Since Lion Sophos is picking up threats.

Discussion in 'PC and I.T support/Advice posts' started by crockers, Jul 22, 2011.

  1. crockers

    crockers MB Club Veteran

    Messages:
    7,099
    Joined:
    Mar 30, 2007
    Location:
    North Wilts
    Car:
    XC60 MY2014 SeLux Nav plus lot and lots of toys...
    Since I have upgraded to Lion I have had three warnings from Sophos of threats. Never had one before in all the time I have been running Snow Leopard.
    The threats are Mal/Oficia-A and Mal/Phish-A
    I was on Apples website when they flashed up.

    Has anyone had this happen? What are these? Thought Apple didn't need virus / malware software.

    Have just looked them up and they are Windows based virus / malware so not affecting Mac. I will just delete them from Q manager.
     
  2. dulayj

    dulayj Hardcore MB Enthusiast

    Messages:
    539
    Joined:
    Jun 22, 2011
    Location:
    Near Winchester
    Car:
    A 210/Volvo XC90
    All operating software needs protection.Traditionally its been microsoft as the main focus because of the massive interest /number of users.
    Apple with increasing usage will not be far behind and will attract increasing attacks.
    Trend,Mcafee,nod32 and Norton antivirus /malware have good success rates.
    check the web to see if compatible with your operating software.
     
  3. OP
    OP
    crockers

    crockers MB Club Veteran

    Messages:
    7,099
    Joined:
    Mar 30, 2007
    Location:
    North Wilts
    Car:
    XC60 MY2014 SeLux Nav plus lot and lots of toys...
    I'm using Sophos on the Mac - just in case.
     
  4. Spinal

    Spinal Hardcore MB Enthusiast

    Messages:
    4,793
    Joined:
    Sep 14, 2004
    Location:
    Uxbridge
    Car:
    Smart, S320 and C180 with 3-pointed stars amongst others
    Mal/Oficia-A: This is a "dropper" - i.e. a website designed to put malicious code on your computer. Usually windows based, but not limited to windows anymore. In this case, it's a windows one.

    Mal/Phish-A: This is a phishing web page and as such is not windows-only. That said, it's not a virus either... it's a social engineering attack, whereby you go to a site which looks real but in reality is fake and steals the information you give it.

    Sounds like the page you were on was quite dodgy, and possibly a fake Apple store designed to steal your cc info or apple account details...

    M>
     
    3 people like this.
  5. ironsheik

    ironsheik Hardcore MB Enthusiast

    Messages:
    195
    Joined:
    Feb 13, 2011
    Location:
    Manchester.
    Car:
    W204 C200CDI SPORT.
    Theres a free app in the app store called Virus Barrier.. which scans the whole machine for potential threats... worth a try I guess..
     
  6. OP
    OP
    crockers

    crockers MB Club Veteran

    Messages:
    7,099
    Joined:
    Mar 30, 2007
    Location:
    North Wilts
    Car:
    XC60 MY2014 SeLux Nav plus lot and lots of toys...
    Thanks - I went to Apple (United Kingdom)

    Strange but since installing Lion this morning I have had 3 alerts. 18 months on Snow Leopard = 0
     
  7. Spinal

    Spinal Hardcore MB Enthusiast

    Messages:
    4,793
    Joined:
    Sep 14, 2004
    Location:
    Uxbridge
    Car:
    Smart, S320 and C180 with 3-pointed stars amongst others
    One of my first clients wanted their antivirus management console fixed... the issue was quite simple, they never allowed it to talk to the clients through the firewalls, so it never collected any data...

    My manager got a call a week later telling him that I must have done something wrong as since I fixed the management console, they were getting all sorts of alert emails telling them they were infected...

    Clearly, must have been my fault :p

    Just because you don't get alerts doesn't mean they're not there... conversely, just because you do get alerts, doesn't mean there's a problem. It's a complex world, and gives people like me a job ;)

    Finally, to add some paranoia... as more people move to mac computers, it starts making financial sense to "invest" the resources in coding malware and exploits for OsX... so while 5-10 years ago, there really wasn't a point in coding something to attack a mac-user, now it's starting to make sense.

    As such, we will see more and more things target OsX... (just the other day I saw a nice piece of scareware pop up on my macbook... I was impressed enough to take a lot of screenshots and click through a few windows... great material for my next presentation!)

    M.

    EDIT:
    Apple's website was recently attacked and found to be vulnerable to XSS (cross site scripting, i.e. putting your code on someone else's site so it runs on the clients). As such, it's quite possible you were one of the "victims" of this attack. (this was about a week ago if memory serves me). In which case, the issue would be on apple's servers and not your machine :)
     
    Last edited: Jul 22, 2011
    1 person likes this.
  8. OP
    OP
    crockers

    crockers MB Club Veteran

    Messages:
    7,099
    Joined:
    Mar 30, 2007
    Location:
    North Wilts
    Car:
    XC60 MY2014 SeLux Nav plus lot and lots of toys...
    Just had an alert whilst on this site.... hmmm me thinks Sophos is at fault.
     
  9. John

    John MB Club Veteran

    Messages:
    11,676
    Joined:
    Mar 3, 2011
    Location:
    Daan Saaf
    Car:
    I wish.
    It is also possible your Sophos is picking up 'false positives' i.e. code which resembles a virus but which is in fact not.
     
  10. jepho

    jepho Hardcore MB Enthusiast

    Messages:
    210
    Joined:
    Apr 14, 2011
    Car:
    W203 C220 CDI Coupe
    Often the 'solutions' are worse than the virus. OS X is a *nix-like environment and that means you do not have to run as root with a high level of administrative privileges. Sophos, Norton, McAfee, Intego, ClamAV and others are better served by you being afraid and scared of every little thing they wish to report. A little sensible use of your computer will prevent the need for wholesale fear. AV software is only as good as the latest definition in its files. A day-zero attack may take your machine out just because the AV software doesn't yet know about it.

    Any potential attack vector is rather unlikely to take a Unix-based system to the ground. I would also suggest that you keep a vanilla (completely clean and unused) account that gets you up and running easily, if you should suffer from some social engineering attack. Keep a current backup and store one backup off-site if you have critical data that must never be destroyed.

    Avoid having public facing areas of your computer and remove publicly accessible folders unless you absolutely must share your data with others. Find better means of distributing data. PDF files, CSV files and low resolution jpeg images are my personal choices. Remove all public access to your machine. Exercise care with file handling applications like Dropbox and when using any social networking sites like twitter and facebook for example.

    Don't respond to any e-mail messages that appear to have come from unfamiliar addresses. Some people like to preview the first few lines of a message. I don't do that but it may save you from opening something malicious. Set your e-mail rules so that you can keep a very tight watch on what your mail program will accept or delete without question.

    Do not click around the web randomly and only go to websites which you know, trust and can vouch for. Never click on anything which asks you for personal details and access privileges to your machine.

    If you are obsessional, then you could try reading Apple's own hardening advice which is recommended. The linked example is for Leopard server but it helps you to understand the sort of issues which you should be considering.

    As an aside... I do not use any AV software on any of my computers because of the large performance hit and the opportunities which I try hard not to present to miscreants who would help themselves to my computers. :)
     
    Last edited: Jul 23, 2011
  11. John

    John MB Club Veteran

    Messages:
    11,676
    Joined:
    Mar 3, 2011
    Location:
    Daan Saaf
    Car:
    I wish.
    Yes, this is where the heuristic capability of your chosen AV software is tested...

    I take it you only run Macs?

    I would never recommend this on a PC due to the risk from legitimate sites being compromised and passing this on to you.

    I've never had a virus personally since 1990, either detected with signatures or heuristically, but within the last year, I have once instance of malware, which I believe came from a drive-by.

    I only browse legitimate sites on this (my 'clean machine') and never go off the beaten track.

    I don't host email on my machine and have not as yet even been invited to take part in nasty socially-engineered nastyness.
     
  12. jepho

    jepho Hardcore MB Enthusiast

    Messages:
    210
    Joined:
    Apr 14, 2011
    Car:
    W203 C220 CDI Coupe
    Yes Macs only; since the passing of Win2k. I was fed up fighting the good fight with Windows and what seemed to me to be a low productivity ratio of hours spent using it when compared to work actually completed. XP was always looking for new drivers and falling over inexplicably and generally... it was getting on my nerves.

    I accept that windows PCs have probably improved a great deal since those bad old days but I wont be going back because there are no compelling reasons to do so. In an ideal world we would all be platform agnostic but I had so much work ruined and then there was the time which had to be spent fixing stuff that I would not reconsider introducing that sort of disruption to my workflow again.

    e-mail is one of the saving graces of the 'net while being the vector most likely to pull a machine to the ground. I like the idea of not hosting it myself but I have not the courage to pass much of my mail traffic to some other service.
     
  13. ben_e71

    ben_e71 New Member

    Messages:
    25
    Joined:
    Jul 12, 2011
    Car:
    1 series
    yes this is all good debate but the reality is that I too have loads of sophos flags when browsing the web - this site included for phish-a - which I didn;t get before upgrading to Lion

    SO there must be an issue with sophos.

    It only used to flag on dodgy scam emails before.
     
  14. jepho

    jepho Hardcore MB Enthusiast

    Messages:
    210
    Joined:
    Apr 14, 2011
    Car:
    W203 C220 CDI Coupe
    Sophos

    "Your data is secure, but can you prove it? If you can’t, your company could face fines, negative press and loss of business. We can help.
    We give you what you need to keep your data safe and your business compliant."


    I have not seen any more insecurity in OS X 10.7.0 than all of the previous versions and the reality is that it is very likely more secure.
    Sophos = company making AV products
    Sales & Marketing = Create fear in your user base

    It is unsurprising to me that the language used is 'data loss' or 'compliance' from a company with a mission to sell AV software. It is quite possible that the software bleating about threats is a deliberate ploy to encourage users to buy increased levels of so-called protection.
     
  15. balge

    balge Hardcore MB Enthusiast

    Messages:
    827
    Joined:
    Jul 28, 2010
    Location:
    Central England
    Car:
    Mercedes-Benz W124
    Aaah bless, has Apple finally got enough users to attract the script-kiddies then?
     
  16. jepho

    jepho Hardcore MB Enthusiast

    Messages:
    210
    Joined:
    Apr 14, 2011
    Car:
    W203 C220 CDI Coupe
    Apple

    :D
     
  17. balge

    balge Hardcore MB Enthusiast

    Messages:
    827
    Joined:
    Jul 28, 2010
    Location:
    Central England
    Car:
    Mercedes-Benz W124
    So did they finally increase their share of the OS market then? Is it 10% yet? Have they sold a copy of Apple Server ?
    :rock:
     
  18. jepho

    jepho Hardcore MB Enthusiast

    Messages:
    210
    Joined:
    Apr 14, 2011
    Car:
    W203 C220 CDI Coupe
    I think that their latest quarterly report speaks volumes. That is from a company that were as near to bankrupt as makes little difference. Like 'em or loathe 'em, Apple seem to be riding a large wave at the moment. Being a fan of Unix means that I like using their OS and I think their products offer fair value for money. I cannot speak for anyone else and I am not emotionally attached to the machines I use for my work. :)
     
  19. John

    John MB Club Veteran

    Messages:
    11,676
    Joined:
    Mar 3, 2011
    Location:
    Daan Saaf
    Car:
    I wish.
    I'd never even heard of Apple Server but I did ask one of our Mac operators and he said a previous company he worked at used it - so that's at least one copy sold...

    I guess if you were a really small design house using only Macs, it is probably a good idea.

    :dk:
     
  20. balge

    balge Hardcore MB Enthusiast

    Messages:
    827
    Joined:
    Jul 28, 2010
    Location:
    Central England
    Car:
    Mercedes-Benz W124
    No problem with Unix myself, been playing with a BSD distro recently, even better value! ;)
    OS X is certainly better value than W7....hehe DARWIN in action

    cheers!
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.