For the most part, I mean files ending with .exe that require Microsoft Windows to run -- but can be run inside OS X using various bits of third party software.
However, as far as Sophos detections go, often PDF document exploits or other cross-platform attacks are flagged as Windows, but can be used against OS X as well.
You say you have bootcamp enabled, which I presume means you're booting into Windows instead of OS X at some point. When you're running Windows, you need a Windows AV solution to protect you, and your computer is vulnerable to all the Windows-based malware attacks out there.
i might be confused about what bootcamp is but i dont have windows on my mac to infect.
Also earlier you said that it detects iexplore.exe malware but it doesnt garentee it will detect them all. What do you mean by this? Are there ones sophos doesnt know about that it cant find or is it just that sophos doesnt find it even though it is in the database? Does sophos only look for malware from its database? Or when i choose to scan files, will it only scan for malware in its database or will it also check to see if a file/item is suspicious based on its contents and what it does?
Eriq wrote:i might be confused about what bootcamp is but i dont have windows on my mac to infect.
Also earlier you said that it detects iexplore.exe malware but it doesnt garentee it will detect them all. What do you mean by this? Are there ones sophos doesnt know about that it cant find or is it just that sophos doesnt find it even though it is in the database? Does sophos only look for malware from its database? Or when i choose to scan files, will it only scan for malware in its database or will it also check to see if a file/item is suspicious based on its contents and what it does?
Bootcamp is a system that lets you dual-boot into another operating system (tweaked for Windows) on your Mac.
"iexplore.exe malware" is not a Sophos designation. iexplore.exe is actually the file name of the Microsoft Internet Explorer web browser on Windows. There is a lot of malicious software that takes advantage of or pretends to be Internet Explorer. Sophos likely catches anything you might find attempting to do this, but of course we don't know about the malware out there that we don't know about -- so we can't guarantee we protect against it -- just that our heuristic checks will likely detect and block it.
Modern anti-virus scanners don't just have a list of files and file fragments that they block -- as you surmised, they look for behaviour and meta-information that is indicative of a certain family of malware, as well as using many other techniques.
So it's possible to answer "do you detect this file?" and even "do you have detection for this family of malware?" but no AV company should be able to tell you "yes, we detect all files from this family of malware" unless they're restricting the "family" to represent the samples they know about and detect.
Does this clear it up, or make it more confusing?
this actually clears up all of my questions. Thanks for the info agile! I will go install sophos (maybe next week because i am busy). How long does it take to install sophos? Uninstall? How long should it take to scan my entire computer. (harddrive,files,account etc)?
Edit: So all of those third party things i have should be ok to have? I also have picasa. After you told me what bootcamp was, i do not use it on my computer, but dont all macs have it?
Sophos installs in about 2 mintues, depending on the speed of your computer. Uninstallation is under 30 seconds.
Scanning your entire computer (an on-demand scan) depends on the size of your hard disk and the kinds of files you have. For a first scan, I'd say 2.5 hours is about normal, but some people have scans of 5+ hours -- probably best to have automatic updates disabled during your first scan.
However, the main strength of AV software is not on-demand scans, but the on-access scanning -- it will check to see if a file is malicious when it is opened for reading/writing.
The third party things you have are regular software -- they function just fine alongside Sophos.
Thanks for the reply! But when i was talking about the third party software, i ment if that would be the things that you ment when you said windows software that could allow malware to work. Also, When i was downloading sophos it said it was going to take 25 minutes to install so i canceled the installation and deleted it. I thought it was supposed to take only a little time to download. Also, was it ok to just cancel the installation and delete the installation file or will something be left there?
Note i am talking about when i click the button for downloading for 10.4-10.7 and not the .pkg that has the terms of use/service and the actual av.
Edit: In case you're wondering why i was asking this, i havent scanned for malware on my imac before and its 2-3 years old so i wanted to do a scan to check for malware so i dont send anything to window users. I have 1 windows computer in the same house as mostly macs so i wanted to make sure it was safe. I have already scanned with ClamXav so i was going to scan with sophos last to check for anything malicious/bad
Edit2: Theres also a question/discussion i have on the regular sophos side /search?q= 1034971 you could help answer the questions i have left it you want.
You also said that the antivirus is best for scanning files before opening them? How about on-demand scanning/custom scan/ hard drive scam? Does it work and detect the same things as the scan before opening thing?
Eriq wrote:Also, When i was downloading sophos it said it was going to take 25 minutes to install so i canceled the installation and deleted it. I thought it was supposed to take only a little time to download. Also, was it ok to just cancel the installation and delete the installation file or will something be left there?
Note i am talking about when i click the button for downloading for 10.4-10.7 and not the .pkg that has the terms of use/service and the actual av.
You can ignore this question. All the other questions though I still cant answer myself
Eriq wrote:I accidentally deleted my post from earlier so:
Also, will sophos continue to scan when i choose to run a harddrive/custom/on-demand scan and turn my imac on sleep mode? Will it continue scanning my files or will it stop/pause?
When your computer is asleep, all processing functionality halts -- this includes malware scans. The only things still running are your network adapter, your USB bus (in low power mode -- activity on the bus wakes the computer to handle the input) and the scheduler, as far as I know) and your memory.
Hard disks and monitors are the main things turned off during sleep mode; this means that any activity requiring hard disk access is also halted, such as scanning the contents of said hard disk.
That said, the scan *should* resume upon wakeup, as should all other functions.