Jump to content


Discussion of OS X Security Apps


  • Please log in to reply
23 replies to this topic

#1 DirtyHarry50

DirtyHarry50

    Special Snowflake

  • Members
  • PipPipPipPipPipPip
  • 1509 posts
  • Steam Name:DirtyHarry
  • Steam ID:dirtyharry2
  • Location:North Carolina, USA

Posted 20 August 2015 - 03:02 PM

I am wondering what security apps you use & perhaps other measures you guys take on your OS X systems? While we're at it for those running bootcamp, what do you use on the Windows side?

I'm running Yosemite 10.10.5 and Windows 10 here and considering the options. In particular I've been thinking about what to use for password management, 2 way firewall, antivirus/anti-malware and anti-phishing (browser plugin) via some combination of products. Effectiveness as measured at AV-comparitives is important as well as minimal system performance impact and preferably fast scanning ability.

I realize we are considerably less likely to be attacked generally speaking and that OS X does offer some protections but I think it isn't wise to not take advantage of any added defenses one could have along with employing sensible surfing habits, etc.

What are your thoughts, experiences and recommendations?

I am thinking for myself that something like 1Password is nice but expensive overkill for me when iCloud Keychain would suffice given I prefer Safari anyway. The only hassle there is no support in Windows where I do visit some sites with passwords such as this one, gog.com to download installers, etc.

I installed Ad-ware Medic recently. It hasn't found anything the few times I've run it but it seemed good to have around in case I got some common adware inadvertently from site. I just ran it and was informed they are replacing it with Malwarebytes Anti-Malware for Mac (also free) so I downloaded that to upgrade but haven't tried it yet.

I read a round up covering Mac products somewhere and I forget where now. I wish I'd saved the link but it pointed out some products that did well in testing with 100% detection rates on samples they had along with taking about performance impact of them. After reading that I downloaded some free trials of various ones to evaluate which include the following:

Avira - I am using this now. I notice no performance impact and no false positives yet. It updates itself, costs zero and does scan memory and file accesses. It isn't without fault though I've since found out where it was noted to not be as good as some others in its most recent incarnation at actually removing stuff it finds apparently.

Avast Free Mac Security - Free, no firewall
Bit defender Antivirus for Mac - Paid, includes 2-way firewall
Intego Mac Internet Security X8 - Paid, includes 2-way firewall
Sophos Antivirus for Mac - Free, no firewall
Norton Internet Security - Paid, 2-way firewall, reasonably priced annual cost for 5 devices that could include my iPhone and Windows install.

I am not presently aware of who might offer a free or paid 2-way firewall by itself for OS X if needed other than Little Snitch which as I recall was costly but is good for seeing what processes are connecting. I don't know as I can justify the expense of that even though I thought it was cool when I tested drove it a while ago.

I downloaded a PDF review by av-comparatives of the above antivirus products and more so I am going to go read that now and see how the ones I am interested in so far rank there.
“The time you enjoy wasting is not wasted time.” — Bertrand Russell

#2 Frost

Frost

    Secretary of Offense

  • Forum Moderators
  • PipPipPipPipPipPipPipPipPipPipPip
  • 6075 posts
  • Steam ID:CaptFrost
  • Location:Republic of Texas
  • Pro Member:Yes

Posted 20 August 2015 - 06:00 PM

Regarding password management, what I do:
  • Memorize administrator passwords, iCloud password, Dropbox password. I use serial numbers/CD keys from old games so that they're recoverable if for some reason I suffered a brain trauma and couldn't remember them, while still being impossible to guess, would take an absurdly long time to crack brute force, and couldn't be found even if you ransacked my place unless you knew exactly what to look for and exactly where to look among my collection of old game stuff.

  • New passwords are made by banging on the keyboard (literally) to create large random jumbles of letters, numbers, and symbols

  • Keep a centralized password file on Dropbox that I append every time I make a new password.

  • Use both iCloud Keychain and Firefox Sync's password functionality for autofill.
Strikes a good balance between security and convenience, and I don't pay for anybody's services.
Kestrel (Falcon NW Tiki) – 4.0 GHz i7 4790K / 16GB RAM / 512GB Samsung 950 Pro M.2, 2x480GB Intel 730 (RAID0), 10TB STX BarraCuda Pro / GeForce GTX TITAN X 12GB
Iridium (MacBook Pro Mid-2012) – 2.7 GHz i7 3820QM / 16GB RAM / 2TB Samsung 850 Pro / GeForce GT 650M 1GB

Eric5h5:
When there's a multiplayer version, I'm going to be on Frost's team. Well, except he doesn't seem to actually need a team...I mean, what's the point? "Hey look, it's Frost and His Merry Gang of Useless Hangers-On!" Or something.

#3 DirtyHarry50

DirtyHarry50

    Special Snowflake

  • Members
  • PipPipPipPipPipPip
  • 1509 posts
  • Steam Name:DirtyHarry
  • Steam ID:dirtyharry2
  • Location:North Carolina, USA

Posted 20 August 2015 - 06:19 PM

View PostFrost, on 20 August 2015 - 06:00 PM, said:

Regarding password management, what I do:
  • Memorize administrator passwords, iCloud password, Dropbox password. I use serial numbers/CD keys from old games so that they're recoverable if for some reason I suffered a brain trauma and couldn't remember them, while still being impossible to guess, would take an absurdly long time to crack brute force, and couldn't be found even if you ransacked my place unless you knew exactly what to look for and exactly where to look among my collection of old game stuff.

  • New passwords are made by banging on the keyboard (literally) to create large random jumbles of letters, numbers, and symbols

  • Keep a centralized password file on Dropbox that I append every time I make a new password.

  • Use both iCloud Keychain and Firefox Sync's password functionality for autofill.
Strikes a good balance between security and convenience, and I don't pay for anybody's services.

That sounds similar to what I am doing now so far as certain key passwords are just burned into my memory. I like that CD key idea though. That's clever.

Going with Firefox for Windows is a great idea for me. I already have it on Mac just in case i run into something Safari doesn't like although that seems to be pretty rare fortunately, at least where I visit. I could easily setup Safari on the Mac side with strong passwords I just copy paste from iCloud Keychain for the few key gaming related sites I'd want login access to on the Windows side and good to go. Install it in Windows and I've got my passwords. I'm glad you mentioned Firefox. I forgot all about that. The number of sites I'd need logins for is so small that it would not be a big deal doing that for Firefox access to them in Windows. The price is certainly right too. It just didn't seem worth buying anything x 2 when my need in Windows was so minimal. I think Chrome does that too but I'd just as soon go with Firefox. I'm not too fond of Google anything myself anymore although I do still need to go through the hassle of moving off Gmail that is currently fetched by Apple's mail app. I've heard a lot of people don't care much for Apple Mail but it has worked just fine for me. I never have any problems with it.

Back to reading the av-comparatives report. It's over 60 pages but should be an interesting read. No wonder I never seem to catch up on my games. I spend evenings doing stuff like this.
“The time you enjoy wasting is not wasted time.” — Bertrand Russell

#4 Thain Esh Kelch

Thain Esh Kelch

    Admin

  • Members
  • PipPipPipPipPipPipPipPip
  • 3779 posts
  • Steam ID:thaineshkelch
  • Location:Denmark

Posted 20 August 2015 - 11:15 PM

Regarding viruses, dont waste time and resources on it, unless you use the Mac in a production environment and share files with Windows users. There are no viruses in the wild for OSX.
"They're everywhere!" -And now, time for some Legend of Zelda.

iMac 2011, quad 3,4Ghz i7, 1TB Samsung EVO 840, 8GB RAM, 2GB Radeon 6970m. + 2016 Macbook m3 + iPad 2 64GB + iPhone 4S 64GB + Girlfriend + Daughter

#5 macdude22

macdude22

    Like, totally awesome.

  • Forum Moderators
  • PipPipPipPipPipPip
  • 2027 posts
  • Steam Name:Rakden
  • Location:Iowa
  • Pro Member:Yes

Posted 21 August 2015 - 06:35 AM

I have a lot of twerk to do before I head to Chicago today so I can't type a detailed response but there's pretty much two AV clients I would trust to not frak up a Mac (should you decide you need one, which generally is wholly unnecessary). Intego VirusBarrier or Sophos Antivirus.

Intego has been making Mac software for years. Thomas Reed has shown in independent tests Intego is also the best and identifying and remediating what little there is around. The consumer product tends to be pretty hand holdy.

Sophos has a rich background in Unix security systems and their Mac releases do inherit some of that pedigree. Generally, Mac AV doesn't have to do a whole lot except not frak up your system. Sophos excels at this.

Generally none of the AV solutions are great and identifying and remediating the scamware that tends to be the biggest problem on OS X. Stuff that tricks you into authenticating a .pkg installer and dumps in internet plug-ins and popsnizzlety launch daemons. Thomas Reed has been the king of remediating these issues with Adware Medic, and I'm excited to see what he'll be able to do under the backing of Malware Bytes. Apple's built in Xprotect will block the most egregious malware, and Apple has taken a pretty hardline on using Xprotect to disable out of date versions of Flash. The upcoming SIP permissions changes in 10.11 will further Apple's goal locking the OS from unwanted modification (from malware or otherwise).

The firewall in OS X is sufficient for general use, and in some ways better than a lot of the stateful firewalls implemented by 3rd party companies. The only reason to use a 3rd party firewall is really in an enterprise environment where the built in firewall is hard to manage centrally (apple you could make me some gal damn config profiles for this)

IF you want to give someone some money, Thomas Reed has done the most for Macintosh security IMO over the past decade. If anyone deserves a cup of coffee on the house it's him.

As far as Passwords go. Get a good password manager. Last Pass, One Password, or even iCloud/Safari which does an ok job but it's not super flexible. Make sure your master password is random, high entropy, and sufficiently long. Let the tool do the rest of the work for you. I use Last Pass but I need to be pretty platform agnostic for work and pleasure.

The absolute worst Macintosh security product is from McAfee. If I find out any of you use it I will personally drive to your home and punch you in the nose. I will then transfer all my existing McAfee service requests to you, dumping you in McAfee hell for the rest of your natural life. :devil:

This be what I do for a living (Manage macs in a Hospital/Medical Research Facility) so you can trust me.

Posted Image
IMG Discord Server | http://raptr.com/rakden | http://www.trueachie....com/Rakden.htm
Enterprise (MacPro 3,1): 8 Xeon Cores @ 2.8 GHz || 14 GB RAM || Radeon 4870 || 480GB Crucial M500 + 2TB WD Black (Fusion Drive) || 144hz Asus Mon
Defiant (MacBookPro 9,1): Core i7 @ 2.3ghz || 8GB RAM || nVidia GT 650M 512MB || 512GB Toshiba SSD

#6 DirtyHarry50

DirtyHarry50

    Special Snowflake

  • Members
  • PipPipPipPipPipPip
  • 1509 posts
  • Steam Name:DirtyHarry
  • Steam ID:dirtyharry2
  • Location:North Carolina, USA

Posted 21 August 2015 - 06:39 AM

View PostThain Esh Kelch, on 20 August 2015 - 11:15 PM, said:

Regarding viruses, dont waste time and resources on it, unless you use the Mac in a production environment and share files with Windows users. There are no viruses in the wild for OSX.

There actually is malware in the wild for OS X. Mac users have become complacent because it happens much less often than in the Windows world for obvious reasons. That doesn't mean it doesn't exist. In the past two years reports at av-comparatives they reference recent infections of Macs (different in each case) to illustrate the point that while less frequently attacked, Macs are not immune to compromise. Additionally, adware and phishing are problems as well. So are trojans, etc.

So while one might not encounter any problems for years it is also possible one might. For that reason as long as the cost is reasonable I consider it worthwhile to add whatever protections (however imperfect) there are available rather than forgo them.

Doing some reseach into this I have seen a large number of Mac users posting most often about adware but also having had other issues. So again, it does happen even if not often for the entirety of Mac users as a group. If anything, the complacency of Mac users when it comes to security invites the platform as a target even if it is small relative to Windows. Recently researchers have demonstrated they were able to get an infected app on the Mac App store so nothing is sacred basically. Another researcher found a vulnerability involving the ability to gain remote root access on a Mac via sudo somehow I think it was.

I realize in addition to other considerations, I am even less likely as Joe Homeuser to be a target for some types of infection. Certainly, it is businesses, banks and governments that have the most to worry about. Again though, nobody but nobody is entirely immune to compromise. Considering the value of my data to me and the value of my time, a reasonable expenditure on making my Mac more secure seems worthwhile.

That's just my take on things but I'm not alone in this view. For example, you might want to review the opening text of the "Mac Security Review/Tests 2015 by AV-Comparatives available in PDF form here: http://www.av-compar...curity-reviews/
“The time you enjoy wasting is not wasted time.” — Bertrand Russell

#7 DirtyHarry50

DirtyHarry50

    Special Snowflake

  • Members
  • PipPipPipPipPipPip
  • 1509 posts
  • Steam Name:DirtyHarry
  • Steam ID:dirtyharry2
  • Location:North Carolina, USA

Posted 21 August 2015 - 06:54 AM

View Postmacdude22, on 21 August 2015 - 06:35 AM, said:

/snip good info...

Thank you. It's good to hear Intego is something you recommend because currently that's the frontrunner I'm considering after all the reading I've done but I won't have the money for that for a bit and it's just as well with a new version of OS X around the corner anyway. It would probably be ideal to forgo buying anything until after El Capitan releases and products are updated or get new versions accordingly. Meantime, I had already downloaded Sophos so maybe I will go with that where its free until I pony up for Intego's suite.

Otherwise, I am going to go with iCloud Keychain and redo my current lousy passwords with it to make them strong ones. When I do this I'll copy from there to certain sites accessed via Firefox on the Mac so it gets them and then I'll install it in Windows and I'll be all set there. It's only a few places I need to do this with so I don't need to be paying for a multi-platform solution.

Are you familiar with Murus? I note they have a cool looking way to access the built in OS X firewall. I got just the free version which seems good enough for my purposes for now at least. I'm going to try it out just to see how it works, if it seems useful, etc. Ultimately though, the Intego package includes similar so when I pay for that I won't need the free one. I was just curious what you thought of Murus.

I do have the new Malwarebytes incarnation of Adware Medic. I think I mentioned that above but haven't tried it yet. It sounds like a good one to keep around even in addition to whatever else I wind up deciding upon.
“The time you enjoy wasting is not wasted time.” — Bertrand Russell

#8 macdude22

macdude22

    Like, totally awesome.

  • Forum Moderators
  • PipPipPipPipPipPip
  • 2027 posts
  • Steam Name:Rakden
  • Location:Iowa
  • Pro Member:Yes

Posted 21 August 2015 - 06:56 AM

AV-Comparatives is in the business of pushing AV software.  The only meaningful malware (in the traditional user didn't have to do anything sense) was flashback, and even that was a Flash exploit. Even then it took most AV tools available weeks to start remediating (other than Intego) AV-Comparatives primary argument is Flashback happened in 2012. 2012. 3 years and there's been one actual driveby attack on macs (that was an exploit in a 3rd party tool anyway) I'm of the opinion unless you have an absolute need, there's no reason to be running either the Flash Web Plugin nor the Java Web Plugin in 2015. If you do not have either of these Web plugins active there really is little avenue for exploit. Even on Windows these two web plugins are the primary vector for "drive by" attacks.

The media and security industry makes their money on FUD. Is owning an Apple 100% guaranteed safe.  No. But it's pretty close to 99.8% and if you remove Flash and Java you can get pretty close to 99.9%. You'll hear a lot about exploit this and that in the media and generally these are all overblown concerns. The most recent Todesco is a local privilege escalation exploit. Are these things bad, sure. Does apple need to fix them. Absolutely. Is the surface risk for your average user very high. Nope. These are things that would have to be a part of targeted attack campaign.

If you're really dead set on AV I'd buy from Intego just because they are the best at remediating what little is out there (and with your paid product you get decent support). Otherwise sophos would be my top pick for free. Like I said, Sophos has a rich history in Unix so I trust them a little more to not mess-up your unix file system than most. I tend to shy away from free just because if you're not paying for these tools, with these for profit companies that makes you the product. I pay for my wandows AV (Vipre), though not running flash or java on my wandows box the only thing it's ever found in 6 years is some cookies.
IMG Discord Server | http://raptr.com/rakden | http://www.trueachie....com/Rakden.htm
Enterprise (MacPro 3,1): 8 Xeon Cores @ 2.8 GHz || 14 GB RAM || Radeon 4870 || 480GB Crucial M500 + 2TB WD Black (Fusion Drive) || 144hz Asus Mon
Defiant (MacBookPro 9,1): Core i7 @ 2.3ghz || 8GB RAM || nVidia GT 650M 512MB || 512GB Toshiba SSD

#9 macdude22

macdude22

    Like, totally awesome.

  • Forum Moderators
  • PipPipPipPipPipPip
  • 2027 posts
  • Steam Name:Rakden
  • Location:Iowa
  • Pro Member:Yes

Posted 21 August 2015 - 07:06 AM

View PostDirtyHarry50, on 21 August 2015 - 06:54 AM, said:

Are you familiar with Murus? I note they have a cool looking way to access the built in OS X firewall. I got just the free version which seems good enough for my purposes for now at least. I'm going to try it out just to see how it works, if it seems useful, etc. Ultimately though, the Intego package includes similar so when I pay for that I won't need the free one. I was just curious what you thought of Murus.

I do have the new Malwarebytes incarnation of Adware Medic. I think I mentioned that above but haven't tried it yet. It sounds like a good one to keep around even in addition to whatever else I wind up deciding upon.

I have tested Murus both at work and at home. At work, the issue becomes centralized management. At home, I didn't really see the need to fiddle with it other than play on a second machine because the built in firewall works good enough and I'm already isolated from the public internet via my router (though I need to investigate what security is in place on an AE for iPv6, if any). If I had a Mac sitting on the public internet I would be more concerned about specific tweaks to my firewall rules and I think Murus would be of more benefit (especially if I was using at as a server). Generally Intego's firewall works well, once you get past the learning phase. It's kind of like Little Snitch in that regard. Is this ok? Is this ok? is this ok? It's hand holdy, but it gives you a sense of what is communicating with what. Which can actually be kind of frightening when you realize how much 3rd party javascript executes on your average website.
IMG Discord Server | http://raptr.com/rakden | http://www.trueachie....com/Rakden.htm
Enterprise (MacPro 3,1): 8 Xeon Cores @ 2.8 GHz || 14 GB RAM || Radeon 4870 || 480GB Crucial M500 + 2TB WD Black (Fusion Drive) || 144hz Asus Mon
Defiant (MacBookPro 9,1): Core i7 @ 2.3ghz || 8GB RAM || nVidia GT 650M 512MB || 512GB Toshiba SSD

#10 DirtyHarry50

DirtyHarry50

    Special Snowflake

  • Members
  • PipPipPipPipPipPip
  • 1509 posts
  • Steam Name:DirtyHarry
  • Steam ID:dirtyharry2
  • Location:North Carolina, USA

Posted 21 August 2015 - 07:14 AM

Oh, and I tried the free Bitdefender Virus Scanner from the Mac App Store. In fact, I am still trying it right now. I am currently 2 hours into a full scan of the 1 TB startup disk on my iMac. So far, it has deleted a component of python that is inside the dropbox.app that I suspect was probably not a problem. I got dropbox direct from dropbox. This .exe it deleted from within a .zip file appears to be the python 2.7 installer for windows. lol

I like how it informed me that it did this without giving me the option to approve or disapprove this option. I also like that it just deleted it rather than quarantine it. Excellent.

What I like the best so far though is how Bitdefender likes to generate enormous temp files while scanning which it seems to flush, delete or whatever periodically IF it has some disk space to work with. In a low disk space situation the app doesn't know enough to gracefully behave. Instead, it will simply use up ever last megabyte on the disk as I saw it do here. I was low on space (around 8 gigs) and it ate them all leaving around 300KB free. It then seemed to get hung up and slow down to a crawl scanning. I found these temp files in /library/containers, etc. when investigating what this app was doing to consume so much space running a scan. I moved a large game off the drive to an external USB and then it settled down over time fluctuating between small amounts of space for temp files up to around 4 gigs. Early on though the temp files were around 12 gigs in size at one point after clearing 25 gigs of space for this stupid app to do its thing.

I'm going to let it finish at this point since Avira was just as useless. It identified two "items" and told me it could not do anything with them. However, it offered no clue as to their names or whereabouts and offers no log functionality. So whatever they were, who knows. It's a mystery! They are probably something innocuous like a mail attachment with some windows malware. I have seen that before on this system in junk mail.

So, while Bitdefender gets great reviews elsewhere, this reviewer gives it a big thumbs down for being too stupid to check available disk space before starting and handling low space conditions gracefully along with deleting files without the user's permission. Badness. I will be trashing this when it completes. I should probably trash it now before it deletes anything else. I think I will.

I'll let Sophos have a crack at this next.
“The time you enjoy wasting is not wasted time.” — Bertrand Russell

#11 DirtyHarry50

DirtyHarry50

    Special Snowflake

  • Members
  • PipPipPipPipPipPip
  • 1509 posts
  • Steam Name:DirtyHarry
  • Steam ID:dirtyharry2
  • Location:North Carolina, USA

Posted 21 August 2015 - 07:30 AM

Thanks macdude22 for all the expert advice here. I appreciate it. Being paranoid I think I will use Sophos for now and get Intego later. As for the firewall for now, I'm going to have a look at the free version of Murus just to check it out but I might just ditch it if it doesn't seem all that useful to me. Otherwise, as I mentioned before iCloud Keychain will be fine for my purposes and a lot better than the half-baked approach I'd been using before by memory. You can guess how bad that was.

It's nice to know that Macs are more secure than some of my reading had led me to believe.I don't use java at all and won't install anything requiring it. As for Flash, I have been reluctant to give it up for some places still using it but lately I've been thinking I should and the hell with it. I downloaded the uninstaller for Flash just the other day but haven't pulled the trigger yet. I do have a browser plugin for Safari that doesn't let flash start automatically and alerts me as to whether a video is flash or html 5. I have noticed a great many places are using html 5 now rather than Flash so it probably wouldn't be too painful to ditch it. CNN seems to still use flash a lot for some reason unfortunately.
“The time you enjoy wasting is not wasted time.” — Bertrand Russell

#12 macdude22

macdude22

    Like, totally awesome.

  • Forum Moderators
  • PipPipPipPipPipPip
  • 2027 posts
  • Steam Name:Rakden
  • Location:Iowa
  • Pro Member:Yes

Posted 21 August 2015 - 08:22 AM

Security tends to be a continuum. It's not really black and white. Websites make money on ads. Clickthrough's generate revenue. OS X is not perfect, but when you have a deep understanding of Apple's security architecture it's hard to buy into the usual FUD.

Your issues with those various AV clients doesn't surprise me. Like I said, most are not really familiar with Unix/Mac programming best practices and I would not trust them with admin privileges any farther than I can throw tBC's litterbox. Most fail the cardinal rule of Mac AV, don't frak up my system.
IMG Discord Server | http://raptr.com/rakden | http://www.trueachie....com/Rakden.htm
Enterprise (MacPro 3,1): 8 Xeon Cores @ 2.8 GHz || 14 GB RAM || Radeon 4870 || 480GB Crucial M500 + 2TB WD Black (Fusion Drive) || 144hz Asus Mon
Defiant (MacBookPro 9,1): Core i7 @ 2.3ghz || 8GB RAM || nVidia GT 650M 512MB || 512GB Toshiba SSD

#13 Thain Esh Kelch

Thain Esh Kelch

    Admin

  • Members
  • PipPipPipPipPipPipPipPip
  • 3779 posts
  • Steam ID:thaineshkelch
  • Location:Denmark

Posted 21 August 2015 - 08:23 AM

View Postmacdude22, on 21 August 2015 - 06:35 AM, said:

The absolute worst Macintosh security product is from McAfee. If I find out any of you use it I will personally drive to your home and punch you in the nose. I will then transfer all my existing McAfee service requests to you, dumping you in McAfee hell for the rest of your natural life. :devil:
McAfee makes software seem like something from OmniGroup, compared to MacKeeper.. :P

View PostDirtyHarry50, on 21 August 2015 - 06:39 AM, said:

There actually is malware in the wild for OS X.
...Which I also didn't comment on. Malware removal needs other software anyway.
"They're everywhere!" -And now, time for some Legend of Zelda.

iMac 2011, quad 3,4Ghz i7, 1TB Samsung EVO 840, 8GB RAM, 2GB Radeon 6970m. + 2016 Macbook m3 + iPad 2 64GB + iPhone 4S 64GB + Girlfriend + Daughter

#14 macdude22

macdude22

    Like, totally awesome.

  • Forum Moderators
  • PipPipPipPipPipPip
  • 2027 posts
  • Steam Name:Rakden
  • Location:Iowa
  • Pro Member:Yes

Posted 21 August 2015 - 08:44 AM

I consider MacKeeper malicious and I have scripts in place that delete all known traces from our environment. I have taken flak from some users who have actually purchased it. Sorry bruhs I'm a pretty liberal admin but dat ain't gunna be on mah network. If you put popsnizzle on a machine that looks like this I consider you malicious.

/private/var/folders/mh/yprf0vxs3mx_n2lg3tjgqddm0000gn/T/MacKeeper

Normal software doesn't make gobbledygook randomly generated directories in /var to stick your popsnizzle ware.
IMG Discord Server | http://raptr.com/rakden | http://www.trueachie....com/Rakden.htm
Enterprise (MacPro 3,1): 8 Xeon Cores @ 2.8 GHz || 14 GB RAM || Radeon 4870 || 480GB Crucial M500 + 2TB WD Black (Fusion Drive) || 144hz Asus Mon
Defiant (MacBookPro 9,1): Core i7 @ 2.3ghz || 8GB RAM || nVidia GT 650M 512MB || 512GB Toshiba SSD

#15 Matt Diamond

Matt Diamond

    Master Blaster

  • IMG Writers
  • 2452 posts
  • Location:Holland, PA; US
  • Pro Member:Yes

Posted 21 August 2015 - 08:37 PM

View Postmacdude22, on 21 August 2015 - 08:44 AM, said:

Normal software doesn't make gobbledygook randomly generated directories in /var to stick your popsnizzle ware.

MacKeeper has a terrible rep and should be avoided, true. But since virus detection programs are themselves targets of attack, maybe a randomized directory is not unreasonable?

As for me, I haven't used a Mac virus detection product since OS 9. I do use the following services though:
OpenDNS
Router firewall
1Password
For browser privacy: EFF's Privacy Badger, and Ghostery

(I highly recommend Privacy Badger. It watches for suspicious cookie activity and blocks it. A specific example: it replaces those Facebook "Like" buttons that let FB track you whether or not you have a FB account, and whether or not you click the button.)

All the above are free except for 1Password. (iCloud Keychain an obvious alternative.)

> Keep a centralized password file on Dropbox that I append every time I make a new password.

This would make me uncomfortable unless it were encrypted. Dropbox doesn't encrypt your data for you, and although they've been reliable they could get hacked someday, or someone could gain access to one of your machines or devices that's syncing to your dropbox.
Matt Diamond - www.mindthecube.com
Measure twice, cut once, curse three or four times.

#16 Sneaky Snake

Sneaky Snake

    Official Mascot of the 1988 Winter Olympics

  • IMG Writers
  • 3298 posts
  • Steam Name:SneakySnake
  • Steam ID:sneaky_snake
  • Location:Waterloo, Canada

Posted 22 August 2015 - 09:20 AM

View PostThain Esh Kelch, on 20 August 2015 - 11:15 PM, said:

Regarding viruses, don't waste time and resources on it, unless you use the Mac in a production environment and share files with Windows users. There are no viruses in the wild for OSX.

Errrrrr, that's not true. I've had to fix three macbooks with malware. All three of them got the malware by downloading random plugins that they thought were necessary for watching pirated movies/tv
2015 13" rMBP: i5 5257U @ 2.7 GHz || Intel Iris 6100 || 8 GB LPDDR3 1866 || 256 GB SSD || macOS Sierra
Gaming Build: R5 1600 @ 3.9 GHz || Asus GTX 1070 8 GB || 16 GB DDR4 3000 || 960 Evo NVMe, 1 TB FireCuda || Win10 Pro
Other: Dell OptiPlex 3040 as VMware host || QNAP TS-228 NAS || iPhone 6S 64GB

#17 mattw

mattw

    Legendary

  • Members
  • PipPipPipPipPip
  • 828 posts

Posted 22 August 2015 - 09:28 AM

Best thing at the moment for OS X security is to keep up to date on any exploits discovered and patch the OS as soon as these are fixed. This is one reason not to stay on older OS X versions if at all possible as these are only patched for the last few releases....

Apple have updated their own list in the OS of malware and disable much as it has appeared.

At the end of the day tricking the user into installing malware or adware is the largest issue. If you keep away from dubious web sites and only download software from official sources I can't see that there is any real reason to run Anti-Virus software.

Using the built-in Firewall, making sure your router firmware is up to date and services like openDNS already mentioned are all good.

Strong none dictionary word passwords and storing these in encrypted form in multiple locations is always a good idea - remember disk failure without decent backups is just as bad if not worse..
Mac Pro 09 (now a 5.1, 2 x 3.06GHz Xeon X5675, 24GB, R9 280X 3GB, 480SSD, 16TB HD, MacOS 10.12.6

#18 DirtyHarry50

DirtyHarry50

    Special Snowflake

  • Members
  • PipPipPipPipPipPip
  • 1509 posts
  • Steam Name:DirtyHarry
  • Steam ID:dirtyharry2
  • Location:North Carolina, USA

Posted 22 August 2015 - 12:35 PM

View PostThain Esh Kelch, on 21 August 2015 - 08:23 AM, said:

McAfee makes software seem like something from OmniGroup, compared to MacKeeper.. :P


...Which I also didn't comment on. Malware removal needs other software anyway.

As I understand it, most antivirus products deal with basically all unwelcome intrusions, infections, threats or whatever you'd like to call them. I've often noted people get bogged down in semantics over what constitutes a virus vs malware and whether or not malware is purely adware, etc. In my own opinion all of it could simply be called "badware" and the products I've looked at all claim and test out to detect and remove varying amounts of it.

I do appreciate people's points about how secure OS X is overall, the fact that it is a substantially less lucrative target for infections of all kinds and that home users would be even more unlikely than any business concern, government, etc. of being targeted and attacked. Just the same, where the possibility exists at all, I like the idea of at least attempting to thwart it. I accept it is true that I am unlikely to have issues, particularly given the way I use the internet carefully already overall and the fact I have never had a problem in over 3 years now on OS X. Call me stubborn (I guess I am) and dumb too if you like but I just feel better if I use everything possible to avoid problems.

Speaking of which, the last piece of the puzzle is backup of critical data. I have less than 500 gigs of stuff that meets that criteria roughly and a lot of that really doesn't deserve to be called critical as it would be more of a major inconvenience to lose it than a permanent unrecoverable loss. My current solution isn't bad running Time Machine 24/7 with hourly backups and making redundant backups periodically to an external drive but it isn't good enough. In the event somebody waltzed in here and stole my iMac sometime there is nothing to prevent them from taking the drives with the backups too. That would be more painful than losing the iMac itself by far. I need something offsite that is manageable and so I guess I need to pony up for Dropbox annually.

I wish iCloud didn't suck but in my opinion it does more than any other reason for its feature limitations. The biggest one for me being that I cannot just toss stuff up onto iCloud drive that is also backed up on the USB drive without it having to also by design live on the startup disk. Every damned thing in iCloud has to exist on the startup disk. Dropbox is so much more flexible in the options it allows for. I wish Apple would get with the program there. I'm fine with the way it works for app data. It makes sense to have it available offline and sync when back online. iCloud drive however ought to have more flexibility. I'd give them my money if they'd deliver the goods there. Maybe I won't care about this when my next system has a larger startup disk. For now though with 1TB and some devoted to Windows as well, this doesn't work leaving me Dropbox which requires me to spend for a lot of space I'll never use anytime soon with it's 1TB or bust offering.
“The time you enjoy wasting is not wasted time.” — Bertrand Russell

#19 Matt Diamond

Matt Diamond

    Master Blaster

  • IMG Writers
  • 2452 posts
  • Location:Holland, PA; US
  • Pro Member:Yes

Posted 22 August 2015 - 01:27 PM

> I need something offsite that is manageable and so I guess I need to pony up for Dropbox annually.

Of course Dropbox is not your only option.

I am a cheapskate so I backup to an external drive using SuperDuper every three months and keep it at work. (Plus a monthly backup in a fire safe.) But I can't really recommend that method (risk of someone stealing the drive, for example.) At some point I will switch to some other service. Maybe one of these: http://mac-online-ba...tenreviews.com/
Matt Diamond - www.mindthecube.com
Measure twice, cut once, curse three or four times.

#20 the Battle Cat

the Battle Cat

    Carnage Served Raw

  • Admin
  • 17376 posts
  • Location:Citadel City, Lh'owon
  • Pro Member:Yes

Posted 22 August 2015 - 01:34 PM

I'm behind a hardware router with OSX Firewall turned off.  I heard that I should just let the hardware be the firewall.  Is that true?
Gary Simmons
the Battle Cat