AV for Mac

This topic was created by Dewix .

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    AV for Mac

    Mother-in-law has managed to get malware on her Mac.

    Anyone recommend a no fuss AV?

    1. dogged
      Trollface

      Re: AV for Mac

      You should put linux on it because there are no linux viruses.

      (Hey, somebody's going to say this without a trollface and we all know it).

      1. Matt Bryant Silver badge
        Happy

        Re: Dogged Re: AV for Mac

        I'm just waiting for Dick Plinston to come along and insist it's because she let a Windoze admin near it....

        Malware is driven by greed, not OS fanboism, and does not care what OS you are running.

      2. dogged

        Re: AV for Mac

        Nobody said it but somebody downvoted because they were just about to...

      3. Anonymous Coward
        Anonymous Coward

        Re: AV for Mac

        >You should put linux on it because there are no linux viruses

        if you don't mind a cure that's worse than the disease, that is.

    2. Phil O'Sophical Silver badge
      Coat

      Re: AV for Mac

      Mother-in-law has managed to get malware on her Mac. Anyone recommend a no fuss AV?

      You could try something like this

      Or were you looking for something for the Mac?

    3. Chris 3

      Re: AV for Mac

      I suppose the first question that I should ask is - what are the symptoms and what makes you think it's malware? I've seen a few occasions when people have suspected malware and it turned out to be something else - so what is the machine doing?

    4. DerekCurrie
      Holmes

      Re: AV for Mac

      "Anyone recommend a no fuss AV?"

      Actually answering the question, here are my recommendations:

      Freeware:

      1) ClamXav is the most complete AV of the free options. The only drawback has been the annoying trend of the ClamAV project to shove detection of Mac malware behind detection of Windows malware.

      2) Sophos Anti-Virus is fine. They're a good company, contributing a lot to the Mac community.

      Shareware:

      1) Intego: VirusBarrier is the best. This is the one I consistently find to be on top of all Mac malware. Their software is great. Their updates are frequent. The cost is worth it if you have a person who can't help but pick up malware. Set it up to run in the background 24/7. It doesn't eat much CPU time after the initial scan. Intego is also a terrific contributor to the Mac AV community.

      Avoid:

      - Symantec anything. Norton has frequently been terrible on Mac. Symantec has consistently resented the Mac and Mac users.

      - MacKeeper: Total garbage from a garbage company, IMHO of course.

      - iAnti-Virus: It's been neglected to the point of being dangerous.

      OK:

      - F-Secure. Plenty of friends like their AV. F-Secure, like Sophos and Intego, contribute a lot of work to the Mac AV community.

      NOTE: The most basic and critical method for dealing with malware is to have backups of the machine, one local and one off-site (such as in the 'cloud'). Recall that the #1 Rule of Computing is: Make A Backup. If you don't, you get what you deserve. Not kidding. It's that critical.

      https://Mac-Security.blogspot.com

  2. Dan 55 Silver badge
    Pirate

    Avast!

    Although I've never had it actually report a virus apart from some JavaScript on a web page, so that means it's either working or not working at all.

    Doesn't need any interaction once set up and thankfully far less spammy than its Windows counterpart.

  3. Steve Powell 1

    Intego

    We run it on al our macs. Seems painless and haven't been infected as yet (even our teenage daughters laptop that frequents the most unwashed corners of the torrent sites that seem to be mainstay of teenage life)

    1. cheveron

      Re: Intego

      Another vote for Intego. If you're doing admin for your whole family the five machine small business license is worth getting.

  4. Tim Roberts 1

    mac virus?

    As far as I'm aware, and I'd be happy to be corrected, there has never been a virus that has affected macs. Trojans are quite another thing, and there have been a few of these.

    Back on topic, I use Mackeeper. It has some nice features, and in my opinion is worth the money. I have read that one should beware of similar sounding names such as Mac Protector, Mac Security, Mac Guard, and Mac Shield.

    To set the record straight I do not work for Zeobit or sell Mackeeper, and it has been rightly criticised for heavy handed marketing and "misleading advertising"

    Here's a recent review (Jan 2014)which is quite positive

    http://macnetized.com/no-fluff-mackeeper-review-is-it-worth-it/

    1. stu 4

      Re: mac virus?

      Mac keeper is a piece of malware shite itself.

      Installs stuff all over the place including undocumented daemons, uninstalled still leaves stuff.

      And they use all the malware ad practices ' your machine is infected click here' etc to get installs.

      Why anyone in there right mind would use it is beyond me.

      And the one positive review seems to me to either be in their pocket or just a naive idiot of a reporter.

    2. Dan 55 Silver badge
  5. Financegozu

    Install the free Sophos AV for home users ...

    ... and scan and clean the harddisk. Next install adblock, clicktoflash and Abine DoNotTrack as safery measure.

    1. jai

      Re: Install the free Sophos AV for home users ...

      +1 for Sophos. Have it on all of mine - seems to run nice and quitely in the background, routinely picks up malware in email attachements and zaps them, never hear from it the rest of the time. and it's free, but uses the same virus definitions as the paid-for windows software does

    2. apr1985

      Re: Install the free Sophos AV for home users ...

      +1 For the Sophos AV as they are an international company protecting millions of companies, with many threat reaseachers, and its FREE :)

      1. Anonymous Coward
        Anonymous Coward

        Sophos + F-Secure

        +1 for Sophos.

        Sophos have had a free Mac antivirus client ('endpoint' in Sophos speak) for quite some time, which receives all of their usual definition updates daily - mine is picking up large volumes of Windows malware which turns up in my email Spam folder (...filtered there by SpamAssassin...).

        I don't see any performance impact from this client. I tried the Intego client a long time back, but wasn't entirely satisfied with it. Don't recall now what it was that I didn't like.

        Its also worth considering that F-Secure now have a Mac client. They are a fairly reliable company for security products - I used to use F-Secure on all our machines until I got the Mac and found that they didn't, at that time, support Macs.

        http://www.f-secure.com/en/web/home_global/anti-virus-for-mac

    3. Michael Thibault

      Re: Install the free Sophos AV for home users ...

      And don't forget to uninstall Sophos, with prejudice, then install clamXav and configure its sentry to stand guard.

  6. Dilbert1969

    ClamX AV

    http://www.clamxav.com/

    1. Dan 55 Silver badge

      Re: ClamX AV

      It needs hand holding, no good for mother-in-laws.

  7. Anonymous Coward
    Anonymous Coward

    Impossible.

    If I learned anything from Apple conferences, it's that.

    Apple products are secure and never get viruses and malware.

    Android has a massive fragmentation problem and I shouldn't buy them.

    1. stu 4

      Wrong

      Malware is everywhere.

      Try latest free utorrent. It has 3 separate bundles of adware malware goodness in the form of tracking ad bars, etc.

      Each requiring fun and games to remove.

      1. Ben Holmes

        Re: Wrong

        Seconded. It took me chuffing ages to get rid of the Search crap that came down with the latest install of uTorrent I did. Yes, it was my fault for being a bit click happy through the install screens, but my god that stuff wouldn't let go. Hijacked the Search functions in Firefox and Safari, and it wouldn't let go of Safari for love nor money.

        Never again.

    2. Al fazed

      Re: Impossible.

      For a long time MAC the company promoted the idea that MACs were invulnerable, this was in view of thousands of users and administrators contacting MAC tech support asking for help with, what turned out to be .... a virus.

      It isn't necessarily the MAC OS that becomes infected. The software a user uses can become infected during use.

      1. Scott Wheeler

        Re: Impossible.

        Al fazed:

        The computer is a Mac (i.e. Macintosh) not a MAC. The company is Apple, not MAC. Given this level of knowledge, perhaps you'll understand if I ask for a source for your assertion that:

        > thousands of users and administrators contacting MAC tech support asking for help with, what turned out to be .... a virus.

        Are you perhaps thinking of other forms of malware, such as a Trojan?

    3. DerekCurrie
      Holmes

      Re: Impossible.

      What?

      "Apple products are secure and never get viruses and malware."

      NO. As a Mac security expert I have to point out that Macs have had over 100 malware since the birth of OS X. Technically, none of them have been actual viruses. But 'virus' has been wrongly shoved into the vernacular to mean all malware. Actual Mac malware has mostly been Trojan horses with a few drive-by infections thanks to stupid Oracle Java and stupid Adobe Flash, AIR, Shockwave and Reader. I personally suggest not installing Java or Adobe freeware unless forced to. Apple has been reasonably on top of security flaws in its own software, the worst of which has been QuickTime. Apple uses their XProtect and Gateway technologies to help keep their users free of malware. But don't count on Apple being perfect, just the best.

      As for iOS, there have been a couple bone fide malware that made their way onto the Apple iTunes App Store, both yanked by Apple and unavailable. There have been a couple proof-of-concept malware as well, also pulled by Apple. All remaining malware for iOS is specific to jailbroken devices, in which case you're on your own anyway, no sympathy.

      https://Mac-Security.blogspot.com

  8. Anonymous Coward
    Anonymous Coward

    Sophos gives about free Mac AV, normally their stuff is restricted to business and education. But it's a good bit of free AV with decent detection and doesn't nag you to upgrade to a 'premium' edition all the time

  9. Infury8r

    Does she bank at Barclays?

    If so she can get Kaspersky for free. 3x licences. Mac/Windows mix.

  10. Karl Vegar

    One fix to do it all for every Apple iProduct

    Thermite!

    Apply and ignite outdoors.

  11. Barry Tabrah

    The obvious cause

    Reboot back to OSX and remove the dual boot Windows partition.

  12. Chas

    1. Use a decent router with a Stateful Packet Inspection firewall.

    2. Make sure Gatekeeper is on.

    3. Don't run day-to-day on an admin account.

    4. LIttle Snitch.

    5. ClamXAV.

    Rather than clean them up after they've got in, the idea is not to let the buggers in in the first place.

    1. Anonymous Coward
      Anonymous Coward

      1. True - should run as always irrespective of OS used behind it, but I've never seen OSX malware infections creep in like this per se (as others have said, true viruses and worms are light on the ground) - the vast majority are drive-bys, 'free stuff' posing as something else, blah blah. Good practise obvs but I wouldn't flag an SPI firewall as being a specific salve for OSX. I run one anyhow though since that's just the right thing to do in most cases

      2. Turn Gatekeeper on and you lose ability to install hundreds of awesome 3rd party apps, trapping yourself in Apple's store - simply because the developer won't play their game (for good reasons)

      3. This is the only piece of advice on your list I'd concur with. But same applies for all operating systems for obvious reasons

      4. Isn't there an application firewall already in OSX from the Lions onward? I don't see any point disabling that or replacing it

      5. ClamXAV isn't real-time - if your idea is to stop buggers getting in in the first place, then this is a chocolate hammer. Sophos runs real time and, IMHO, doesn't chew up resources on well-configured and maintained OSX installs. YMMV I guess.

      In my (now) long experience with OSX, I've found all the security basics that apply to any OS have kept me and machines of those I help, clean:

      Don't run on an admin account. DON'T give the admin credentials to kids, less competents, etc

      Run AV - yes yes yes, you can probably get away with it, but those days are slowing ending

      Keep it patched - you'd be surprised how many OSX machines I come across with 300MB - 1GB of updates waiting in the wings

      Get rid of Java if you don't use it

      1. Anonymous Coward
        Anonymous Coward

        <----

        Oh yeah, and configure a browser well with good security plugins to prevent curious fingers from welcome an infection on the promise of a free iPad.

      2. Anonymous Coward
        Anonymous Coward

        You can leave Gatekeeper on and still install non-App Store software by secondary-clicking (OK, OK, "right-clicking") the installer file:

        http://www.bu.edu/infosec/howtos/bypass-gatekeeper-safely/

      3. Ilsa Loving

        Clarification on Gatekeeper

        While Gatekeeper will bring up a dialog box warning about the evils of unsigned non-app-store applications, you CAN still run 3rd party applications. All you have to do is right-click on the application and choose open, the very first time you open it. It will ask the usual 'are you sure?', after which it will open like normal.

    2. Anonymous Coward
      Anonymous Coward

      Re: "Use a decent router with a Stateful Packet Inspection firewall"

      Yeah, right. Like that's going to be able to do anything about the malware downloaded via a click in HTTPS (e.g. gmail) or on an E-mail downloaded through IMAPS.

      "Rather than clean them up after they've got in, the idea is not to let the buggers in in the first place."

      Unfortunately, Mother-in-law is bound to click on flashing links that say "Your Mac is running slow, click OK to repair"

      1. Anonymous Coward
        Anonymous Coward

        Re: "Use a decent router with a Stateful Packet Inspection firewall"

        Unfortunately, Mother-in-law is bound to click on flashing links that say "Your Mac is running slow, click OK to repair"

        You can fix that by giving her a standard account instead of one with admin rights, and lock down anything but from the App shop.

        First of all, you need to identify what the real problem is - the original post was a tad too terse.

        Next, try to install Carbon Copy Cloner so you can take a dump of the entire machine, alternatively, scrape at least all the data off it

        Then rebuild the machine from the recovery partition, and when I say rebuild, I mean zap the partition and start from scratch, then start the app store and pull everything in you bought, then install only software you trust.

        Next, create a non-admin account for the user. If you want, you can add something like teamviewer for remote support so you can log in and fix things, but the user should be blocked from doing dumb things. It's either that or they're on their own - I suspect that this is the cause of your problem in the first place

        Also install a good filter like Little Snitch or even Hands Off! which can also block disk access

        Consider an anti-virus product

        Restore all data

        Last but not least, make another Carbon Copy Backup so you have a build in case things go south regardless.

        Good luck.

    3. Bloakey1

      <snip>

      4. LIttle Snatch

      <snip>

      There you go I fixed that for you and number 5 the clam naturally segues <sic>.

      I would go for Avast as it is easy peesie, can easily be used by a naive user and does not constantly annoy or come with a plethora of rubbish such as Ask Bertie Wooster tool bars..

  13. Andy Taylor

    OS version?

    The OP doesn't mention which version of OS X is in use, I suggest backing up, erase and re-install latest OS then manual restore of documents and photos (Don't use Time Machine as it will probably put the malware back).

    I agree, MacKeeper is evil. When you try and uninstall, it keeps trying to get you to change your mind. Nasty, insidious pile of crap.

    1. Mark Allen

      Re: OS version?

      The lack of old OS Version support in AV products for a Mac can be a headache. I have one client who is using an old Apple Mac stuck on OS 10.5 with no upgrade options. As he tends to spend a little too much time on dodgy sites the only way we've found of keeping him clear of viruses is good backups. A total reset seems to be the only simple way out of problems he walks into.

  14. Quentin North

    Sophos AV works well, but there is a performance hit

    We use Sophos AV and it works well. There is a free version for home use. As with all A/V there is a performance hit but on new Macs, especially those with SSDs, you won't notice it.

  15. rh587 Silver badge

    Didn't know Sophos had a Mac offering.

    Avast! have a free Mac offering for Home usage, and I've used ClamXAV as well in the past, though Avast! is probably more Mother-In-Law friendly.

  16. Archivist

    ESET

    I'll respond even though I think the OP seems a bit provocative. Who knows what bit of malware we are dealing with. No ant-malware software can protect against STUPID, and most attacks do use social engineering nowadays so exploit stupidity or gullibility.

    For reference we use the cross-platform ESET (yes even on Linux). Less overhead than most of it's peers and no complaints after 4 years of use.

    1. Mayhem

      Re: ESET

      I was going to ask if anyone used Eset for macs - I really like the plain nod32 AV on Windows, and knew there was a linux variant as well.

      Reliable, low resource use, and basically invisible to the end user. All you ever want.

      1. pacmantoo
        Thumb Up

        Re: ESET

        Yes we use NOD32 both for Windows and OSX. Easier to use than ClamXAV. Added bonus in an LAN that you can monitor both Mac and Windows clients on the same console. We have found that NOD will find malware that Sophos has let slip through - but nothing is bullet proof!

  17. Dieter Haussmann

    Without further info..

    Install Mavericks, fully patch.

    Move the bad app and anything not useful to the Trash.

    Remove anything dodgy listed in Apple Menu>System Preferences>Users&Groups>Startup Items

    Delete anything suspect in :

    ~/Library/Launchagents

    ~/Library/Launchdeamons

    /Library/Launchagents

    /Library/Launchdeamons

  18. Anonymous Coward
    Happy

    Thanks everyone!

    Sorry couldn't give you much on details.

    Was asked to look at her slow/twitchy Mac book the weekend before getting married, so forgive me for not remembering the OS version or what malware it was.

    It was spyware with an auto-installer, which was easy enough to remove, if you follow steps found on the good ol' web.

    With paranoia and prevention in mind I tried Commodo. It really does not work well.

    I'll be popping around in 2 weeks, so I'll keep you all posted.

  19. rm -rf *.*
    Happy

    +1 for Sophos

    I use it for mine and my 76 y.o. father's Macs.

    Free, easy to set up and forget. Automatically updates itself and runs quietly in the background. No major performance hit seen thus far, but YMMV, depending on the age of the system and its condition.

    Also, preventing the malware in the first place is BEST.

    1. Disable Java plugins from all browsers as someone said before. Disable all unneeded plugins to reduce the "attack footprint".

    2. I personally prefer to run Ffx with no java/flash and rely on HTML5 for videos/YouTube, etc.

    3. I have my Pops on Chrome for its built-in Flash and PDF reader plugins, plus its automatic updates of both when needed without intervention. Then I added WOT and ABP to the mix and he's fine. Show her how to use things like WOT (Web of Trust) or similar, so she can avoid clicking on malware-baited search results.

    1. pacmantoo

      Re: +1 for Sophos

      Surely browse with Firefox - once you explain what No Script is!

  20. Tweets

    I use Kaspersky and it appears to do a good job. At least no additional bars or rubbish to clog the mac up...

  21. Rhomboid
    Pint

    Sound advice

    Congrats on tying the knot Dewix,

    From the info you did provide, to save yourself a world of hurt in the long haul, (I'm sure someone's speech at your wedding reminded you that her family are now your family)

    as a bare minimum follow the sound advice from several other posters above:

    1. Don't waste time fixing up every thing, go for a fresh install (time allocation: 2 pints +? for installing apps)

    2. Harden her preferred browser with the suggestions by the venerable rm -rf *.*, ghostery and self-destructing cookies also recommended to minimise her browser slow down and reduce future attack vectors. If she likes watching the occasional cat video on youtube, add https://www.youtube.com/html5 to her bookmarks.

    (time allocation: 1 pint)

    3. Change her user account to remove useless start up apps and remove admin privileges.

    4. Setup remote management so you can do future maintenance from home via VNC (3&4: time allocation 1 pint)

    5. Use carbon copy cloner to make a fully functional back up, so no matter what happens you never have to sit around your inlaws drinking pints on sunday afternoon unless mandated by law. (time allocation: Sunday Roast)

    As several people have mentioned, AV on it's own isn't worth a whole lot and probably won't save you from tech support emergencies during an FA cup final.

  22. Aaron 10

    All her data is already backed up with Time Machine, right? (If not, you are at fault for not showing her this painless way to back up her files.)

    Restart her Mac folding Command-R and restore the computer from the Internet. Fresh OS, hard drive erased. After the install, restore the files from Time Machine. (Once again, automated and easy.) Done.

    https://www.apple.com/osx/recovery/

    1. Andy Taylor

      Restoring from Time Machine is quite likely to reintroduce the malware, so I don't recommend it.

      Best option is erase then a manual restore of user's files and applications.

  23. AndrewDH

    I would recommend Avast. I have it on my MAC's and it does not intrude from performance standpoint and it isn't overly chatty either.

    I would also recommend that you ensure that the App Store update service is enabled by default. Ideally you should also do this for any non App store apps as well.

  24. Anonymous Coward
    Anonymous Coward

    Hmmmm

    Switch to Windows. :-)

  25. Anonymous Coward
    Stop

    Update!

    The mother-in-law said no.

    To everything and anything.

    Shes happy for us (father-in-law & me) to fix things when it goes wrong, but don't touch it while the Mac is working.

    Thank you for your advice guys.

    I'm sure I'll be using it in the future...

This topic is closed for new posts.