The computer and software security thread

[buksida]

Avast also offer AV software for Macs, works well in the Windows environment:
http://www.avast.com/free-antivirus-mac

[Petrus]

what about anti-malware for MAC, what do you recommend?

[buksida]

I dont use Mac so I cant, you'll have to wait for someone that does to make a recommendation ...

This maybe of interest to Gmail users:
Email security tends to be one of the most vulnerable links in the digital chain when it comes to the dissemination of computer viruses and malware. Google this week said it will alert its users when it suspects that they may be the target of a state-sponsored cyber-attack.

The company did not reveal how or why it determines an attack to be "state-sponsored" but their warning message, which will appear the top of the Chrome browser or Gmail account, is stark: "Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer."

The announcement comes just a week after web security analysts discovered Flame, invasive data mining malware that had been spying on computers in the Middle East, predominantly Iran. It has been widely speculated that the Flame malware was sponsored by the same entity that commissioned the Stuxnet worm which attacked Iranian centrifuges in 2010. (See Stuxnet raises virus stakes, Asia Times Online, October 2, 2010.)

Google stated that users who get the warning haven't necessarily been targeted by a government or rogue organization of hackers, but they should update their software patches, browsers and change their passwords as a precaution.

Following in the footsteps of Hotmail, Gmail already employs heavy spam filtration which often results in the loss of genuine messages. The new warning, although necessary in today's digital world, raises the questions of security and efficiency regarding free cloud-based, advertising driven email accounts that are now becoming the targets of state sponsored cyber attacks.

http://atimes.com/atimes/Global_Economy/NF09Dj02.html

[Petrus]

Ok so i installed AVAST and ran a full scan on my IMAC, it found immediately an infection that SOPHOS had never detected :
/Volumes/SYSTEM/pagefile.sys
However the mac seems to be running quite slowly after installing AVAST, especially the web browsing
Do you think it s because i am running both avast and sophos at the same time? Shall i uninstall sophos?
Thanks for your advice, most appreciated

[JuiceLover]

Petrus,
yes uninstall the Sophos.
I'd be surprised if you'll find any disguised creatures at all.
- - - - -

[buksida]

Ok so i installed AVAST and ran a full scan on my IMAC, it found immediately an infection that SOPHOS had never detected :
/Volumes/SYSTEM/pagefile.sys
:

pagefile.sys is a Windows file, it is used to manage virtual memory and is harmless.

You should not be running two antivirus programs at the same time.

[Pleng]

but it was found on a mac, so could well be a malicious file

[buksida]

Not if he is running virtual Windows, then it would be perfectly normal - more info would be handy.

[Petrus]

Yes i am running a virtual Windows on my MAC with Boot Camp Partition. (need it because unfortunately some Thai banks i-banking is still only accessible trough internet explorer )
So pagefile.sys is just an innocent Windows file, it was left alone by SOPHOS but declared as an infection by AVAST.
AVAST took 2 hrs to scan my system and found nothing else, SOPHOS takes 40 mins and gets to the same results = no real infection.
The only difference is that AVAST seems to make my MAC run really slow, especially web browsing and using hotmail, and even the system itself, even the mouse clicking and menu browsing is noticeably slower.
It also blocks THUNDERBIRD which i use for my professional mailbox.
I did a test and deactivated AVAST, my MAC immediately started to work at usual correct speed, and Thunderbird wasn't blocked anymore.
So now I am thinking to get rid of AVAST if the disadvantages outweigh the benefits so much...
Or maybe I ll just keep it deactivated and perform a scan once a month to double-check on SOPHOS

[buksida]

Avast has a thing call Web Rep which scans pages for malicious content and rates them accordingly, disabling it should return browsing to normal speed. I wouldn't advise turning off the incoming email scanner though.

[buksida]

Thousands face internet loss as FBI shuts off servers
More than 300,000 people, including many in the US and UK, could lose internet access later as the FBI shuts off servers used by cyber thieves.

The FBI seized the servers in November 2011 during raids to break up a gang of criminals who used viruses to infect more than four million victims.

Victims' web searches were routed through the servers so they saw adverts that led to the gang being paid.

Many machines still harbour the gang's malicious code.

Global clean up
The gang racked up more than $14m (£9m) by hijacking web searches and forcing victims to see certain adverts. They managed to do this because their servers were taking over a key web function known as domain name look-up.

Domain names are the words humans use, such as bbc.co.uk, for websites. These are converted into the numerical values that computers use by consulting domain name servers (DNS).

When a person types a name into a browser address bar, often their computer will consult a DNS server to find out where that website resides online.

The gang infected computers with malware called DNS Changer because it altered where a PC went to convert domain names to numbers.

Since the FBI raids the gang's servers have been run by Californian company ISC.

Over the last few months, the FBI has worked with many ISPs and security firms to alert victims to the fact that their PC was infected with DNS Changer. Online tools are available that let people check if they are infected.

This has meant the original population of four million infected machines has been whittled down to just over 300,000, according to statistics gathered by the DNS Changer Working Group.

The largest group of machines still harbouring the infection are in the US but many other nations, including Italy, India, the UK and Germany, have substantial numbers still checking in with the ISC servers.

These servers will be shut down on 9 July.

The result could be that some people lose net access because the PCs that are still victims of DNS Changer will suddenly have nowhere to go when they need to look up the location of a particular domain.

It might take some time for the problems to apparent, said Sean Sullivan, a security researcher at F-Secure.

"Initially some domains will be cached which will mean web access will be spotty," he said. "People will be confused about why some things work and some do not."

Other security experts said it might take time for the remaining infected machines to be cleaned up.

"Reaching victims is a very hard problem, and something we have had issues with for years," said Johannes Ullrich, a researcher with the Sans security institute.

He expected the impact to be "minimal" because many of these systems were no longer used or maintained.

Source: BBC

[Cing Jai]

If you're running Windows on a Mac using Bootcamp then you should have some anti-virus installed for Windows, try Avira Free, but, if you are using Mac OS X you don't need any anti-virus at all! There are no viruses for Mac and malware is only in the form of trojan horses and there's nothing you can do about that. Mac OS X already prompts you the first time you open something "Are you sure you want to open that, it was downloaded from http://blahblah.com" Never had a virus on Mac OS X and there's not a link out there I'm scared to click.

[Pleng]

There are no viruses for Mac and

http://abcnews.go.com/blogs/technology/ ... computers/

http://www.theinquirer.net/inquirer/new ... vulnerable

http://www.forbes.com/sites/adriankings ... iscovered/

malware is only in the form of trojan horses and there's nothing you can do about that.

Um a trojan is a type of virus. And there are ways to secure yourself against them. At the end of the day virus makers are going to target MacOS because Apple keep claiming how secure it is. You need to be on your guard just as much as with Windows, perhaps even more so because when somebody finds a security exploit, the majority of the Mac community aren't going to expect it and it will spread like syphilis.

[buksida]

At the end of the day virus makers are going to target MacOS because Apple keep claiming how secure it is. You need to be on your guard just as much as with Windows, perhaps even more so because when somebody finds a security exploit, the majority of the Mac community aren't going to expect it and it will spread like syphilis.

Spot on. Try telling an Apple user though!

[Pleng]

Spot on. Try telling an Apple user though!

iCant