Hi Ronni, Does this apply to iPhones on ios8, too?
Thank you, Michael Sent from my iPhone > On 28 Sep 2015, at 8:40 am, FW <whae...@iinet.net.au> wrote: > > Yes Ronni, I certainly will. It’s already archived. > Thanks. > > Cheers. > Walter > > ***************************************************** >> On 27 Sep 2015, at 17:37 , Ronda Brown <ro...@mac.com> wrote: >> >> Well... No... It's not really anti-virus software. >> But I do not recommend and have never recommended that Malwarebytes >> Anti-Malware software be installed on current OS X systems. >> >> Please read thoroughly all the documentation I posted in my last reply to >> the list. >> >> Cheers, >> Ronni >> Sent from Ronni's iPad4 >> >> >>> On 27 Sep 2015, at 4:46 pm, FW <whae...@iinet.net.au> wrote: >>> >>> Malwarebytes Anti-Malware is not really anti-virus software, is it Ronni ? >>> >>> Cheers >>> Walter >>> >>> *************************************************************************** >>> >>>> Begin forwarded message: >>>> >>>> From: Ronni Brown <ro...@mac.com> >>>> Subject: Re: Malwarebytes, anti-malware for Mac >>>> Date: 27 September 2015 13:18:50 GMT+8 >>>> To: WAMUG <wamug@wamug.org.au> >>>> Reply-To: wamug@wamug.org.au >>>> >>>> >>>>> On 27 Sep 2015, at 11:58 am, Graham Rabe <gra...@rabe.com.au> wrote: >>>>> >>>>> A week or two ago Peter Marks on ABC Breakfast with Fran Kelly advised >>>>> against installing any Apple virus protection software given that recent >>>>> security upgrades have made them largely redundant and they seem to cause >>>>> more problems than they claim to fix. >>>>> >>>>> Graham >>>>> >>>>> Sent from my iPad >>>> >>>> I agree! In my previous reply I only supplied the information about >>>> Malwarebytes anti-malware for Mac. >>>> >>>> Peter, Daniel & I have posted numerous times re: Do Macs need Anti-Virus >>>> programs. >>>> The short answer is NO. >>>> >>>> Below I quote from Linc Davis - Level 10 Apple Support Communities >>>> >>>> /Begin Quote from Linc Davis: >>>> Mac users often ask whether they should install "anti-virus" software. The >>>> answer usually given on ASC is "no." The answer is right, but it may give >>>> the wrong impression that there is no threat from what are loosely called >>>> "viruses." There is a threat, and you need to educate yourself about it. >>>> >>>> 1. This is a comment on what you should—and should not—do to protect >>>> yourself from malicious software ("malware") that circulates on the >>>> Internet and gets onto a computer as an unintended consequence of tYes >>>> Ronni, I certainly will. It’s already archived. > Thanks. > > Cheers. > Walter > > ***************************************************** >> On 27 Sep 2015, at 17:37 , Ronda Brown <ro...@mac.com> wrote: >> >> Well... No... It's not really anti-virus software. >> But I do not recommend and have never recommended that Malwarebytes >> Anti-Malware software be installed on current OS X systems. >> >> Please read thoroughly all the documentation I posted in my last reply to >> the list. >> >> Cheers, >> Ronni >> Sent from Ronni's iPad4 >> >> >>> On 27 Sep 2015, at 4:46 pm, FW <whae...@iinet.net.au> wrote: >>> >>> Malwarebytes Anti-Malware is not really anti-virus software, is it Ronni ? >>> >>> Cheers >>> Walter >>> >>> *************************************************************************** >>> >>>> Begin forwarded message: >>>> >>>> From: Ronni Brown <ro...@mac.com> >>>> Subject: Re: Malwarebytes, anti-malware for Mac >>>> Date: 27 September 2015 13:18:50 GMT+8 >>>> To: WAMUG <wamug@wamug.org.au> >>>> Reply-To: wamug@wamug.org.au >>>> >>>> >>>>> On 27 Sep 2015, at 11:58 am, Graham Rabe <gra...@rabe.com.au> wrote: >>>>> >>>>> A week or two ago Peter Marks on ABC Breakfast with Fran Kelly advised >>>>> against installing any Apple virus protection software given that recent >>>>> security upgrades have made them largely redundant and they seem to cause >>>>> more problems than they claim to fix. >>>>> >>>>> Graham >>>>> >>>>> Sent from my iPad >>>> >>>> I agree! In my previous reply I only supplied the information about >>>> Malwarebytes anti-malware for Mac. >>>> >>>> Peter, Daniel & I have posted numerous times re: Do Macs need Anti-Virus >>>> programs. >>>> The short answer is NO. >>>> >>>> Below I quote from Linc Davis - Level 10 Apple Support Communities >>>> >>>> /Begin Quote from Linc Davis: >>>> Mac users often ask whether they should install "anti-virus" software. The >>>> answer usually given on ASC is "no." The answer is right, but it may give >>>> the wrong impression that there is no threat from what are loosely called >>>> "viruses." There is a threat, and you need to educate yourself about it. >>>> >>>> 1. This is a comment on what you should—and should not—do to protect >>>> yourself from malicious software ("malware") that circulates on the >>>> Internet and gets onto a computer as an unintended consequence of the >>>> user's actions. It does not apply to software, such as keystroke loggers, >>>> that may be installed deliberately by an intruder who has hands-on access >>>> to the computer, or who has been able to log in to it remotely. That >>>> threat is in a different category, and there's no easy way to defend >>>> against it. >>>> >>>> The comment is long because the issue is complex. The key points are in >>>> sections 5, 6, and 10. >>>> >>>> OS X now implements three layers of built-in protection specifically >>>> against malware, not counting runtime protections such as execute disable, >>>> sandboxing, system library randomization, and address space layout >>>> randomization that may also guard against other kinds of exploits. >>>> >>>> 2. All versions of OS X since 10.6.7 have been able to detect known Mac >>>> malware in downloaded files, and to block insecure web plugins. This >>>> feature is transparent to the user. Internally Apple calls it "XProtect." >>>> >>>> The malware recognition database used by XProtect is automatically >>>> updated; however, you shouldn't rely on it, because the attackers are >>>> always at least a day ahead of the defenders. >>>> >>>> The following caveats apply to XProtect: >>>> >>>> ☞ It can be bypassed by some third-party networking software, such as >>>> BitTorrent clients and Java applets. >>>> >>>> ☞ It only applies to software downloaded from the network. Software >>>> installed from a CD or other media is not checked. >>>> >>>> As new versions of OS X are released, it's not clear whether Apple will >>>> indefinitely continue to maintain the XProtect database of older versions >>>> such as 10.6. The security of obsolete system versions may eventually be >>>> degraded. Security updates to the code of obsolete systems will stop being >>>> released at some point, and that may leave them open to other kinds of >>>> attack besides malware. >>>> >>>> 3. Starting with OS X 10.7.5, there has been a second layer of built-in >>>> malware protection, designated "Gatekeeper" by Apple. By default, >>>> applications and Installer packages downloaded from the network will only >>>> run if they're digitally signed by a developer with a certificate issued >>>> by Apple. Software certified in this way hasn't necessarily been tested by >>>> Apple, but you can be reasonably sure that it hasn't been modified by >>>> anyone other than the developer. His identity is known to Apple, so he >>>> could be held legally responsible if he distributed malware. That may not >>>> mean much if the developer lives in a country with a weak legal system >>>> (see below.) >>>> >>>> Gatekeeper doesn't depend on a database of known malware. It has, however, >>>> the same limitations as XProtect, and in addition the following: >>>> >>>> ☞ It can easily be disabled or overridden by the user. >>>> >>>> ☞ A malware attacker could get control of a code-signing certificate under >>>> false pretenses, or could simply ignore the consequences of distributing >>>> codesigned malware. >>>> >>>> ☞ An App Store developer could find a way to bypass Apple's oversight, or >>>> the oversight could fail due to human error. >>>> >>>> Apple has so far failed to revoke the codesigning certificates of some >>>> known abusers, thereby diluting the value of Gatekeeper and the Developer >>>> ID program. These failures don't involve App Store products, however. >>>> >>>> For the reasons given, App Store products, and—to a lesser extent—other >>>> applications recognized by Gatekeeper as signed, are safer than others, >>>> but they can't be considered absolutely safe. "Sandboxed" applications may >>>> prompt for access to private data, such as your contacts, or for access to >>>> the network. Think before granting that access. Sandbox security is based >>>> on user input. Never click through any request for authorization without >>>> thinking. >>>> >>>> 4. Starting with OS X 10.8.3, a third layer of protection has been added: >>>> a "Malware Removal Tool" (MRT). MRT runs automatically in the background >>>> when you update the OS. It checks for, and removes, malware that may have >>>> evaded the other protections via a Java exploit (see below.) MRT also runs >>>> when you install or update the Apple-supplied Java runtime (but not the >>>> Oracle runtime.) Like XProtect, MRT is effective against known threats, >>>> but not against unknown ones. It notifies you if it finds malware, but >>>> otherwise there's no user interface to MRT. >>>> >>>> 5. The built-in security features of OS X reduce the risk of malware >>>> attack, but they are not, and never will be, complete protection. Malware >>>> is foremost a problem of human behaviour, and no technological fix alone >>>> is going to solve it. Trusting software to protect you will only make you >>>> more vulnerable. >>>> >>>> The best defense is always going to be your own intelligence. With the >>>> possible exception of Java exploits, all known malware circulating on the >>>> Internet that affects a fully-updated installation of OS X 10.6 or later >>>> takes the form of so-called "Trojan horses," which can only have an effect >>>> if the victim is duped into running them. The threat therefore amounts to >>>> a battle of wits between you and Internet criminals. If you're better >>>> informed than they think you are, you'll win. That means, in practice, >>>> that you always stay within a safe harbor of computing practices. How do >>>> you know when you're leaving the safe harbor? Below are some warning signs >>>> of danger. >>>> >>>> Software from an untrustworthy source >>>> >>>> ☞ Software of any kind is distributed via BitTorrent, or Usenet, or on a >>>> website that also distributes pirated music or movies. >>>> >>>> ☞ Software with a corporate brand, such as Adobe Flash Player, doesn't >>>> come directly from the developer’s website. Do not trust an alert from any >>>> website to update Flash, or your browser, or any other software. >>>> >>>> ☞ Rogue websites such as Softonic, Soft32, and CNET Download distribute >>>> free applications that have been packaged in a superfluous "installer." >>>> >>>> ☞ The software is advertised by means of spam or intrusive web ads. Any >>>> ad, on any site, that includes a direct link to a download should be >>>> ignored. >>>> >>>> Software that is plainly illegal or does something illegal >>>> >>>> ☞ High-priced commercial software such as Photoshop is "cracked" or "free." >>>> >>>> ☞ An application helps you to infringe copyright, for instance by >>>> circumventing the copy protection on commercial software, or saving >>>> streamed media for reuse without permission. All "YouTube downloaders" are >>>> in this category, though not all are necessarily malicious. >>>> >>>> Conditional or unsolicited offers from strangers >>>> >>>> ☞ A telephone caller or a web page tells you that you have a “virus” and >>>> offers to help you remove it. (Some reputable websites did legitimately >>>> warn visitors who were infected with the "DNSChanger" malware. That >>>> exception to this rule no longer applies.) >>>> >>>> ☞ A web site offers free content such as video or music, but to use it you >>>> must install a “codec,” “plug-in,” "player," "downloader," "extractor," or >>>> “certificate” that comes from that same site, or an unknown one. >>>> >>>> ☞ You win a prize in a contest you never entered. >>>> >>>> ☞ Someone on a message board such as this one is eager to help you, but >>>> only if you download an application of his choosing. >>>> >>>> ☞ A "FREE WI-FI !!!" network advertises itself in a public place such as >>>> an airport, but is not provided by the management. >>>> >>>> ☞ Anything online that you would expect to pay for is "free." >>>> >>>> Unexpected events >>>> >>>> ☞ A file is downloaded automatically when you visit a web page, with no >>>> other action on your part. Delete any such file without opening it. >>>> >>>> ☞ You open what you think is a document and get an alert that it's "an >>>> application downloaded from the Internet." Click Cancel and delete the >>>> file. Even if you don't get the alert, you should still delete any file >>>> that isn't what you expected it to be. >>>> >>>> ☞ An application does something you don't expect, such as asking for >>>> permission to access your contacts, your location, or the Internet for no >>>> obvious reason. >>>> >>>> ☞ Software is attached to email that you didn't request, even if it comes >>>> (or seems to come) from someone you trust. >>>> >>>> I don't say that leaving the safe harbor just once will necessarily result >>>> in disaster, but making a habit of it will weaken your defenses against >>>> malware attack. Any of the above scenarios should, at the very least, make >>>> you uncomfortable. >>>> >>>> 6. Java on the Web (not to be confused with JavaScript, to which it's not >>>> related, despite the similarity of the names) is a weak point in the >>>> security of any system. Java is, among other things, a platform for >>>> running complex applications in a web page, on the client. That was always >>>> a bad idea, and Java's developers have proven themselves incapable of >>>> implementing it without also creating a portal for malware to enter. Past >>>> Java exploits are the closest thing there has ever been to a Windows-style >>>> virus affecting OS X. Merely loading a page with malicious Java content >>>> could be harmful. >>>> >>>> Fortunately, client-side Java on the Web is obsolete and mostly extinct. >>>> Only a few outmoded sites still use it. Try to hasten the process of >>>> extinction by avoiding those sites, if you have a choice. Forget about >>>> playing games or other non-essential uses of Java. >>>> >>>> Java is not included in OS X 10.7 and later. Discrete Java installers are >>>> distributed by Apple and by Oracle (the developer of Java.) Don't use >>>> either one unless you need it. Most people don't. If Java is installed, >>>> disable it—not JavaScript—in your browsers. >>>> >>>> Regardless of version, experience has shown that Java on the Web can't be >>>> trusted. If you must use a Java applet for a task on a specific site, >>>> enable Java only for that site in Safari. Never enable Java for a public >>>> website that carries third-party advertising. Use it only on well-known, >>>> login-protected, secure websites without ads. In Safari 6 or later, you'll >>>> see a lock icon in the left side of the address bar when visiting a secure >>>> site. >>>> >>>> Stay within the safe harbor, and you’ll be as safe from malware as you can >>>> practically be. The rest of this comment concerns what you should not do >>>> to protect yourself. >>>> >>>> 7. Never install any commercial "anti-virus" (AV) or "Internet security" >>>> products for the Mac, as they are all worse than useless. If you need to >>>> be able to detect Windows malware in your files, use one of the free >>>> security apps in the Mac App Store—nothing else. >>>> >>>> Why shouldn't you use commercial AV products? >>>> >>>> ☞ To recognize malware, the software depends on a database of known >>>> threats, which is always at least a day out of date. This technique is a >>>> proven failure, as a major AV software vendor has admitted. Most attacks >>>> are "zero-day"—that is, previously unknown. Recognition-based AV does not >>>> defend against such attacks, and the enterprise IT industry is coming to >>>> the realization that traditional AV software is worthless. >>>> >>>> ☞ Its design is predicated on the nonexistent threat that malware may be >>>> injected at any time, anywhere in the file system. Malware is downloaded >>>> from the network; it doesn't materialize from nowhere. In order to meet >>>> that nonexistent threat, commercial AV software modifies or duplicates >>>> low-level functions of the operating system, which is a waste of resources >>>> and a common cause of instability, bugs, and poor performance. >>>> >>>> ☞ By modifying the operating system, the software may also create >>>> weaknesses that could be exploited by malware attackers. >>>> >>>> ☞ Most importantly, a false sense of security is dangerous. >>>> >>>> 8. An AV product from the App Store, such as "ClamXav," has the same >>>> drawback as the commercial suites of being always out of date, but it does >>>> not inject low-level code into the operating system. That doesn't mean >>>> it's entirely harmless. It may report email messages that have "phishing" >>>> links in the body, or Windows malware in attachments, as infected files, >>>> and offer to delete or move them. Doing so will corrupt the Mail database. >>>> The messages should be deleted from within the Mail application. >>>> >>>> An AV app is not needed, and cannot be relied upon, for protection against >>>> OS X malware. It's useful, if at all, only for detecting Windows malware, >>>> and even for that use it's not really effective, because new Windows >>>> malware is emerging much faster than OS X malware. >>>> >>>> Windows malware can't harm you directly (unless, of course, you use >>>> Windows.) Just don't pass it on to anyone else. A malicious attachment in >>>> email is usually easy to recognize by the name alone. An actual example: >>>> >>>> London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe >>>> >>>> You don't need software to tell you that's a Windows trojan. Software may >>>> be able to tell you which trojan it is, but who cares? In practice, >>>> there's no reason to use recognition software unless an organizational >>>> policy requires it. Windows malware is so widespread that you should >>>> assume it's in every email attachment until proven otherwise. >>>> Nevertheless, ClamXav or a similar product from the App Store may serve a >>>> purpose if it satisfies an ill-informed network administrator who says you >>>> must run some kind of AV application. It's free and it won't handicap the >>>> system. >>>> >>>> The ClamXav developer won't try to "upsell" you to a paid version of the >>>> product. Other developers may do that. Don't be upsold. For one thing, you >>>> should not pay to protect Windows users from the consequences of their >>>> choice of computing platform. For another, a paid upgrade from a free app >>>> will probably have all the disadvantages mentioned in section 7. >>>> >>>> 9. It seems to be a common belief that the built-in Application Firewall >>>> acts as a barrier to infection, or prevents malware from functioning. It >>>> does neither. It blocks inbound connections to certain network services >>>> you're running, such as file sharing. It's disabled by default and you >>>> should leave it that way if you're behind a router on a private home or >>>> office network. Activate it only when you're on an untrusted network, for >>>> instance a public Wi-Fi hotspot, where you don't want to provide services. >>>> Disable any services you don't use in the Sharing preference pane. All are >>>> disabled by default. >>>> >>>> 10. As a Mac user, you don't have to live in fear that your computer may >>>> be infected every time you install software, read email, or visit a web >>>> page. But neither can you assume that you will always be safe from >>>> exploitation, no matter what you do. Navigating the Internet is like >>>> walking the streets of a big city. It's as safe or as dangerous as you >>>> choose to make it. The greatest harm done by security software is >>>> precisely its selling point: it makes people feel safe. They may then feel >>>> safe enough to take risks from which the software doesn't protect them. >>>> Nothing can lessen the need for safe computing practices. >>>> /End Quote from Linc Davis >>>> --------------------------------------------- >>>> Now, Apple Support and my added comments below: >>>> Are you running Mavericks OS X 10.9.5 or Yosemite OS X 10.10.x? >>>> >>>> Do Macs really need Anti-virus protection? >>>> >>>> OS X - It's built to keep your Mac safe >>>> <https://www.apple.com/au/osx/what-is/security.html> >>>> >>>> OS X Mavericks - Protect your Mac from malware >>>> <http://support.apple.com/kb/PH14365> >>>> >>>> OS X Mavericks - Protect your Mac >>>> <http://support.apple.com/kb/PH13730> >>>> >>>> About File Quarantine in OS X >>>> <http://support.apple.com/kb/HT3662> >>>> >>>> About Security of OS X Yosemite >>>> Tiny URL >>>> http://tinyurl.com/oueejqa >>>> >>>> OS X already includes everything it needs to protect itself from viruses >>>> and malware, and it's free. Apple recommends keeping your Mac updated with >>>> software updates from Apple. Refer to the links above, which apply equally >>>> to Mavericks as well as its predecessor. >>>> >>>> A much better question is "how should I protect my Mac": >>>> >>>> • Never install any product that claims to "speed up", "clean up", >>>> "optimize", or "accelerate" your Mac. Without exception, they will do the >>>> opposite. >>>> >>>> • Never install pirated or "cracked" software, software obtained from >>>> dubious websites, or other questionable sources. Illegally obtained >>>> software is almost certain to contain malware. >>>> >>>> • Don’t supply your password in response to a popup window requesting it, >>>> unless you know what it is and the reason your credentials are required. >>>> >>>> • Don’t open email attachments from email addresses that you do not >>>> recognize, or click links contained in an email: >>>> • Most of these are scams that direct you to fraudulent sites that attempt >>>> to convince you to disclose personal information. >>>> • Such "phishing" attempts are the 21st century equivalent of a social >>>> exploit that has existed since the dawn of civilization. Don’t fall for it. >>>> >>>> • Apple will never ask you to reveal personal information in an email. If >>>> you receive an unexpected email from Apple saying your account will be >>>> closed unless you take immediate action, just ignore it. If your iTunes or >>>> App Store account becomes disabled for valid reasons, you will know when >>>> you try to buy something or log in to this support site, and are unable to. >>>> >>>> • Don’t install browser extensions unless you understand their purpose. Go >>>> to the Safari menu > Preferences > Extensions. If you see any extensions >>>> that you do not recognize or understand, simply click the Uninstall button >>>> and they will be gone. >>>> >>>> • Don’t install Java unless you are certain that you need it: >>>> • Java, a non-Apple product, is a potential vector for malware. If you are >>>> required to use Java, be mindful of that possibility. >>>> • Disable Java in Safari > Preferences > Security. >>>> • Despite its name JavaScript is unrelated to Java. No malware can infect >>>> your Mac through JavaScript. It’s OK to leave it enabled. >>>> >>>> • Block browser popups: Safari menu > Preferences > Security > and check >>>> "Block popup windows": >>>> • Popup windows are useful and required for some websites, but popups have >>>> devolved to become a common means to deliver targeted advertising that you >>>> probably do not want. >>>> • Popups themselves cannot infect your Mac, but many contain >>>> resource-hungry code that will slow down Internet browsing. >>>> • If you ever see a popup indicating it detected registry errors, that >>>> your Mac is infected with some ick, or that you won some prize, it is 100% >>>> fraudulent. Ignore it. >>>> >>>> • Ignore hyperventilating popular media outlets that thrive by promoting >>>> fear and discord with entertainment products arrogantly presented as >>>> "news". Learn what real threats actually exist and how to arm yourself >>>> against them: >>>> • The most serious threat to your data security is phishing. To date, most >>>> of these attempts have been pathetic and are easily recognized, but that >>>> is likely to change in the future as criminals become more clever. >>>> >>>> • OS X viruses do not exist, but intentionally malicious or poorly written >>>> code, created by either nefarious or inept individuals, is nothing new. >>>> >>>> • Never install something without first knowing what it is, what it does, >>>> how it works, and how to get rid of it when you don’t want it any more. >>>> >>>> • If you elect to use "anti-virus" software, familiarise yourself with its >>>> limitations and potential to cause adverse effects, and apply the >>>> principle immediately preceding this one. >>>> • Most such utilities will only slow down and destabilise your Mac while >>>> they look for viruses that do not exist, conveying no benefit whatsoever - >>>> other than to make you "feel good" about security, when you should >>>> actually be exercising sound judgment, derived from accurate knowledge, >>>> based on verifiable facts. >>>> >>>> • Do install updates from Apple as they become available. No one knows >>>> more about Macs and how to protect them than the company that builds them. >>>> >>>> Summary: Use common sense and caution when you use your Mac, just like you >>>> would in any social context. There is no product, utility, or magic >>>> talisman that can protect you from all the evils of mankind." >>>> /End Quote >>>> >>>> Cheers, >>>> Ronni >>>> >>>> 13-inch MacBook Air (April 2014) >>>> 1.7GHz Dual-Core Intel Core i7, Turbo Boost to 3.3GHz >>>> 8GB 1600MHz LPDDR3 SDRAM >>>> 512GB PCIe-based Flash Storage >>>> >>>> OS X Yosemite 10.10.2 >> -- The WA Macintosh User Group Mailing List -- >> Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> >> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> >> Settings & Unsubscribe - >> <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug> > > -- The WA Macintosh User Group Mailing List -- > Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> > Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> > Settings & Unsubscribe - > <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug> -- The WA Macintosh User Group Mailing List -- Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> Settings & Unsubscribe - <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug>