Solving the Problem

   

Two simple steps are all that are required to entirely solve the malware problem:

  • Don't run software unless you're absolutely certain what it's going to do. If you know what it's going to do, and it damages your system, it's your own fault for running the software. Don't want a damaged system, don't run that!

  • Don't run software that can run software for you, unless you're absolutely certain what it, and the software it will run, are going to do. Software that can run other software for you, especially anonymous software that's been sent to it by anonymous users on the Internet, is so obviously unsafe that we shouldn't have to say this. Millions upon millions of computer users around the world who ignore this rule, though, prove that we need to say it anyway.

If only you would live by these two rules, and force anyone else who uses your computer to do the same, you'd be completely safe from all forms of malware.

Unfortunately, it's not practical to live your computing life 100% by these rules. Even if you tried 100% to abide (and we recommend that you do try!), there would be times where a bug in a program allowed it to do something unexpected, and you'd miss your 100% success mark. It's useful to add a few other things to the mix, in addition to trying to abide by rules 1 and 2, as often as you can:

  • Pick your software for its known performance in the real world. There's an old computing adage that says that every program has at least one bug, and at least some extraneous code. The joking corollary to this adage is that this implies that every program can be reduced, until it's a single line of code that doesn't work. Jokes or no, a history of bugs and design misfeatures is likely to imply a future of them as well. Promises are promises, and infected computers are infected computers, promises or no.

  • Use virus/worm/Trojan detection software to catch malware entering your system before it has a chance to activate. Even if the software you're using is securely designed, you don't want to be the first person on whom a new virus that targets a recently discovered bug is tried. You also don't want to be redistributing viruses to other, less security-conscious users just because they're dormant on your system.

  • Keep up with your vendor's software patches. This means both Apple's patches and patches that other software vendors make available for their software. If your software is designed securely, the bugs will get you. Patches fix bugs.

These supplementary rules, however, are useless if you don't try to apply rules 1 and 2. If you're running software that's vulnerable by design, you can be hit by every new virus or worm that comes along. Virus scanner updates and vendor patches come out after the vulnerability has been found, and usually after it is exploited.

Table 6.2 includes a listing of interesting antiviral solutions for Mac OS X. Some of these can be run to scan all the files on your machine, or on removable media as it's inserted. Others monitor the network ( specifically the mail system) and try to pry viruses out of email messages before they're even delivered. Apply any and all that are appropriate in your situation. The fact that Mac OS has not historically been the target of considerable malware is partly a feature of its overall small market share, but it's probably more a feature of the older Mac OS design ”virus and worm attacks weren't easy. Now, with Unix, they can be. Whether they will be, will depend on whether you choose to run software that makes it hard, or makes it easy for them to exist.

Table 6.2. Antiviral (and Other Antimalware) Solutions for Mac OS X

Package

OS

Availability

Virus Barrier

Mac OS X 10.1.1 and higher

Mac OS 8.1 and higher

http://www.intego.com/virusbarrier/

Sophos Anti-Virus

Mac OS X

Mac OS 8.1 and higher

http://www.sophos.com/

Norton

Anti-Virus 8.0

Mac OS X 10.1 and higher

Mac OS 8.1 and higher

http://www. symantec .com/nav/nav_mac/

Virex 7

Mac OS X 10.0.3 and higher

http://www.mcafeeb2b.com/products/virex/

Open AntiVirus Project

JRE 1.3 or later

http://www.openantivirus.org/

The Open AntiVirus Project includes the ScannerDaemon, VirusHammer, and PatternFinder projects, which compose a Java-based virus scanner. The project warns that it is still under development and should not be used as the only virus protection. Does not detect polymorphic viruses.

Clam AntiVirus

Linux, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, Mac OS X, Cobalt MIPS boxes

http://clamav.elektrapro.com/

Virus scanner written in C. Uses the virus database from the Open AntiVirus project. Can also detect polymorphic viruses.

Some Virus Scanning/Virus Blocking/Mail Filtering Packages for Mail Servers

Package

Mail Transport Agent

Availability

CGvirusscan 1.0

CommuniGate Pro

http://www.macosxunleashed.com/article.php?sid=2

A program that interfaces CommuniGate Pro with Virex. Requires Mac OS X with Perl. Written by one of this book's authors, John Ray.

RAV Anti-Virus for Mac OS X

CommuniGate Pro

SurgeMail

Courier

Postfix

http://www.raeinternet.com/rav/ravforosx.html

Antivirus, antispam, content filtering package.

Scan.sh 1.0b1

CommuniGate Pro

http://projekte.imd.net/

Mail filtering program that can be used to filter viruses. Requires a Unix with Perl.

AMaViS ”A Mail Virus Scanner

Sendmail

Qmail

Postfix

Exim

http://www.amavis.org/

A program that interfaces a mail transport agent with virus scanners . Tested on Linux, Solaris, *BSD, AIX, HP-UX. Expected to be portable to other Unixes.

MIMEDefang

Sendmail

http://www.roaringpenguin.com/mimedefang/

An email filter that can be used to filter viruses. Tested on Linux. Requires Perl 5.001 or higher, various Perl modules, and Sendmail 8.12.3 or higher.

sendmail::Milter

Sendmail

http:// sourceforge .net/projects/sendmail-milter/

Perl module for writing filters for milter, the mail filter API for Sendmail.

Inflex

Sendmail

http://pldaniels.com/inflex/

Email scanner that can be used to scan for viruses. Linux, FreeBSD, or Solaris.

XaMime

Sendmail

Postfix

http://xamime.com/

Email filter that enables a mail transport agent to interface with virus scanners. Linux, Solaris, or FreeBSD.

MessageWall

sendmail

Postfix

Exim

Qmail

Any RFC-compliant MTA

http://www.messagewall.org/

SMTP proxy that keeps out viruses, spam, and mail relaying. Unix with an ANSI C compiler.


   
Top


Mac OS X Maximum Security
Maximum Mac OS X Security
ISBN: 0672323818
EAN: 2147483647
Year: 2003
Pages: 158

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net