Hardware Canucks

Hardware Canucks (http://www.hardwarecanucks.com/forum/)
-   Mac (http://www.hardwarecanucks.com/forum/mac/)
-   -   Apple antivirus/anti-malware. (http://www.hardwarecanucks.com/forum/mac/59980-apple-antivirus-anti-malware.html)

BrainEater March 2, 2013 03:18 PM

Apple antivirus/anti-malware.
 
Don't tell me they don't need it.

Here's the score :

I have IT telling me that a g4 powermac was the source of a malware infection.....

I can either : a) SCAN said mac and find the evidence , or, b) prove it innocent....I don't care which I just need to see definitive evidence of said hack.

I assure you , I hate macs already.If there is even a shadow of a doubt , we'll never allow apple devices of any kind on our network again.

That's a bold statement , but, I really mean it.I NEED some way to check some stuff out.I have to start ruling things out !

I'm looking for 'apple versions' of the following ;

-antivirus
-Anti-malware like MBAM
-something like 'hijack this' or similar
-a program like TCPview

It's possible the OS does stuff like this already , I don't know , I'm learning how to use a mac as we speak.....

.....But don't ask me to spend even 1 cent.(5cents now I guess).......I'll just ban apple if I can't get good inspection software.......but I'm also an Apple newb , and I don't want to be unfair , so here's a couple dumbass questions :

How does an apple g4 powermac (I dont know what os yet , ) connect to a domain ?

Where do I find network data ?

Please help me out everyone !!

TYIA

:thumb:

enaberif March 2, 2013 03:33 PM

Apples can't connect to a domain. They can share files back and forth using Samba.

Antivirus? What you have to understand about how an Apple OS is how the filesystem works. It doesn't work ANYWHERE near that of Windows. You essentially have 2 users.. Administrators and Regular users. Regular users are LOCKED into their home directory unless they use an administrator password to bypass this. Regular users will NOT have any writable permissions to any part of the file system without using a command called sudo.

Seems to be recommended for virus/spyware if you insist on it but I really don't think its needed.
Intego Mac Internet Security 2013 for Mac - CNET Download.com

There isn't a hijackthis equivalent simply because there is no registry on a mac which is what hijackthis goes through and checks for issues.

Network monitoring:
Little Snitch

MacJunky March 2, 2013 03:34 PM

Do not ban all Macs just because a decade old system was compromised. Really old PCs can be just as at risk.

avast! Free Antivirus for Mac | Security Software for Apple OS X
ClamXav
Or I could just link to this:
12 Antivirus Apps for the Mac | PCMag.com


When it comes to TCPview, try netstat and lsof.
Some Unix/Linux programs will compile with no trouble, some like x86 but not PPC, some need you to screw around with X11.. *shrug*

Little Snitch was mentioned above. I ALWAYS had that installed on all my Macs. I loved it.
Also check /Applications/Utilities/ for some other programs to play with.

BrainEater March 2, 2013 03:41 PM

Yea like I said......I'm an Apple newb.

So ok.........Can a mac 'not on a domain' get into computers 'on-a-domain' ?

I'm told this mac had full access across a domain , to the point where full write access to the server was had.

Apparently thru the vuze apple client......Or somebody clicked something.....

I really don't know WTF is going on yet.......But it seems fAAAAAAAr more likely it's one of the 15 windows boxes.

What do you think mangs ?

enaberif March 2, 2013 03:50 PM

Quote:

Originally Posted by BrainEater (Post 693919)
Yea like I said......I'm an Apple newb.

So ok.........Can a mac 'not on a domain' get into computers 'on-a-domain' ?

I'm told this mac had full access across a domain , to the point where full write access to the server was had.

Apparently thru the vuze apple client......Or somebody clicked something.....

I really don't know WTF is going on yet.......But it seems fAAAAAAAr more likely it's one of the 15 windows boxes.

What do you think mangs ?

I'm not saying it can't. It would be great difficult especially on the older OS. I am totally with you in thinking this happened through a PC not this Apple.

What OS is that G4 running? 9.0? Older? Newer?

MacJunky March 2, 2013 04:13 PM

If it is running Vuze, it is going to be some version of Mac OS X. You do not want to bother with Java in OS 9, it is not even funny.

The newest version of OS X that will run on a G4 is 10.5, but by FAR 10.4 is more popular on G4 systems. 10.3 for the luddites who hate nice things and think that dashboard and spotlight wrecked everything.(they did not, and at this point each version of OS x was still getting faster than the previous version)

Looks like current versions of Vuze require 10.5, but I think in the past it used to require 10.4 so I am betting you are running one of those two.

If you cannot find anything, then you could setup the G4 and a PC as honeypots separated from your real systems and see what happens.


I am tempted to suggest you start a thread at a place like ehMac, but I am not sure what things are like on mac forums these days and I would not want a couple morons to
cause issues upon the suggestion that a Mac might have a problem. (even if the rest of the people are normal)

BrainEater March 2, 2013 04:24 PM

Quote:

Originally Posted by MacJunky (Post 693924)

If you cannot find anything, then you could setup the G4 and a PC as honeypots separated from your real systems and see what happens...

Underway.

-----

I've just physically setup the test area again....was a giant mess.I'll have os #'s right away.....assuming I don't need an effing keyboard......sheesh.....

But anyways , yes.

:thumb:

BrainEater March 5, 2013 04:51 PM

So I got a keyboard !!! hahahah

I'm vivisecting this mac.

Where are all the log's ?......do macs keep em?

Can I download/print a full 'current settings' page ?

-----

/me keeps learning.

:thumb:

MacJunky March 5, 2013 06:50 PM

You got a keyboard? You know that you can just use a normal USB keyboard, right? The only thing you might notice is the Windows key being Command, and alt key being option key.

For logs see:
/Applications/Utilities/Console.app


Most of your useful programs are either in the Utilities folder or are CLI based and accessed through Terminal.app like Linux/Unix.
That being said, if any of your IT guys do Unix, they should be able to pick up OS X with little trouble. (though there are differences that they might bitch and moan about because it is not exactly the same as their precious Unix.)

BrainEater March 6, 2013 05:14 PM

Yep I sure did , got the one for the machine.

I spent a couple hours just lookin around last night......I'm also learning linux and BSD all over again.....Or trying.......while tearing down my folding farm ....etc...

Thanks a LOT !!! for your help.....The mac's off the plate for a day or two......I have gpgpu encryption busting to learn too !

Cheers !

:thumb:


All times are GMT -7. The time now is 09:23 AM.