Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: scan Macbook / OS X machine for malware
7 points by zomlard on June 12, 2014 | hide | past | favorite | 18 comments
My debit card number was recently stolen and I recently got a couple of times a warning from Google while using the web from home saying that there was "Unusual traffic from your computer network". I checked the router, but I don't see anyone connected other than me (I currently have no way to log the network traffic on the router). It might be just me being paranoid, but I would like to check my computer for malware, etc.

What software do you use to check your computer for malware / keyloggers / virus on OS X? Also, any security best practices that you follow on OS X?

Thanks!




A few more details:

I don't have any cracked software installed. I also keep browser extensions to a minimum: AdBlock, EFF extensions, Mozilla approved extensions and that's pretty much it.

I installed Little Snitch again and I don't see anything unusual in the network activity.

My security settings only allow "Mac App Store and identified developers" applications to run.

My router is an Airport Express. I will reset it, change the username and password, but there's not much I can do with it.

Many years ago when I used Windows I had a few antivirus and other software that I relied on to check my computer for virus, malware etc. I was wondering if there's anything similar that you trust for OS X.


If you have a spare computer/laptop, then you can watch the traffic on your connection between laptop and router (wireshark or any other tool that can listen to traffic in promiscuous mode). You can probably try it on your laptop as well though sophisticated malware/virus is theoretically able to "hide" it from you. Hopefully, traffic analysis can help you to identify the problem.


I have a couple of blanket rules for security.

1. Don't install software unless it is open source, or has enough external recommendations for you to trust it.

2. Never, ever, run any pirated software on your computer as it is usually impossible to tell if they are not backdoored.

3. Delete emails with strange links or attachments.

I have tried out Little Snitch before (an OS X firewall). It probably is a good idea if you are getting unusual traffic on your network.


Under OSX, following the rules you stated (open source and/or legal software that comes with a license):

    * ClamXav - antivirus
    * Littlesnitch
    * SpamSieve (Mail App spam filter)
    * Use local installation on Unbound on foreign WiFi networks
Enable the default firewall is a good call also :-). I'd say enable 'encryption' but, IMHO it's better to have a something like Prey running if you laptop costs more than the data within. Otherwise, sure go with encryption.


Time machine backup then reinstall OSX. Then be wary about what applications and utilities you reinstall.

I would wipe the router and reinstall that just in case.


It's possible that the backup could carry over malware depending on the type of malware.


Possible, but unlikely.

Has any such malware been seen in the wild (by creditable sources) as oppose to just proof of concept?


When you say you're getting a warning from Google, do you mean Google Search?

If so, I've encountered a number of mundane things that produce a warning and require a captcha to continue. For instance, if I fire off a bunch of queries using the "site:" modifier.


Yes, Google Search. I think I'm just being paranoid. This happened to me before, but given that someone just got my credit card number and I have no idea how, I was afraid that my computer was infected with some sort of malware.


Have a look at http://fixmestick.com. It's a USB key that runs 3 different antiviruses. They just released their Mac version that was crowdfunded on Kickstarter.


> I recently got a couple of times a warning from Google while using the web from home saying that there was "Unusual traffic from your computer network"

How/when is warning being communicated to you?


It happened to me while I was on my home network a google search from Firefox. Google redirected me to a page with the message "Unusual traffic from your computer network" and asked me solve a captcha. I tried to search again (without solving the captcha) and the warning went away.


http://www.clamav.net/lang/en/ is free and open source.


The OSX spin-off is called ClamXav[1]. It's really good, I'm very happy with it.

[1] http://www.clamxav.com/


Thanks! I'm trying this out.



I couldn't get it to work in Mavericks for some reason. I get a 7005 error. The Avast forums were hacked and are down, so it's hard to understand what this means. I haven't contacted support yet.


I haven't used it, but people rave about Little Snitch. I assume it's only a partial solution to your problem.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: