Home Forums FineTunedMac Community Lounge Understanding anti-malware software

Since nobody seems to share the fear I expressed in Best Removal Tool for Keystroke Capture, it's apparently unfounded, and I'm looking for clarification of how anti-malware software works to help me understand why.

My fear is that known malware is catalogued by the files it places, rather than by their content, and that catalogued malware "A" with different file names would not be recognized as what it is and fly under the radar.

In the instance of slolerner's friend, that scenario would be possible, if not likely, because any malware she may have had installed on her PC would have been installed by a malicious intruder with access to it, rather than by one of the usual mass-distribution methods, and could (would likely?) have been disguised thusly (otherwise, maybe?) to avoid detection.

Am I oversimplifying the nature of the beast?

Thanks.

To answer that last question: yes, you are. The premise upon which your fear is based is understandable but incorrect. While it's true that files placed by various malware packages contribute to identification mechanisms, there are other methods as well, including content comparison. I'm sure you can come up with additional sources to flesh out this notion. Of course, malware signature files may be deficient along lines you suspect, but products based on such deficiency would quickly be selected out of the anti-malware market, particularly if that deficiency should prove recurrent.

Given that many virii replace or modify key or application files, make almost any reliance filenames for virus detection is a non-starter. Among other criteria used by anti-virus software are specific and hopefully unique binary bit patterns found in the malware.

However, you are correct that someone with physical access to the computer ( which would include VNC access) can install otherwise legitimate software and use it for illicit purposes. Many companies use keyboard logging to prevent employees using company resources for personal use (Facebook, Twitter, etc.) and even as draconian productivity measures. So keystroke loggers are technically NOT malware although they may be used as such.

Regardless of how you try to automatically identify malware, you run the risk of them running said automation and tweaking their malware until it sneaks past it.

You're either accepting that, or arguing against malware scanners in general.

IMHO that's probably mcaffee's biggest drawback - no serious malware won't be tested vigorously against macaffee during its development because it's the most commonly used to protect against malware.

Excellent point but one that can be made against all of the major players in the anti-virus market.

yep. And as a result, I've heard multiple PC techs advocate using a good-but-low-profile AV app like Panda, that by virtue of it's low-key nature is more likely to identify a threat.

Is there any way of acquiring the Mac OS X version of the Panda Free Antivirus software via a PC platform? I've tried to do so, to no avail.
My problem is that my Mac's on dialup Internet access and to get large downloads I need to do so via a PC running MS's Internet Explorer.

Have you tried to d/l it? It may come down as something that's unrecognizable on a PC but blooms when you port it to a Mac.

Yes - thus my query.
The Panda Security website recognizes the machine accessing it and will only permit downloading of the PC/Windows version (.exe).
On other sites (eg, Mozilla) one is able to choose the appropriate OS and download such.

Well, if worse comes to worse, I'll be happy to d/l Panda, burn it to a disc, and mail it to you.

Edit: Oops! Just took a look, and it's not freeware, or did I miss something?

From what I can tell, there's one version which is a free trial for 30 days and another which is totally free.

Please link me to the free version. Thanks.

http://download.cloudantivirus.com/
should give you the Mac OS version when you access it.
On a PC I can only see the Windows version.
You can Google it and come up with a number of different sites, but apparently the free version has to be accessed with cloudantivirus somewhere in the URL.

Thanks, joemike.

So, aside from my having taken a naive wrong turn along the way, my fear that slolerner's friend's PC, which, if infected, was infected by an intruder with access to it, rather than by drive-by or another standard method, cannot be counted on to have been disinfected by any known software because of the type of intrusion you've described, if not one or more others, was not unfounded.

I hope she made out OK!

To make a long story short, clicking on your link ultimately gets me to Panda Antivirus for Mac.

The software is offered on a free 30 day trial basis, and costs $50 to buy (if, in fact, I've got the correct software).

I just Googled "panda antivirus free" and came up with a whack of items, one of which is Panda Cloud Antivirus FREE is now Panda Free Antivirus!.
Within that I found the Free Antivirus Download - Panda Cloud Antivirus page and clicked the front-and-center button which took me to a pop-up overlay which offered a 40% saving if I wanted to buy Panda Antivirus Pro 2015 or get a free download.
That took me to Welcome Panda Free Antivirus users on a CNET download site, which gave me the option of choosing versions for Windows / Mac / iOS / Android.
I selected the Mac button (http://download.cnet.com/mac/) which took me to a general downloads page at CNET. At this point I gave up. Plus the fact I don't trust anything from CNET. (Gee, I wonder why?)

Note: On my Mac with dialup Internet access that all took in excess of 25 minutes (peak transfer rate 3 KB/s). You can understand why I usually hit a high-speed Internet-linked computer when I have to download large files.

> That took me to Welcome Panda Free Antivirus users on a CNET download site, which gave me the option of choosing versions for Windows / Mac / iOS / Android.
I selected the Mac button (http://download.cnet.com/mac/) which took me to a general downloads page at CNET. At this point I gave up. Plus the fact I don't trust anything from CNET. (Gee, I wonder why?)

At the point at which you gave up I used CNET's search field and found the software to which I linked.

Like you, I don't trust anything from CNET and wouldn't d/l anything from them without booting into a backup volume first, but if you'd like, my offer still stands.

Edit: On second thought, it looks like you could d/l the software to which I linked with a PC, so my offer may be unnecessary.

Thanks for the offer, but unless I could download it directly from Panda Security, it ain't gonna happen.

OK, then: Best Antivirus for Mac - Panda Security...30 day free trial, $50/year to purchase. (It had to be there somewhere. )

That is what you're looking for, isn't it?

It would be if it were free (not just a free trial).