Malware protection software?
in [Mac Systems]
|
Prev: NAS recommendations?
Next: Webcam recommendations...
From: Salmon Egg on 21 Feb 2010 02:55 In article <jollyroger-ACDDCA.23425120022010(a)news.individual.net>, Jolly Roger <jollyroger(a)pobox.com> wrote: > No. The machine code in these things will not work universally > regardless of operating system. They aren't written at that low a level. > They have huge dependencies on operating system libraries, so will run > only on Windows. If I were facile with assembly language and just wanted to be malicious, it would be no problem writing code to put wrong numbers into vital spots like the first page of memory (if that still is the way things are still done). The trick would be to jump into a suitable entry point in the code. That is what would require system calls. Bill -- An old man would be better off never having been born.
From: Richard Maine on 21 Feb 2010 03:14 Salmon Egg <SalmonEgg(a)sbcglobal.net> wrote: > In article <jollyroger-ACDDCA.23425120022010(a)news.individual.net>, > Jolly Roger <jollyroger(a)pobox.com> wrote: > > > No. The machine code in these things will not work universally > > regardless of operating system. They aren't written at that low a level. > > They have huge dependencies on operating system libraries, so will run > > only on Windows. > > If I were facile with assembly language and just wanted to be malicious, > it would be no problem writing code to put wrong numbers into vital > spots like the first page of memory (if that still is the way things are > still done). Well, your "if" condition is false, making the rest moot. No, that isn't the way things are done. No, you can't do malicious things by writing to the first page of memory. As Jolly says, all malicious code (or any nontrivial code for that matter) that has heavy dependencies on the operating system. Period. One can imagine all kinds of ways that things might be, but they aren't. Windows malware is not going to work on OS X, regardless of what you might imagine. It would be far more likely that you could find malware that targets OS X. There really isn't any in the wild right now, but at least that is possible in principle, which puts it far ahead of the odds of Windows malware infecting OS X. I really shouldn't even call it odds because that might lead you to think they was a small but finite chance that the Windows malware will run; it won't. As mentioned elsethread, by far the most likely way for you to get infected is through VMWare or Parallels. That actually could quite plausibly happen. Those can be configured to automatically handle windows .exe files in such a way that trying to run a .exe file in OS X will start up VMWare if needed and run it in VMWare. But unless you leave VMWare running all the time (which I don't advise; if nothing else, it will snarf a big chink of your RAM), it should be pretty obvious that VMWare is starting up. -- Richard Maine | Good judgment comes from experience; email: last name at domain . net | experience comes from bad judgment. domain: summertriangle | -- Mark Twain
From: J.J. O'Shea on 21 Feb 2010 07:34 On Sun, 21 Feb 2010 00:33:19 -0500, Salmon Egg wrote (in article <SalmonEgg-C8B932.21331920022010(a)news60.forteinc.com>): > In article <hlq84u0933(a)news7.newsguy.com>, > J.J. O'Shea <try.not.to(a)but.see.sig> wrote: > >> You have go to a lot of trouble to get .EXEs to run on a Mac. If you don't >> do that, they can't run. Period. Just dump 'em in the trash and drive on. > > This brings up another problem. > > A few years ago. I first received a .exe file that really was a picture. > I am not sure what happens if double clicked on a Mac. > > Being concerned, I telephoned my friend who sent it. He assured me that > it was OK and it was. > > What do you know about such files? Why is such a format used? Almost certainly it was a self-extracting ZIP. Those can be treated like any other ZIP, and dropped onto Stuffit Expander or The Unarchiver or whatever you use to decompress files. Be _very_ careful about pix which come in EXEs, often they're trojans, containing a pic _and_ a malware payload. Look up 'Anna Kournikova malware' to name but one example of the breed. -- email to oshea dot j dot j at gmail dot com.
From: Jeffrey Goldberg on 21 Feb 2010 10:49 On 2010-02-20 8:36 PM, Salmon Egg wrote: > Because I do not know what is going on, I still am concerned. What's going on is that the page tried to make people think it was doing a virus scan and trick them into clicking on something on the page (even if it looked like a Windows dismiss button) to initiate a download. > If new > Macs use Intel chip sets, is it not possible for machine code snippets > to do bad things? No. The executable programs are operating system dependent. You have nothing to worry about here. As others have correctly pointed out (but it is worth reiterating) it is difficult to get Windows executables to run on OS X. These files are harmless to us. -j -- Jeffrey Goldberg http://goldmark.org/jeff/ I rarely read HTML or poorly quoting posts Reply-To address is valid
From: Jeffrey Goldberg on 21 Feb 2010 10:54
On 2010-02-20 9:50 PM, nospam wrote: > In article <7ublm2FetsU1(a)mid.individual.net>, Jeffrey Goldberg > <nobody(a)goldmark.org> wrote: > >> That is very good information, but you still have to click on >> *something* on a scam page. If you were to just close the window (and >> not via a click on anything on the page) you should not get any files >> downloaded. > > unless the page traps that too and sometimes it auto-downloads when the > page loads. And people wonder why I loath JavaScript. > in any event, it's all windows malware. it does nothing on a mac. Agreed. > move to trash, empty trash. I like scanning them with clamav (via ClamXav) to see what they are. -j -- Jeffrey Goldberg http://goldmark.org/jeff/ I rarely read HTML or poorly quoting posts Reply-To address is valid |