Go Back   Hardware Canucks > Mac, iPhone & iPod > Mac

    
Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old March 2, 2013, 02:18 PM
BrainEater's Avatar
Hall Of Fame
 
Join Date: Mar 2007
Location: Calgary
Posts: 2,509
Default Apple antivirus/anti-malware.

Don't tell me they don't need it.

Here's the score :

I have IT telling me that a g4 powermac was the source of a malware infection.....

I can either : a) SCAN said mac and find the evidence , or, b) prove it innocent....I don't care which I just need to see definitive evidence of said hack.

I assure you , I hate macs already.If there is even a shadow of a doubt , we'll never allow apple devices of any kind on our network again.

That's a bold statement , but, I really mean it.I NEED some way to check some stuff out.I have to start ruling things out !

I'm looking for 'apple versions' of the following ;

-antivirus
-Anti-malware like MBAM
-something like 'hijack this' or similar
-a program like TCPview

It's possible the OS does stuff like this already , I don't know , I'm learning how to use a mac as we speak.....

.....But don't ask me to spend even 1 cent.(5cents now I guess).......I'll just ban apple if I can't get good inspection software.......but I'm also an Apple newb , and I don't want to be unfair , so here's a couple dumbass questions :

How does an apple g4 powermac (I dont know what os yet , ) connect to a domain ?

Where do I find network data ?

Please help me out everyone !!

TYIA

__________________
Intel 3930k /rIVe/32 Gb vengeance LP/Nvidia TITAN/760/760/Intel 520's/WD raptors/etc...
Reply With Quote
  #2 (permalink)  
Old March 2, 2013, 02:33 PM
enaberif's Avatar
Hall Of Fame
 
Join Date: Dec 2006
Location: Calgahree, AB
Posts: 10,595
Default

Apples can't connect to a domain. They can share files back and forth using Samba.

Antivirus? What you have to understand about how an Apple OS is how the filesystem works. It doesn't work ANYWHERE near that of Windows. You essentially have 2 users.. Administrators and Regular users. Regular users are LOCKED into their home directory unless they use an administrator password to bypass this. Regular users will NOT have any writable permissions to any part of the file system without using a command called sudo.

Seems to be recommended for virus/spyware if you insist on it but I really don't think its needed.
Intego Mac Internet Security 2013 for Mac - CNET Download.com

There isn't a hijackthis equivalent simply because there is no registry on a mac which is what hijackthis goes through and checks for issues.

Network monitoring:
Little Snitch
Reply With Quote
  #3 (permalink)  
Old March 2, 2013, 02:34 PM
MacJunky's Avatar
Hall Of Fame
F@H
 
Join Date: May 2007
Location: Creston, BC
Posts: 1,716

My System Specs

Default

Do not ban all Macs just because a decade old system was compromised. Really old PCs can be just as at risk.

avast! Free Antivirus for Mac | Security Software for Apple OS X
ClamXav
Or I could just link to this:
12 Antivirus Apps for the Mac | PCMag.com


When it comes to TCPview, try netstat and lsof.
Some Unix/Linux programs will compile with no trouble, some like x86 but not PPC, some need you to screw around with X11.. *shrug*

Little Snitch was mentioned above. I ALWAYS had that installed on all my Macs. I loved it.
Also check /Applications/Utilities/ for some other programs to play with.
Reply With Quote
  #4 (permalink)  
Old March 2, 2013, 02:41 PM
BrainEater's Avatar
Hall Of Fame
 
Join Date: Mar 2007
Location: Calgary
Posts: 2,509
Default

Yea like I said......I'm an Apple newb.

So ok.........Can a mac 'not on a domain' get into computers 'on-a-domain' ?

I'm told this mac had full access across a domain , to the point where full write access to the server was had.

Apparently thru the vuze apple client......Or somebody clicked something.....

I really don't know WTF is going on yet.......But it seems fAAAAAAAr more likely it's one of the 15 windows boxes.

What do you think mangs ?
__________________
Intel 3930k /rIVe/32 Gb vengeance LP/Nvidia TITAN/760/760/Intel 520's/WD raptors/etc...
Reply With Quote
  #5 (permalink)  
Old March 2, 2013, 02:50 PM
enaberif's Avatar
Hall Of Fame
 
Join Date: Dec 2006
Location: Calgahree, AB
Posts: 10,595
Default

Quote:
Originally Posted by BrainEater View Post
Yea like I said......I'm an Apple newb.

So ok.........Can a mac 'not on a domain' get into computers 'on-a-domain' ?

I'm told this mac had full access across a domain , to the point where full write access to the server was had.

Apparently thru the vuze apple client......Or somebody clicked something.....

I really don't know WTF is going on yet.......But it seems fAAAAAAAr more likely it's one of the 15 windows boxes.

What do you think mangs ?
I'm not saying it can't. It would be great difficult especially on the older OS. I am totally with you in thinking this happened through a PC not this Apple.

What OS is that G4 running? 9.0? Older? Newer?
Reply With Quote
  #6 (permalink)  
Old March 2, 2013, 03:13 PM
MacJunky's Avatar
Hall Of Fame
F@H
 
Join Date: May 2007
Location: Creston, BC
Posts: 1,716

My System Specs

Default

If it is running Vuze, it is going to be some version of Mac OS X. You do not want to bother with Java in OS 9, it is not even funny.

The newest version of OS X that will run on a G4 is 10.5, but by FAR 10.4 is more popular on G4 systems. 10.3 for the luddites who hate nice things and think that dashboard and spotlight wrecked everything.(they did not, and at this point each version of OS x was still getting faster than the previous version)

Looks like current versions of Vuze require 10.5, but I think in the past it used to require 10.4 so I am betting you are running one of those two.

If you cannot find anything, then you could setup the G4 and a PC as honeypots separated from your real systems and see what happens.


I am tempted to suggest you start a thread at a place like ehMac, but I am not sure what things are like on mac forums these days and I would not want a couple morons to
cause issues upon the suggestion that a Mac might have a problem. (even if the rest of the people are normal)

Last edited by MacJunky; March 2, 2013 at 03:25 PM.
Reply With Quote
  #7 (permalink)  
Old March 2, 2013, 03:24 PM
BrainEater's Avatar
Hall Of Fame
 
Join Date: Mar 2007
Location: Calgary
Posts: 2,509
Default

Quote:
Originally Posted by MacJunky View Post

If you cannot find anything, then you could setup the G4 and a PC as honeypots separated from your real systems and see what happens...
Underway.

-----

I've just physically setup the test area again....was a giant mess.I'll have os #'s right away.....assuming I don't need an effing keyboard......sheesh.....

But anyways , yes.

__________________
Intel 3930k /rIVe/32 Gb vengeance LP/Nvidia TITAN/760/760/Intel 520's/WD raptors/etc...
Reply With Quote
  #8 (permalink)  
Old March 5, 2013, 03:51 PM
BrainEater's Avatar
Hall Of Fame
 
Join Date: Mar 2007
Location: Calgary
Posts: 2,509
Default

So I got a keyboard !!! hahahah

I'm vivisecting this mac.

Where are all the log's ?......do macs keep em?

Can I download/print a full 'current settings' page ?

-----

/me keeps learning.

__________________
Intel 3930k /rIVe/32 Gb vengeance LP/Nvidia TITAN/760/760/Intel 520's/WD raptors/etc...
Reply With Quote
  #9 (permalink)  
Old March 5, 2013, 05:50 PM
MacJunky's Avatar
Hall Of Fame
F@H
 
Join Date: May 2007
Location: Creston, BC
Posts: 1,716

My System Specs

Default

You got a keyboard? You know that you can just use a normal USB keyboard, right? The only thing you might notice is the Windows key being Command, and alt key being option key.

For logs see:
/Applications/Utilities/Console.app


Most of your useful programs are either in the Utilities folder or are CLI based and accessed through Terminal.app like Linux/Unix.
That being said, if any of your IT guys do Unix, they should be able to pick up OS X with little trouble. (though there are differences that they might bitch and moan about because it is not exactly the same as their precious Unix.)
Reply With Quote
  #10 (permalink)  
Old March 6, 2013, 04:14 PM
BrainEater's Avatar
Hall Of Fame
 
Join Date: Mar 2007
Location: Calgary
Posts: 2,509
Default

Yep I sure did , got the one for the machine.

I spent a couple hours just lookin around last night......I'm also learning linux and BSD all over again.....Or trying.......while tearing down my folding farm ....etc...

Thanks a LOT !!! for your help.....The mac's off the plate for a day or two......I have gpgpu encryption busting to learn too !

Cheers !

__________________
Intel 3930k /rIVe/32 Gb vengeance LP/Nvidia TITAN/760/760/Intel 520's/WD raptors/etc...
Reply With Quote
Reply


Thread Tools
Display Modes

Similar Threads
Thread Thread Starter Forum Replies Last Post
New PCs coming with pre-installed malware PerryC Reviews & Articles from the Web 17 May 13, 2013 11:54 PM
RIM Admits to Being Behind Samsung-Esque Anti-Apple Publicity Stunt Sam_Reynolds Press Releases & Tech News 0 May 1, 2012 05:49 PM
Anti-Bacteria / Anti-Algae products in Canada? demonsblood Water Cooling 15 July 5, 2010 11:19 PM
Apple Adds Malware Blocker to Snow Leopard Unknownm Press Releases & Tech News 4 August 26, 2009 08:03 PM
My Favourite Anti Malware Tools clickright O/S's, Drivers & General Software 7 May 13, 2007 05:59 PM