Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

CavemanMike

macrumors regular
Original poster
Nov 8, 2013
211
11
I'm running AVG. Seems nice.

I just installed Sophos Home for Mac - doesn't seem to have a quarantine.

I heard that Avast purchased AVG last year. Is Avast better than AVG presently?

Thoughts?

Thanks,
Mike
 

IHelpId10t5

macrumors 6502
Nov 28, 2014
486
348
I'm running AVG. Seems nice.

I just installed Sophos Home for Mac - doesn't seem to have a quarantine.

I heard that Avast purchased AVG last year. Is Avast better than AVG presently?

Thoughts?

Thanks,
Mike

Installing real-time antivirus on your mac will do nothing but add potential vulnerabilities, cause instability, and cause poor performance. The baked-in protections of macOS are all you need to keep your Mac secure unless you go out of your way to avoid installing macOS updates, purposely download and install a trojan, override Gatekeeper, and then authenticate as an admin.
 
  • Like
Reactions: Ulenspiegel

MacMan988

macrumors 6502a
Jul 7, 2012
867
145
None of those AV apps are needed.
As @IHelpId10t5 pointed out Malwarebytes anti-malware for Mac run occasionally is more than enough.
It is an on-demand software, so it'll do no harm to your system.

It seems the Malwarebytes anti-malware for Mac is also installing a "helper" for some reason.
 

CavemanMike

macrumors regular
Original poster
Nov 8, 2013
211
11
Not trying to spark a religious war here, but in my very limited experience using macs in the last 3 years, my AV has flagged viruses before: some in copying data from my windows pc, but sometimes stuff sneaking through via my corporate email server.

I suppose some could have been windows viruses which might not have been run-able on my system, but some were macro viruses in Word documents.

Even if it couldn't run on my mac, I wouldn't want to pass a virus to a windows user, especially now-a-days with the advent of ransome ware.

-Mike
 
  • Like
Reactions: MacMan988

Gregg2

macrumors 604
May 22, 2008
7,266
1,237
Milwaukee, WI
Even if it couldn't run on my mac, I wouldn't want to pass a virus to a windows user, especially now-a-days with the advent of ransome ware.
There are no viruses that can run on a Mac with OS X or macOS. Windows users should have anti-virus software in case something slips through, even if you are careful to monitor what you send out.
 
  • Like
Reactions: MacMan988

CavemanMike

macrumors regular
Original poster
Nov 8, 2013
211
11
According to:
http://www.macworld.co.uk/how-to/ma...eed-antivirus-software-3454926/#toc-3454926-6


"
OSX/Dok
Security analysis firm CheckPoint Software Technologies spotted a new OS X malware at the end of April 2017.

Apple rushed to block it.

The macOS Trojan horse appeared to be able to bypass Apple’s protections and could hijack all traffic entering and leaving a Mac without a user’s knowledge - even traffic on SSL-TLS encrypted connections.

OSX/Dok was even signed with a valid developer certificate (authenticated by Apple) according to CheckPoint’s blog post. It is likely that the hackers accessed a legitimate developers’ account and used that certificate. Because the malware had a certificate, macOS’s Gatekeeper would have recognized the app as legitimate, and therefore not prevented its execution. Apple has since revoked that developer certificate and updated XProtect, it’s malware signature system.

The attacker could gain access to all victim communication by redirecting traffic through a malicious proxy server, there's more information about how the attack worked here.

OSX/Dok was targeting OS X users via an email phishing campaign. The best way to avoid falling fowl to such an attempt in the future is not to respond to emails that require you to enter a password or install anything.

Xagent
Xagent is capable of stealing passwords, taking screenshots and grabbing iPhone backups stored on your Mac.

It's thought to be the work of the APT28 cybercrime group, according to Bitdefender.

OSX/Pirrit
OSX/Pirrit was apparently hidden in cracked versions of Microsoft Office or Adobe Photoshop found online. It would gain root privileges and create a new account in order to install more software, according to Cybereason researcher Amit Serper in this report.

MacDownloader
In February 2017 researchers found the MacDownloaded software lurking in a fake update to Adobe Flash. When the installer is run you'll get an alert claiming that there is adware on your Mac.

You'll be asked to click to "remove" the adware, and when you enter your password on your Mac the MacDownloader malware will attempt to transmit data including your Keychain (so that's your usernames, passwords, PINs, credit card numbers) to a remote server.

Luckily the threat seems to be contained for now: the remote server it the malware tries to connect is now offline.

The best way to avoid such attacks is to always check on Adobe's site to see if there is an update to Flash you should be installing.

The MacDownloader malware is thought to have been created by Iranian hackers and was specifically targetted at the US defense industry. It was located on a fake site designed to target the US defence industry (so likely not yourself). In this case the phishing attempt would have been activated via a Flash file, and since Apple has stopped Flash opening by default, again this is unlikely to have affected you.

Word macro virus
PC users have had to contend with macro viruses for a long time. Applications, such as Microsoft Office, Excel, and Powerpoint allow macro programs to be embedded in documents. When these document are opened the macros are run automatically which can cause problems.

Mac versions of these programs haven't had an issue with malware concealed in macros because since when Apple released Office for Mac 2008 it removed macro support. However, the 2011 version of Office reintroduced macros, and there has now been malware discovered in a Word macro, in a Word doc about Trump.

If the file is opened with macros enabled (which doesn’t happen by default), it will attempt to run python code that could have theoretically perform functions such as keyloggers and taking screenshots. It could even access a webcam. The chance of you being infected in this way is very small, unless you have received and opened the file referred to (which would surprise us), but the point is that Mac users have been targeted in this way.

Mac users should still be fairly safe from macros thanks to a warning that appears on screen should a user attempt to open a document containing macros.

Fruitfly
According to a report in January, the Fruitfly malware had been conducting surveillance on targeted networks for possibly two years.

The malware captures screenshots and webcam images, as well as looking for information about the devices connected to the same network - and then connects to them.

Malwarebytes claims the malware could have been circulating since OS X Yosemite was released in 2014.
"
 

Taz Mangus

macrumors 604
Mar 10, 2011
7,815
3,504
According to:
http://www.macworld.co.uk/how-to/ma...eed-antivirus-software-3454926/#toc-3454926-6


"
OSX/Dok
Security analysis firm CheckPoint Software Technologies spotted a new OS X malware at the end of April 2017.

Apple rushed to block it.

The macOS Trojan horse appeared to be able to bypass Apple’s protections and could hijack all traffic entering and leaving a Mac without a user’s knowledge - even traffic on SSL-TLS encrypted connections.

OSX/Dok was even signed with a valid developer certificate (authenticated by Apple) according to CheckPoint’s blog post. It is likely that the hackers accessed a legitimate developers’ account and used that certificate. Because the malware had a certificate, macOS’s Gatekeeper would have recognized the app as legitimate, and therefore not prevented its execution. Apple has since revoked that developer certificate and updated XProtect, it’s malware signature system.

The attacker could gain access to all victim communication by redirecting traffic through a malicious proxy server, there's more information about how the attack worked here.

OSX/Dok was targeting OS X users via an email phishing campaign. The best way to avoid falling fowl to such an attempt in the future is not to respond to emails that require you to enter a password or install anything.

Xagent
Xagent is capable of stealing passwords, taking screenshots and grabbing iPhone backups stored on your Mac.

It's thought to be the work of the APT28 cybercrime group, according to Bitdefender.

OSX/Pirrit
OSX/Pirrit was apparently hidden in cracked versions of Microsoft Office or Adobe Photoshop found online. It would gain root privileges and create a new account in order to install more software, according to Cybereason researcher Amit Serper in this report.

MacDownloader
In February 2017 researchers found the MacDownloaded software lurking in a fake update to Adobe Flash. When the installer is run you'll get an alert claiming that there is adware on your Mac.

You'll be asked to click to "remove" the adware, and when you enter your password on your Mac the MacDownloader malware will attempt to transmit data including your Keychain (so that's your usernames, passwords, PINs, credit card numbers) to a remote server.

Luckily the threat seems to be contained for now: the remote server it the malware tries to connect is now offline.

The best way to avoid such attacks is to always check on Adobe's site to see if there is an update to Flash you should be installing.

The MacDownloader malware is thought to have been created by Iranian hackers and was specifically targetted at the US defense industry. It was located on a fake site designed to target the US defence industry (so likely not yourself). In this case the phishing attempt would have been activated via a Flash file, and since Apple has stopped Flash opening by default, again this is unlikely to have affected you.

Word macro virus
PC users have had to contend with macro viruses for a long time. Applications, such as Microsoft Office, Excel, and Powerpoint allow macro programs to be embedded in documents. When these document are opened the macros are run automatically which can cause problems.

Mac versions of these programs haven't had an issue with malware concealed in macros because since when Apple released Office for Mac 2008 it removed macro support. However, the 2011 version of Office reintroduced macros, and there has now been malware discovered in a Word macro, in a Word doc about Trump.

If the file is opened with macros enabled (which doesn’t happen by default), it will attempt to run python code that could have theoretically perform functions such as keyloggers and taking screenshots. It could even access a webcam. The chance of you being infected in this way is very small, unless you have received and opened the file referred to (which would surprise us), but the point is that Mac users have been targeted in this way.

Mac users should still be fairly safe from macros thanks to a warning that appears on screen should a user attempt to open a document containing macros.

Fruitfly
According to a report in January, the Fruitfly malware had been conducting surveillance on targeted networks for possibly two years.

The malware captures screenshots and webcam images, as well as looking for information about the devices connected to the same network - and then connects to them.

Malwarebytes claims the malware could have been circulating since OS X Yosemite was released in 2014.
"

All that story does is reinforce that download legimate software from know good sites. I have been using Macs since 2001 since OS X 10.2. Not once have I needed to use any anti-virus software. I have seen many cases where people running ant-virus software on their Macs have system performance issues. Malware is not the same as a virus.
 

Weaselboy

Moderator
Staff member
Jan 23, 2005
34,463
16,160
California
Even if it couldn't run on my mac, I wouldn't want to pass a virus to a windows user, especially now-a-days with the advent of ransome ware.

I don't personally run any AV package on my Mac, but you raise a very valid point here and a good reason to run AV on a Mac. Particularly if you are using your Mac in a business environment. If I was doing business with you and you emailed me a virus, I would not be happy, and telling me as a Windows user it is my problem to protect myself is really not going to be an acceptable response.

Toms Guide did some recent testing here that might help you decide.
 
  • Like
Reactions: macintoshmac

CavemanMike

macrumors regular
Original poster
Nov 8, 2013
211
11
Thanks @Weaselboy

Indeed. If I passed a virus to a windows user and smugly said: macs don't get viruses, that would be truly horrible.

BTW, according to:

http://www.macworld.co.uk/how-to/mac/how-remove-mac-ransomware-3659100/

"Unplug and disconnect storage
The one example of effective ransomware seen on a Mac so far - KeRanger - also attempted to encrypt Time Machine backups, to try to make it impossible for the user to simply restore files from a backup.

Therefore, upon discovering your Mac has been infected by ransomware you should minimise the possibility of backups becoming encrypted too by immediately unplugging any removable storage like external hard disks, and disconnecting from any network shares by clicking the eject icon alongside their entries in the sidebar of Finder."

So, I guess I need TWO time machine drives: one connected all the time, and once/month switch to the other time machine drive which was disconnected during the month, then rotate monthly.

-Mike
 
  • Like
Reactions: Weaselboy

Floris

macrumors 68020
Sep 7, 2007
2,381
1,476
Netherlands
99% of all anti virus for mac are just as intrusive, obnoxious, scammy like the virus itself its' protecting you from.

The only 'thing' you have to be aware of is: download from official websites, don't read or accept mail you did not ask for - plain-text mail if you have to read it, don't click on links and manually go to official websites. You can use private browsing and simply not make stupid choices with unofficial downloads or pirated crap, etc. Just play smart, and you avoid most issues. Know what you run, and fingers crossed the official sources dont get hacked and injected with ransomware (like for example transmission, handbreak, whatever). Anti virus isn't going to protect against that anyway in most cases.

I rather take the risk of not being smart enough and get a virus, than run a mac virus thing on my system that annoys the crap out of me. little snitch is running. and i just dont click on any link in front of me
 

Weaselboy

Moderator
Staff member
Jan 23, 2005
34,463
16,160
California
So, I guess I need TWO time machine drives: one connected all the time, and once/month switch to the other time machine drive which was disconnected during the month, then rotate monthly.

Even aside from the malware issue, this is a good idea anyway. A lot of people keep two backups with one at home and one at the office so you have something if the house burns down.
 

TonyK

macrumors 65816
May 24, 2009
1,032
148
Not trying to spark a religious war here, but in my very limited experience using macs in the last 3 years, my AV has flagged viruses before: some in copying data from my windows pc, but sometimes stuff sneaking through via my corporate email server.

Because Windows had lot more entry points for viruses. When I worked for a state agency in Oklahoma, the only time I ever got infected was when trying to fix a user's 3.5" disk. It happened at least twice. :( This was in the mid-1990's.

Both professionally and personally I've been fortunate and not have been infected. A lot of that is, as others have posted, because I download from known sources, I don't pirate software meaning I avoid that source of infection, and I filter my emails and don't click on random links.

The macOS Trojan horse appeared to be able to bypass Apple’s protections and could hijack all traffic entering and leaving a Mac without a user’s knowledge - even traffic on SSL-TLS encrypted connections.

A Trojan Horse is not a virus. A virus, a true virus, does not need user interaction to spread. A Trojan needs a user to open and install it or at least view it (for newer JPEG versions). This goes back to the above, download your software from a known source; don't pirate software and run malwarebytes as needed to ensure you don't get infected.

Regarding A/V software, my systems using ClamX with ClamXAV for real-time scanning. It scans my profile folder in FireFox, my download folder and my email folders. Have not noticed any slow down and in over 8 years of use have not been flagged about a virus.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.