Tiger - Vulnerable?

[RubyRoses]

Hi, I'm a 10.4.11 user.

As well as using what is obviously now an ancient system, I've also been under a bit of a rock lately and only just learnt about the whole flashback.g 'certificate' thing going around.

I actually did encounter it a little while ago (my Java is turned off, so I guess that explains why it didn't take advantage of that) but I couldn't recall whether I'd moronically hit 'continue' or not, so did some checks, as suggested here http://www.macworld.com/article/165...ous_strain_of_mac_flashback_trojan_horse.html:

ls /Users/Shared/.*.so

and

defaults read ~/.MacOSX/environment

came back with 'No such file or directory', and 'does not exist'.

Seems fine, but I gather the bad guys may well have changed the locations of these files since that article was published - and I also recently learnt that only Snow Leopard + has in built anti-virus/is updated and protected by Apple. Is that true?? (I'll try and find links if anyone's sceptical...)

On a final note, I also learnt here http://antivirus-software.findthebest.com/compare/134-141/2012-Kaspersky-Anti-Virus-vs-2012-ClamXav that ClamXav (which I just used to scan my system, after updating its definitions) only responds to viruses, not other malware threats (like Trojans, presumably). Which perhaps, is a little pointless - unless you're concerned about Windows viruses - since there are no Mac viruses, as they say.

All in all, with an old OS, a useless (in the face of these kind of threats?) ClamXav, and it appears, no protection from Apple, I'm wondering if using Tiger is just asking for trouble now. Even with Java switched off.

What do you reckon? And is anyone else using Tiger here, or am I the only one left...?

Thanks to anyone who get back to me on this issue!

 

[GGJstudios]

I also recently learnt that only Snow Leopard + has in built anti-virus/is updated and protected by Apple. Is that true??

That's true for Snow Leopard, Lion and later versions.

I also learnt here http://antivirus-software.findthebest.com/compare/134-141/2012-Kaspersky-Anti-Virus-vs-2012-ClamXav that ClamXav (which I just used to scan my system, after updating its definitions) only responds to viruses, not other malware threats (like Trojans, presumably).

That's false. ClamXav detects both Mac and Windows malware and doesn't run with elevated privileges. You can run scans when you choose, rather than leaving it running all the time, slowing your system. ClamXav has a Sentry feature which, if enabled, will use significant system resources to constantly scan. Disable the Sentry feature. You don't need it. Also, when you first install ClamXav, as with many antivirus apps, it may perform an initial full system scan, which will consume resources. Once the initial scan is complete, periodic on-demand scans will have much lower demands on resources.

All in all, with an old OS, a useless (in the face of these kind of threats?) ClamXav, and it appears, no protection from Apple, I'm wondering if using Tiger is just asking for trouble now. Even with Java switched off.

You don't need any 3rd party antivirus app to keep your Mac malware-free. Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. You cannot infect your Mac simply by visiting a website, unzipping a file, opening an email attachment or joining a network. The only malware in the wild that can affect Mac OS X is a handful of trojans, which cannot infect your Mac unless you actively install them, and they can be easily avoided with some basic education, common sense and care in what software you install. Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.

Mac Virus/Malware FAQ​

1. Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall
   
   
2. Uncheck "Open "safe" files after downloading" in Safari > Preferences > General
   
   
3. Uncheck "Enable Java" in Safari > Preferences > Security. Leave this unchecked until you visit a trusted site that requires Java, then re-enable only for your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)
   
   
4. Check your DNS settings by reading this.
   
   
5. Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.
   
   
6. Never let someone else have physical access to install anything on your Mac.
   
   
7. Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.

That's all you need to do to keep your Mac completely free of any virus, trojan, spyware, keylogger, or other malware. You don't need any 3rd party software to keep your Mac secure.

 

[RubyRoses]

Thanks for the response GGJstudios.

That's true for Snow Leopard, Lion and later versions.

Okay, so Tiger definitely DOESN'T get any more protection from Apple. That's surely so bad, I should upgrade my system ASAP, right?

ClamXav detects both Mac and Windows malware

I'm relieved to hear you say that though. ClamXav would pick up flashback.g (and it's kind) if I did a scan, then? I've got vers. 2.1 (there seems to be more recent versions of this too), but as I said, I update the definitions before using it, so it should still do the job, right?

The only malware in the wild that can affect Mac OS X is a handful of trojans, which cannot infect your Mac unless you actively install them

I'm particularly curious about this statement. The threat that I most recently encountered was one which, I gather, could download itself without any intervention on the users part, by exploiting java vulnerabilities (if you had java switched on). So surely that statement doesn't hold true anymore?

I've double-checked that I've taken all the precautions you've suggested in your list. But have heard so many things about the dangers of Flash, Quicktime and Safari, that I'm starting to wonder if it's only a matter of time before some malware is invented which can suddenly download itself w/o user intervention, by exploiting them?

...Shall I just ClamXav scan my library once a day (I gather that's the place where these nasties go), and check regularly that no new malware is on the loose, until I can finally afford an upgrade...?

 

[GGJstudios]

Okay, so Tiger definitely DOESN'T get any more protection from Apple. That's surely so bad, I should upgrade my system ASAP, right?

Not as long as you practice safe computing. I still run Leopard on my MBP and have zero problems. You don't need to upgrade to keep your Mac malware-free.

I'm relieved to hear you say that though. ClamXav would pick up flashback.g (and it's kind) if I did a scan, then? I've got vers. 2.1 (there seems to be more recent versions of this too), but as I said, I update the definitions before using it, so it should still do the job, right?

Yes.

I'm particularly curious about this statement. The threat that I most recently encountered was one which, I gather, could download itself without any intervention on the users part, by exploiting java vulnerabilities (if you had java switched on). So surely that statement doesn't hold true anymore?

I have doubts that it ever was true. I found no evidence of any other security firm corroborating Intego's findings and Intego didn't provide any proof. I'm very skeptical of Intego's claims. Remember, their motivation is to sell software, not necessarily to keep Mac users fully informed of the facts.

But have heard so many things about the dangers of Flash, Quicktime and Safari, that I'm starting to wonder if it's only a matter of time before some malware is invented which can suddenly download itself w/o user intervention, by exploiting them?

Anything is possible, including the possibility that a Mac virus could be introduced in the wild at some future date. That's why it's helpful to practice safe computing and stay informed. If such threats were discovered, the media and forums would be buzzing with the news.

...Shall I just ClamXav scan my library once a day

You don't need to scan daily (or at all) to keep your Mac secure. Just follow the suggestions I posted.

(I gather that's the place where these nasties go)

Malware can exist in many places; not just your Library folder.

.. until I can finally afford an upgrade...?

Upgrading will provide no assurance that you can't be affected by malware. When malware is first introduced, antivirus software and Apple's built-in protection will not detect it. You're only protected when the malware has been identified and a defense is built and your system has been updated.

Really, you don't need to waste time worrying about this. Just follow the recommendations I made. You won't have to worry about malware. It's very rare for an average Mac user to even encounter malware, much less be affected by it.

 

[petisjioweelsha]

10.4 and 10.5 are not receiving security updates at all. (and 10.4 and 10.5 on PPC isn't getting Adobe Flash security updates either).

That means that those systems have hundreds of security issues.

Does that mean that there are hundreds of actual working exploits out there waiting to infect you with malware?
No, probably not.
But, attackers often exploit old vulnerabilities on the theory that many users don't (or in this case can't) apply the security patches.

 

[GGJstudios]

10.4 and 10.5 are not receiving security updates at all. (and 10.4 and 10.5 on PPC isn't getting Adobe Flash security updates either).

That means that those systems have hundreds of security issues.

Does that mean that there are hundreds of actual working exploits out there waiting to infect you with malware?
No, probably not.
But, attackers often exploit old vulnerabilities on the theory that many users don't (or in this case can't) apply the security patches.

There is no malware in the wild that can affect 10.4 or 10.5 if the user practices safe computing, following the tips I posted earlier.

 

[petisjioweelsha]

There is no malware in the wild that can affect 10.4 or 10.5 if the user practices safe computing, following the tips I posted earlier.

But, they can't follow those tips if they are running 10.4 or 10.5.
See item 7!

 

[GGJstudios]

But, they can't follow those tips if they are running 10.4 or 10.5.
See item 7!

Yes, they can. They can follow all the other tips. They can apply updates to apps, as item 7 indicates. They can apply system updates when they are released, even if they're not as frequent.

 

[petisjioweelsha]

Yes, they can. They can follow all the other tips. They can apply updates to apps, as item 7 indicates. They can apply system updates when they are released, even if they're not as frequent.

There are no more updates for 10.4/10.5. Period.

No updates (in the case of the OS and Flash) means hundreds of security issues.

 

[GGJstudios]

There are no more updates for 10.4/10.5. Period.

That's not true. 10.5 received a Security Update 9 months ago, and updates to Safari, QuickTime, etc. since then.

No updates (in the case of the OS and Flash) means hundreds of security issues.

Flash for Leopard was updated in the last year.

I repeat, there is no malware in the wild that can affect 10.4 or 10.5 if the user practices safe computing and follows the tips I posted.

 

[petisjioweelsha]

That's not true. 10.5 received a Security Update 9 months ago, and updates to Safari, QuickTime, etc. since then.

And in that nine months there have been dozens and dozens of security fixes that 10.5 has not received.
Come on.
You know 10.4/10.5 are totally upatched.
I'm not going to keep going back and forth on this.

Those old version have many many security holes.
I do, however, acknowledge that those vulnerabilities do not translate into active exploits.

 

[GGJstudios]

And in that nine months there have been dozens and dozens of security fixes that 10.5 has not received.
Come on.
You know 10.4/10.5 are totally upatched.
I'm not going to keep going back and forth on this.

Those old version have many many security holes.
I do, however, acknowledge that those vulnerabilities do not translate into active exploits.

There are potentially dozens or hundreds of unpatched security holes in every OS, including Lion and Mountain Lion. That doesn't mean they're unsafe to use. If a user exercises common sense and caution, they're just as safe running Leopard as Lion.

 

[RubyRoses]

Thanks for getting back to me, guys, this is an important issue to me.

Perhaps I should tell you a bit more about my situation. I'd love to upgrade to Lion, but to do that, I'd have to buy a new iMac (I only have 1 GB of memory). And I'm not going to be able to fork out that kind of money any time too soon.

So, in the meantime, I wanted to find out how safe my current situation is (clearly not at all) / how to root out any trouble that might appear on my Mac without me knowing, allegedly java-exploiting flashback.g style. (Thanks GGJ Studios for making it clear that ClamXav can do this job!). I'm also trying to find out how I can best protect my ancient Mac. I can follow all of the suggestions GGJ Studios gave in the list, save, as petisjioweelsha pointed out, the updates part, and this still concerns me. Let me explain why...

The last time I received an update was 21/11/2010 (Safari & iTunes), and I haven't received a security update since 16/09/09. Apple must provide these updates for a reason. Though GGJ Studios says "they're just as safe running Leopard as Lion", at least if/when one of those "dozens or hundreds of unpatched security holes" on Lion are exploited, at least Snow Leopard + will receive a patch from Apple at some point or another.

Though I 100% agree that "vulnerabilities do not translate into active exploits", and perhaps "there is no malware in the wild that can affect 10.4 or 10.5" w/o user intervention, I'm troubled that I'd be defenceless if there was. Which is now I'm starting to consider the dreaded 3rd party anti-virus option:

I'm very skeptical of Intego's claims. Remember, their motivation is to sell software, not necessarily to keep Mac users fully informed of the facts.

I do totally see your point GGJ Studios. But If Apple thinks an anti-virus system needs to be in place (clearly it does, since it's provided one for Snow Leopard +), and I'm in a situation where things that enter my Mac are not being screened, sandboxed, or what have you, I am starting to think I might actually buy an anti-virus to tide me over until I can afford to make the great move.

What do you think? Shall I go for it? Just in case Intego's right, and stuff that can download w/o user intervention is starting to appear...

 

[GGJstudios]

I do totally see your point GGJ Studios. But If Apple thinks an anti-virus system needs to be in place (clearly it does, since it's provided one for Snow Leopard +), and I'm in a situation where things that enter my Mac are not being screened, sandboxed, or what have you, I am starting to think I might actually buy an anti-virus to tide me over until I can afford to make the great move.

What do you think? Shall I go for it? Just in case Intego's right, and stuff that can download w/o user intervention is starting to appear...

If you follow the tips I posted, there is no malware in the wild that can be installed without your action. As long as you're not engaging in high-risk activities, such as installing pirated software or installing software from pop-ups on websites, you have nothing to worry about. Also, be aware that IF a virus or other new form of malware were introduced at some point in the future, no anti-virus app will protect you from that. Anti-virus software can't protect you from something that doesn't yet exist.

If you still insist on running anti-virus, ClamXav is one of the best choices, since it isn't a resource hog, detects both Mac and Windows malware and doesn't run with elevated privileges... and it's free. You can run scans when you choose, rather than leaving it running all the time, slowing your system. ClamXav has a Sentry feature which, if enabled, will use significant system resources to constantly scan. Disable the Sentry feature. You don't need it. Also, when you first install ClamXav, as with many antivirus apps, it may perform an initial full system scan, which will consume resources. Once the initial scan is complete, periodic on-demand scans will have much lower demands on resources.

Be sure to read the Mac Virus/Malware FAQ I posted in my first post. Educating yourself and practicing safe computing is a better defense against malware than any anti-virus app.

 

[Dr McKay]

text wall.

An antivirus running does not slow your system down. With the exception of Norton, all Anti-virus software I've used typically sits at 0% CPU usage. And under 50MB of RAM. The time it uses more is when running a system scan when directed to do so. The one I use dynamically uses system resources based on what your computer is doing, and will automatically dial back if it detects other programs running or a person using the computer.

 

[GGJstudios]

An antivirus running does not slow your system down.

There is overwhelming evidence to the contrary. Just browse a few of the malware threads in this forum and you'll find countless accounts of system performance being impacted by running anti-virus software. Some require more resources than others, but they all consume some.

 

[RubyRoses]

text wall.

Um, what do you mean by that, Benjy91? ^^;

I do totally understand what you're saying GGJ Studios, and have carefully read the Mac Virus/Malware FAQ you posted in your first post. As I said - I'm following the suggestions on your list - but without any updates - even if there's nothing in the wild as yet - and even though I understand no anti-virus can protect you from a threat it hasn't defined yet - AT LEAST if when/ something did appear, I would have something on hand that would eventually help to resolve the problem, rather than be left totally stranded.

If they don't eventually help, then there'd be no point to anti-virus or apple's updates at all, right?

Also, thanks for your contribution Benjy91. What anti-virus are you using at the mo? TBH, I'm not too worried about my system slowing down, even if it does - I'd rather it was safe (as it can be). Of course, I guess I could just stick with ClamXav, as GGJ Studios suggests. But Intego looks like it provides more of a package. I just want to get the best, general all round defence I can - they say prevention is the best cure.

 

[GGJstudios]

...and even though I understand no anti-virus can protect you from a threat it hasn't defined yet - AT LEAST if when/ something did appear, I would have something on hand that would eventually help to resolve the problem, rather than be left totally stranded.

If they don't eventually help, then there'd be no point to anti-virus or apple's updates at all, right?

Also, thanks for your contribution Benjy91. What anti-virus are you using at the mo? TBH, I'm not too worried about my system slowing down, even if it does - I'd rather it was safe (as it can be). Of course, I guess I could just stick with ClamXav, as GGJ Studios suggests. But Intego looks like it provides more of a package. I just want to get the best, general all round defence I can - they say prevention is the best cure.

It sounds like you have your mind set on spending money on anti-virus software, which is certainly your right. However, if you came here asking for sound advice, you've been given that. You don't need to spend money to keep your Mac safe from malware. The overwhelming majority of Mac users never even encounter malware, not to mention being affected by it. Many users come from a Windows mindset, where they've been conditioned to run anti-virus as a requirement for safe computing. That's simply not the case with Mac OS X. If you're like most Mac users, you'll likely never see any malware of any kind. But if you want to spend your money, I'm sure Intego will be happy to take it. Good luck!

 

[RubyRoses]

It sounds like you have your mind set on spending money on anti-virus software, which is certainly your right. However, if you came here asking for sound advice, you've been given that.

Please, don't be mistaken, I'm really glad to have had your advice, and I'm grateful for all the time you've spent getting back to me. What you've said has been really interesting, helpful and useful. Probably if I wasn't such a scaredy-cat, I'd carry on as you suggest; and yes, no doubt Intego & their ilk rely on people just like me, lol.

And please: don't think I had my mind made up when I first started this thread - I wouldn't waste anyone's time like that. At the beginning, I didn't know for sure Apple weren't protecting me anymore.

What's ultimately got me thinking I should get some AV is Apple obv. think we DO need it, since they're using it on their latest operating systems!

Maybe it is all a long shot for a dozen reasons, but I hope you can see my logic, even if you think it's silly...? ^^;

 

[Dr McKay]

There is overwhelming evidence to the contrary. Just browse a few of the malware threads in this forum and you'll find countless accounts of system performance being impacted by running anti-virus software. Some require more resources than others, but they all consume some.

Out of curiosity is this a Mac phenomena? Or anything that's recent? Because on Windows i had problems with Antivirus slowing the system down back in the 90's. And with Norton 2006, but since then ive been from Avast, AVG, MSE and Kaspersky. And none of these slowed my system down in the slightest, they would sit there using around 50-70MB of RAM, jumping to around 200MB when performing a scan, as for CPU usage it would be 0% until a scan, and when it did scan it would only use what resources were spare, it would always dial back CPU usage if it felt other program's open by the user needing CPU usage.

Obviously there are going to be horror stories on support forums, but out of all my friends, and the 2,000+ PC's I look after at work I've never heard of a modern Antivirus slowing a PC down.

 

[vohdoun]

Does Safari support extensions on Tiger? if so someone hasn't been taking advantage of them. Disable plugins while you're at it.

 

[GGJstudios]

Out of curiosity is this a Mac phenomena? Or anything that's recent?

No, it's not just Macs and is recent as well. I support both Mac and Windows 7 users and while some AVs behave better than others, they all put demands on system resources, as any app does, and some are resource hogs. Just read the many malware threads to get a sense of what others are experiencing on both Mac and Windows systems.

 

[Mr. Retrofire]

10.4 and 10.5 are not receiving security updates at all. (and 10.4 and 10.5 on PPC isn't getting Adobe Flash security updates either).

That means that those systems have hundreds of security issues.

The majority of the existing security issues have nothing to do with updates. Lion 10.7.3 has many discovered and not discovered security holes, not to mention Apples own applications on this OS. It is always a cat & mouse game, and no one wins. Newer OSs have more untested code, and therefore more possible security holes.

 

[RubyRoses]

Does Safari support extensions on Tiger? if so someone hasn't been taking advantage of them. Disable plugins while you're at it.

Apologies, but I think this will have to be translated into 'dumb-ass' before I understand what you mean! What do you mean by support extensions? How can I find out? How do people take advantage of them? And how does one disable plugins?

...And what is going on in that picture...? Thanks a lot!

 

[vohdoun]

What do you mean by support extensions? How can I find out? How do people take advantage of them?

Do you have this? I'm assuming no.

And how does one disable plugins?

Since plugins (Quicktime, Adobe Reader, Flash etc) are not getting updated and exploits may show itself, it would be wise to disable them.

...And what is going on in that picture...? Thanks a lot!

Just the fact thats it's barely using anything. I mainly use Virus Barrier X for it's Firewall settings.