Hacker writes easy-to-use Mac Trojan

Discussion in 'other security issues & news' started by JRViejo, Feb 25, 2011.

Thread Status:
Not open for further replies.
  1. JRViejo

    JRViejo Global Moderator

    Joined:
    Jul 9, 2008
    Posts:
    20,968
    Location:
    U.S.A.
    Computerworld Article by Robert McMillan.​
     
  2. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    How does Sophos Free AV stack up against Intego AV for Mac? I am probably going to buy an iMac as soon as the new Lion OS comes out this Summer, and as a long time pc user, I don't buy Apple's claim that they don't get virus'. Maybe they don't..yet, but I'd rather be safe than sorry. :)
     
  3. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    No need for AV software if you simply don't install the trojan. That article is quoting a researcher at Sophos, who has a financial interest in getting you to buy worthless AV products. Never listen to someone with something to sell when it comes to computer security.

    AV has proven to be a failure even on Windows.
     
  4. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Regardless AVs being necessary or not (and I guess that depends on what users have on their hands - both O.S knowledge and knowledge on how to operate other tools), Sophos provides a free AV for the Mac.
     
  5. Someheresomethere

    Someheresomethere Registered Member

    Joined:
    Feb 17, 2011
    Posts:
    71
    With Sophos I did notice somewhat of an impact on my Mac's performance. I like ESET and Intego better, but you should try them out yourself to judge. Intego has the most experience, and a built in firewall.
     
  6. whitedragon551

    whitedragon551 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    3,189
    Location:
    USA
    Security through obscurity is ignorant.
     
  7. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    What if you don't recognize the item as a trojan when it's presented to you? :doubt:
     
  8. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Explain where I mentioned security through obscurity and what it has to do with this.

    Don't install untrusted software. This means don't go torrenting for software and don't search random websites. This means only install software from reputable sources (doesn't Apple have their own software repository?).
     
  9. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Right, Apple has their own brand software, and there are quite a few non-Apple companies that accept Mac. What is a random website? If you are doing a search for instance, what makes you avoid a link to what you're looking for?
     
  10. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Here's a perfect example of what a reputable source is: -http://www.eweek.com/c/a/Security/Kasperskys-Download-Site-Hacked-Directs-Users-to-Fake-AntiVirus-336193/
     
  11. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    That's pretty humorous. But it goes to show how important the digitally signing of files are. Such a "redirect" could have been made moot if people checked sigs on the files they download (of course it helps if developers actually sign their software).
     
  12. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,855
    You forgot the part where you may have to pay before you download the software in the first place. Services such as ClearCloud and SmartScreen would protect you from viewing the page itself.
     
  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    I actually gave an example not so long ago regarding a fake Malwarebytes Anti-Malware. People first would need to go through a phishing scam, and then download the supposed to be Malwarebytes Anti-Malware application and even more rogue crap, once they paid all that.

    The UI was the real one actually; the one in the phishing website, that is. After I provided this, it was taken down by Malwarebytes team. Just a drop in the ocean, though.

    People also forget about malware using stolen digital signatures. A digital signature by no means is a sign that an application is trustworthy. I may be wrong, though.
     
  14. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Not that humorous. I'd say that humorous is the fact Kaspersky got hacked more than once. I guess they were caught unguarded. ;)
     
  15. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    If you're connected to the internet or any other devices, there's always danger lurking somewhere. Doesn't matter which OS you run.
     
  16. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    Exactly. :p So it might be a good idea to use an AV in your Apple OS. It's like having flood insurance a mile from the river. ;)
     
Loading...
Thread Status:
Not open for further replies.