Yes Ronni, I certainly will. It’s already archived. Thanks. Cheers. Walter
***************************************************** > On 27 Sep 2015, at 17:37 , Ronda Brown <ro...@mac.com> wrote: > > Well... No... It's not really anti-virus software. > But I do not recommend and have never recommended that Malwarebytes > Anti-Malware software be installed on current OS X systems. > > Please read thoroughly all the documentation I posted in my last reply to the > list. > > Cheers, > Ronni > Sent from Ronni's iPad4 > > > On 27 Sep 2015, at 4:46 pm, FW <whae...@iinet.net.au> wrote: > >> Malwarebytes Anti-Malware is not really anti-virus software, is it Ronni ? >> >> Cheers >> Walter >> >> *************************************************************************** >> >>> Begin forwarded message: >>> >>> From: Ronni Brown <ro...@mac.com> >>> Subject: Re: Malwarebytes, anti-malware for Mac >>> Date: 27 September 2015 13:18:50 GMT+8 >>> To: WAMUG <wamug@wamug.org.au> >>> Reply-To: wamug@wamug.org.au >>> >>> >>>> On 27 Sep 2015, at 11:58 am, Graham Rabe <gra...@rabe.com.au> wrote: >>>> >>>> A week or two ago Peter Marks on ABC Breakfast with Fran Kelly advised >>>> against installing any Apple virus protection software given that recent >>>> security upgrades have made them largely redundant and they seem to cause >>>> more problems than they claim to fix. >>>> >>>> Graham >>>> >>>> Sent from my iPad >>> >>> I agree! In my previous reply I only supplied the information about >>> Malwarebytes anti-malware for Mac. >>> >>> Peter, Daniel & I have posted numerous times re: Do Macs need Anti-Virus >>> programs. >>> The short answer is NO. >>> >>> Below I quote from Linc Davis - Level 10 Apple Support Communities >>> >>> /Begin Quote from Linc Davis: >>> Mac users often ask whether they should install "anti-virus" software. The >>> answer usually given on ASC is "no." The answer is right, but it may give >>> the wrong impression that there is no threat from what are loosely called >>> "viruses." There is a threat, and you need to educate yourself about it. >>> >>> 1. This is a comment on what you should—and should not—do to protect >>> yourself from malicious software ("malware") that circulates on the >>> Internet and gets onto a computer as an unintended consequence of the >>> user's actions. It does not apply to software, such as keystroke loggers, >>> that may be installed deliberately by an intruder who has hands-on access >>> to the computer, or who has been able to log in to it remotely. That threat >>> is in a different category, and there's no easy way to defend against it. >>> >>> The comment is long because the issue is complex. The key points are in >>> sections 5, 6, and 10. >>> >>> OS X now implements three layers of built-in protection specifically >>> against malware, not counting runtime protections such as execute disable, >>> sandboxing, system library randomization, and address space layout >>> randomization that may also guard against other kinds of exploits. >>> >>> 2. All versions of OS X since 10.6.7 have been able to detect known Mac >>> malware in downloaded files, and to block insecure web plugins. This >>> feature is transparent to the user. Internally Apple calls it "XProtect." >>> >>> The malware recognition database used by XProtect is automatically updated; >>> however, you shouldn't rely on it, because the attackers are always at >>> least a day ahead of the defenders. >>> >>> The following caveats apply to XProtect: >>> >>> ☞ It can be bypassed by some third-party networking software, such as >>> BitTorrent clients and Java applets. >>> >>> ☞ It only applies to software downloaded from the network. Software >>> installed from a CD or other media is not checked. >>> >>> As new versions of OS X are released, it's not clear whether Apple will >>> indefinitely continue to maintain the XProtect database of older versions >>> such as 10.6. The security of obsolete system versions may eventually be >>> degraded. Security updates to the code of obsolete systems will stop being >>> released at some point, and that may leave them open to other kinds of >>> attack besides malware. >>> >>> 3. Starting with OS X 10.7.5, there has been a second layer of built-in >>> malware protection, designated "Gatekeeper" by Apple. By default, >>> applications and Installer packages downloaded from the network will only >>> run if they're digitally signed by a developer with a certificate issued by >>> Apple. Software certified in this way hasn't necessarily been tested by >>> Apple, but you can be reasonably sure that it hasn't been modified by >>> anyone other than the developer. His identity is known to Apple, so he >>> could be held legally responsible if he distributed malware. That may not >>> mean much if the developer lives in a country with a weak legal system (see >>> below.) >>> >>> Gatekeeper doesn't depend on a database of known malware. It has, however, >>> the same limitations as XProtect, and in addition the following: >>> >>> ☞ It can easily be disabled or overridden by the user. >>> >>> ☞ A malware attacker could get control of a code-signing certificate under >>> false pretenses, or could simply ignore the consequences of distributing >>> codesigned malware. >>> >>> ☞ An App Store developer could find a way to bypass Apple's oversight, or >>> the oversight could fail due to human error. >>> >>> Apple has so far failed to revoke the codesigning certificates of some >>> known abusers, thereby diluting the value of Gatekeeper and the Developer >>> ID program. These failures don't involve App Store products, however. >>> >>> For the reasons given, App Store products, and—to a lesser extent—other >>> applications recognized by Gatekeeper as signed, are safer than others, but >>> they can't be considered absolutely safe. "Sandboxed" applications may >>> prompt for access to private data, such as your contacts, or for access to >>> the network. Think before granting that access. Sandbox security is based >>> on user input. Never click through any request for authorization without >>> thinking. >>> >>> 4. Starting with OS X 10.8.3, a third layer of protection has been added: a >>> "Malware Removal Tool" (MRT). MRT runs automatically in the background when >>> you update the OS. It checks for, and removes, malware that may have evaded >>> the other protections via a Java exploit (see below.) MRT also runs when >>> you install or update the Apple-supplied Java runtime (but not the Oracle >>> runtime.) Like XProtect, MRT is effective against known threats, but not >>> against unknown ones. It notifies you if it finds malware, but otherwise >>> there's no user interface to MRT. >>> >>> 5. The built-in security features of OS X reduce the risk of malware >>> attack, but they are not, and never will be, complete protection. Malware >>> is foremost a problem of human behaviour, and no technological fix alone is >>> going to solve it. Trusting software to protect you will only make you more >>> vulnerable. >>> >>> The best defense is always going to be your own intelligence. With the >>> possible exception of Java exploits, all known malware circulating on the >>> Internet that affects a fully-updated installation of OS X 10.6 or later >>> takes the form of so-called "Trojan horses," which can only have an effect >>> if the victim is duped into running them. The threat therefore amounts to a >>> battle of wits between you and Internet criminals. If you're better >>> informed than they think you are, you'll win. That means, in practice, that >>> you always stay within a safe harbor of computing practices. How do you >>> know when you're leaving the safe harbor? Below are some warning signs of >>> danger. >>> >>> Software from an untrustworthy source >>> >>> ☞ Software of any kind is distributed via BitTorrent, or Usenet, or on a >>> website that also distributes pirated music or movies. >>> >>> ☞ Software with a corporate brand, such as Adobe Flash Player, doesn't come >>> directly from the developer’s website. Do not trust an alert from any >>> website to update Flash, or your browser, or any other software. >>> >>> ☞ Rogue websites such as Softonic, Soft32, and CNET Download distribute >>> free applications that have been packaged in a superfluous "installer." >>> >>> ☞ The software is advertised by means of spam or intrusive web ads. Any ad, >>> on any site, that includes a direct link to a download should be ignored. >>> >>> Software that is plainly illegal or does something illegal >>> >>> ☞ High-priced commercial software such as Photoshop is "cracked" or "free." >>> >>> ☞ An application helps you to infringe copyright, for instance by >>> circumventing the copy protection on commercial software, or saving >>> streamed media for reuse without permission. All "YouTube downloaders" are >>> in this category, though not all are necessarily malicious. >>> >>> Conditional or unsolicited offers from strangers >>> >>> ☞ A telephone caller or a web page tells you that you have a “virus” and >>> offers to help you remove it. (Some reputable websites did legitimately >>> warn visitors who were infected with the "DNSChanger" malware. That >>> exception to this rule no longer applies.) >>> >>> ☞ A web site offers free content such as video or music, but to use it you >>> must install a “codec,” “plug-in,” "player," "downloader," "extractor," or >>> “certificate” that comes from that same site, or an unknown one. >>> >>> ☞ You win a prize in a contest you never entered. >>> >>> ☞ Someone on a message board such as this one is eager to help you, but >>> only if you download an application of his choosing. >>> >>> ☞ A "FREE WI-FI !!!" network advertises itself in a public place such as an >>> airport, but is not provided by the management. >>> >>> ☞ Anything online that you would expect to pay for is "free." >>> >>> Unexpected events >>> >>> ☞ A file is downloaded automatically when you visit a web page, with no >>> other action on your part. Delete any such file without opening it. >>> >>> ☞ You open what you think is a document and get an alert that it's "an >>> application downloaded from the Internet." Click Cancel and delete the >>> file. Even if you don't get the alert, you should still delete any file >>> that isn't what you expected it to be. >>> >>> ☞ An application does something you don't expect, such as asking for >>> permission to access your contacts, your location, or the Internet for no >>> obvious reason. >>> >>> ☞ Software is attached to email that you didn't request, even if it comes >>> (or seems to come) from someone you trust. >>> >>> I don't say that leaving the safe harbor just once will necessarily result >>> in disaster, but making a habit of it will weaken your defenses against >>> malware attack. Any of the above scenarios should, at the very least, make >>> you uncomfortable. >>> >>> 6. Java on the Web (not to be confused with JavaScript, to which it's not >>> related, despite the similarity of the names) is a weak point in the >>> security of any system. Java is, among other things, a platform for running >>> complex applications in a web page, on the client. That was always a bad >>> idea, and Java's developers have proven themselves incapable of >>> implementing it without also creating a portal for malware to enter. Past >>> Java exploits are the closest thing there has ever been to a Windows-style >>> virus affecting OS X. Merely loading a page with malicious Java content >>> could be harmful. >>> >>> Fortunately, client-side Java on the Web is obsolete and mostly extinct. >>> Only a few outmoded sites still use it. Try to hasten the process of >>> extinction by avoiding those sites, if you have a choice. Forget about >>> playing games or other non-essential uses of Java. >>> >>> Java is not included in OS X 10.7 and later. Discrete Java installers are >>> distributed by Apple and by Oracle (the developer of Java.) Don't use >>> either one unless you need it. Most people don't. If Java is installed, >>> disable it—not JavaScript—in your browsers. >>> >>> Regardless of version, experience has shown that Java on the Web can't be >>> trusted. If you must use a Java applet for a task on a specific site, >>> enable Java only for that site in Safari. Never enable Java for a public >>> website that carries third-party advertising. Use it only on well-known, >>> login-protected, secure websites without ads. In Safari 6 or later, you'll >>> see a lock icon in the left side of the address bar when visiting a secure >>> site. >>> >>> Stay within the safe harbor, and you’ll be as safe from malware as you can >>> practically be. The rest of this comment concerns what you should not do to >>> protect yourself. >>> >>> 7. Never install any commercial "anti-virus" (AV) or "Internet security" >>> products for the Mac, as they are all worse than useless. If you need to be >>> able to detect Windows malware in your files, use one of the free security >>> apps in the Mac App Store—nothing else. >>> >>> Why shouldn't you use commercial AV products? >>> >>> ☞ To recognize malware, the software depends on a database of known >>> threats, which is always at least a day out of date. This technique is a >>> proven failure, as a major AV software vendor has admitted. Most attacks >>> are "zero-day"—that is, previously unknown. Recognition-based AV does not >>> defend against such attacks, and the enterprise IT industry is coming to >>> the realization that traditional AV software is worthless. >>> >>> ☞ Its design is predicated on the nonexistent threat that malware may be >>> injected at any time, anywhere in the file system. Malware is downloaded >>> from the network; it doesn't materialize from nowhere. In order to meet >>> that nonexistent threat, commercial AV software modifies or duplicates >>> low-level functions of the operating system, which is a waste of resources >>> and a common cause of instability, bugs, and poor performance. >>> >>> ☞ By modifying the operating system, the software may also create >>> weaknesses that could be exploited by malware attackers. >>> >>> ☞ Most importantly, a false sense of security is dangerous. >>> >>> 8. An AV product from the App Store, such as "ClamXav," has the same >>> drawback as the commercial suites of being always out of date, but it does >>> not inject low-level code into the operating system. That doesn't mean it's >>> entirely harmless. It may report email messages that have "phishing" links >>> in the body, or Windows malware in attachments, as infected files, and >>> offer to delete or move them. Doing so will corrupt the Mail database. The >>> messages should be deleted from within the Mail application. >>> >>> An AV app is not needed, and cannot be relied upon, for protection against >>> OS X malware. It's useful, if at all, only for detecting Windows malware, >>> and even for that use it's not really effective, because new Windows >>> malware is emerging much faster than OS X malware. >>> >>> Windows malware can't harm you directly (unless, of course, you use >>> Windows.) Just don't pass it on to anyone else. A malicious attachment in >>> email is usually easy to recognize by the name alone. An actual example: >>> >>> London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe >>> >>> You don't need software to tell you that's a Windows trojan. Software may >>> be able to tell you which trojan it is, but who cares? In practice, there's >>> no reason to use recognition software unless an organizational policy >>> requires it. Windows malware is so widespread that you should assume it's >>> in every email attachment until proven otherwise. Nevertheless, ClamXav or >>> a similar product from the App Store may serve a purpose if it satisfies an >>> ill-informed network administrator who says you must run some kind of AV >>> application. It's free and it won't handicap the system. >>> >>> The ClamXav developer won't try to "upsell" you to a paid version of the >>> product. Other developers may do that. Don't be upsold. For one thing, you >>> should not pay to protect Windows users from the consequences of their >>> choice of computing platform. For another, a paid upgrade from a free app >>> will probably have all the disadvantages mentioned in section 7. >>> >>> 9. It seems to be a common belief that the built-in Application Firewall >>> acts as a barrier to infection, or prevents malware from functioning. It >>> does neither. It blocks inbound connections to certain network services >>> you're running, such as file sharing. It's disabled by default and you >>> should leave it that way if you're behind a router on a private home or >>> office network. Activate it only when you're on an untrusted network, for >>> instance a public Wi-Fi hotspot, where you don't want to provide services. >>> Disable any services you don't use in the Sharing preference pane. All are >>> disabled by default. >>> >>> 10. As a Mac user, you don't have to live in fear that your computer may be >>> infected every time you install software, read email, or visit a web page. >>> But neither can you assume that you will always be safe from exploitation, >>> no matter what you do. Navigating the Internet is like walking the streets >>> of a big city. It's as safe or as dangerous as you choose to make it. The >>> greatest harm done by security software is precisely its selling point: it >>> makes people feel safe. They may then feel safe enough to take risks from >>> which the software doesn't protect them. Nothing can lessen the need for >>> safe computing practices. >>> /End Quote from Linc Davis >>> --------------------------------------------- >>> Now, Apple Support and my added comments below: >>> Are you running Mavericks OS X 10.9.5 or Yosemite OS X 10.10.x? >>> >>> Do Macs really need Anti-virus protection? >>> >>> OS X - It's built to keep your Mac safe >>> <https://www.apple.com/au/osx/what-is/security.html> >>> >>> OS X Mavericks - Protect your Mac from malware >>> <http://support.apple.com/kb/PH14365> >>> >>> OS X Mavericks - Protect your Mac >>> <http://support.apple.com/kb/PH13730> >>> >>> About File Quarantine in OS X >>> <http://support.apple.com/kb/HT3662> >>> >>> About Security of OS X Yosemite >>> Tiny URL >>> http://tinyurl.com/oueejqa >>> >>> OS X already includes everything it needs to protect itself from viruses >>> and malware, and it's free. Apple recommends keeping your Mac updated with >>> software updates from Apple. Refer to the links above, which apply equally >>> to Mavericks as well as its predecessor. >>> >>> A much better question is "how should I protect my Mac": >>> >>> • Never install any product that claims to "speed up", "clean up", >>> "optimize", or "accelerate" your Mac. Without exception, they will do the >>> opposite. >>> >>> • Never install pirated or "cracked" software, software obtained from >>> dubious websites, or other questionable sources. Illegally obtained >>> software is almost certain to contain malware. >>> >>> • Don’t supply your password in response to a popup window requesting it, >>> unless you know what it is and the reason your credentials are required. >>> >>> • Don’t open email attachments from email addresses that you do not >>> recognize, or click links contained in an email: >>> • Most of these are scams that direct you to fraudulent sites that attempt >>> to convince you to disclose personal information. >>> • Such "phishing" attempts are the 21st century equivalent of a social >>> exploit that has existed since the dawn of civilization. Don’t fall for it. >>> >>> • Apple will never ask you to reveal personal information in an email. If >>> you receive an unexpected email from Apple saying your account will be >>> closed unless you take immediate action, just ignore it. If your iTunes or >>> App Store account becomes disabled for valid reasons, you will know when >>> you try to buy something or log in to this support site, and are unable to. >>> >>> • Don’t install browser extensions unless you understand their purpose. Go >>> to the Safari menu > Preferences > Extensions. If you see any extensions >>> that you do not recognize or understand, simply click the Uninstall button >>> and they will be gone. >>> >>> • Don’t install Java unless you are certain that you need it: >>> • Java, a non-Apple product, is a potential vector for malware. If you are >>> required to use Java, be mindful of that possibility. >>> • Disable Java in Safari > Preferences > Security. >>> • Despite its name JavaScript is unrelated to Java. No malware can infect >>> your Mac through JavaScript. It’s OK to leave it enabled. >>> >>> • Block browser popups: Safari menu > Preferences > Security > and check >>> "Block popup windows": >>> • Popup windows are useful and required for some websites, but popups have >>> devolved to become a common means to deliver targeted advertising that you >>> probably do not want. >>> • Popups themselves cannot infect your Mac, but many contain >>> resource-hungry code that will slow down Internet browsing. >>> • If you ever see a popup indicating it detected registry errors, that your >>> Mac is infected with some ick, or that you won some prize, it is 100% >>> fraudulent. Ignore it. >>> >>> • Ignore hyperventilating popular media outlets that thrive by promoting >>> fear and discord with entertainment products arrogantly presented as >>> "news". Learn what real threats actually exist and how to arm yourself >>> against them: >>> • The most serious threat to your data security is phishing. To date, most >>> of these attempts have been pathetic and are easily recognized, but that is >>> likely to change in the future as criminals become more clever. >>> >>> • OS X viruses do not exist, but intentionally malicious or poorly written >>> code, created by either nefarious or inept individuals, is nothing new. >>> >>> • Never install something without first knowing what it is, what it does, >>> how it works, and how to get rid of it when you don’t want it any more. >>> >>> • If you elect to use "anti-virus" software, familiarise yourself with its >>> limitations and potential to cause adverse effects, and apply the principle >>> immediately preceding this one. >>> • Most such utilities will only slow down and destabilise your Mac while >>> they look for viruses that do not exist, conveying no benefit whatsoever - >>> other than to make you "feel good" about security, when you should actually >>> be exercising sound judgment, derived from accurate knowledge, based on >>> verifiable facts. >>> >>> • Do install updates from Apple as they become available. No one knows more >>> about Macs and how to protect them than the company that builds them. >>> >>> Summary: Use common sense and caution when you use your Mac, just like you >>> would in any social context. There is no product, utility, or magic >>> talisman that can protect you from all the evils of mankind." >>> /End Quote >>> >>> Cheers, >>> Ronni >>> >>> 13-inch MacBook Air (April 2014) >>> 1.7GHz Dual-Core Intel Core i7, Turbo Boost to 3.3GHz >>> 8GB 1600MHz LPDDR3 SDRAM >>> 512GB PCIe-based Flash Storage >>> >>> OS X Yosemite 10.10.2 > -- The WA Macintosh User Group Mailing List -- > Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> > Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> > Settings & Unsubscribe - > <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug> -- The WA Macintosh User Group Mailing List -- Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> Settings & Unsubscribe - <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug>