Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 6 subscribers
  • Views 3212 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

does sophos actually detect any mac viri or threats?

ed_andrews

prior to osx there were a few actual mac viruses [8 if i remember]

these would only be found in old mac files and software

does sophos detect them?

i have a library of old mac software which is updated periodically and need this ability

post osx there was reportedly one trojan [reported by an av company but never seen by anyone else i know]

does sophos detect it

does sophos detect when facebook, google or some other ant-social network starts following me around the net and collecting data about me?

and does sophos detect any threats that actually currently affect me as a mac only user

by this i don't mean theoretical future possible threats

so far it seems to only detect pc stuff

:1000497


This thread was automatically locked due to age.
Parents
  • 0
    Agile wrote:

    As far as I know … no browser API hooking, etc. going on in the product.

    … on the system there are only two places data can reside: in memory, or on disk.  "Network monitoring" becomes a red herring, because what you're really monitoring is where the data goes after the endpoint has received it... which is either into memory or onto disk.

    Those web bugs almost always start by causing the browser to download … cached on disk and then read into memory.  With on-access scanning, these get detected as soon as the system attempts to access the malicious code. With on-demand scanning, the temporary cache files that have been left behind (for example in the Java cache directory) get scanned.

    I'll reiterate: network traffic doesn't go to the browser -- it goes to the OS, which opens up a filehandle the browser can read from.

    … Memory protection on OS X is fairly robust, so the final landing site of almost all malicious code will be on permanent storage, prior to execution -- and of course both on-access and on-demand scans will detect it there.

    That's great, thanks. Much clearer now. 

    Most reassuring (for users such as us, gaining protection from products that focus on permanent storage) is "the final landing site of almost all malicious code will be on permanent storage, prior to execution".

    Incidentally the expression network traffic to the browser came from SophosLabs in response to a question about the HTTP data stream. Origins of that conversation probably included Adobe Responds... Sort Of and http://www.diigo.com/bookmark/http%3A%2F%2Fwww.sophos.com%2Fblogs%2Fsophoslabs%2Fv%2Fpost%2F7407?tab=comment&uname=grahamperrin

    Defocusing from SAV Home Edition, re: some upstream stuff I'm slowly kicking the ball around at http://discussions.apple.com/message.jspa?messageID=12545569#12545569 in a topic Complements to Safari 'fraudulent sites' warnings and Google Safe Browsing. (Inevitably, much advice re: on-disk creeps into a topic that's explicitly focused on "through-the-web threats that do not necessarily involve writes to disk".)

    :1000655
Reply
  • 0
    Agile wrote:

    As far as I know … no browser API hooking, etc. going on in the product.

    … on the system there are only two places data can reside: in memory, or on disk.  "Network monitoring" becomes a red herring, because what you're really monitoring is where the data goes after the endpoint has received it... which is either into memory or onto disk.

    Those web bugs almost always start by causing the browser to download … cached on disk and then read into memory.  With on-access scanning, these get detected as soon as the system attempts to access the malicious code. With on-demand scanning, the temporary cache files that have been left behind (for example in the Java cache directory) get scanned.

    I'll reiterate: network traffic doesn't go to the browser -- it goes to the OS, which opens up a filehandle the browser can read from.

    … Memory protection on OS X is fairly robust, so the final landing site of almost all malicious code will be on permanent storage, prior to execution -- and of course both on-access and on-demand scans will detect it there.

    That's great, thanks. Much clearer now. 

    Most reassuring (for users such as us, gaining protection from products that focus on permanent storage) is "the final landing site of almost all malicious code will be on permanent storage, prior to execution".

    Incidentally the expression network traffic to the browser came from SophosLabs in response to a question about the HTTP data stream. Origins of that conversation probably included Adobe Responds... Sort Of and http://www.diigo.com/bookmark/http%3A%2F%2Fwww.sophos.com%2Fblogs%2Fsophoslabs%2Fv%2Fpost%2F7407?tab=comment&uname=grahamperrin

    Defocusing from SAV Home Edition, re: some upstream stuff I'm slowly kicking the ball around at http://discussions.apple.com/message.jspa?messageID=12545569#12545569 in a topic Complements to Safari 'fraudulent sites' warnings and Google Safe Browsing. (Inevitably, much advice re: on-disk creeps into a topic that's explicitly focused on "through-the-web threats that do not necessarily involve writes to disk".)

    :1000655
Children
No Data