

Ask HN: scan Macbook / OS X machine for malware - zomlard

My debit card number was recently stolen and I recently got a couple of times a warning from Google while using the web from home saying that there was &quot;Unusual traffic from your computer network&quot;. I checked the router, but I don&#x27;t see anyone connected other than me (I currently have no way to log the network traffic on the router). It might be just me being paranoid, but I would like to check my computer for malware, etc.<p>What software do you use to check your computer for malware &#x2F; keyloggers &#x2F; virus on OS X? Also, any security best practices that you follow on OS X?<p>Thanks!
======
zomlard
A few more details:

I don't have any cracked software installed. I also keep browser extensions to
a minimum: AdBlock, EFF extensions, Mozilla approved extensions and that's
pretty much it.

I installed Little Snitch again and I don't see anything unusual in the
network activity.

My security settings only allow "Mac App Store and identified developers"
applications to run.

My router is an Airport Express. I will reset it, change the username and
password, but there's not much I can do with it.

Many years ago when I used Windows I had a few antivirus and other software
that I relied on to check my computer for virus, malware etc. I was wondering
if there's anything similar that you trust for OS X.

------
trengrj
I have a couple of blanket rules for security.

1\. Don't install software unless it is open source, or has enough external
recommendations for you to trust it.

2\. Never, ever, run any pirated software on your computer as it is usually
impossible to tell if they are not backdoored.

3\. Delete emails with strange links or attachments.

I have tried out Little Snitch before (an OS X firewall). It probably is a
good idea if you are getting unusual traffic on your network.

~~~
atmosx
Under OSX, following the rules you stated (open source and/or legal software
that comes with a license):

    
    
        * ClamXav - antivirus
        * Littlesnitch
        * SpamSieve (Mail App spam filter)
        * Use local installation on Unbound on foreign WiFi networks
    

Enable the default firewall is a good call also :-). I'd say enable
'encryption' but, IMHO it's better to have a something like Prey running if
you laptop costs more than the data within. Otherwise, sure go with
encryption.

------
suitcase
Time machine backup then reinstall OSX. Then be wary about what applications
and utilities you reinstall.

I would wipe the router and reinstall that just in case.

~~~
mcmillhj
It's possible that the backup could carry over malware depending on the type
of malware.

~~~
DanBC
Possible, but unlikely.

Has any such malware been seen in the wild (by creditable sources) as oppose
to just proof of concept?

------
lsh123
If you have a spare computer/laptop, then you can watch the traffic on your
connection between laptop and router (wireshark or any other tool that can
listen to traffic in promiscuous mode). You can probably try it on your laptop
as well though sophisticated malware/virus is theoretically able to "hide" it
from you. Hopefully, traffic analysis can help you to identify the problem.

------
runlevel1
When you say you're getting a warning from Google, do you mean Google Search?

If so, I've encountered a number of mundane things that produce a warning and
require a captcha to continue. For instance, if I fire off a bunch of queries
using the "site:" modifier.

~~~
zomlard
Yes, Google Search. I think I'm just being paranoid. This happened to me
before, but given that someone just got my credit card number and I have no
idea how, I was afraid that my computer was infected with some sort of
malware.

------
cotsog
Have a look at [http://fixmestick.com](http://fixmestick.com). It's a USB key
that runs 3 different antiviruses. They just released their Mac version that
was crowdfunded on Kickstarter.

------
billrobertson42
> I recently got a couple of times a warning from Google while using the web
> from home saying that there was "Unusual traffic from your computer network"

How/when is warning being communicated to you?

~~~
zomlard
It happened to me while I was on my home network a google search from Firefox.
Google redirected me to a page with the message "Unusual traffic from your
computer network" and asked me solve a captcha. I tried to search again
(without solving the captcha) and the warning went away.

------
msh
[http://www.clamav.net/lang/en/](http://www.clamav.net/lang/en/) is free and
open source.

~~~
atmosx
The OSX spin-off is called ClamXav[1]. It's really good, I'm very happy with
it.

[1] [http://www.clamxav.com/](http://www.clamxav.com/)

~~~
zomlard
Thanks! I'm trying this out.

------
uniacid
[http://www.avast.com/en-us/free-antivirus-mac](http://www.avast.com/en-
us/free-antivirus-mac)

~~~
zomlard
I couldn't get it to work in Mavericks for some reason. I get a 7005 error.
The Avast forums were hacked and are down, so it's hard to understand what
this means. I haven't contacted support yet.

------
natch
I haven't used it, but people rave about Little Snitch. I assume it's only a
partial solution to your problem.

