anti-Virus.. My argument is no, but everybody elses is yes!
  I would love to see some indepth feedback to send my PC lovers running!
  Thanks in advance.
  Regards,
  Joe

  1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files. This feature is transparent to the user, but internally Apple calls it "XProtect." The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
  It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  3. Starting with OS X 10.7.5, there has been another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
  Gatekeeper has, however, the same limitations as XProtect, and in addition the following:
  It can easily be disabled or overridden by the user.
  A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.
  For more information about Gatekeeper, see this Apple Support article.
  4. Beyond XProtect and Gatekeeper, there’s no benefit, in most cases, from any other automated protection against malware. The first and best line of defense is always your own intelligence. All known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
  That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
  Any website that prompts you to install a “codec,” “plug-in,” "player," "archive extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
  A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn users who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  Pirated copies or "cracks" of commercial software are likely to be infected.
  Software of any kind downloaded from a BitTorrent or from a Usenet newsgroup is unsafe.
  Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.
  5. Java on the network (not to be confused with JavaScript, to which it's not related) is a weak point in the security of any operating system. If a Java web plugin is not installed, don't install one unless you really need it. If it is installed, you should disable it (not JavaScript) in your web browsers. Few websites have Java content nowadays, so you won’t be missing much. This setting is mandatory in OS X 10.5.8 or earlier, because Java in those obsolete versions has known security flaws that make it unsafe to use on the Internet. The flaws will never be fixed. Regardless of version, experience has shown that Java can never be fully trusted, even if no vulnerabilities are publicly known at the moment.
  Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
  6. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, even supposing that they do any good at all. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
  Why shouldn't you use commercial "anti-virus" products?
  Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
  In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
  7. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
  ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. Windows malware attachments in email are almost always easy to recognize without computer assistance.
  8. The greatest danger posed by anti-virus software, in my opinion, is its effect on human behavior. When people install such software, which does little or nothing to protect them from emerging threats, they get a false sense of security from it, and then they may behave in ways that expose them to higher risk. Nothing can lessen the need for safe computing practices.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.