Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 6 subscribers
  • Views 1543 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Clarification about some basic questions

morphemes

Hi there, Recently, I've been getting an alarming number of on-access scanning alerts which tell me that there's Exp/MS04-028 (this happens during normal internet browsing - no funny sites), so I open Quarantine Manager - but the clean up threat and the other button are greyed out, and the threat listing disappears after a couple of seconds - this happens when I've set the 'when a threat is found' option to deny access and other times to clean up threat.

Just some stupid questions:

- Why does it disappear from the quarantine manager list by itself?

- Does deny access mean that the spyware/virus is barred from infecting my Mac?

- What's everyone's personal 'when a threat is found' option?

- If I pick clean up threat as the first option of the 'when a threat is found' action, does that mean the spyware is allowed to access my Mac?

- Every time I get one of these, should I change my passwords and etc just in case? I'm not actually sure whether the spyware has actually infected my Mac if i set the option to deny access or clean up threat.

- When the on-access warning window pops up, does it mean that Sophos has encountered the spyware while I've been doing my usual internet browsing, or has it encountered it while 'patrolling' my Mac's folders and whatever (so a file I already have is infected with this)?

Not related to this issue, but when I do an on-demand scan, the scanning animation for the last couple of thousand files does not occur - it goes straight to the final results (which also happens to be no threats detected all the time). Is that normal?

This has just worried me a lot, and clarification would be great! Thanks in advance.

:1003637


This thread was automatically locked due to age.
Parents
  • 0

    The notification disappearing means that the malicious file is no longer on your computer -- this is either because Sophos removed it (in which case you would have got an alert or message stating this was happening) or because the malicious file was in your cache folder and the OS purged it automatically.

    To repeat: if you already have Sophos installed and you're getting these alerts via the On-Access scans, Sophos is preventing anything from happening; the file has ended up on your computer, but is completely harmless, as it is being blocked by Sophos.  Your computer has never become infected, it has just had a malicious file dropped onto it via some means (likely your web browser).

    On any platform, the best way to prevent these files from showing up in the first place is to disable Java and Javascript in the web browser.  My particular favourite method is to run the NoScript plugin in Firefox; I only use Safari on specific sites which dd not like this setup, and which are digitally signed.  You should also ensure that the "Open 'safe' files after downloading" checkbox in Safari's General Preferences pane is UNCHECKED.  Safari considers PDF documents and Zip archives to be "safe" and will run them.  Javascript is enabled by default in most PDF viewers, which means with that checkbox checked, any web site attempting to serve a PDF to a Safari web browser can automatically run malicious javascript within the PDF, and your web browser has no way to stop it.  All browsers except Safari prevent this sort of activity by default.

    The reason we tend to use the term "malware" instead of "virus" is that viruses attach themselves to software already running on your computer to spread and perform their design tasks -- most other malicious software (malware) requires you or your computer to intentionally run it, and it runs as a unique process that can be identified and controlled/eliminated.  Almost all malware for OS X falls under this category.

    Remember too, that Sophos detects ALL malware, including all the Windows drive-by malware that your web browser will happily download and attempt to run on your Mac -- but it won't run even without Sophos Anti-Virus, because it's designed to work on Windows.  It will, however, still sit there in your browser cache until the OS cleans it up.

    :1003837
Reply
  • 0

    The notification disappearing means that the malicious file is no longer on your computer -- this is either because Sophos removed it (in which case you would have got an alert or message stating this was happening) or because the malicious file was in your cache folder and the OS purged it automatically.

    To repeat: if you already have Sophos installed and you're getting these alerts via the On-Access scans, Sophos is preventing anything from happening; the file has ended up on your computer, but is completely harmless, as it is being blocked by Sophos.  Your computer has never become infected, it has just had a malicious file dropped onto it via some means (likely your web browser).

    On any platform, the best way to prevent these files from showing up in the first place is to disable Java and Javascript in the web browser.  My particular favourite method is to run the NoScript plugin in Firefox; I only use Safari on specific sites which dd not like this setup, and which are digitally signed.  You should also ensure that the "Open 'safe' files after downloading" checkbox in Safari's General Preferences pane is UNCHECKED.  Safari considers PDF documents and Zip archives to be "safe" and will run them.  Javascript is enabled by default in most PDF viewers, which means with that checkbox checked, any web site attempting to serve a PDF to a Safari web browser can automatically run malicious javascript within the PDF, and your web browser has no way to stop it.  All browsers except Safari prevent this sort of activity by default.

    The reason we tend to use the term "malware" instead of "virus" is that viruses attach themselves to software already running on your computer to spread and perform their design tasks -- most other malicious software (malware) requires you or your computer to intentionally run it, and it runs as a unique process that can be identified and controlled/eliminated.  Almost all malware for OS X falls under this category.

    Remember too, that Sophos detects ALL malware, including all the Windows drive-by malware that your web browser will happily download and attempt to run on your Mac -- but it won't run even without Sophos Anti-Virus, because it's designed to work on Windows.  It will, however, still sit there in your browser cache until the OS cleans it up.

    :1003837
Children
No Data