Db: 4.87:re: Removing Sophos Anti-virus For Mac
Every other week, I host a with readers, and almost invariably, one of the questions that comes up is: ' Hi. I'm a Mac user. Should I be using anti-virus software?' I usually answer that while there are very few recent examples of malicious software in the wild built for Mac users, no amount of protective software should be seen as a substitute for using your head when surfing the 'Net. One of the more amusing statements I've heard from at least a couple of Mac users who are also Windows users is that they only do the stereotypically 'risky' online activities - such as surfing random porn sites - from their trusty Macs. This is interesting because it looks like some of the same tactics that malware writers have used to install malicious software via porn sites on Windows PCs have taken a step into the Mac world.
For years, scam artists have been using the demand for online porn as a way to trick Windows users into installing fake video 'codecs,' malicious software disguised as a program that supposedly enables the user to view protected video content (probably no one has covered this trend more exhaustively than from anti-spyware firm Sunbelt Software.) According to issued Monday by Intego, a company that sells anti-virus software for the Mac, a number of Mac user forums are being spammed with links to video porn sites that prompt Mac users to install one of these magic codecs. Intego says the trade-off is hardly worth it, as Mac users who agree to install the software don't get to view any additional racy material, and yet they're left with a nasty little rash on their machine to boot. Intego says the bogus codec silently changes the user's settings so that when they visit certain financial sites - such as eBay, PayPal, and those of several banks - the victim is routed to a counterfeit look-alike site designed to swipe their credentials. In addition, it appears that undoing the damage wrought by this Trojan horse program is fairly tough. So what lessons can we learn from this? Whether you use a Mac or a PC or a Linux box for that matter, it pays to avoid risky behaviors, period. For Mac users, the riskiest of those actions includes installing software of dubious origin.
That said, my Macbook Pro came with the corporate edition of Symantec's anti-virus software installed (by our IT folks). But I'm wondering how many other Mac readers have installed anti-virus software, and if so - what software you've settled upon? By Brian Krebs October 31, 2007; 6:00 PM ET Save & Share: Previous: Next. Great blog post, Brian. I think very few Mac users run anti-virus, and hopefully that won't need to change in the future (after all, that's why many of us use a Mac).
But to help avoid social engineering attacks like this one, it's a good idea for most people to disable the automatic opening of 'safe' files after downloading in Safari, since Safari has no idea what's really safe. And secondly, it's a good idea to run as a regular User, and not an Admin user. If nothing else, having additional steps to install a malicious 'codec' might cause more people to pause.
Posted by: K Martin November 1, 2007 12:05 AM. What's worth pointing out is that stuff downloaded from the internet doesn't just work straight away. Nor do installers or other application-related tools for the Mac. The user has to enter their Username & Password for these things to be able to do anything.
Typically, for any application that's downloaded, the system warns the user and asks them if they want to run the application. Much like many of the so-called hacked Macs, they invariably involve someone actually sat in front of the Mac with access to a user account on that machine.
Posted by: Wayne Smallman November 1, 2007 5:00 AM. 'But I'm wondering how many other Mac readers have installed anti-virus software, and if so - what software you've settled upon?' But then I don't have what you call 'risky behaviors'.
And, if I did, as you so rightly comment in the first paragraph 'no amount of protective software should be seen as a substitute for using your head '. Apart from anything else, anything new is likely to need to get into a virus signature database before AV software will help you (although there is some more-or-less effective heuristics in some products). I do like to run AV software on Windows. I have NOD32 antivirus (and Windows Defender anti-spyware) running on my Windows machine. They never find anything. But then again I know what not to do.
Db: 4.87:re: Removing Sophos Antivirus For Mac Free
On Windows I think one knows there's so much malware out there and so much interest in the platform among the bad guys that it's best to make assurance doubly sure by running it. On the Mac there's currently so little that it's pretty much worthless even as a safety net. It's also expensive. But I agree that someone who needs to exchange Office documents that contain macros with Windows users had best use something, because there are Windows macro viruses and those could harm Windows users.
If that covers your usage scenario, it's best to pay up. There is a free product but it is, apparently, pretty ineffective at finding and dealing with Windows macro viruses; so those who fall in this camp had best buy a professional product. I suppose 'risky behaviors' doesn't cover it all.
For example, I imagine some innocent who isn't trying to view pornography and who has the sense not to install software from untrusted sources could still get caught by a 'drive by download'. Web-searching with keywords is a scattergun approach and could take you.anywhere. It would be easy enough for someone to follow a link from a Web search to a website without realizing it was nefarious and get something auto-downloaded to his machine. I play safe there by using Firefox with the NoScript extension. I notice Google is checking websites and marking some links as bad now - good for them. Posted by: Mike November 1, 2007 5:17 AM.
I think it is very important to have Anti-Virus software on a Mac. It is an added layer of security. We have seen Mac systems get compromised on our Campus via various vectors (third party application weakness, weak passwords, etc). In a couple of cases the system owner did not know that someone had broken into the system (over 6 months!). The intruder had planted some tools on the computer that would have been detected by Anti-Virus.
This goes for Linux and Solaris boxes and the like. We see compromises that go undetected for months. It is due dilligence to use AV software. Of course AV software isn't considered 100% protection. The end user needs to be careful as well.
Posted by: D Taylor November 1, 2007 5:51 AM. It should be stated again and again, the best defense is a layered one, REGARDLESS of what operating system is in use! Basically, those layers include, use of a non-admin (or non-root) account, a firewall, Antivirus software that is updated DAILY, keep ALL software patched and practice safe computing (aka, be smart). Missing one of these layers only increases your risk. One last layer I have used on my Windows systems is a blocking 'hosts' file from which stops many malware dead in its tracks (even browsing porn sites). Posted by: TJ November 1, 2007 2:13 PM. Count me as one of those who thought I was totally safe on a Mac.
Not that I engaged in risky behavior, mind you, but I did not think I needed anti-virus software. However, I figured why take the risk? Also, it is possible, according to a developer I know, that if I forwarded an e-mail containing a virus to a PC user, it might not affect me, but it could cause havoc on the recipient's computer. So I bought Norton. There wasn't much else available on the market, and I've always trusted Norton.
It's better to spend a few bucks and be safe rather than sorry. Posted by: Elizabeth Weintraub November 1, 2007 3:23 PM. I just bought a Intel based Mac mini (with OS X Tiger).
A friend who has had four Macs over a 12-year span said that he had never gotten a virus, Trojan, etc. and advised against installing AV on my Mac.
The Mac has an internal firewall, as does the WiFi router that is used to connect it to the Internet. I surf only major news, info, and search sites on the Mac (mostly with Firefox) and still use one Win XP box for e-mail. Waiting for OS X open-source Eudora. Then I might get AV to scan mail. I will never install a Microsoft program on my Mac mini, as that is the one major vendor I am trying to avoid! I don't use MS Office stuff on any Win XP machines.
I surf only one free porn site. I use Opera, filtered through DropMyRights, never download any suggested add-on or click on boxes that say you have won something.
Opera has a setting that deletes all Cookies from the last current session. I use ZoneAlarmPro, Bitdefender AV, SuperAntiSpyware Pro and run root-kit detectors and other malware programs from time to time.
Have never detected a virus, a Trojan, etc. On the Win XP box.
But I will not use Mac for any risky site. If I am going to get a computer trashed, I prefer that it be one of my three Win XP boxes, which are a nightmare to keep current and 'clean.'
They could all use a reformat and Win XP reinstall. The Mac boots in 30 seconds, never crashes, and is a delight to use. And I spend Zero time updating and running security software on the Mac versus hours a week on the Win XP machines. Posted by: Mac V November 1, 2007 5:55 PM. Mike wrote, 'Web-searching with keywords is a scattergun approach and could take you.anywhere. It would be easy enough for someone to follow a link from a Web search to a website without realizing it was nefarious.'
There is a source of advice: A freeby, SiteAdvisor, now owned by McAfee, who have done nothing to change its look and feel. It is a browser add-on, hence should work on any OS. It flags search engine results Green or Red (or Gray for untested), according to whether you are likely to get spammed &c after going there. It gives you a basis for exercising your judgment.
Posted by: Solo Owl November 1, 2007 11:19 PM. Bk Intego says the bogus codec silently changes the user's DNS settings so that when they visit certain financial sites - such as eBay, PayPal, and those of several banks - the victim is routed to a counterfeit look-alike site designed to swipe their credentials. One wonders why the malware doesn't also install a bogus CA certificate in the user's certificate store so that a forged certificate (signed by the bogus CA) is indistinguishable from a legitimate one.
Posted by: antibozo November 3, 2007 8:19 PM. Rick The Intego alert is about a scam - not an exploit. Nobody called it an 'exploit'. It is, in fact, an exploit, in the sense that it exploits a vulnerability in people's behavioral defenses. It is not an exploit in the very limited sense you seem to be thinking of: a program or tactic that exploits a vulnerability in a piece of software. But the correct technical term for this form of attack is 'Trojan horse'.
That's how everyone here has referred to it, so I'm not sure what you think you're protesting. Posted by: antibozo November 4, 2007 8:36 PM. If the protection of your computer really comes down to Norton Anti-Virus, you're a lost cause anyway. Running Norton on any computer (of McAfee) is the equivalent of removing 1/2 the memory and slowing it down to half speed. Plus, you can never remove these products.
We've used Macs at home for over a decade, and we run. And we've never gotten infected, despite my kids (I'm sure) going to every kind of web site you can imagine. Incidentally, I use PC's too, and there are free anti-virus products that work better than the paid-for services. AVG is a good one to start with. There are others.
Posted by: Skeptic November 5, 2007 5:32 AM. In all fairness, I think I should bring your attention to this simple tool that will guarantee surfing everywhere: VMWARE. It is Virtual Machine Ware. It helps you surf anywhere, everywhere. What is the main idea (technically)? Before you surf, you spend 1 minute (to save whatever you have), then, you surf. Once done with surfing, your computer will go back to whatever you had.
What does it mean? Any new things will be gone. Virus, spyware. What is it for?
I used it for surfing hacker's sites, porn sites. Places that I do not want be hurt. Can it run on my machine? I am running it successfully on a computer with total of 512 megabytes of MEMORY.
How do I get it? Ask a friend, a co-worker.whoever that is interested in computer to research about VMWARE for you. Then, you will benefit by: your friend will give you a copy of the product. Here's how: Your friend will get the software VMWARE, create a baby machine. Then, your friend will give you a player to run that baby machine, and you will just have to click on the simple icon to surf. Another way: there it a product that will do the same thing: and it is free, from Microsoft itself. The product is called VIRTUALPC.
Because it is free, it may fit your budget. However, because it is free, I did not think it would receive lots of human hours in upkeeping it with the current market, that's why I went with VMWARE. I wanted to spend time to learn a product that will be commercial and will be financially supported in fixing its own bugs, and errors, and mistakes.Free Products, to me, does not have that much of supports behind it (as compared to the Sold Products.) Back to you, your benefits: (Before I make point, let's clear the name: VIRTUAL COMPUTER is like a FAKE COMPUTER running inside a MAIN COMPUTER, a BABY COMPUTER running inside a MOMMY COMPUTER. When you actually meet the software: The computer you have now is called HOST COMPUTER. In the computer you have now, you will run a smaller computer called GUEST COMPUTER.) Here's the point: When you run a BABY COMPUTER, bad things do not spread to your MOMMY COMPUTER. The technology made sure of that. They made sure it worked that way so this concept could work in big companies, not just for home users like us.
It worked even for DATA CENTERS, not just for home user like us. The concept is amazing. The products are: VMWARE (www.vmware.com) (Cost your friend, free to you.) VIRTUALPC (Microsoft) (Free for your friend and you.) (But I do not use, so, I can not say.) The concept is like that. In the BABY, ANY NEW THINGS WILL BE LOST.
What does it mean? Spyware, gone. Trojan, gone. Rootkit, gone.
You can surf anywhere, try any new software, and do anything you want to do. No damage to your MAIN COMPUTER.
Please don't just flat out trash my ideas. For your benefits, see through my lines, forgive my writing errors, squeeze out the main idea, go check it out, and then, take action for your life, thank you. Posted by: 'Hear me, check fact, take action' November 5, 2007 9:42 AM.
From: 'Hear me, check fact, take action'. To: 'Mac V November 1, 2007 05:55 PM '. About: 'They could all use a reformat and Win XP reinstall.' Why Re-Install? My way of the last 8 years: Re-Load. My tool of the last 8 years: Re-Load with Norton Ghost.
To anyone that does not know Ghost: Ghost is a software that is like SUPER COPIER. When you computer is still good, you use SUPER COPIER TO COPY, so you have a 'GOOD COPY'.
When you computer is not good, you use SUPER COPIER TO RE-LOAD, so you bring back the 'GOOD COPY'. It's the main idea. Any products out there that will do this? 'Ghost' by Symantec (www.symantec.com): Sometimes, free after rebate. (Good to the point that my company, of 500 employees, also uses this.
Ghost has corporate version.) 'True Image' by Acronis (www.acronis.com): I honestly do not recall seeing it as free. (Also, 'True Image' has corporate version.) There are more in the same class of products like this, but, if the product does not have corporate version, I would not use it. With 8 years of using Ghost, I have Re-loaded my computer over 14 times, tried over 100 new software, and rescued over 10 friends by saving a copy of their good computer and then reloading it after disaster.
With that much usage, I like Ghost, I need Ghost, yet, I have to SHARE WITH YOU THAT GHOST SOMETIMES HAS PROBLEM BEYOND EXPECTATION. Now, I still use Ghost, because I learn the problem and I learn the solution.
I still use Ghost because they have corporate versions, huge teams of workers, big discussion group. I realize everything has a little downside of it. To me, total benefits FAR OUTWEIGHT total costs. Would I trust my data to companies that do not have corporate version?
Not right now, not until I try them out for some time. Until then, I am still using Ghost by Symantec. I heard 'True Image' (by Acronis) has many comparable features; I will try it, too. The concept is SUPER COPY = TRUE COPY = EXACT COPY = IMAGING = RUN-ABLE COPY (Not a Non-run-able copy like copy of a picture or a music.) Posted by: 'Hear me, check fact, take action' November 5, 2007 10:08 AM. I haven't run any AV software on my Mac since moving to OS X and don't have any plans to do so.
I've heard about more problems caused by AV software than I have about these programs actually stopping malware. I am not ignorant of the dangers. I never give my password for installing anything unless I am absolutely sure about the source. I read Mac news sites daily to keep abreast of any security-related news. I do regular backups. I pay attention to what processes my machine is running. Down the road, I might change my mind.
For the present, however, I don't see the benefits of AV software on the Mac. Most security holes are things that need to be fixed by Apple, not third parties. Posted by: No AV November 6, 2007 10:13 AM. I haven't run any AV software on my Mac since moving to OS X and don't have any plans to do so. I've heard about more problems caused by AV software than I have about these programs actually stopping malware.
I am not ignorant of the dangers. Mac photo editing free. I never give my password for installing anything unless I am absolutely sure about the source. I read Mac news sites daily to keep abreast of any security-related news. I do regular backups. I pay attention to what processes my machine is running.
Down the road, I might change my mind. For the present, however, I don't see the benefits of AV software on the Mac. Most security holes are things that need to be fixed by Apple, not third parties. Posted by: No AV November 6, 2007 10:13 AM. I am a 20 yearlong Apple user and IT security expert and have been exploited in OSX 2 years ago by malicious javascript loaded from a russian fake laptop shop website named it had one of those common ' live chat is currently available' boxes and I thought: 'Im on a mac what can happen?'
Immediately after accepting the java app, my Safari was keylogged! Within minutes the sysadmin of my security website with ssl, on which I was in the forum, asked my via private chat why I was registering an account on my own website with a russian email address from MY IP!!!!! It was pure coincidence that the sysadmin was in the control panel at this moment and that was my luck! I pulled all wires and rebooted and of course checked with various methods which files were altered in those last 10 minutes. CLAM AV found nothing.
Since it was a javascript exploit, I suppose closing the browser kills it but you never know what files were altered or uploaded. Btw: the java script app was originally written by an australian company and altered by the hackers. Posted by: RodFlem November 7, 2007 4:23 PM. You must be confused. Or is something up with Windows? I run OX 10.3 on a G3 iMac.
I've never encountered any problems with my machine in the time that I've had it, except for once when I tried to install Office for Mac. I am positive that my Mac doesn't have any viruses now or in the past because, this computer has never had ANY of the countless problems I've seen on the WIN based PCs I use at home or at work, that have encountered some sort of virus, spyware, adware. My Mac happens to be blue;) Posted by: can't remember November 10, 2007 6:20 PM. OS X don't have as many malware as Windows does, which is a fact that stems from two points: 1. The OS X software is leaner and less complex, code-wise and operationally, than Windows, which means there are fewer avenues of attack on OS X.
Adoption of OS X, while increasing, is still very small compared to the majority of share that Windows has. This means there's greater incentive for malicious users to compromise Windows than on Mac. Even so, the use of protective software on a Mac is actually a very good idea. This is not only to help mitigate the risk to your computer further, but also to protect other users as well; if you share your files, then it's good to have anti-virus on your Mac if you share files with Windows users. An infected file that can't hurt OS X is still an infected file that will damage another computer that it can affect if it's spread there. Posted by: Reinhart December 27, 2007 4:20 PM.
I'm Mac user and I come from Indonesia. I just read about the antivirus you've put into your Macbook Pro. And I'd like to know how did it work? And is there any antivirus which is best for Mac? In here Mac user never consider about antivirus because they think Mac is free from virus. That's what i thought before. But lately i was thinking that maybe Mac could have some virus and need protection.
I was found an antivirus for Mac called Sophos Anti-Virus for Mac OS X. Is it more better comparing what you'd used? Thank you, Posted by: Griajeng Ruthjunitarani August 16, 2008 12:09 PM. Hi All, Some time ago we got trouble with a iMac and a PC and a server 2003 with Symantec on it as protection.
Now 1.5 year later i found the solution and the Virus was started on the iMac by Apple Update!!!!!! I made a web page special for this solution. So if you have trouble like Network printer that is printing in the wild some times, your Mac or Pc is visit by some new users with the names like MisterX, Nowhereman, Pussygirl, and so on till you can not work anymore. On the server or just your USB drive the filenames get spelled backwards or a map goes to a other map and that won in a other and so on. It all starts with two new files on your Mac and PC named Chaos and Panic, the PC is just infected true the network and when the same name is used on that PC as the Mac.
Anyway there is only won solution that i found and that solution you can read here! So don't believe Apple when they say you don't need protection on a Mac!!!!!! Posted by: Tom Emmelot August 16, 2008 4:21 PM The comments to this entry are closed.
Sophos Endpoint Antivirus is a hybrid antivirus solution that provides businesses protection against malware, viruses and offers a remote management tool. The anti-malware protection is designed to identify, block or remove threats, thus protecting computers and servers from viruses, adware, spyware and other infections.
It can be deployed on-premise or hosted in the cloud. Web protection adds a layer of defense, which prevents attacks originating from infected websites, scanning for and blocking threats before they can affect devices.
Sophos Endpoint Antivirus also features device and application control which enables an administrator to set rules governing the use of removable media like USBs and mobile and wireless devices. Unauthorized applications and devices can be prevented from accessing the network that helps prevent the spread of malware and reducing the risk of data loss. Sophos Endpoint Antivirus includes a centralized management console which enables an administrator to monitor computers on the network. Support is offered via livechat and through an online helpdesk and a knowledge base. I have 180 units of which 160 have been migrated to Sophos Cloud.
Get at least 2 alerts per day about updating which supposedly can be triggered from the console but when triggered the status does not change. About 1 in 5 of the computers migrated have issues so uninstall/reinstall is required. Cannot effectively disable Tamper Protection using console which is necessary in order to uninstall. Reinstalls/installs fail for various reasons 25% of the time. Having to spend inordinate amount of time with this.
NOT A VALID SOLUTION IN MY CASE! Pros Powerful and feature rich protection product that does not noticeably impact system performance. Support is excellent, once engaged the engineer is staying with you until the issue is resolved. They don't even mind if you add a couple of additional problems into the mix. Includes their Intercept X protection with the advanced version.
This is powerful stuff, anti-exploit and ransomware with root cause analysis. The portal to manage it all is easy to use as well. Very happy with this product and recommending it to everyone.