Mac Virus Detection Software
Most antivirus software is presented simply as a long list of features. Companies will tell you that their product protects you from viruses and other malware; blocks network threats and so forth. And while that’s certainly the type of information you look for when you’re trying to protect your Mac, behind each of those features is an action – an action that we rarely get much insight into. For example, how is malware actually discovered? How do the filters on antivirus software work? How is malware removed from an infected Mac? How does a firewall protect your Mac? In this article we’ll try to shed a little light on how our award-winning VirusBarrier X6 software actually works.
Before we go any further though, we should probably explain that while much of the mainstream media still refers to anything that negatively affects your computer as a “virus”, the proper catchall term for malicious software is: malware. A virus is just one type of malware, and while actual Mac viruses are rare, other types of Mac malware are becoming increasingly common.
So now that we have that settled, how does Intego actually find Mac malware? Typically the Intego Malware Research Team discovers it through one of four channels. “Honeypots” are computers set up by Intego specifically to attract malware. They appear to be ripe targets for attack, and they offer the team samples of malware, as they would appear in the wild. Our loyal customers are another source for finding malware. Customers can send samples of potential malware to Intego for analysis. We also contact people on Mac forums who are discussing suspicious symptoms they’ve experienced. And finally, there is an entire network of researchers with the shared goal of eliminating malware that our team frequently compares findings with.
When a file is first analyzed, the research team looks through the compiled file code to see if anything looks suspicious. If anything does appear abnormal, they dissect it further. They use a debugger to go step-by-step through the file, or a disassembler that takes the file down to the machine language level. They may also set up a “goat machine” that’s equipped with monitoring software to see if the file creates files or net traffic if it’s allowed to run fully. This is where the team determines whether the sum total of the behavior appears to be malicious or innocent.
The number of malicious files discovered has increased dramatically in the past few years. The MacDefender attacks in 2011 used a fake antivirus offer to lure Mac users into providing their credit card numbers. The disguise and style of the attack evolved over time, showing an increased sophistication by the cyber-criminals. These malware developers are using techniques they’ve been honing on Windows users for years in order to quickly evolve Mac malware.
This year hasn’t been any easier, with the number of malware attacks continuing to rise. The Flashback malware alone has infected over 600,000 Macs as of this writing. And what’s most striking about Flashback is how nimble the malware appears to be. Initially it posed as a Flash installer (hence the name) and entered Macs as a Trojan horse. It has since changed in character and installs itself with a drive-by download if you even visit a poisoned web page. Cyber-criminals are putting significant time and effort into targeting Mac owners.
To combat that, the research team looks for unique characteristics of a file that they can then use to write filters that stop the malware before it infects your Mac. If they are able to find multiple variants of the same malware, the repeated patterns allow them to hone in further, making the filters stronger against future variants. If you have VirusBarrier X6 (or Internet Security Barrier X6), these are the filters that can be updated automatically to protect you from further malware outbreaks.
If VirusBarrier X6 does discover malware on your Mac, it will delete the contents of the harmful file, leaving a zero byte file that no longer has any ability to enact harm on your Mac or your files.
Malware is only one of the security threats your Mac faces. Network threats are also a very real concern. To stop network attacks, it’s recommended that you use a firewall. Firewalls create a checkpoint at every spot that traffic enters, inspecting it as it tries to come through. Only if you’ve authorized that traffic to enter will the firewall allow it. With a two-way firewall, like the one offered as part of VirusBarrier X6, you also have total control over your outbound traffic. It checks to see which program is sending it, and whether you’ve authorized that program to connect to the Internet. It’s a simple way to stop intruders from accessing your computer, and it can also stop spyware from relaying information from your computer without your permission.
Internet security is a complicated issue, but we hope this quick look at the inner workings of VirusBarrier X6 helps you understand how it protects against security threats. At Intego, we’re Apple fans just like you, and we’ve been providing security for Macs exclusively since 1997. Our team is dedicated to protecting your Mac, and the important files and personal information that are on it. We invite you to try any of our products free for 30 days and see why Intego is always a step ahead.