Two simple steps are all that are required to entirely solve the malware problem:
Don't run software unless you're absolutely certain what it's going to do. If you know what it's going to do, and it damages your system, it's your own fault for running the software. Don't want a damaged system, don't run that!
Don't run software that can run software for you, unless you're absolutely certain what it, and the software it will run, are going to do. Software that can run other software for you, especially anonymous software that's been sent to it by anonymous users on the Internet, is so obviously unsafe that we shouldn't have to say this. Millions upon millions of computer users around the world who ignore this rule, though, prove that we need to say it anyway.
If only you would live by these two rules, and force anyone else who uses your computer to do the same, you'd be completely safe from all forms of malware.
Unfortunately, it's not practical to live your computing life 100% by these rules. Even if you tried 100% to abide (and we recommend that you do try!), there would be times where a bug in a program allowed it to do something unexpected, and you'd miss your 100% success mark. It's useful to add a few other things to the mix, in addition to trying to abide by rules 1 and 2, as often as you can:
Pick your software for its known performance in the real world. There's an old computing adage that says that every program has at least one bug, and at least some extraneous code. The joking corollary to this adage is that this implies that every program can be reduced, until it's a single line of code that doesn't work. Jokes or no, a history of bugs and design misfeatures is likely to imply a future of them as well. Promises are promises, and infected computers are infected computers, promises or no.
Use virus/worm/Trojan detection software to catch malware entering your system before it has a chance to activate. Even if the software you're using is securely designed, you don't want to be the first person on whom a new virus that targets a recently discovered bug is tried. You also don't want to be redistributing viruses to other, less security-conscious users just because they're dormant on your system.
Keep up with your vendor's software patches. This means both Apple's patches and patches that other software vendors make available for their software. If your software is designed securely, the bugs will get you. Patches fix bugs.
These supplementary rules, however, are useless if you don't try to apply rules 1 and 2. If you're running software that's vulnerable by design, you can be hit by every new virus or worm that comes along. Virus scanner updates and vendor patches come out after the vulnerability has been found, and usually after it is exploited.
Table 6.2 includes a listing of interesting antiviral solutions for Mac OS X. Some of these can be run to scan all the files on your machine, or on removable media as it's inserted. Others monitor the network ( specifically the mail system) and try to pry viruses out of email messages before they're even delivered. Apply any and all that are appropriate in your situation. The fact that Mac OS has not historically been the target of considerable malware is partly a feature of its overall small market share, but it's probably more a feature of the older Mac OS design ”virus and worm attacks weren't easy. Now, with Unix, they can be. Whether they will be, will depend on whether you choose to run software that makes it hard, or makes it easy for them to exist.
Package | OS | Availability |
Virus Barrier | Mac OS X 10.1.1 and higher Mac OS 8.1 and higher | http://www.intego.com/virusbarrier/ |
Sophos Anti-Virus | Mac OS X Mac OS 8.1 and higher | http://www.sophos.com/ |
Norton Anti-Virus 8.0 | Mac OS X 10.1 and higher Mac OS 8.1 and higher | http://www. symantec .com/nav/nav_mac/ |
Virex 7 | Mac OS X 10.0.3 and higher | http://www.mcafeeb2b.com/products/virex/ |
Open AntiVirus Project | JRE 1.3 or later | http://www.openantivirus.org/ |
The Open AntiVirus Project includes the ScannerDaemon, VirusHammer, and PatternFinder projects, which compose a Java-based virus scanner. The project warns that it is still under development and should not be used as the only virus protection. Does not detect polymorphic viruses. | ||
Clam AntiVirus | Linux, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, Mac OS X, Cobalt MIPS boxes | http://clamav.elektrapro.com/ |
Virus scanner written in C. Uses the virus database from the Open AntiVirus project. Can also detect polymorphic viruses. | ||
Some Virus Scanning/Virus Blocking/Mail Filtering Packages for Mail Servers | ||
Package | Mail Transport Agent | Availability |
CGvirusscan 1.0 | CommuniGate Pro | http://www.macosxunleashed.com/article.php?sid=2 |
A program that interfaces CommuniGate Pro with Virex. Requires Mac OS X with Perl. Written by one of this book's authors, John Ray. | ||
RAV Anti-Virus for Mac OS X | CommuniGate Pro SurgeMail Courier Postfix | http://www.raeinternet.com/rav/ravforosx.html |
Antivirus, antispam, content filtering package. | ||
Scan.sh 1.0b1 | CommuniGate Pro | http://projekte.imd.net/ |
Mail filtering program that can be used to filter viruses. Requires a Unix with Perl. | ||
AMaViS ”A Mail Virus Scanner | Sendmail Qmail Postfix Exim | http://www.amavis.org/ |
A program that interfaces a mail transport agent with virus scanners . Tested on Linux, Solaris, *BSD, AIX, HP-UX. Expected to be portable to other Unixes. | ||
MIMEDefang | Sendmail | http://www.roaringpenguin.com/mimedefang/ |
An email filter that can be used to filter viruses. Tested on Linux. Requires Perl 5.001 or higher, various Perl modules, and Sendmail 8.12.3 or higher. | ||
sendmail::Milter | Sendmail | http:// sourceforge .net/projects/sendmail-milter/ |
Perl module for writing filters for milter, the mail filter API for Sendmail. | ||
Inflex | Sendmail | http://pldaniels.com/inflex/ |
Email scanner that can be used to scan for viruses. Linux, FreeBSD, or Solaris. | ||
XaMime | Sendmail Postfix | http://xamime.com/ |
Email filter that enables a mail transport agent to interface with virus scanners. Linux, Solaris, or FreeBSD. | ||
MessageWall | sendmail Postfix Exim Qmail Any RFC-compliant MTA | http://www.messagewall.org/ |
SMTP proxy that keeps out viruses, spam, and mail relaying. Unix with an ANSI C compiler. |
Top |