WARNING WARNING MALWARE ATTACK
Just a heads up if you have never run into this, yet. I created my website on iweb08. Recently I opened it on a Windows machine (stop throwing things at the monitor). I noticed that some of the words were suddenly underlined or looked a little strange on every page. I ran the cursor them, an ad popped up. Each for a different company. When I opened on my Mac, no problems at all. Back on Windows, there it was. The company name was in very small print in a bottom corner of each ad. So I was able to remove the malware and all problems disappeared. I did find their website and raised **** with them. Sorry, I lost the name of the company.
The moral of the story is:
1. Always check your website on a Windows machine to make sure that those folks who bought Bill Gates snake oil see your website the same way you do on your Mac.
2. Check to make sure no one has fooled with it.
Was it really "malware" or an ad for a service you are using on your iWeb site? The thing about iWeb is that most snippets from services you add to your site have embedded ads in them. That's just one drawback of using a 3rd party service for a feature. Take a form for instance. Most iWeb users use a form service and add the code into iWeb snippet. The form service code usually has an ad embedded in it. It's not malware, it's advertisement for the service you are using. That's why it's always a good idea to develop your features yourself vs. using a 3rd party service. Also remember that according to statistics the majority of web users are browsing on Windoze machines.
Similar Messages
-
Stolen credit card on paypal - Malware attack?
Hi, I have had unauthorized charges on my credit card, the latest was through pay pal, and maybe the first as well.
I suspect it could be due to a keystroke logger malware attack. Is there something out there that will alert meto this, or remove it?
thank youI haven't used it myself, but comes highly recommended. Little Snitch
http://www.obdev.at/products/littlesnitch/index.html
There's also MacScan which is supposed to check for a number of key loggers, as well as other forms of malware. (Most key loggers, I believe, need to be installed locally at the computer itself.) Not quite sure how reliable its results are, but it can be run in free demo mode. It might come up with something.
http://macscan.securemac.com/ -
Where is the help for the latest malware attack on macs from flash player?
Where is the help for the latest malware attack from flash player? I am running mac ox x v10.7 lion, and everything that I can find says to download Java and neither of them will work. 10.6 update says its for version 10.6. java for osx date 7 says it will damage hard drive !!!
How do I know if I have this and what can I do to protect my computer? I JUST DOWNLOADED FLASH PLAYER A WEEK AGO. I deleted it from my computer but how do I know if I have malware?????????There is a new user-friendly Flashback detection-removal tool from F-Secure available here:
Flashback Removal Tool
http://www.f-secure.com/weblog/archives/00002346.html
Apple has promised one also, but it has not yet been released. See
About Flashback malware
http://support.apple.com/kb/HT5244 -
My son was using the cpu at the time of the first attack. He got it cleared out and working. A day later it hit again when I was using the computer. As soon as I saw the fake virus scan I brought up taskmaster and stopped it. Almost immediately it started running again so I stopped it a second time. When I did, it shut down windows explorer. The only thing that would run was the malware. I brought it up at a restore point and it ran normally. This cycle has been repeated several times.
Both Avast and SpybotSD will find and delete the malware, and both of these update normally. I think that when firefox updates itself, it is requesting data from a malware site rater than from you. How do I reset this?Try this:
#Go to '''Tools '''| '''Options '''| '''Advanced '''and click the '''Network '''tab.
#In the Offline Storage menu, click the '''Clear Now''' button.
#In the location bar, type '''about:config '''and hit Enter.
#In the filter at the top, type: '''keyword.URL'''
#Double click it and remove whatever's in there. You'll see it revert to "Default" and "String".
#Go to File | Exit
#Restart Firefox and go to the page you want to set as your homepage
#Go to '''Tools '''| '''Options '''| '''General'''.
#Make sure it says "''Show My Homepage''" in the first dropdown menu.
#Click the button called "'''Use Current Pages'''" to set the homepage to the one you have on the screen. -
Is Firefox x64 more secure against Malware attacks than Firefox x32?
I have a Windows 7 Home Premium SP1 x64 computer. It is my understanding that Windows 7 HP SP1 x64 is more secure against Malware-Virus attacks then Window 7 HP SP1 x32.
I am using Firefox 6.0B2 x32 and just started also using Firefox 8.0A1 x64. Both are working fine.
Is the x64 version of Firefox more secure than the x32 version against Malware-Virus attacks on a Windows 7 SP1 x64 computer simply because it is x64.No, it isn't.
-
My Biggest Concern with all Windows and Windows 8.1 - NSA malware attacks!
My Biggest Question with Windows.
With all the NSA infecting malwares to all computers around the globe.
Does Windows 8.1 have any form of protection with NSA Hacking incidents!
Because I find that the Windows Integrated firewall is not up to par to protecting my computer from these attacks!
Microsoft must perk up their security in their products!
http://www.zdnet.com/nsa-malware-infected-over-50000-computer-networks-worldwide-7000023537/
How are we going to put any trust when a product is infected by NSA malwares!
See Video:-
http://www.youtube.com/watch?v=9CqVYUOjHLwWindows 8.1 comes with Anti-Malware protection (Windows Defender) and will protect you against malwares.
If you have sample of a malware which might not detect with Windows Defender in Windows 8, you submit sample on:
https://www.microsoft.com/security/portal/submission/submit.aspx -
Cannot get Equium L40-10X working after malware attack
Hi, I'm new here.
Only have the Equium Laptop 1 week and it is infected with MalWare. Norton Internet Security was activated and current, but alas the worms won. It displays the message "Windows Explorer has stopped working" during boot attempts. Strangely enough though the registration message of AntiVirGear v3.7 works perfectly.
I've tried to format the C: partition, run all Safe Mode options, Install Win Vista and XP, Recovery CD install, BIOS tweaks, Windows repair and of course my old friend MSDOS.
I removed the 120gb hard drive (3 partitions) and tried to pop it into my trusty modular bay so I could do as I wished as another drive, not bootable to harvest my files from the E: partition, then format the thing. But the pins are different though the drives are the same size. So basically I'm stuck with a deadish PC no fault of Toshiba, MS or anybody..
Except the programming miscreants of AntiVirGear v3.7 who will gladly release my yoke from it's chains provided I give them my credit card information (if they didn't already snatch that). If I do that it will be the beginning of "just one more purchase" and that will surely end my misery... So if anybody here can help I have the hammer and screwdriver ready.
I've been to Norton Support and they told me to try the things I already tried. And then they gave up, "contact MS". MS doesn't support OEM versions, so here I am.
Please have a think about this.
Thanks for listening.Hi buddy,
man, this sounds REALLY...REALLY strange.
So, for better understanding:
You have malware on your system (C: drive), you want a working system? Right? But you want firstly secure some of your data?
Ok, it would be better to grab your hdd, go to the next electronic market and then buy a USB-HDD case. But first check if the pins fit (that was the suggestion to take your drive to the market to check THIS out).
Connect the USB-HDD to your another system, copy your files and then delete the WHOLE drive. The best would be to try this CD to format and repartition your drive:
www.ubcd4win.com
Then after completely removing all partitions, you can drive your recovery and get a working system back.
Greets -
PREVENT MALWARE AND VIRUS ATTACKS On your Razr And Razr Maxx
I put this on here for ones Wanting to Prevent Attacks From M & V on the DROID RAZR MAXX b33
How do I prevent malware attacks?
To prevent malware (spyware, phishing, and viruses) from disrupting your phone's performance or damaging your phone, do a little research before downloading each app. Read on for easy ways to protect your phone when choosing apps.
Check the rating
Does the app get 4 or 5 starts? If so, it's probably a good one. If no one has posted comments along with the high star rating, be suspicious. Always check the comments, too, and if none are available, try an Android user forum search.
Read lots of comments in Market
Before downloading an app, read reviews from other Market users who have downloaded it to help you decide if it's right for you. On the app description screen, scroll down and touch Read all comments. Read a bunch of comments, not just the first few.
Check the permissions
When installing an app, be sure to read the alerts that tell you what information the app will access. If you disagree with allowing access to that information, cancel the installation. If you are installing an app that makes a shopping list, for example, the app should not require access to your contacts. Even if the app is legit, you may not want to allow access to your information.
Check Android user forums
Search Android user forums on the internet for the app name or post a question for other users to answer. Forums are great resources for sharing information. Your question will help other users, too.
Check the developer's website
Market not only provides comments at your fingertips, but if you scroll farther, you can touch Visit the developer's webpage to go directly to it. Does it look professional or quickly thrown together?
Post your own comments
After you download an app, you can rate it and post comments for other users to see. Just open Market and touchDownloads. Touch the installed app, then touch a star to rate it. Once you rate it, touch Post a comment to add yours. The more information available, the safer things get! Your Android community thanks you.
Still not sure?
If you are unable to find information using the previous suggestions and are unsure of the safety of the app, do not install it. There are plenty of other apps to choose from.I like how for over 2 years this hasn't been answered. This issue is still current.
-
I am running OS X Version 10.9.5 on n iMac I brought in 2011. Had a virus or malware attack the other night and a window opened with a # to call for help. Didn't know if I should trust the # but ended up calling it anyway and paid to have them 'fix' things. Was told I didn't have firewall protection. Am not sure if I do now. [It still says to allow all incoming connections]. So what do I do now? And what kind of antivirus program is recommended?
FirewallRead "Ransomware" web pages.
Assuming you let the scam outfit remotely control your Mac, the information on it can no longer be considered secure. Neither can the Mac itself. You should immediately shut it down and take actions to prevent or recover from identity theft, which is quite likely to have occurred. This means contacting the financial institutions and other companies that may permit access to your accounts using login names and passwords, canceling and replacing credit cards, and similar actions that only you can know.
Determine if you can contest the charge made to your credit card for this criminal transgression.
And what kind of antivirus program is recommended?
None. The Mac is highly secure against malware or virus intrusion, but nothing can prevent you from willfully installing dubious software or granting remote access to criminals. No "anti-virus" software in the world will protect you from that. The OS X application firewall is not intended to prevent this sort of occurrence. -
Warning "anti-viral" trojan virus circulating using apple icon
I accidently loaded a trojan virus when I thought I was downloading an anti-viral program sent from Apple - they use the Apple logo. It then results in continuous pop-ups of *********** sites. Apple tech support could not help but I found a website providing instructions to remove the malware. Website is called "bleeping.com" Yes, the irony of the name given what I had to get rid of - be careful.
This was "news" three weeks ago. And every day here, but mostly over on forum for Snow Leopard
There are dozens of articles, threads, links on how to help, as well as on what it is.
Apple Community threads "macdefender"
What is odd is a policy of turning customers away.
Microsoft links fake Mac AV to Windows scareware gang
http://www.reedcorner.net/news.php/?p=82
MacInTouch - security discussion
The most common and popular AV mentioned -
ClamXav
Intego Software
Mac BitDefender
Norton for Mac
Sophos Anti-Virus for Mac Home Edition
MACDEFENDER Malware
ZDNet Security
Snow Leopard malware attacks
New MAC OS X scareware delivered through blackhat SEO
MacDefender Trojan
http://www.reedcorner.com/guides/macvirus/ -
Do I need to have any type of anti-virus or malware, spyware protection for my Macbook Pro?
My Macbook is a year old. When I bought it, I was told by several people that I would not need any type of anti-virus software or anything to protect my computer because Mac did not get infected that often. However, I have had people today tell me that I do need protection for my computer. My Mac runs about as good as the day I got it, but I really don't want anything to happen to it. If I need to get an anti-virus, or malware/spyware software, what programs would y'all recomend? I am just looking for information. Thanks!
1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
If you find this comment too long or too technical, read only sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
It can easily be disabled or overridden by the user.
A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
For the reasons given above, App Store products, and other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. OS X security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is presumably effective against known attacks, but maybe not against unknown attacks. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. XProtect, Gatekeeper, and MRT reduce the risk of malware attack, but they're not absolute protection. The first and best line of defense is always your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
That means, in practice, that you never use software that comes from an untrustworthy source, or that does something inherently untrustworthy. How do you know what is trustworthy?
Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
Software that purports to help you do something that's illegal or that infringes copyright, such as saving streamed audio or video for reuse without permission, is unsafe. All YouTube "downloaders" are in this category, though not all are necessarily harmful.
Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
Even signed applications, no matter what the source, should not be trusted if they do something unexpected, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
Follow the above guidelines, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself from malware.
7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. Any database of known threats is always going to be out of date. Most of the danger is from unknown threats. If you need to be able to detect Windows malware in your files, use the free software ClamXav— nothing else.
Why shouldn't you use commercial "anti-virus" products?
Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
8. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user you don't have to live in fear that your computer is going to be infected every time you install an application, read email, or visit a web page. But neither should you have the false idea that you will always be safe, no matter what you do. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices. -
i believe that i have malware (possible highjack of safari browser) on my mac, osx 10.9.4. accordingly, i've tried to run clamxav (on my mac HD) but just get a spinning wheel, then have to shut down. any advice on how to stop spinning wheel or get rid of malware? i have symnatic endpoint and, after scanning, it reveals nothing. please help. :-).
are locked user files or that have incorrect permission a bad thing?
Yes.
why am i removing symantec?
Short answer: Because it's worse than useless and worse than the imaginary "viruses" you're afraid of would be if they really existed. For the long answer, see below.
1. This is a comment on what you should—and should not—do to protect yourself from malicious software ("malware") that circulates on the Internet and gets onto a computer as an unintended consequence of the user's actions. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the computer, or who has been able to log in to it remotely. That threat is in a different category, and there's no easy way to defend against it.
The comment is long because the issue is complex. The key points are in sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
☞ It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
☞ It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
☞ It can easily be disabled or overridden by the user.
☞ A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
☞ An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
Apple has so far failed to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. These failures don't involve App Store products, however.
For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. Malware is a problem of human behavior, and a technological fix is not going to solve it. Trusting software to protect you will only make you more vulnerable.
The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the scam artists. If you're smarter than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
Software from an untrustworthy source
☞ Software of any kind is distributed via BitTorrent, or Usenet, or on a website that also distributes pirated music or movies.
☞ Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, or your browser, or any other software.
☞ Rogue websites such as Softonic and CNET Download distribute free applications that have been packaged in a superfluous "installer."
☞ The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.
Software that is plainly illegal or does something illegal
☞ High-priced commercial software such as Photoshop is "cracked" or "free."
☞ An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission.
Conditional or unsolicited offers from strangers
☞ A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
☞ A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
☞ You win a prize in a contest you never entered.
☞ Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
☞ A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
☞ Anything online that you would expect to pay for is "free."
Unexpected events
☞ A file is downloaded automatically when you visit a web page, with no other action on your part. Delete any such file without opening it.
☞ You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
☞ An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
☞ Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
7. Never install any commercial "anti-virus" (AV) or "Internet security" products for the Mac, as they are all worse than useless. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store—nothing else.
Why shouldn't you use commercial AV products?
☞ To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. This technique is a proven failure, as a major AV software vendor has admitted. Most attacks are "zero-day"—that is, previously unknown. Recognition-based AV does not defend against such attacks, and the enterprise IT industry is coming to the realization that traditional AV software is worthless.
☞ Its design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere. In order to meet that nonexistent threat, commercial AV software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
☞ By modifying the operating system, the software may also create weaknesses that could be exploited by malware attackers.
☞ Most importantly, a false sense of security is dangerous.
8. An AV product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject low-level code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
An AV app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful, if at all, only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware.
Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. A malicious attachment in email is usually easy to recognize by the name alone. An actual example:
London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
You don't need software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's no reason to use recognition software unless an organizational policy requires it. Windows malware is so widespread that you should assume it's in everyemail attachment until proven otherwise. Nevertheless, ClamXav or a similar product from the App Store may serve a purpose if it satisfies an ill-informed network administrator who says you must run some kind of AV application. It's free and it won't handicap the system.
The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user, you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither can you assume that you will always be safe from exploitation, no matter what you do. Navigating the Internet is like walking the streets of a big city. It's as safe or as dangerous as you choose to make it. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices. -
Is there any Malware that affects Macs?
Hi everyone,
I recently bought a macbook pro and i wonder if i need a security app? I read something about Kaspersky for Mac, did anyone have an idea about this app?1. This is a comment on what you should and should not do to protect yourself from malicious software ("malware") that circulates on the Internet. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to your computer, or who has been able to log in to it remotely. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
If you find this comment too long or too technical, read only sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
It can easily be disabled or overridden by the user.
A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
For the reasons given above, App Store products, and other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandboxing security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. The built-in security features of OS X reduce the risk of malware attack, but they're not absolute protection. The first and best line of defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and Internet criminals. If you're smarter than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some red flags that indicate danger.
Software from an untrustworthy source
Software of any kind is distributed via BitTorrent or Usenet.
Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website.
Rogue websites such as Softonic and CNET Download distribute free applications that have been packaged in a superfluous "installer."
The software is advertised by means of spam or intrusive web popups.
Software that is plainly illegal or does something illegal
Software that you would otherwise have to pay for is "cracked" or "free."
An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission.
Conditional or unsolicited offers from strangers
A web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
You win a prize in a contest you never entered.
Someone on a message board such as this one is eager to help you, but only if you install an application of his choosing.
A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
Unexpected events
You open what looks like a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file or message.
An application does something inexplicable, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store — nothing else.
Why shouldn't you use commercial "anti-virus" products?
To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. New threats are emerging on a daily basis. Research has shown that most successful attacks are "zero-day" — that is, previously unknown. Recognition-based malware scanners do not defend against such attacks.
Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
8. An anti-malware product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
An anti-virus app is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware, and even for that use it's not completely effective. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
Anti-virus software may be able to tell you which particular trojan it is, but do you really care? In practice, there's seldom a reason to use the software unless an institutional policy requires it. Windows malware is so widespread that you should assume it's in every unknown email attachment until proven otherwise.
The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither should you assume that you will always be safe from exploitation, no matter what you do. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. "Hmmmm, this torrent is a crack of that new game I want. I think I'll download it. It could be a trojan, but the antivirus will warn me if it is." Then they wonder why their Mac is so slow all of a sudden. It's slow because it's running flat out mining bitcoins for a hacker who has already sold their credit card number and banking passwords to a criminal gang. Maybe a week later the antivirus does warn them, but what good does that do?
Nothing can lessen the need for safe computing practices. -
The pop-up says: "The page at http://certix.co.cc says: Warning! Your PC is at risk of virus and malware attack. Your system require immediate check! System Security will perform a quick and free scan of your PC for viruses and malicious programs."
@mgottd, are you running Windows? If so, use the Task Manager to shut down your problem browser (Ctrl+Shift+Esc, then check the Applications tab and the Processes tab).
Can you try to get these two highly regarded scanners by copying the URL and then pasting it in the Windows XP Start > Run box or the Windows 7 "orb" search box and pressing Enter:
Malwarebytes Anti-malware : http://www.malwarebytes.org/products/malwarebytes_free
SUPERAntiSpyware : http://www.superantispyware.com/
Also, please note that your Firewall protects against inbound connections from the internet as well as your local network, so you probably do not want to turn it off for very long. -
Panic Attacks - Interpret Two Reports?
Can someone read the EtreCheck report AND the Mac Mini generated report? First EtreCheck, followed by the MacMini generated error report.
Thanks for looking thru this.
ETRECHECK REPORT.....
Problem description:
System reboots about once a day. Recently upgraded to Yosemite, but issue didn’t start until about two weeks later. MacMini, late 2009.
EtreCheck version: 2.0.11 (98)
Report generated November 15, 2014 at 4:14:09 PM EST
Hardware Information: ℹ️
Mac mini (Early 2009) (Verified)
Mac mini - model: Macmini3,1
1 2.26 GHz Intel Core 2 Duo CPU: 2-core
4 GB RAM Upgradeable
BANK 0/DIMM0
2 GB DDR3 1067 MHz ok
BANK 1/DIMM0
2 GB DDR3 1067 MHz ok
Bluetooth: Old - Handoff/Airdrop2 not supported
Wireless: en1: 802.11 a/b/g/n
Video Information: ℹ️
NVIDIA GeForce 9400 - VRAM: 256 MB
HP L1950 1280 x 1024 @ 60 Hz
HP L1950 1280 x 1024 @ 60 Hz
System Software: ℹ️
OS X 10.10 (14A389) - Uptime: 1:36:57
Disk Information: ℹ️
WDC WD3200BPVT-00JJ5T0 disk0 : (320.07 GB)
S.M.A.R.T. Status: Verified
EFI (disk0s1) <not mounted> : 210 MB
Earth (disk0s2) / [Startup]: 319.21 GB (286.10 GB free)
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
PIONEER DVD-RW DVRTS08
USB Information: ℹ️
Iomega USB Zip 100
Canon CanoScan
Apple Computer, Inc. IR Receiver
AKM AK5370
Apple Inc. BRCM2046 Hub
Apple Inc. Bluetooth USB Host Controller
Firewire Information: ℹ️
Other World Computing OWC Neptune 400mbit - 400mbit max
S.M.A.R.T. Status: Verified
EFI (disk1s1) <not mounted> : 210 MB
Time Machine (disk1s2) /Volumes/Time Machine : 79.68 GB (14.58 GB free)
Gatekeeper: ℹ️
Mac App Store and identified developers
Kernel Extensions: ℹ️
/Library/Extensions
[loaded] com.symantec.kext.SymAPComm (12.7.1f4 - SDK 10.8) Support
[loaded] com.symantec.kext.internetSecurity (5.4f4 - SDK 10.8) Support
[loaded] com.symantec.kext.ips (3.9.2f1 - SDK 10.8) Support
Launch Agents: ℹ️
[loaded] com.symantec.errorreporter-periodicagent.plist Support
[running] com.symantec.uiagent.application.plist Support
Launch Daemons: ℹ️
[loaded] com.adobe.fpsaud.plist Support
[loaded] com.macpaw.CleanMyMac2.Agent.plist Support
[loaded] com.microsoft.office.licensing.helper.plist Support
[loaded] com.symantec.errorreporter-periodic.plist Support
[loaded] com.symantec.liveupdate.daemon.ondemand.plist Support
[loaded] com.symantec.liveupdate.daemon.plist Support
[not loaded] com.symantec.nav.migrateqtf.plist Support
[running] com.symantec.sharedsettings.plist Support
[running] com.symantec.symdaemon.plist Support
User Launch Agents: ℹ️
[loaded] com.adobe.ARM.[...].plist Support
[loaded] com.macpaw.CleanMyMac2Helper.diskSpaceWatcher.plist Support
[loaded] com.macpaw.CleanMyMac2Helper.scheduledScan.plist Support
[loaded] com.macpaw.CleanMyMac2Helper.trashWatcher.plist Support
User Login Items: ℹ️
iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
AdobeResourceSynchronizer ApplicationHidden (/Applications/Adobe Reader.app/Contents/Support/AdobeResourceSynchronizer.app)
Internet Plug-ins: ℹ️
FlashPlayer-10.6: Version: 15.0.0.223 - SDK 10.6 Support
QuickTime Plugin: Version: 7.7.3
AdobePDFViewerNPAPI: Version: 11.0.09 - SDK 10.6 Support
AdobePDFViewer: Version: 11.0.09 - SDK 10.6 Support
Flash Player: Version: 15.0.0.223 - SDK 10.6 Support
Default Browser: Version: 600 - SDK 10.10
SharePointBrowserPlugin: Version: 14.4.6 - SDK 10.6 Support
Silverlight: Version: 5.1.30514.0 - SDK 10.6 Support
3rd Party Preference Panes: ℹ️
Flash Player Support
Norton\nQuickMenu Support
Time Machine: ℹ️
Skip System Files: NO
Mobile backups: OFF
Auto backup: YES
Volumes being backed up:
Earth: Disk size: 319.21 GB Disk used: 33.11 GB
Destinations:
Time Machine [Local]
Total size: 79.68 GB
Total number of backups: 46
Oldest backup: 2014-08-02 00:06:22 +0000
Last backup: 2014-11-15 20:49:28 +0000
Size of backup disk: Too small
Backup size 79.68 GB < (Disk used 33.11 GB X 3)
Top Processes by CPU: ℹ️
9% WindowServer
4% Microsoft Word
1% hidd
1% loginwindow
0% fontd
Top Processes by Memory: ℹ️
309 MB SymDaemon
108 MB Mail
106 MB Microsoft Word
92 MB WindowServer
90 MB mds_stores
Virtual Memory Information: ℹ️
546 MB Free RAM
2.16 GB Active RAM
594 MB Inactive RAM
707 MB Wired RAM
2.30 GB Page-ins
2 MB Page-outs
The MAC MINI GENERATED REPORT
nonymous UUID: E52B4103-C016-0746-205E-B3E67A787267
Sat Nov 15 14:38:13 2014
*** Panic Report ***
panic(cpu 1 caller 0xffffff801b979458): "a freed zone element has been modified in zone kalloc.128: expected 0xdeadbeefdeadbeef but found 0xffffff8026d7d758, bits changed 0x2152416ff87a69b7, at offset 88 of 128 in element 0xffffff80267cf480, cookies 0x3f0011f95f151448 0x53521dac7f58969"@/SourceCache/xnu/xnu-2782.1.97/osfmk/kern/zalloc.c:496
Backtrace (CPU 1), Frame : Return Address
0xffffff80adf4a7c0 : 0xffffff801b93a811
0xffffff80adf4a840 : 0xffffff801b979458
0xffffff80adf4a970 : 0xffffff801be80585
0xffffff80adf4bab0 : 0xffffff801be81333
0xffffff80adf4bae0 : 0xffffff7f9cefa438
0xffffff80adf4bb20 : 0xffffff7f9cef9c5a
0xffffff80adf4bb60 : 0xffffff801bf026df
0xffffff80adf4bbc0 : 0xffffff801bf00003
0xffffff80adf4bd00 : 0xffffff801b9ea517
0xffffff80adf4be10 : 0xffffff801b93e91c
0xffffff80adf4be40 : 0xffffff801b9235a3
0xffffff80adf4be90 : 0xffffff801b933e8d
0xffffff80adf4bf10 : 0xffffff801ba0a142
0xffffff80adf4bfb0 : 0xffffff801ba3ac66
Kernel Extensions in backtrace:
com.apple.iokit.IOSurface(97.0)[B4E2654D-4087-3875-9D59-E899A0A04F0E]@0xffffff7 f9cef3000->0xffffff7f9cf05fff
BSD process name corresponding to current thread: com.apple.WebKit
Mac OS version:
14A389
Kernel version:
Darwin Kernel Version 14.0.0: Fri Sep 19 00:26:44 PDT 2014; root:xnu-2782.1.97~2/RELEASE_X86_64
Kernel UUID: 89E10306-BC78-3A3B-955C-7C4922577E61
Kernel slide: 0x000000001b600000
Kernel text base: 0xffffff801b800000
__HIB text base: 0xffffff801b700000
System model name: Macmini3,1 (Mac-F22C86C8)
System uptime in nanoseconds: 34279379927671
last loaded kext at 29156503458258: com.apple.driver.AppleUSBCDC 4.2.2b5 (addr 0xffffff7f9de68000, size 20480)
last unloaded kext at 30182695045545: com.apple.driver.AppleUSBCDC 4.2.2b5 (addr 0xffffff7f9de68000, size 16384)
loaded kexts:
com.symantec.kext.SymAPComm 12.7.1f4
com.symantec.kext.ips 3.9.2f1
com.symantec.kext.internetSecurity 5.4f4
com.apple.driver.AppleHWSensor 1.9.5d0
com.apple.driver.ApplePlatformEnabler 2.1.0d1
com.apple.driver.AGPM 100.14.37
com.apple.filesystems.autofs 3.0
com.apple.driver.AppleBluetoothMultitouch 85.3
com.apple.iokit.IOBluetoothSerialManager 4.3.0f10
com.apple.driver.AppleOSXWatchdog 1
com.apple.driver.AppleHDA 266.5
com.apple.iokit.BroadcomBluetoothHostControllerUSBTransport 4.3.0f10
com.apple.driver.AudioAUUC 1.70
com.apple.iokit.IOUserEthernet 1.0.1
com.apple.Dont_Steal_Mac_OS_X 7.0.0
com.apple.driver.AppleHWAccess 1
com.apple.driver.AppleHV 1
com.apple.driver.ACPI_SMC_PlatformPlugin 1.0.0
com.apple.GeForceTesla 10.0.0
com.apple.driver.AppleLPC 1.7.3
com.apple.driver.AppleUpstreamUserClient 3.6.1
com.apple.driver.AppleMCCSControl 1.2.10
com.apple.driver.AppleIRController 327.5
com.apple.driver.Oxford_Semi 3.5.0
com.apple.AppleFSCompression.AppleFSCompressionTypeDataless 1.0.0d1
com.apple.AppleFSCompression.AppleFSCompressionTypeZlib 1.0.0d1
com.apple.BootCache 35
com.apple.iokit.SCSITaskUserClient 3.7.0
com.apple.driver.XsanFilter 404
com.apple.iokit.IOAHCIBlockStorage 2.6.5
com.apple.driver.AppleUSBHub 705.4.1
com.apple.driver.AppleUSBOHCI 656.4.1
com.apple.driver.AppleUSBEHCI 705.4.14
com.apple.driver.AirPortBrcm43224 700.36.24
com.apple.driver.AppleFWOHCI 5.5.2
com.apple.driver.AppleAHCIPort 3.0.7
com.apple.driver.AppleHPET 1.8
com.apple.nvenet 2.0.22
com.apple.driver.AppleRTC 2.0
com.apple.driver.AppleACPIButtons 3.1
com.apple.driver.AppleSMBIOS 2.1
com.apple.driver.AppleACPIEC 3.1
com.apple.driver.AppleAPIC 1.7
com.apple.driver.AppleIntelCPUPowerManagementClient 218.0.0
com.apple.nke.applicationfirewall 161
com.apple.security.quarantine 3
com.apple.security.TMSafetyNet 8
com.apple.driver.AppleIntelCPUPowerManagement 218.0.0
com.apple.AppleGraphicsDeviceControl 3.7.21
com.apple.kext.triggers 1.0
com.apple.driver.IOBluetoothHIDDriver 4.3.0f10
com.apple.driver.AppleMultitouchDriver 260.30
com.apple.iokit.IOSerialFamily 11
com.apple.driver.DspFuncLib 266.5
com.apple.kext.OSvKernDSPLib 1.15
com.apple.iokit.IOBluetoothHostControllerUSBTransport 4.3.0f10
com.apple.iokit.IOSurface 97
com.apple.iokit.IOBluetoothFamily 4.3.0f10
com.apple.driver.AppleSMC 3.1.9
com.apple.driver.IOPlatformPluginLegacy 1.0.0
com.apple.nvidia.classic.NVDANV50HalTesla 10.0.0
com.apple.iokit.IOUSBUserClient 705.4.0
com.apple.iokit.IOFireWireIP 2.2.6
com.apple.driver.AppleHDAController 266.5
com.apple.iokit.IOHDAFamily 266.5
com.apple.driver.IOPlatformPluginFamily 5.8.0d49
com.apple.driver.AppleSMBusController 1.0.13d1
com.apple.nvidia.classic.NVDAResmanTesla 10.0.0
com.apple.iokit.IONDRVSupport 2.4.1
com.apple.iokit.IOGraphicsFamily 2.4.1
com.apple.driver.AppleUSBAudio 295.22
com.apple.iokit.IOAudioFamily 200.6
com.apple.vecLib.kext 1.2.0
com.apple.iokit.IOSCSIBlockCommandsDevice 3.7.0
com.apple.iokit.IOUSBHIDDriver 705.4.0
com.apple.iokit.IOUSBMassStorageClass 3.7.0
com.apple.driver.AppleUSBMergeNub 705.4.0
com.apple.driver.AppleUSBComposite 705.4.9
com.apple.iokit.IOSCSIReducedBlockCommandsDevice 3.7.0
com.apple.iokit.IOFireWireSerialBusProtocolTransport 2.5.1
com.apple.iokit.IOFireWireSBP2 4.2.5
com.apple.iokit.IOSCSIMultimediaCommandsDevice 3.7.0
com.apple.iokit.IOBDStorageFamily 1.7
com.apple.iokit.IODVDStorageFamily 1.7.1
com.apple.iokit.IOCDStorageFamily 1.7.1
com.apple.iokit.IOAHCISerialATAPI 2.6.1
com.apple.iokit.IOSCSIArchitectureModelFamily 3.7.0
com.apple.iokit.IOUSBFamily 705.4.14
com.apple.iokit.IO80211Family 700.52
com.apple.iokit.IOFireWireFamily 4.5.6
com.apple.driver.AppleEFINVRAM 2.0
com.apple.iokit.IOAHCIFamily 2.7.0
com.apple.driver.AppleEFIRuntime 2.0
com.apple.iokit.IONetworkingFamily 3.2
com.apple.driver.NVSMU 2.2.9
com.apple.iokit.IOHIDFamily 2.0.0
com.apple.iokit.IOSMBusFamily 1.1
com.apple.security.sandbox 300.0
com.apple.kext.AppleMatch 1.0.0d1
com.apple.driver.AppleKeyStore 2
com.apple.driver.AppleMobileFileIntegrity 1.0.5
com.apple.driver.AppleCredentialManager 1.0
com.apple.driver.DiskImages 389.1
com.apple.iokit.IOStorageFamily 2.0
com.apple.iokit.IOReportFamily 31
com.apple.driver.AppleFDEKeyStore 28.30
com.apple.driver.AppleACPIPlatform 3.1
com.apple.iokit.IOPCIFamily 2.9
com.apple.iokit.IOACPIFamily 1.4
com.apple.kec.corecrypto 1.0
com.apple.kec.Libm 1
com.apple.kec.pthread 1
Model: Macmini3,1, BootROM MM31.0081.B06, 2 processors, Intel Core 2 Duo, 2.26 GHz, 4 GB, SMC 1.35f0
Graphics: NVIDIA GeForce 9400, NVIDIA GeForce 9400, PCI, 256 MB
Memory Module: BANK 0/DIMM0, 2 GB, DDR3, 1067 MHz, 0x80AD, 0x484D54313235533641465238432D47372020
Memory Module: BANK 1/DIMM0, 2 GB, DDR3, 1067 MHz, 0x80AD, 0x484D54313235533641465238432D47372020
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x90), Broadcom BCM43xx 1.0 (5.10.131.36.16)
Bluetooth: Version 4.3.0f10 14890, 3 services, 27 devices, 1 incoming serial ports
Network Service: Ethernet, Ethernet, en0
Serial ATA Device: WDC WD3200BPVT-00JJ5T0, 320.07 GB
Serial ATA Device: PIONEER DVD-RW DVRTS08
USB Device: USB 2.0 Hub
USB Device: USB Zip 100
USB Device: CanoScan
USB Device: IR Receiver
USB Device: AK5370
USB Device: BRCM2046 Hub
USB Device: Bluetooth USB Host Controller
FireWire Device: OWC Neptune, Other World Computing, Up to 400 Mb/sec
Thunderbolt Bus:Mac users often ask whether they should install "anti-virus" software. The answer usually given on ASC is "no." The answer is right, but it may give the wrong impression that there is no threat from what are loosely called "viruses." There is a threat, and you need to educate yourself about it.
1. This is a comment on what you should—and should not—do to protect yourself from malicious software ("malware") that circulates on the Internet and gets onto a computer as an unintended consequence of the user's actions. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the computer, or who has been able to take control of it remotely. That threat is in a different category, and there's no easy way to defend against it.
The comment is long because the issue is complex. The key points are in sections 5, 6, and 10.
OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
☞ It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
☞ It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
☞ It can easily be disabled or overridden by the user.
☞ A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
☞ An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
Apple has so far failed to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. These failures don't involve App Store products, however.
For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. Malware is foremost a problem of human behavior, and no technological fix alone is going to solve it. Trusting software to protect you will only make you more vulnerable.
The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and Internet criminals. If you're better informed than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
Software from an untrustworthy source
☞ Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, or your browser, or any other software. A genuine alert that Flash is outdated and blocked is shown on this support page. Follow the instructions on the support page in that case. Otherwise, assume that the alert is fake and someone is trying to scam you into installing malware. If you see such alerts on more than one website, ask for instructions.
☞ Software of any kind is distributed via BitTorrent, or Usenet, or on a website that also distributes pirated music or movies.
☞ Rogue websites such as Softonic, Soft32, and CNET Download distribute free applications that have been packaged in a superfluous "installer."
☞ The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.
Software that is plainly illegal or does something illegal
☞ High-priced commercial software such as Photoshop is "cracked" or "free."
☞ An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission. All "YouTube downloaders" are in this category, though not all are necessarily malicious.
Conditional or unsolicited offers from strangers
☞ A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
☞ A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
☞ You win a prize in a contest you never entered.
☞ Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
☞ A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
☞ Anything online that you would expect to pay for is "free."
Unexpected events
☞ A file is downloaded automatically when you visit a web page, with no other action on your part. Delete any such file without opening it.
☞ You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
☞ An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
☞ Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a padlock icon in the address bar when visiting a secure site.
Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
7. Never install any commercial "anti-virus" (AV) or "Internet security" products for the Mac, as they are all worse than useless. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store—nothing else.
Why shouldn't you use commercial AV products?
☞ To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. This technique is a proven failure, as a major AV software vendor has admitted. Most attacks are "zero-day"—that is, previously unknown. Recognition-based AV does not defend against such attacks, and the enterprise IT industry is coming to the realization that traditional AV software is worthless.
☞ Its design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere. In order to meet that nonexistent threat, commercial AV software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
☞ By modifying the operating system, the software may also create weaknesses that could be exploited by malware attackers.
☞ Most importantly, a false sense of security is dangerous.
8. An AV product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject low-level code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
An AV app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful, if at all, only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware.
Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. A malicious attachment in email is usually easy to recognize by the name alone. An actual example:
London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
You don't need software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's no reason to use recognition software unless an organizational policy requires it. Windows malware is so widespread that you should assume it's in every email attachment until proven otherwise. Nevertheless, ClamXav or a similar product from the App Store may serve a purpose if it satisfies an ill-informed network administrator who says you must run some kind of AV application. It's free and it won't handicap the system.
The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
10. As a Mac user, you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither can you assume that you will always be safe from exploitation, no matter what you do. Navigating the Internet is like walking the streets of a big city. It's as safe or as dangerous as you choose to make it. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices.
Maybe you are looking for
-
I can't share through email in lion?
When i try to send my work throught the sharing option to send an eimal as numbers, excel, or PDF, it highlights and then does nothing. Is this an issue with lion, or the numbers upgrade?
-
Consignment settlement - payment terms
Hello, I had a vendor that use to buy consignment and non-consignment part. Both consignment and non-consignment they have different payment terms. I found out that when we do consignment settlement the payment term is retrieved from vendor master. i
-
Report on Mapping folder with DB Tables
Hi Gurus, One of the user came with a weird requirement. I hope someone can shed some light on this or is it possible in a report Here is the requirement: We have a mini site where all the images relates to catalog are stored in a folder. Now the req
-
How can we create a Slideshow on the front page of our application/?
-
Abap code Logic for splitting is not working
Hi, I have a requirement to split a single amount and product into several parts. so far my logic is not working as only the first row is being fetched. TYPES: BEGIN of map_tab, ZPRODH4 TYPE NEWMAPPINGTABLE-/BIC/ZNEW_MP, ZSPRATIO TY