XYMer's Home away from Home

When http://bbs.xlr8yourmac.com is down (i.e. always)
Privacy Policy
It is currently Sat Mar 23, 2019 3:31 pm

All times are UTC - 8 hours




Post new topic Reply to topic  [ 12 posts ] 
Author Message
 Post subject: ClamXav and Malwarebytes
PostPosted: Wed Aug 15, 2018 8:16 am 
Offline
User avatar

Joined: Fri Dec 10, 2010 9:41 am
Posts: 785
Location: Halfway between New York City and Atlantic City
I've been running ClamXav for more than several years, specifically for virus protection. And, when the threats of malware began increasing over the past two or so years, Malwarebytes was recommended, so I've been running that, as well.

ClamXav has just released their version 3 (which will be on an annual subscription basis), but now I can't tell if there is a difference between the types of threats that each of these apps protects against and whether continuing to run both apps will create a compatibility conflict.

Any thoughts? Thanks!

_________________
_____________________
MacMini 2.5 GHz Intel Core i5, 16 GB RAM, OS 10.12.6


Top
 Profile  
 
PostPosted: Wed Aug 15, 2018 12:29 pm 
Offline
Benevolent Dictator
User avatar

Joined: Mon Apr 21, 2008 2:03 am
Posts: 15556
Great question Mike. :)


Top
 Profile  
 
PostPosted: Thu Aug 16, 2018 6:12 am 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6407
Location: NYC
What I would do: register at Malwarebytes, then go to https://forums.malwarebytes.com/forum/1 ... ort-forum/ where you will likely get the best answer from Thomas Reed, the developer, as well as Al Varnell (alvarnell), a frequent contributor there, who, at least in the past was quite active as a mod at ClamX--he will probably know.


Top
 Profile  
 
PostPosted: Thu Aug 16, 2018 12:33 pm 
Offline
User avatar

Joined: Fri Dec 10, 2010 9:41 am
Posts: 785
Location: Halfway between New York City and Atlantic City
That's a good idea. I'd like to not ruffle any feathers, of course. Right off, I can state that ClamXav allows users to scan entire volumes or selectively scan folders, etc., and it offers the option to scan email content for malware and phishing. Malwarebytes, on the other hand, doesn't specify what locations it does and does not scan. So, based on the short run time, it appears to scan only certain (unknown) locations. I'll share if I find out any more.

_________________
_____________________
MacMini 2.5 GHz Intel Core i5, 16 GB RAM, OS 10.12.6


Top
 Profile  
 
PostPosted: Thu Aug 16, 2018 1:54 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10372
Location: Caught between the moon and NYC
I would suggest, no matter what way you go, that you only have one real-time scanner active at a time. This really applies to all AVs on all OSes, the more real-time scanners you have the more they get in each other's way or simply slow access down to everything via serial real time scanning (system wants to read file a, real time scanner b checks a, then real time scanner c checks a, then system can read file a). You can have multiple AVs on a system, but use the additional AVs in scan-only roles.

Malwarebytes offers a licensing model that lets you buy a set number of licenses and then deploy them to any supported OS in whatever combination you want. And it wasn't bad, I paid about $100 total for 2 years for (I think) 6 copies. I deployed it to OS X, Windows, and Android but they have an iOS client too (thankfully I had no need of it).


Top
 Profile  
 
PostPosted: Thu Aug 16, 2018 2:09 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6407
Location: NYC
I'm pretty certain you wouldn't ruffle any feathers. I know both Reed and Varnell over the years, and feather ruffling isn't one of their character traits. Besides, your question (one that I've seen posed any numbers of times), would give the dev another opportunity to clarify the differences, something that wouldn't be unwelcome. He certainly knows that there are other products out there.

What I have read when this comes up, is that Malwarebytes doesn't need to scan an entire volume the way another AV might. It searches directly for known locations for malware and adware, which explains why it's done in minutes rather than hours. Basically, also I think it's probably a case of apples/oranges. There's overlapping, but with some differences, as you already must know.

That said, I think you'd get a far more complete answer over there, where Varnell will probably be able to compare ClamX, if he's still involved or has stayed up to date with it. I haven't used it in years, and don't know the current level of his involvement.

Or since it's not a very unusual question, they might be able to point you to something that already covers most of what you want to know.


Top
 Profile  
 
PostPosted: Thu Aug 16, 2018 2:14 pm 
Offline
User avatar

Joined: Mon Sep 14, 2009 8:51 pm
Posts: 573
Location: Minnesota, USA
I'm no security expert but frankly I suspect 99.5% of security is user smarts. Most security threats I see on Apple Support Communities are phishing and people downloading "protection" software when they visit a web page that flashes warning messages that your computer is infected with a virus. I used to run virus scanning software (VirScan -- wan't that the one with the big stomping foot as an Easter egg?) in pre-OSX days and in a decade it detected one single virus. I periodically run Malwarebytes just for the sake of it and it has never detected anything. So, in 18 years of Mac use I have had a single threat.

Remember, any security software is going to be outdated, if only marginally. And I find it hard to picture a scanner clever enough to analyze an email from the "iTunes Store" saying you just bought a $100 subscription and if this isn't correct then click on this link…

Of course I don't really interact with anybody using Windows and my memory of AV software is that you're really using it to protect them from something you may be passing on from another Windows user.

I guess there's exotica such as macro (e.g., Excel) viruses but I don't have any macros and disabled automatic running anyway.


Top
 Profile  
 
PostPosted: Thu Aug 16, 2018 3:07 pm 
Offline

Joined: Sat Apr 11, 2009 2:15 pm
Posts: 6407
Location: NYC
Also there's very little Mac malware around these days because Adware is far more profitable. For malware not all that much to protect against. Apple hasn't found the need to update XProtect since March.

I also very occasionally run Malwarebytes, the pre-v.3, on demand. Like Limnos, it's never found anything. Nor has Sophos or anything else I've ever tried, like Virus Barrier Express (its definitions no longer being updated, apparently.)


Top
 Profile  
 
PostPosted: Fri Aug 17, 2018 12:19 am 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10372
Location: Caught between the moon and NYC
So long as you're very careful about where you get your software from, you're unlikely to encounter a virus in downloaded software. That goes for Windows as well as Mac.

However if you expect to download software from random internet sites because you're on a deadline need some "free" piece of software to complete your task, or, god forbid, you don't feel like buying some commercial piece of software, then you could easily end up with a payload.

The exception are drive-by infections. These are typically restricted to the default browser in an OS - IE in Windows, Safari in OS X, Chrome in Android/ChromeOS, although it can affect any browser in any OS.* You don't have to click anything or do anything besides visit a web page. Thanks to the complete abject failure of web advertisers to vet the ads they're displaying, this typically occurs from a third party ad network that's partnered up with a completely unrelated website. All you need is an unpatched vulnerability and voila, you've got the start of an infection. Be extremely careful of not running any kind of ad blocking software.

AV is always behind the curve but the wonderful thing is that so are malware authors.

Also don't be too sure you're safe just because you only download from your platform's app store - unauthorized cryptomining is the latest fad and miners have been found in legions of free apps. And free apps are being removed all the time for malware payloads.

Personally I try for a layered approach. Ad-blocking for the worst of it, antivirus, process-centric firewall, with DNS-based and connection-based filtering on the router.

* While they can attack any unpatched web browser on any OS, most exploits are platform-specific. Meaning you write an exploit and payload for Firefox on Windows and that same payload won't work on Firefox on Android. With Flash and Java plugins going the way of the dodo, cross-architecture exploits aren't as common as they used to be.


Top
 Profile  
 
PostPosted: Fri Aug 17, 2018 6:53 am 
Offline
User avatar

Joined: Fri Dec 10, 2010 9:41 am
Posts: 785
Location: Halfway between New York City and Atlantic City
I've decided to stay with ClamXav and let my subscription to Malwarebytes premium run out. This, because ClamXav's just-released version 3 offers everything it previously had, plus a couple of new features (including scanning for malware) and because I've been using it far longer. Until the subscription runs out, I've disabled Malwarebytes' real-time scanning so that it won't interfere with that of ClamXav.

My main concern about viruses, malware, etc. is that I need to be sure I'm not passing anything on to clients when we exchange audio and other files. Thankfully, I've never had an issue. And, as for questionable email content, I got into the habit of disabling automatic downloading to Mac mail and, instead, manually check my email on the server associated with my website and the email account that comes with it. I've put a few filters to work there to reduce the risk of even accidentally downloading spam/scam email.

But, increasingly, even creating custom filters, hoping to use a word commonly found in a spam message subject field to trigger the filter, doesn't work. For example, if a spam message subject reads:
Quote:
You'll wish you had done it sooner. Get LASIK this Summer.
and you use all of or a single one of those words as the filter trigger, it won't work. Why?

Because spammers are now coding the text so that, while it APPEARS to humans to be perfectly normal text, the ACTUAL subject field (for this example) is:
Quote:
=?Utf-8?B?zqXQvnUnbGwgd9GWc2gg0YPQvnUgaNCwZCBk0L5u0LUg0ZZ0IHPQvtC+btC1ci4gIEfQtXQgTM6RU0lLIHRo0ZZzIFN1bW3QtXI=?=
which produces this:
Quote:
Υоu'll wіsh уоu hаd dоnе іt sооnеr. Gеt LΑSIK thіs Summеr.

So, unless you copy the alleged subject text of each spam message (this method is also used to encode/mask the sender name/address) and paste it into a custom filter, this spam will still get to your inbox.

Here's the "AHA!"

These coding strings all seem to begin with: =?Utf-8?B?
So I created two custom filters; one with that string in the "From" field, and one with the string in the "Subject" field, and directed the messages to the trash folder.

About a month has gone by and, since creating those filters, all of the spam that had been getting into my inbox is now going directly to the trash, where I can still check to make sure it's trash WITHOUT the risk of it being accidentally opened when landing in the inbox.

Test it for yourself but, of course, don't delete any custom filters you may already have until you're sure this works for you.

_________________
_____________________
MacMini 2.5 GHz Intel Core i5, 16 GB RAM, OS 10.12.6


Top
 Profile  
 
PostPosted: Mon Aug 20, 2018 1:07 pm 
Offline
User avatar

Joined: Thu May 15, 2008 8:13 pm
Posts: 10372
Location: Caught between the moon and NYC
Yeah, UTF has largely taken the place of Base64 encoding for bypassing filters, in part because it's more standardized and widely supported. If you want to send Chinese characters or Cyrillic characters or (sigh) emojis you're going to want to use UTF to do it.


Top
 Profile  
 
PostPosted: Fri Aug 24, 2018 12:58 pm 
Offline
User avatar

Joined: Fri Dec 10, 2010 9:41 am
Posts: 785
Location: Halfway between New York City and Atlantic City
Yikes. I know nothing about coding and encoding. I just became very curious as to why typing into a custom filter what I saw in an email subject field didn't work. I'm very happy that what I discovered is now keeping my inbox free of spam. ;-)

_________________
_____________________
MacMini 2.5 GHz Intel Core i5, 16 GB RAM, OS 10.12.6


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 12 posts ] 

All times are UTC - 8 hours


Who is online

Users browsing this forum: No registered users and 3 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group