antivirus/malware ?

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

antivirus/malware ?

Jean-Christophe Helary
A client is kind of requesting that I install an anti-virus/malware on my mac...

Do you have any recommendation ? I checked the web already and it looks like Sophos does the job *and* is free...


Jean-Christophe Helary
-----------------------------------------------
@brandelune http://mac4translators.blogspot.com


_______________________________________________
MacOSX-talk mailing list
[hidden email]
http://www.omnigroup.com/mailman/listinfo/macosx-talk
Reply | Threaded
Open this post in threaded view
|

Re: antivirus/malware ?

@lbutlr
On 18 Dec 2017, at 03:14, Jean-Christophe Helary <[hidden email]> wrote:
> A client is kind of requesting that I install an anti-virus/malware on my mac…

Explain to them the reasons this is a bad idea.

> Do you have any recommendation ? I checked the web already and it looks like Sophos does the job *and* is free…

My recommendation for Macs is always the same, do not run as admin, do not run anti-virus software. Do not download software for bit torrent.

If you are very concerned, then crank up the gatekeeper protection to only allow App Store apps (and previously installed app) to run.

--
Apple broke AppleScripting signatures in Mail.app, so no random signatures.

_______________________________________________
MacOSX-talk mailing list
[hidden email]
http://www.omnigroup.com/mailman/listinfo/macosx-talk
Reply | Threaded
Open this post in threaded view
|

Re: antivirus/malware ?

@lbutlr
On 19 Dec 2017, at 03:15, @lbutlr <[hidden email]> wrote:
> Do not download software for bit torrent.

From. From Bit torrent.

--
Apple broke AppleScripting signatures in Mail.app, so no random signatures.

_______________________________________________
MacOSX-talk mailing list
[hidden email]
http://www.omnigroup.com/mailman/listinfo/macosx-talk
Reply | Threaded
Open this post in threaded view
|

Re: antivirus/malware ?

Michael_google gmail_Gersten
In reply to this post by @lbutlr

On 2017-12-19, at 2:15 AM, @lbutlr <[hidden email]> wrote:

> On 18 Dec 2017, at 03:14, Jean-Christophe Helary <[hidden email]> wrote:
>> A client is kind of requesting that I install an anti-virus/malware on my mac…
>
> Explain to them the reasons this is a bad idea.

OK, why is this a bad idea?

>> Do you have any recommendation ? I checked the web already and it looks like Sophos does the job *and* is free…
>
> My recommendation for Macs is always the same, do not run as admin, do not run anti-virus software. Do not download software for bit torrent.

1. What is wrong  with AV?
2. What is wrong with bit torrent?

I know that bad stuff can be seeded, and labeled as "good".
But it is no different than downloading anything else.
And if you trust the person publishing the seed, what is wrong with the resultant file?

(I have my own issues with bit torrent. In the long past, bit torrent software would not let you download faster than you uploaded; to promote sharing, your download credit was based on what you have uploaded. So instead of downloading as fast as your download pipe, by downloading from five or six places at once, your download was limited to your upload speed. I do hope that has been changed/fixed.)

>
> If you are very concerned, then crank up the gatekeeper protection to only allow App Store apps (and previously installed app) to run.

 Mine is set to require signed applications, or else manual authorization.

---
Entertaining minecraft videos
http://YouTube.com/keybounce

_______________________________________________
MacOSX-talk mailing list
[hidden email]
http://www.omnigroup.com/mailman/listinfo/macosx-talk
Reply | Threaded
Open this post in threaded view
|

Re: antivirus/malware ?

George N. White III
On 19 December 2017 at 11:51, Michael <[hidden email]> wrote:

On 2017-12-19, at 2:15 AM, @lbutlr <[hidden email]> wrote:

> On 18 Dec 2017, at 03:14, Jean-Christophe Helary <[hidden email]> wrote:
>> A client is kind of requesting that I install an anti-virus/malware on my mac…

Giving the timing, the OP may be subject to "Protecting Controlled Unclassified Information in Nonfederal 
Information Systems and Organizations" (NIST Special Publication 800-171)?  This requires: 
  1. 3.7.4  Check media containing diagnostic and test programs for malicious code before the media are used in the information system. 

  1. 3.14.2  Provide protection from malicious code at appropriate locations within organizational information systems. 

  1. 3.14.4  Update malicious code protection mechanisms when new releases are available. 

These are very reasonable requirements.   ClamAV, used properly, would meet them.
 
>
> Explain to them the reasons this is a bad idea.

OK, why is this a bad idea?

>> Do you have any recommendation ? I checked the web already and it looks like Sophos does the job *and* is free…
>
> My recommendation for Macs is always the same, do not run as admin, do not run anti-virus software. Do not download software for bit torrent.

1. What is wrong  with AV?

Many AV tools run with admin or root privileges, send too much information to a system not under your control.  
 
2. What is wrong with bit torrent?

I know that bad stuff can be seeded, and labeled as "good".
But it is no different than downloading anything else.
And if you trust the person publishing the seed, what is wrong with the resultant file?

(I have my own issues with bit torrent. In the long past, bit torrent software would not let you download faster than you uploaded; to promote sharing, your download credit was based on what you have uploaded. So instead of downloading as fast as your download pipe, by downloading from five or six places at once, your download was limited to your upload speed. I do hope that has been changed/fixed.)

>
> If you are very concerned, then crank up the gatekeeper protection to only allow App Store apps (and previously installed app) to run.

 Mine is set to require signed applications, or else manual authorization.

The OP may have a belt, but his customer is within their rights to ask for suspenders too. If the OP is subject to NIST Special Publication 800-171
then a tool that scans for malicious code is mandatory, has to be actually used, and has to be updated as new versions come along.
 
--
George N. White III <[hidden email]>
Head of St. Margarets Bay, Nova Scotia

_______________________________________________
MacOSX-talk mailing list
[hidden email]
http://www.omnigroup.com/mailman/listinfo/macosx-talk
Reply | Threaded
Open this post in threaded view
|

Re: antivirus/malware ?

@lbutlr
In reply to this post by Michael_google gmail_Gersten


> On 19 Dec 2017, at 08:51, Michael <[hidden email]> wrote:
>
>
> On 2017-12-19, at 2:15 AM, @lbutlr <[hidden email]> wrote:
>
>> On 18 Dec 2017, at 03:14, Jean-Christophe Helary <[hidden email]> wrote:
>>> A client is kind of requesting that I install an anti-virus/malware on my mac…
>>
>> Explain to them the reasons this is a bad idea.
>
> OK, why is this a bad idea?

That is a very long post I'm not willing to make again. The many and varied issues with AV are well documented not eh Internet. The short list is that AV software introduces its own deep vulnerabilities and exposes your system to those new flaws that the OS vendor can't mitigate and that it draws excessive resources. There are more issues than those, of course.

>>> Do you have any recommendation ? I checked the web already and it looks like Sophos does the job *and* is free…
>>
>> My recommendation for Macs is always the same, do not run as admin, do not run anti-virus software. Do not download software for bit torrent.
>
> 1. What is wrong  with AV?

On the Mac it does nothing of use and has a huge trade-off.

> 2. What is wrong with bit torrent?

Downloading software from bit torrent is unsafe as many torrents include trojans or malware.

> I know that bad stuff can be seeded, and labeled as "good".
> But it is no different than downloading anything else.

Yes, it is very different from downloading from a  known source.

> And if you trust the person publishing the seed, what is wrong with the resultant file?

That a mighty big if.


--
Apple broke AppleScripting signatures in Mail.app, so no random signatures.

_______________________________________________
MacOSX-talk mailing list
[hidden email]
http://www.omnigroup.com/mailman/listinfo/macosx-talk
Reply | Threaded
Open this post in threaded view
|

Re: antivirus/malware ?

Michael_google gmail_Gersten
>> OK, why is this a bad idea?
>
> That is a very long post I'm not willing to make again. The many and varied issues with AV are well documented not eh Internet. The short list is that AV software introduces its own deep vulnerabilities and exposes your system to those new flaws that the OS vendor can't mitigate and that it draws excessive resources. There are more issues than those, of course.

That would be referring to real-time scanning I take it? If you are only using non-real-time scanning (Checking files on a disk as opposed to checking running programs) do those problems still exist?

>> 2. What is wrong with bit torrent?
>
> Downloading software from bit torrent is unsafe as many torrents include trojans or malware.
>
>> I know that bad stuff can be seeded, and labeled as "good".
>> But it is no different than downloading anything else.
>
> Yes, it is very different from downloading from a  known source.

Can you please explain how downloading a bit torrent file from a known good seed is any different than downloading a file directly from a known source?

(I seriously thought it was effectively equivalent, other than speed issues)
_______________________________________________
MacOSX-talk mailing list
[hidden email]
http://www.omnigroup.com/mailman/listinfo/macosx-talk
Reply | Threaded
Open this post in threaded view
|

Re: antivirus/malware ?

Macs R We

> On Jan 9, 2018, at 10:53 AM, Michael <[hidden email]> wrote:
>
> Can you please explain how downloading a bit torrent file from a known good seed is any different than downloading a file directly from a known source?
>
> (I seriously thought it was effectively equivalent, other than speed issues)

The question is similar to asking why buying a known good Rolex from a guy on a street corner is any different than buying it from a storefront jeweler.  The answer is that while it's theoretically possible that street-corner guy has a genuine, warrantied Rolex, it's socially unlikely.  Torrenting is a technique used to minimize the originator's hosting costs by mooching off his other customers.  It's the turf of students and fly-by-nights.  Legitimate suppliers tend to make the minimal storefront-level investment needed to carry their own weight.

_______________________________________________
MacOSX-talk mailing list
[hidden email]
http://www.omnigroup.com/mailman/listinfo/macosx-talk
Reply | Threaded
Open this post in threaded view
|

Re: antivirus/malware ?

Arno Hautala
On Tue, Jan 9, 2018 at 1:23 PM, Macs R We <[hidden email]> wrote:
>
>> On Jan 9, 2018, at 10:53 AM, Michael <[hidden email]> wrote:
>>
>> Can you please explain how downloading a bit torrent file from a known good seed is any different than downloading a file directly from a known source?
>>
>> (I seriously thought it was effectively equivalent, other than speed issues)
>
> The question is similar to asking why buying a known good Rolex from a guy on a street corner is any different than buying it from a storefront jeweler.  The answer is that while it's theoretically possible that street-corner guy has a genuine, warrantied Rolex, it's socially unlikely.  Torrenting is a technique used to minimize the originator's hosting costs by mooching off his other customers.  It's the turf of students and fly-by-nights.  Legitimate suppliers tend to make the minimal storefront-level investment needed to carry their own weight.

I read this example less like buying off a street corner and more
buying from Amazon.
Further, the original scenario was a file from a "known good seed". I
read that like downloading from a good source, like the perennial
downloading a Linux ISO. That known good seed would have been
something like Ubuntu.org. There have been other companies that use
bittorrent to distribute legitimate software or updates as well.
(Blizzard?)

The problem with downloading software from bittorrent is the
implication that it is not coming from the original source. It's
presumed that the software is pirated or cracked in some manner.

But unless there is some ready exploit to generate the hash collisions
necessary to alter the payload, there is nothing inherently dangerous
about downloading anything via bittorrent. The issue is what you are
downloading. Pirated software or un-authorized distribution of
audio-video media may indeed come along with or be entirely composed
of malware. But that's no different whether you're downloading via
bittorrent, file-locker, web forum, hotline, ftp, or newsgroup. A
shady software source is going to risk supplying shady software.

Then again, presumably trustworthy sites like SourceForge and
MacUpdate have been known to alter the software payload or
installation mechanism to provide nefarious wares as well.

It's a dangerous network out there.

--
arno  s  hautala    /-|   [hidden email]

pgp b2c9d448
_______________________________________________
MacOSX-talk mailing list
[hidden email]
http://www.omnigroup.com/mailman/listinfo/macosx-talk
Reply | Threaded
Open this post in threaded view
|

Re: antivirus/malware ?

George N. White III
In reply to this post by @lbutlr
On 20 December 2017 at 06:00, @lbutlr <[hidden email]> wrote:


> On 19 Dec 2017, at 08:51, Michael <[hidden email]> wrote:
>
>
> On 2017-12-19, at 2:15 AM, @lbutlr <[hidden email]> wrote:
>
>> On 18 Dec 2017, at 03:14, Jean-Christophe Helary <[hidden email]> wrote:
>>> A client is kind of requesting that I install an anti-virus/malware on my mac…
>>
>> Explain to them the reasons this is a bad idea.
>
> OK, why is this a bad idea?

That is a very long post I'm not willing to make again. The many and varied issues with AV are well documented not eh Internet. The short list is that AV software introduces its own deep vulnerabilities and exposes your system to those new flaws that the OS vendor can't mitigate and that it draws excessive resources. There are more issues than those, of course.






--
George N. White III <[hidden email]>
Head of St. Margarets Bay, Nova Scotia

_______________________________________________
MacOSX-talk mailing list
[hidden email]
http://www.omnigroup.com/mailman/listinfo/macosx-talk