Well... No... It's not really anti-virus software.
But I do not recommend and have never recommended that Malwarebytes
Anti-Malware software be installed on current OS X systems.
Please read thoroughly all the documentation I posted in my last reply to the
list.
Cheers,
Ronni
Sent from Ronni's iPad4
> On 27 Sep 2015, at 4:46 pm, FW <whae...@iinet.net.au> wrote:
>
> Malwarebytes Anti-Malware is not really anti-virus software, is it Ronni ?
>
> Cheers
> Walter
>
> ***************************************************************************
>
>> Begin forwarded message:
>>
>> From: Ronni Brown <ro...@mac.com>
>> Subject: Re: Malwarebytes, anti-malware for Mac
>> Date: 27 September 2015 13:18:50 GMT+8
>> To: WAMUG <wamug@wamug.org.au>
>> Reply-To: wamug@wamug.org.au
>>
>>
>>> On 27 Sep 2015, at 11:58 am, Graham Rabe <gra...@rabe.com.au> wrote:
>>>
>>> A week or two ago Peter Marks on ABC Breakfast with Fran Kelly advised
>>> against installing any Apple virus protection software given that recent
>>> security upgrades have made them largely redundant and they seem to cause
>>> more problems than they claim to fix.
>>>
>>> Graham
>>>
>>> Sent from my iPad
>>
>> I agree! In my previous reply I only supplied the information about
>> Malwarebytes anti-malware for Mac.
>>
>> Peter, Daniel & I have posted numerous times re: Do Macs need Anti-Virus
>> programs.
>> The short answer is NO.
>>
>> Below I quote from Linc Davis - Level 10 Apple Support Communities
>>
>> /Begin Quote from Linc Davis:
>> Mac users often ask whether they should install "anti-virus" software. The
>> answer usually given on ASC is "no." The answer is right, but it may give
>> the wrong impression that there is no threat from what are loosely called
>> "viruses." There is a threat, and you need to educate yourself about it.
>>
>> 1. This is a comment on what you should—and should not—do to protect
>> yourself from malicious software ("malware") that circulates on the Internet
>> and gets onto a computer as an unintended consequence of the user's actions.
>> It does not apply to software, such as keystroke loggers, that may be
>> installed deliberately by an intruder who has hands-on access to the
>> computer, or who has been able to log in to it remotely. That threat is in a
>> different category, and there's no easy way to defend against it.
>>
>> The comment is long because the issue is complex. The key points are in
>> sections 5, 6, and 10.
>>
>> OS X now implements three layers of built-in protection specifically against
>> malware, not counting runtime protections such as execute disable,
>> sandboxing, system library randomization, and address space layout
>> randomization that may also guard against other kinds of exploits.
>>
>> 2. All versions of OS X since 10.6.7 have been able to detect known Mac
>> malware in downloaded files, and to block insecure web plugins. This feature
>> is transparent to the user. Internally Apple calls it "XProtect."
>>
>> The malware recognition database used by XProtect is automatically updated;
>> however, you shouldn't rely on it, because the attackers are always at least
>> a day ahead of the defenders.
>>
>> The following caveats apply to XProtect:
>>
>> ☞ It can be bypassed by some third-party networking software, such as
>> BitTorrent clients and Java applets.
>>
>> ☞ It only applies to software downloaded from the network. Software
>> installed from a CD or other media is not checked.
>>
>> As new versions of OS X are released, it's not clear whether Apple will
>> indefinitely continue to maintain the XProtect database of older versions
>> such as 10.6. The security of obsolete system versions may eventually be
>> degraded. Security updates to the code of obsolete systems will stop being
>> released at some point, and that may leave them open to other kinds of
>> attack besides malware.
>>
>> 3. Starting with OS X 10.7.5, there has been a second layer of built-in
>> malware protection, designated "Gatekeeper" by Apple. By default,
>> applications and Installer packages downloaded from the network will only
>> run if they're digitally signed by a developer with a certificate issued by
>> Apple. Software certified in this way hasn't necessarily been tested by
>> Apple, but you can be reasonably sure that it hasn't been modified by anyone
>> other than the developer. His identity is known to Apple, so he could be
>> held legally responsible if he distributed malware. That may not mean much
>> if the developer lives in a country with a weak legal system (see below.)
>>
>> Gatekeeper doesn't depend on a database of known malware. It has, however,
>> the same limitations as XProtect, and in addition the following:
>>
>> ☞ It can easily be disabled or overridden by the user.
>>
>> ☞ A malware attacker could get control of a code-signing certificate under
>> false pretenses, or could simply ignore the consequences of distributing
>> codesigned malware.
>>
>> ☞ An App Store developer could find a way to bypass Apple's oversight, or
>> the oversight could fail due to human error.
>>
>> Apple has so far failed to revoke the codesigning certificates of some known
>> abusers, thereby diluting the value of Gatekeeper and the Developer ID
>> program. These failures don't involve App Store products, however.
>>
>> For the reasons given, App Store products, and—to a lesser extent—other
>> applications recognized by Gatekeeper as signed, are safer than others, but
>> they can't be considered absolutely safe. "Sandboxed" applications may
>> prompt for access to private data, such as your contacts, or for access to
>> the network. Think before granting that access. Sandbox security is based on
>> user input. Never click through any request for authorization without
>> thinking.
>>
>> 4. Starting with OS X 10.8.3, a third layer of protection has been added: a
>> "Malware Removal Tool" (MRT). MRT runs automatically in the background when
>> you update the OS. It checks for, and removes, malware that may have evaded
>> the other protections via a Java exploit (see below.) MRT also runs when you
>> install or update the Apple-supplied Java runtime (but not the Oracle
>> runtime.) Like XProtect, MRT is effective against known threats, but not
>> against unknown ones. It notifies you if it finds malware, but otherwise
>> there's no user interface to MRT.
>>
>> 5. The built-in security features of OS X reduce the risk of malware attack,
>> but they are not, and never will be, complete protection. Malware is
>> foremost a problem of human behaviour, and no technological fix alone is
>> going to solve it. Trusting software to protect you will only make you more
>> vulnerable.
>>
>> The best defense is always going to be your own intelligence. With the
>> possible exception of Java exploits, all known malware circulating on the
>> Internet that affects a fully-updated installation of OS X 10.6 or later
>> takes the form of so-called "Trojan horses," which can only have an effect
>> if the victim is duped into running them. The threat therefore amounts to a
>> battle of wits between you and Internet criminals. If you're better informed
>> than they think you are, you'll win. That means, in practice, that you
>> always stay within a safe harbor of computing practices. How do you know
>> when you're leaving the safe harbor? Below are some warning signs of danger.
>>
>> Software from an untrustworthy source
>>
>> ☞ Software of any kind is distributed via BitTorrent, or Usenet, or on a
>> website that also distributes pirated music or movies.
>>
>> ☞ Software with a corporate brand, such as Adobe Flash Player, doesn't come
>> directly from the developer’s website. Do not trust an alert from any
>> website to update Flash, or your browser, or any other software.
>>
>> ☞ Rogue websites such as Softonic, Soft32, and CNET Download distribute free
>> applications that have been packaged in a superfluous "installer."
>>
>> ☞ The software is advertised by means of spam or intrusive web ads. Any ad,
>> on any site, that includes a direct link to a download should be ignored.
>>
>> Software that is plainly illegal or does something illegal
>>
>> ☞ High-priced commercial software such as Photoshop is "cracked" or "free."
>>
>> ☞ An application helps you to infringe copyright, for instance by
>> circumventing the copy protection on commercial software, or saving streamed
>> media for reuse without permission. All "YouTube downloaders" are in this
>> category, though not all are necessarily malicious.
>>
>> Conditional or unsolicited offers from strangers
>>
>> ☞ A telephone caller or a web page tells you that you have a “virus” and
>> offers to help you remove it. (Some reputable websites did legitimately warn
>> visitors who were infected with the "DNSChanger" malware. That exception to
>> this rule no longer applies.)
>>
>> ☞ A web site offers free content such as video or music, but to use it you
>> must install a “codec,” “plug-in,” "player," "downloader," "extractor," or
>> “certificate” that comes from that same site, or an unknown one.
>>
>> ☞ You win a prize in a contest you never entered.
>>
>> ☞ Someone on a message board such as this one is eager to help you, but only
>> if you download an application of his choosing.
>>
>> ☞ A "FREE WI-FI !!!" network advertises itself in a public place such as an
>> airport, but is not provided by the management.
>>
>> ☞ Anything online that you would expect to pay for is "free."
>>
>> Unexpected events
>>
>> ☞ A file is downloaded automatically when you visit a web page, with no
>> other action on your part. Delete any such file without opening it.
>>
>> ☞ You open what you think is a document and get an alert that it's "an
>> application downloaded from the Internet." Click Cancel and delete the file.
>> Even if you don't get the alert, you should still delete any file that isn't
>> what you expected it to be.
>>
>> ☞ An application does something you don't expect, such as asking for
>> permission to access your contacts, your location, or the Internet for no
>> obvious reason.
>>
>> ☞ Software is attached to email that you didn't request, even if it comes
>> (or seems to come) from someone you trust.
>>
>> I don't say that leaving the safe harbor just once will necessarily result
>> in disaster, but making a habit of it will weaken your defenses against
>> malware attack. Any of the above scenarios should, at the very least, make
>> you uncomfortable.
>>
>> 6. Java on the Web (not to be confused with JavaScript, to which it's not
>> related, despite the similarity of the names) is a weak point in the
>> security of any system. Java is, among other things, a platform for running
>> complex applications in a web page, on the client. That was always a bad
>> idea, and Java's developers have proven themselves incapable of implementing
>> it without also creating a portal for malware to enter. Past Java exploits
>> are the closest thing there has ever been to a Windows-style virus affecting
>> OS X. Merely loading a page with malicious Java content could be harmful.
>>
>> Fortunately, client-side Java on the Web is obsolete and mostly extinct.
>> Only a few outmoded sites still use it. Try to hasten the process of
>> extinction by avoiding those sites, if you have a choice. Forget about
>> playing games or other non-essential uses of Java.
>>
>> Java is not included in OS X 10.7 and later. Discrete Java installers are
>> distributed by Apple and by Oracle (the developer of Java.) Don't use either
>> one unless you need it. Most people don't. If Java is installed, disable
>> it—not JavaScript—in your browsers.
>>
>> Regardless of version, experience has shown that Java on the Web can't be
>> trusted. If you must use a Java applet for a task on a specific site, enable
>> Java only for that site in Safari. Never enable Java for a public website
>> that carries third-party advertising. Use it only on well-known,
>> login-protected, secure websites without ads. In Safari 6 or later, you'll
>> see a lock icon in the left side of the address bar when visiting a secure
>> site.
>>
>> Stay within the safe harbor, and you’ll be as safe from malware as you can
>> practically be. The rest of this comment concerns what you should not do to
>> protect yourself.
>>
>> 7. Never install any commercial "anti-virus" (AV) or "Internet security"
>> products for the Mac, as they are all worse than useless. If you need to be
>> able to detect Windows malware in your files, use one of the free security
>> apps in the Mac App Store—nothing else.
>>
>> Why shouldn't you use commercial AV products?
>>
>> ☞ To recognize malware, the software depends on a database of known threats,
>> which is always at least a day out of date. This technique is a proven
>> failure, as a major AV software vendor has admitted. Most attacks are
>> "zero-day"—that is, previously unknown. Recognition-based AV does not defend
>> against such attacks, and the enterprise IT industry is coming to the
>> realization that traditional AV software is worthless.
>>
>> ☞ Its design is predicated on the nonexistent threat that malware may be
>> injected at any time, anywhere in the file system. Malware is downloaded
>> from the network; it doesn't materialize from nowhere. In order to meet that
>> nonexistent threat, commercial AV software modifies or duplicates low-level
>> functions of the operating system, which is a waste of resources and a
>> common cause of instability, bugs, and poor performance.
>>
>> ☞ By modifying the operating system, the software may also create weaknesses
>> that could be exploited by malware attackers.
>>
>> ☞ Most importantly, a false sense of security is dangerous.
>>
>> 8. An AV product from the App Store, such as "ClamXav," has the same
>> drawback as the commercial suites of being always out of date, but it does
>> not inject low-level code into the operating system. That doesn't mean it's
>> entirely harmless. It may report email messages that have "phishing" links
>> in the body, or Windows malware in attachments, as infected files, and offer
>> to delete or move them. Doing so will corrupt the Mail database. The
>> messages should be deleted from within the Mail application.
>>
>> An AV app is not needed, and cannot be relied upon, for protection against
>> OS X malware. It's useful, if at all, only for detecting Windows malware,
>> and even for that use it's not really effective, because new Windows malware
>> is emerging much faster than OS X malware.
>>
>> Windows malware can't harm you directly (unless, of course, you use
>> Windows.) Just don't pass it on to anyone else. A malicious attachment in
>> email is usually easy to recognize by the name alone. An actual example:
>>
>> London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
>>
>> You don't need software to tell you that's a Windows trojan. Software may be
>> able to tell you which trojan it is, but who cares? In practice, there's no
>> reason to use recognition software unless an organizational policy requires
>> it. Windows malware is so widespread that you should assume it's in every
>> email attachment until proven otherwise. Nevertheless, ClamXav or a similar
>> product from the App Store may serve a purpose if it satisfies an
>> ill-informed network administrator who says you must run some kind of AV
>> application. It's free and it won't handicap the system.
>>
>> The ClamXav developer won't try to "upsell" you to a paid version of the
>> product. Other developers may do that. Don't be upsold. For one thing, you
>> should not pay to protect Windows users from the consequences of their
>> choice of computing platform. For another, a paid upgrade from a free app
>> will probably have all the disadvantages mentioned in section 7.
>>
>> 9. It seems to be a common belief that the built-in Application Firewall
>> acts as a barrier to infection, or prevents malware from functioning. It
>> does neither. It blocks inbound connections to certain network services
>> you're running, such as file sharing. It's disabled by default and you
>> should leave it that way if you're behind a router on a private home or
>> office network. Activate it only when you're on an untrusted network, for
>> instance a public Wi-Fi hotspot, where you don't want to provide services.
>> Disable any services you don't use in the Sharing preference pane. All are
>> disabled by default.
>>
>> 10. As a Mac user, you don't have to live in fear that your computer may be
>> infected every time you install software, read email, or visit a web page.
>> But neither can you assume that you will always be safe from exploitation,
>> no matter what you do. Navigating the Internet is like walking the streets
>> of a big city. It's as safe or as dangerous as you choose to make it. The
>> greatest harm done by security software is precisely its selling point: it
>> makes people feel safe. They may then feel safe enough to take risks from
>> which the software doesn't protect them. Nothing can lessen the need for
>> safe computing practices.
>> /End Quote from Linc Davis
>> ---------------------------------------------
>> Now, Apple Support and my added comments below:
>> Are you running Mavericks OS X 10.9.5 or Yosemite OS X 10.10.x?
>>
>> Do Macs really need Anti-virus protection?
>>
>> OS X - It's built to keep your Mac safe
>> <https://www.apple.com/au/osx/what-is/security.html>
>>
>> OS X Mavericks - Protect your Mac from malware
>> <http://support.apple.com/kb/PH14365>
>>
>> OS X Mavericks - Protect your Mac
>> <http://support.apple.com/kb/PH13730>
>>
>> About File Quarantine in OS X
>> <http://support.apple.com/kb/HT3662>
>>
>> About Security of OS X Yosemite
>> Tiny URL
>> http://tinyurl.com/oueejqa
>>
>> OS X already includes everything it needs to protect itself from viruses and
>> malware, and it's free. Apple recommends keeping your Mac updated with
>> software updates from Apple. Refer to the links above, which apply equally
>> to Mavericks as well as its predecessor.
>>
>> A much better question is "how should I protect my Mac":
>>
>> • Never install any product that claims to "speed up", "clean up",
>> "optimize", or "accelerate" your Mac. Without exception, they will do the
>> opposite.
>>
>> • Never install pirated or "cracked" software, software obtained from
>> dubious websites, or other questionable sources. Illegally obtained software
>> is almost certain to contain malware.
>>
>> • Don’t supply your password in response to a popup window requesting it,
>> unless you know what it is and the reason your credentials are required.
>>
>> • Don’t open email attachments from email addresses that you do not
>> recognize, or click links contained in an email:
>> • Most of these are scams that direct you to fraudulent sites that attempt
>> to convince you to disclose personal information.
>> • Such "phishing" attempts are the 21st century equivalent of a social
>> exploit that has existed since the dawn of civilization. Don’t fall for it.
>>
>> • Apple will never ask you to reveal personal information in an email. If
>> you receive an unexpected email from Apple saying your account will be
>> closed unless you take immediate action, just ignore it. If your iTunes or
>> App Store account becomes disabled for valid reasons, you will know when you
>> try to buy something or log in to this support site, and are unable to.
>>
>> • Don’t install browser extensions unless you understand their purpose. Go
>> to the Safari menu > Preferences > Extensions. If you see any extensions
>> that you do not recognize or understand, simply click the Uninstall button
>> and they will be gone.
>>
>> • Don’t install Java unless you are certain that you need it:
>> • Java, a non-Apple product, is a potential vector for malware. If you are
>> required to use Java, be mindful of that possibility.
>> • Disable Java in Safari > Preferences > Security.
>> • Despite its name JavaScript is unrelated to Java. No malware can infect
>> your Mac through JavaScript. It’s OK to leave it enabled.
>>
>> • Block browser popups: Safari menu > Preferences > Security > and check
>> "Block popup windows":
>> • Popup windows are useful and required for some websites, but popups have
>> devolved to become a common means to deliver targeted advertising that you
>> probably do not want.
>> • Popups themselves cannot infect your Mac, but many contain resource-hungry
>> code that will slow down Internet browsing.
>> • If you ever see a popup indicating it detected registry errors, that your
>> Mac is infected with some ick, or that you won some prize, it is 100%
>> fraudulent. Ignore it.
>>
>> • Ignore hyperventilating popular media outlets that thrive by promoting
>> fear and discord with entertainment products arrogantly presented as "news".
>> Learn what real threats actually exist and how to arm yourself against them:
>> • The most serious threat to your data security is phishing. To date, most
>> of these attempts have been pathetic and are easily recognized, but that is
>> likely to change in the future as criminals become more clever.
>>
>> • OS X viruses do not exist, but intentionally malicious or poorly written
>> code, created by either nefarious or inept individuals, is nothing new.
>>
>> • Never install something without first knowing what it is, what it does,
>> how it works, and how to get rid of it when you don’t want it any more.
>>
>> • If you elect to use "anti-virus" software, familiarise yourself with its
>> limitations and potential to cause adverse effects, and apply the principle
>> immediately preceding this one.
>> • Most such utilities will only slow down and destabilise your Mac while
>> they look for viruses that do not exist, conveying no benefit whatsoever -
>> other than to make you "feel good" about security, when you should actually
>> be exercising sound judgment, derived from accurate knowledge, based on
>> verifiable facts.
>>
>> • Do install updates from Apple as they become available. No one knows more
>> about Macs and how to protect them than the company that builds them.
>>
>> Summary: Use common sense and caution when you use your Mac, just like you
>> would in any social context. There is no product, utility, or magic talisman
>> that can protect you from all the evils of mankind."
>> /End Quote
>>
>> Cheers,
>> Ronni
>>
>> 13-inch MacBook Air (April 2014)
>> 1.7GHz Dual-Core Intel Core i7, Turbo Boost to 3.3GHz
>> 8GB 1600MHz LPDDR3 SDRAM
>> 512GB PCIe-based Flash Storage
>>
>> OS X Yosemite 10.10.2
-- The WA Macintosh User Group Mailing List --
Archives - <http://www.wamug.org.au/mailinglist/archives.shtml>
Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml>
Settings & Unsubscribe - <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug>
