10 of 10 malwares detected by Mac Sophos Anti-Virus are false positives. Does yours?
On April 24, Sophos Naked Security blog had publish a post regarding malware infections on Mac OS X. Sophos has claim that 20% of Mac computers where carrying one or more instances of Windows malwares. All these malwares where detected though they’re free Sophos Anti-Virus for Mac Home Edition.
Flashback malware was the big story of April for Mac consumers and all anti-virus company have jump on this opportunity to promote they’re products and to distill propaganda around Mac OS X security. I agree with them Mac OS X is a product like other product, and Mac OS X has also to be protected against threats, but the proposed solutions are worse than to do nothing.
During my tests of Sophos Anti-Virus for Mac Home Edition 10 of 10 malwares detected by the anti-virus were false positives harassing me with constant alert pop-up during regular operations, Spotlight indexing, Time Machine backup. Here under a sample of 10 infections detected by Sophos Anti-Virus for Mac.
False positives due to binary format of the “affected” files.
/Users/xxxx/Library/Saved Application State/com.twitter.twitter-mac.savedState/window_1.data
Sophos him self is a trojan, and some iTunes applications and Chrome are backdoored and nobody known about it.
/Users/xxxx/Music/iTunes/iTunes Media/Mobile Applications/iSSH 5.3.1.ipa
/Users/xxxx/Library/Saved Application State/com.google.Chrome.savedState/windows.plist
iTunes is a very well-known backdoored software and one more time Sophos him self contain a trojan.
One more time Sophos is a trojan, and now my Spotlight indexed files are also containing backdoor.
VLC is containing an IRC bot, gotcha remote control of all VLC users.
One more time VLC how is containing a PHP trojan …
Everybody know that Sophos Anti-Virus products are developed in PHP.
Help my logs are containing trojans and Sophos one more time.
My Spotlight indexing has a dead malware…
Hu my screenshot of Metasploit are containing trojans (why not, lol) and Google drive is backdoored.
In conclusion Sophos is more strong to do marketing and give fear to consumers than to create a good Mac anti-virus that really detect something.
I recommend you to read these related posts
- Sophos Anti-Virus Sophail PDF Vulnerability Metasploit Payload Demo
- CVE-2012-4284 Setuid Viscosity Privilege Escalation Metasploit Demo
- CVE-2012-3485 Setuid Tunnelblick Privilege Escalation Metasploit Demo
- Metasploit Mac OS X Post Exploitation : Enumeration and Hash Dump
- Metasploit Meterpreter race condition against Avira anti-virus
- Clamav antivirus blocking Yahoo, Apple HTML.IFrame-39
- Growl Metasploit Plugin on Ubuntu
- Metasploit Meterpreter race condition against Emsisoft Anti-Malware
- CVE-2011-3230 Apple Safari file:// Arbitrary Code Execution Metasploit Demo
- OSX/Pintsized Backdoor Additional Details