Viruses, malware, trojans, etc.

Similar Messages

• Scanning for virus/malware/trojans, etc?

  My online security has been seriously compromised in the past two weeks. It started out with my email account being hacked, and a spam message sent to everyone in my contact list. Now all of my domain names were hacked (most likely via my FTP software) and something installed malicious code into all of my websites that install a trojan on any unsuspecting visitor.
  I believe a computer in this house is (or was) acting as the router for all internet traffic and is sniffing passwords. At least, that's the only logical thing I can think of.
  I'm afraid to find out what's next, but I need to find the root of this problem and GET RID OF IT. We have a PC in the house, which I was hoping was the culprit, I completely wiped that hard drive clean and re-installed the OS, so that checks out now. And the problems are still occurring. The email hack happened before i wiped the PC, and the attack on my websites happened after. Or, at least, I NOTICED it after. It could have happened at the same time for all I know. But I want to be ABSOLUTELY sure that there's NOTHING on Macs that can be doing any damage.
  I ran ClamXav and MacScan on all 3 of my macs. All scans come up clean. Are there any other things I can do to check my system? I want to be completely sure. I don't want to have to format and re-install Leopard on these computers if possible.
  Thank you.

  markhimself wrote:
  My online security has been seriously compromised in the past two weeks. It started out with my email account being hacked, and a spam message sent to everyone in my contact list.
  You said you only used gmail from the web interface. Is your contact list online as well?
  Now all of my domain names were hacked (most likely via my FTP software) and something installed malicious code into all of my websites that install a trojan on any unsuspecting visitor.
  Why would your FTP software be to blame? It is possible that some 3rd party could have sniffed your password if you were using an unsecure protocol, which standard FTP certainly is.
  I believe a computer in this house is (or was) acting as the router for all internet traffic and is sniffing passwords. At least, that's the only logical thing I can think of.
  That's not very logical. I doubt that the PC could "take over" routing. It could have been completely compromised and that would compromise any password used on that machine or shared with any other account anywhere else. Your actual broadband router could have been hacked. That isn't likely or common, but it is possible.
  I'm afraid to find out what's next, but I need to find the root of this problem and GET RID OF IT. We have a PC in the house
  OK - there you go - get rid of it.
  And the problems are still occurring.
  Have you changed all of your passwords via secure connections?
  The email hack happened before i wiped the PC, and the attack on my websites happened after.
  Websites are a different issue. If your passwords were compromised, all bets are off. Still, you have to be careful with websites. If you use things like WordPress and don't keep them constantly updated with security patches, your website can easily be hacked.
  But I want to be ABSOLUTELY sure that there's NOTHING on Macs that can be doing any damage.
  I ran ClamXav and MacScan on all 3 of my macs.
  The Macs are fine. That is the only part you don't have to worry about. There are no viruses to infect them, but you still need to change their passwords. Once they have passwords, there is no need to hack. Just log in.

• Browser Virus Malware Adware etc.  HELP!

  I have been trying for 3 days to kick this absurd problem off of my Macbook Pro.  It feels like I have a virus/malware/adware situation that is making me feel like I'm back on a PC (UGHHHHH).
  BEFORE THE PROBLEM:
  I kept getting "scratchdisk" or "startup disk" is full notices so I could not download the new OS
  I started searching the web for solutions
  I started removing all unneeded files
  I used Clean My Mac to remove unwanted/unneeded files
  I downloaded OS X 10.9.5
  THE PROBLEM:
  The following things occur when I attempt to use any of the 3 browsers: Google Chrome, Safari, Firefox:
  pop up windows appear ALL over the place
  Pop up windows block my ability to use the intended web page
  tabs automatically open for Wix, Mackeeper, Credit Check websites etc.  (It's infuriating!)
  Sites I am attempting to use fail to respond
  ACTIONS TAKEN:
  run Clean My Mac (nada)
  delete all cookies (nada)
  trash or uninstall any/all unknown apps/programs
  uninstall Google Chrome
  uninstall Firefox
  reset Safari
  some terminal exercise from an Apple forum (did...nada)
  RESOLVE:
  NOTHING seems to be working...I'm about to launch my computer out the window... HELP!?

  There is no need to download anything to solve this problem.
  A.
  You may have installed the "VSearch" trojan. Remove it as follows.
  Malware is always changing to get around the defenses against it. These instructions are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.
  Back up all data before proceeding.
  Step 1
  From the Safari menu bar, select
            Safari ▹ Preferences... ▹ Extensions
  Uninstall any extensions you don't know you need, including any that have the word "Spigot," "Trovi," or "Conduit" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.
  Reset the home page and default search engine in all the browsers, if it was changed.
  Step 2
  Triple-click anywhere in the line below on this page to select it:
  /Library/LaunchAgents/com.vsearch.agent.plist
  Right-click or control-click the line and select
            Services ▹ Reveal in Finder (or just Reveal)
  from the contextual menu.* A folder should open with an item named "com.vsearch.agent.plist" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
  Repeat with each of these lines:
  /Library/LaunchDaemons/com.vsearch.daemon.plist
  /Library/LaunchDaemons/com.vsearch.helper.plist
  /Library/LaunchDaemons/Jack.plist
  Restart the computer and empty the Trash. Then delete the following items in the same way:
  /Library/Application Support/VSearch
  /Library/PrivilegedHelperTools/Jack
  /System/Library/Frameworks/VSearch.framework
  ~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
  Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.
  The problem may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.
  This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow.
  You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the Internet criminal behind VSearch has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing has not done so, even though it's aware of the problem. This failure of oversight has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.
  *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select
            Go ▹ Go to Folder...
  from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
  B.
  Remove "MacKeeper" as follows. First, back up all data.
  "MacKeeper" is a scam with only one useful feature: it deletes itself.
  Note: These instructions apply to the version of the product that I downloaded and tested in early 2012. I can't be sure that they apply to other versions.
  If you have incompletely removed MacKeeper—for example, by dragging the application to the Trash and immediately emptying—then you'll have to reinstall it and start over.
  IMPORTANT: "MacKeeper" has what the developer calls an “encryption” feature. In my tests, I didn't try to verify what this feature really does. If you used it to “encrypt” any of your files, “decrypt” them before you uninstall, or (preferably) restore the files from backups made before they were “encrypted.” As the developer is not trustworthy, you should assume that the "decrypted" files are corrupt unless proven otherwise.
  In the Finder, select
            Go ▹ Applications
  from the menu bar, or press the key combination shift-command-A. The "MacKeeper" application is in the folder that opens. Quit it if it's running, then drag it to the Trash. You'll be prompted for your login password. Click the Uninstall MacKeeper button in the dialog that appears. All the other functional components of the software will be deleted. Restart the computer and empty the Trash.
  ☞ Quit MacKeeper before dragging it to the Trash.
  ☞ Let MacKeeper delete its other components before you empty the Trash.
  ☞ Don't try to drag the MacKeeper Dock icon to the Trash.

• Viruses/Spyware/Malware/Trojans etc. Protection

  I am new to Macs but am pretty tech savvy. Do I really need a virus scanner? Do I need spyware protection? I use ClamXav for virus scanning. But it seems pretty unsecure and not reliable. Are there any other free virus scanners/anti-spyware software? Also is the OS X firewall secure enough, I know that it doesn't stop outgoing connections? How do you deal with these problems? Do you use any protection? Thanks.
  iMac Core Duo/iPod Photo 30 gig/Windows Knowledge   Mac OS X (10.4.8)   17 inch

  Hi.
  I'm surprised that you find ClamXav "…pretty unsecure and not reliable". It is the usual recommendation for free virus scanning on these boards. In what way do you find it so? Has it failed to pick up a Mac virus that you know is on your system? Unlikely as there are no true Mac viruses 'in the wild'.
  The OS X firewall is generally considered to be 'industry strength' but can be fine tuned with tools such as Snort in conjunction with Henwen, or Flying Buttress.
  As regards outgoing connections, Little Snitch is a lovely little shareware application. The usual comment on Little Snitch is that it does one thing and does it well.
  You might like to take a look at Dr Smoke's Detecting and avoiding malware and spyware, &/or, if you've got half a day to spare, put 'virus' into the search box over there------->>>>
  Reams of comments have been posted and I'm not going to reopen the argument now as it's all been said before, but just so you know which side of the camp I'm on, I use no AV software. I have the Mac and router FWs on, I use Little Snitch and common sense.
  Have fun,
  Adrian

• Do i need anti-virus and trojan etc. protection?

  i am new to mac's and just wondering if i need some software or something for protection from the internet. i know on my old PC i needed all the protection i could get, but I don't know if leopard already has something to protect my computer? and if i need another program, what should i use?
  Thanks

  Mac OS X by design is probably more secure than Windows. There are no known viruses (and I mean this in the strict sense of the definition of virus) that affect OS X today.
  That's not to say there will never be, and that's not to say that things like Trojan Horses (things that, if you run them, will cause damage to your system) don't exist. Because I could write a 1-line shell script that would delete your entire home folder, and I could write a little app and a few lines that, if you entered your password, could send an email to every user in your address book with a spam. If you the user okay that, I can do anything I want.
  So what does this mean? It means you can use anti-virus or other "protective" stuff, or you can exercise a modicum of caution and do without. Personally, I'm in the latter category, as I think that type of software causes way more problems on the Mac than it solves... but I can't always recommend it for everyone. I know I get emails from my mom (who uses a Mac) about once every 4 months asking about some bizarre behavior she's seeing and whether it means she has a virus (she doesn't). For her, the peace of mind of having AV may be worth it (to me, if not to her )
  Clear as mud?

• How is the Iphone protected from virus, malware, spyware, etc. when surfing the net?

  I'm concerned about malicious software and virus attack on my I phone.  I surfed the same internet sites as I do on my computer with my iphone; on my desk top I caught a trojan horse type virus.  Is my Iphone susceptible to similar attacks?

  The browser is sandboxed. It does not support plug-ins and can not download documents or programs containing executable code. As long as you don't jailbreak the phone, you don't have to worrry.

• Does firefox provide online protection from virus, malware protection , etc. automatically or otherwise?

  I am a regular user of Mozilla firefox which scans all the online email downloads that I do.
  But, I wish to know if I have to additionally install another antivirus / antimalware (protection) software for my online safety and computer safety as well?

  Firefox does give some phishing and attack site warnings
  *http://www.mozilla.org/en-US/firefox/phishing-protection/
  Firefox does work with software that you may have installed and for instance may enable scanning of downloaded files. If it is scanning now that indicates you have something installed. I believe Windows 7 makes Microsoft Essentials available for free. Windows 8 has Windows Defender or something provided by default.
  * http://windows.microsoft.com/en-GB/windows/security-essentials-download
  The no script add-on is an extremely popular add-on that blocks a lot of nuisances and potential dangerous things. Firefox may soon include a click to play plugins feature that should be helpful.
  * https://blog.mozilla.org/addons/2012/10/11/click-to-play-coming-firefox-17/
  BTW are you using Thunderbird ?

• Do I have a virus or Trojan malware on my MacBook Pro?

  I downloaded a faulty mp3 file from the internet which I think infected my computer with either a virus or Trojan malware. It took over my computer and disallowed me from accessing any applications. I clicked on Finder, for example, and a window would pop up saying, "Application not found," with a number after it. I rebooted by computer and was able to log back in using Safe Mode. Here, I deleted the  file I had downloaded, or so I thought, by dragging it to the trash and emptying it. However, my computer is acting bizarre and barely functions. I am unable to use DVD Player, it says, "There was an initialization error" with code -70017. My volume is unaccessible, there is a circle with a slash through it when I try to use it. Itunes will not work, Iphoto keeps crashing and will not open, and my internet browser is extremely slow and will not play video.
  I have downloaded and installed Sophoes Anti-Virus and MacScan in an attempt to rid my computer of the virus but it did not seem to do anything.
  Suggestions as to how to fix this problem would be greatly appreciated.

  This is not the work of a virus, or any other kind of malware. What it sounds like is a very badly corrupt hard drive causing all manner of corruption in your various system components and applications. You probably need to erase your hard drive and reinstall the system from scratch, as ds store has said.
  If you actually had malware, Sophos would find it. If Sophos found nothing, there was almost certainly nothing to find. If something like Sophos ever should find malware, unless the malware has "OSX" or "MacOS" in the name, it probably isn't Mac malware and thus isn't something you need to worry about (other than not passing it on to other people).
  MacScan is junk. It serves no useful purpose. See:
  MacScan disappoints

• Is my understanding correct that you do not need to have anti-virus, malware, etc. for an iPad?

  Is my understanding correct that you do not need to have anti-virus, malware, etc. for an iPad?

  You do still need to be smart on the internet. YOu can be phished just as easily on an iPad that you can on a computer. So be smart with your internetting. THe iPad does offer a user more protection than a regular PC but a user's actions can change that.
  ANd the relative immunity to viruses apply to non-jailbroken devices.

• Can you get an virus or trojaner through the connection-cable (PC) from your iPod touch?

  I had an trojaner on my PC earlier and my iPod touch 4G was connected to my computer. Is it possible for the trojaner or viruses in general to make their way through the connection cable or something? If a photo or something wasn't infected. I mean sync-wise, etc.

  It would be very difficult for a virus or trojan to get from the iPod to your PC via USB. Attaching a virus to any media file such as a photo or music track is very, very difficult, and all known exploits that would do this were blocked a long time ago. Attaching a trojan would not be possible. Unless there's a new exploit I haven't heard of, only if a trojan program was attached to an email and from there transferred to an app that could then be synced to your computer would it be possible malware come from your iPod. I think that rather unlikely and that your trojan got into your PC from some other source.
  Regards.
  Message was edited by: Dave Sawyer

• Do I have a virus/malware problem? Idiot needs help

  Hello, Received an email from 'Royal Mail Global' saying that they had failed in delivering a package and to open the attached '.zip' file. Without thinking, I opened the file- it didn't launch anything. I realise this is incredibly stupid and I am mortified. However, I am now concerned that I have a virus, malware, etc. As I am a computer idiot: how do I check if a virus is on the system or a malware programme is stealing all my details? People say "you'll be ok, Mac's don't get virsus" but how do you know? I have encountered no issues, as yet.... I run OS X and have a mac mini. Please help- will be eternally grateful. Thank you in advance

  MacHagan wrote:
  Hello, Received an email from 'Royal Mail Global' saying that they had failed in delivering a package and to open the attached '.zip' file. Without thinking, I opened the file- it didn't launch anything.
  First of all, your Lion OS would have notified you if that was anything currently known to be dangerous. If it was malware it was almost certainly designed for Windows and of no consequence to OS X. If you are certain that the email is spam/junk/hoax then use the delete button in your e-mail client to get rid of it. Check the trash folder and delete it from there, if necessary. If this is a Gmail account, let me know as there may be one more step.
  When you say you opended the file, I assume you used an open button or double-clicked the attachment symbol? And then it didn't launch anything, but it should have launch the Archive Utility to unzip the attachment. Did that not happen? Did you see anything after you "opened it"?
  Even if it was unzipped, sitting in an attachment folder somewhere and is malware, it won't do anything at all until you attempt to open it. And as I said previously, it's almost certainly for Windows users, anyway.
  If you followed the suggestion to use ClamXav (or any other A-V software), there are some special considerations regarding e-mail. Here are my standard cautions:
  Never use ClamXav (or any other A-V software) to move (quarantine) or delete e-mail. It will corrupt the mailbox index which could cause loss of other e-mail and other issues with functions such as searching. It may also leave the original e-mail on your ISP's e-mail server and will be re-downloaded to your hard drive the next time you check for new mail.
  So, if you choose to "Scan e-mail content for malware and phishing" in the General Preferences, make sure you do not elect to either Quarantine or Delete infected files.
  When possibly infected e-mail files are found:
  Right-click/Control-click on either the infection or file name in the ClamXav window.
  Select "Reveal In Finder" from the pop-up menu.
  When the window opens, double-click on the file to open the message in your e-mail client application.
  Read the message and if you agree that it is junk/spam/phishing then use the e-mail client's delete button to delete it (this is especially important when the word "Heuristics" appears in the infection name).
  If you disagree and choose to retain the message, return to ClamXav and choose "Exclude From Future Scans" from the pop-up menu.
  If this is a g-mail account and those messages continue to show up after you have deleted them in the above manner, you may need to log in to webmail using your browser, go to the "All Mail" folder, find the message(s) and use the delete button there to permanently delete them from the server.
  For instructions on how to handle any infections that do not involved e-mail, use the Help menu or go directly to this link Dealing with Infected Files.

• Virus / keylogger / trojan / adware on a Mac?

  How do i find and remove virus / keylogger / trojan / adware on a Mac?

  Helpful Links Regarding Malware Problems
  If you are having an immediate problem with ads popping up see The Safe Mac » Adware Removal Guide, AdwareMedic, or Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support.
  Open Safari, select Preferences from the Safari menu. Click on Extensions icon in the toolbar. Disable all Extensions. If this stops your problem, then re-enable them one by one until the problem returns. Now remove that extension as it is causing the problem.
  The following comes from user stevejobsfan0123. I have made minor changes to adapt to this presentation.
  Fix Some Browser Pop-ups That Take Over Safari.
  Common pop-ups include a message saying the government has seized your computer and you must pay to have it released (often called "Moneypak"), or a phony message saying that your computer has been infected, and you need to call a tech support number (sometimes claiming to be Apple) to get it resolved. First, understand that these pop-ups are not caused by a virus and your computer has not been affected. This "hijack" is limited to your web browser. Also understand that these messages are scams, so do not pay any money, call the listed number, or provide any personal information. This article will outline the solution to dismiss the pop-up.
  Quit Safari
  Usually, these pop-ups will not go away by either clicking "OK" or "Cancel." Furthermore, several menus in the menu bar may become disabled and show in gray, including the option to quit Safari. You will likely have to force quit Safari. To do this, press Command + option + esc, select Safari, and press Force Quit.
  Relaunch Safari
  If you relaunch Safari, the page will reopen. To prevent this from happening, hold down the 'Shift' key while opening Safari. This will prevent windows from the last time Safari was running from reopening.
  This will not work in all cases. The shift key must be held at the right time, and in some cases, even if done correctly, the window reappears. In these circumstances, after force quitting Safari, turn off Wi-Fi or disconnect Ethernet, depending on how you connect to the Internet. Then relaunch Safari normally. It will try to reload the malicious webpage, but without a connection, it won't be able to. Navigate away from that page by entering a different URL, i.e. www.apple.com, and trying to load it. Now you can reconnect to the Internet, and the page you entered will appear rather than the malicious one.
  An excellent link to read is Tom Reed's Mac Malware Guide.
  Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.
  See these Apple articles:
    Mac OS X Snow Leopard and malware detection
    OS X Lion- Protect your Mac from malware
    OS X Mountain Lion- Protect your Mac from malware
    OS X Mavericks- Protect your Mac from malware
    About file quarantine in OS X
  If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.)

• Malware/Trojans on a new MacBook Pro

  My MBP is only 2 weeks old. The day after I got it I began to notice suspicious behavior when surfing the net (Yahoo Mail, Yahoo News, Facebook) when the screen I was on would be hijacked to an another site or ad of some kind. I screen-capped the examples and headed for the genius bar. They advised it was not the machine but probably pop ups from the sites I was visiting, in other words it was my keystroking habit and the sites I visited. Never knew Yahoo Mail and News were "problems"!
  They loaded Sophos and said it won't find anything but would give me peace of mind. Well when I ran a full scan I've got a trojan and 2 malware (all java related). I assume this may be the root cause of my hijacking issue. I know the prevailing wisdom is that MACs don't get viruses and only get malware/trojans if the user/admin accepts them. I've not accepted anything or given permission for any downloads...ever. Which leads me to question if somehow these problems were transferred from my XP during the data transfer process? Is that possible? Does anyone have any suggestions about the best course of action? The malware can't be cleaned in Sophos...it must be manually removed. Which I've yet to figure out how to do. The primary reason I switched to a MAC was the security. And I love the machine but I'm disheartened to say the least. Any advice is appreciated.

  You undoubtedly imported the malware from your PC running Windows. If the malware came from there, it can't do anything on a Mac unless the Mac is running Windows, and is therefore completely harmless. Antivirus software may detect Windows-based malware on your computer, but that doesn't mean any of it can run in the Mac OS.
  The day after I got it I began to notice suspicious behavior when surfing the net (Yahoo Mail, Yahoo News, Facebook) when the screen I was on would be hijacked to an another site or ad of some kind.
  This happens all the time and has nothing to do with malware, unless sneaky and devious website design is classified as malware.
  ...in other words it was my keystroking habit and the sites I visited.
  I don't know what "keystroking habit" means, but the sites you're visiting are responsible for the popups and diversions that annoy you.

• AFP Virus / Malware - Your browser has been locked

  Hi
  I'm still reasonably new to Macs and have a Virus / Malware I think.
  It says AFP (Australian Federal Police) have locked your browser, etc
  google says its bogus.
  How do I remove it?
  I can't shut down that TAB/Safari window.
  Please Help

  Hi,
  I guess it's from a Torrent then, but lesson learnt now.
  So if no Virus, then it's Malware??
  I'm running ClamXav right now to check - will that help or remove it?
  I'll start reading those pages now and I've added that Ad Block, thank you very much for the help.
  EDIT: I just did this, from another thread here that RE: FBI Malware
  To prevent the loop from running and exiting the page
  Disable Javascript.
  Hit back in Safari.
  Enable Javascript.
  Reset History and Top Sites as a precaution.
  This resolved the problem, but I'm staying clear of torrents forever!!!
  Freaky stuff

• Virus Malware Malicious content protection software?

  Is it true that I will not need to have active virus/malware /malicious content protection on my Mac?   Should I, or dont bother?

  1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
  It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  3. Starting with OS X 10.7.5, there has been another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
  Gatekeeper has, however, the same limitations as XProtect, and in addition the following:
  It can easily be disabled or overridden by the user.
  A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.
  For more information about Gatekeeper, see this Apple Support article.
  4. Beyond XProtect and Gatekeeper, there’s no benefit, in most cases, from any other automated protection against malware. The first and best line of defense is always your own intelligence. All known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
  That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
  Any website that prompts you to install a “codec,” “plug-in,” "player," "archive extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
  A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn users who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
  Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
  Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
  5. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was never a good idea, and Java's developers have had a lot of trouble implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style "virus" affecting OS X. Merely loading a page with malicious Java content could be harmful. Fortunately, Java on the Web is mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice.
  Java is not included in OS X 10.7 and later. A separate Java installer is distributed by Apple, and another one by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers. In Safari, this is done by unchecking the box marked Enable Java in the Security tab of the preferences dialog.
  Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a specific task, enable Java only when needed for the task and disable it immediately when done. Close all other browser windows and tabs, and don't visit any other sites while Java is active. Never enable any version of Java on a public web page that carries third-party advertising. Use it, if at all, only on well-known, password-protected, secure business or government websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
  Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
  6. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
  Why shouldn't you use commercial "anti-virus" products?
  Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
  In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
  7. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
  ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
  A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
  ♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
  ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
  8. The greatest harm done by anti-virus software, in my opinion, is in its effect on human behavior. It does little or nothing to protect people from emerging threats, but they get a false sense of security from it, and then they may behave in ways that expose them to higher risk. Nothing can lessen the need for safe computing practices.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.