Hacker writes easy-to-use Mac Trojan

How does Sophos Free AV stack up against Intego AV for Mac? I am probably going to buy an iMac as soon as the new Lion OS comes out this Summer, and as a long time pc user, I don't buy Apple's claim that they don't get virus'. Maybe they don't..yet, but I'd rather be safe than sorry.

 

No need for AV software if you simply don't install the trojan. That article is quoting a researcher at Sophos, who has a financial interest in getting you to buy worthless AV products. Never listen to someone with something to sell when it comes to computer security.

AV has proven to be a failure even on Windows.

 

Regardless AVs being necessary or not (and I guess that depends on what users have on their hands - both O.S knowledge and knowledge on how to operate other tools), Sophos provides a free AV for the Mac.

 

With Sophos I did notice somewhat of an impact on my Mac's performance. I like ESET and Intego better, but you should try them out yourself to judge. Intego has the most experience, and a built in firewall.

 

Security through obscurity is ignorant.

 

What if you don't recognize the item as a trojan when it's presented to you?

 

Explain where I mentioned security through obscurity and what it has to do with this.

Don't install untrusted software. This means don't go torrenting for software and don't search random websites. This means only install software from reputable sources (doesn't Apple have their own software repository?).

 

Right, Apple has their own brand software, and there are quite a few non-Apple companies that accept Mac. What is a random website? If you are doing a search for instance, what makes you avoid a link to what you're looking for?

 

Here's a perfect example of what a reputable source is: -http://www.eweek.com/c/a/Security/Kasperskys-Download-Site-Hacked-Directs-Users-to-Fake-AntiVirus-336193/

 

That's pretty humorous. But it goes to show how important the digitally signing of files are. Such a "redirect" could have been made moot if people checked sigs on the files they download (of course it helps if developers actually sign their software).

 

You forgot the part where you may have to pay before you download the software in the first place. Services such as ClearCloud and SmartScreen would protect you from viewing the page itself.

 

I actually gave an example not so long ago regarding a fake Malwarebytes Anti-Malware. People first would need to go through a phishing scam, and then download the supposed to be Malwarebytes Anti-Malware application and even more rogue crap, once they paid all that.

The UI was the real one actually; the one in the phishing website, that is. After I provided this, it was taken down by Malwarebytes team. Just a drop in the ocean, though.

People also forget about malware using stolen digital signatures. A digital signature by no means is a sign that an application is trustworthy. I may be wrong, though.

 

Not that humorous. I'd say that humorous is the fact Kaspersky got hacked more than once. I guess they were caught unguarded.

 

If you're connected to the internet or any other devices, there's always danger lurking somewhere. Doesn't matter which OS you run.

 

Exactly. So it might be a good idea to use an AV in your Apple OS. It's like having flood insurance a mile from the river.