How to know if freeware is safe? (OSX and in general)

I am a poor, cheap son of a bitch. I’d like more software for my eMac (with OS X 10.3.9) but I don’t want to pay for it. There’s a lot of free software out there, but I worry about how safe it is to go downloading software from various sites of unknown reputation.

Right now I’m planning on getting Software For Starving Students which comes though Apple so it should be rather safe. It includes Open Office and some other things. Also I’d like to get Taboo and TransparentDock which have been suggested here, but I’m not so sure about. There are a lot of little add-ons, games and applications I run across on and other sites that I might like to download, but I usually don’t do it. I’ve only downloaded software from reputable, known companies for the most part.

I use Mac OSX which is generally safe from viruses, but how likely I am to download other types of malware, adware or spyware, and how do I keep from doing so? Also, if I download a bunch of little add-ons to OSX or applications should I expect to have trouble restoring things to their original states later on?

You don’t know, really. For most people – like you said – all they can do is rely on the reputation of either the organization behind the product or the individual author(s) involved. Unless you have the skills to reverse-engineer software or examine (and understand!) source code, you’re stuck with having to simply trust them.

But even big, “reputable” companies (ahem, Micro$oft) produce unsafe products, so it’s not like freeware’s the only dangerous type of program. Actually, I’ve run into very few (near zero) freeware/shareware programs that triggered either antivirus or firewall alarms, meaning they’re either mostly safe or they’re so dangerous that they’ve managed to evade detection for such a long time, in which case it’s likely that no consumer-level protection would be effective, anyway.

With that said, one thing you could do is go for programs that are both freeware AND open-source. Look for programs that are active, popular, and worked on by multiple contributors (which increases the chance that somebody will find flaws or malicious code). and are both good places to find these programs. To find OSX-compatible programs, you can go to the OSX Section on Freshmeat or use the “Filter” function on Sourceforge. Sorry, both sites have horrible interfaces, but they DO have good programs if you manage to find them.

On that note, does anyone know of a good search engine/index of open-source projects made specifically for OSX?

Good move.

Google is your friend- before downloading something you’re not sure about, do a little research on it. Googling the name of the software and spyware is likely to tell you if it is spyware.

Set your browser up so nothing downloads without asking you if it’s OK to download something.

If your machine wants to download something, but you don’t know what it is, don’t let it. Also, don’t automatically click “Yes” or “OK” on all dialog boxes, as too many people have the bad habit of doing.

Don’t go to sites offering cracked software- they will sometimes try to install malware on your machine. Some of them try to install junk on your machine when you just visit their site, even if you don’t try to download anything.

If you visit porn sites, don’t download any “viewers” or anything from them.

If you are concerned about the software being a disguise for a Trojan Horse or a virus, then here’s my suggestion:
only download software that’s mentioned in a “reputable” magazine like MacWorld or MacAddict. Download it from the software author’s website.

Keep a backup (on CD) of all the software programs you download and have installed on your system.

Periodically (e.g. when you do a major system upgrade from Panther OS X 10.3 to Tiger OS X 10.4), make a copy of all the files in your User directory, then erase the disk, and re-install the operating system from scratch, followed by all the software. It’s time-consuming and a pain, but that helps you get rid of any potential spyware you might have accumulated through incautious web-surfing, and also when you reinstall the programs, you might realize that you never really use Program X and so you don’t need to reinstall it.

For backups, it’s worth while to spend $100-$200 to buy an external firewire hard drive. It makes back-ups a lot easier and faster. Unless your “users” folder is so small that it fits on a CD or DVD.

Although it could change tomorrow, there are no OS X spywares any more than there are OS X viruses. There was one malevolent “preview of future OS X” trojan but it does not appear to exist ‘in the wild’ (i.e., you won’t come across it).

The freeware is excellent, as is the shareware.

If you want to be spectaculary safe, do backups every night and participate in a couple Mac message boards (from which you’ll hear very quickly if any OS X malware makes an appearance)

Are there any particular forums you’d recommend?

By the way, I highly recommend that Software For Starving Students I linked to above. It has Open Office, Firefox, and audio editor, a few little games and many other things.

I like MacOSX Hints, MacRumors, and Macintoshian Achaia at Ars Technica.

MacRumors will be all over even the faintest hint of a possibility of a Mac virus. (Perhaps like chicken little, high risk of false positives but it’s like a distant early warning system in there);

MacOS X Hints will tell you how to protect against it and/or give you the best line on whether it’s a real virus genuinely & dangerously out there in the wild or a hoax / proof of concept / something other than a virus / real virus but all copies believed found and destroyed / watever;

and the Ars Technica folks will bloody well explain in the geekiest possible detail exactly how the exploit works and how the various prevention / interception strategies work, with example fragments in reconstructed source code and, if relevant, explanations of exactly how every machine-level instruction is dispatched, memory addressed or allocated, pointers repointed, etc.

There’s also the Apple discussion boards. I’ve had good luck with trouble shooting my G-5 iMac.
I’ve had Macs since the early '90s and my son got his first Mac in the mid '80s. We both have used freeware and shareware routinely. The only problems we ever encountered were conflicts and gitchy programs, but OS-X changed all that.
Oh, some freeware/shareware is still in the “you get what you pay for” category. So, if the application acts funny, it may just BE funny.

The status of software, be it freeware, shareware, commercial, etc., does not indicate whether it may contain viruses, spyware and other nasties.

For example, if you purchased a shrinkwrapped music CD from a reputable place where the CD was created by SONY, it may very well contain spyware deliberately inserted by SONY.

If you use Microsoft Windows XP, and selected to download updates, the antipiracy tool used by Microsoft contains a form of spyware deliberately inserted by Microsoft.

And just because you are a Mac user, while the chances of contracting a Mac-specific virus, trojan, spyware,, is very remote (compared to Microsoft Windows), Mac users may very well be Typhoid Marys, spreading viruses, trojans, spyware, etc., in files Mac users may share with others.

The danger with Macs right now IS that they’re so clean, giving people a potentially false sense of security. A wild virus, should one ever be released, may spread undetected until it just happens to land on a security team’s computer. Like AIDS, we may not be aware of it until it’s too late. A few OSX holes have already been found; it might only be a matter of time before a zero-day worm (like the relatively harmless iChat worm a while back) actually spreads. You can wait until it becomes a real issue if you’d like, or you can take some preemptive measures. It’s up to you.

Some things you can do to protect yourself:

  1. Turn on the Mac firewall if it isn’t already on (in System Preferences -> Sharing) and/or buy a hardware router (even if you only have one computer, a router limits the amount of incoming junk that can get to it).

  2. Make sure you have all the latest system updates.

  3. Get an antivirus program – prevention is the best cure. ClamXav is free and McAfee, Norton, and Intego each make their own commercial products.

  4. Make a “Limited” user account and do your normal daily tasks in that account instead of an administrator-level one. This will limit the amount of damage a rogue application can do to – it’ll be able to access your home directory, but the rest of the system should be much harder to get to. Then again, most of what people find valuable ARE in their home directories (their documents, photos, etc.). Applications can be easily replaced, but lost data is usually gone forever.

  5. Do not give your administrator password to any program unless it’s a program you absolutely need. Definitely don’t give it to any program that you didn’t deliberately download.

Except that there’s very little evidence that today’s antivirus software will do diddly-squat to protect you tomorrow against tomorrow’s viruses. It’s certainly true in the Windows world that yesterday’s antivirus software (or yesteryear’s at any rate) doesn’t do much against today’s buggies.

Out of date antivirus software gives people a false sense of security. On OS X, antivirus software is currently as necessary as space-alien repellent, and while OS X antivirus software could be very necessary tomorrow, you’ll need tomorrow’s antivirus software, not the empty and useless packages that today’s OS X antivirus software constitutes.

This, however, is true. If you use Word, and/or you forward documents created by people other than yourself onward to yet other people, you can be a relay channel for Windows viruses.

(Word documents, for those who don’t know this, can contain macro viruses which can spread to other Word documents in the Mac environment if the Mac user allows macros in other folks’ documents to fire — the default setting on installation of Word, I believe, is to ask with each document, and if you didn’t write the macro and don’t personally know who did and what the macro does, the answer should be “no”. Using NeoOffice / J to open and edit other folks’ Word documents will eliminate this risk as well, since NeoOffice doesn’t execute Word macros).

If you don’t forward documents that you yourself did not create, and either don’t use Word or never let macros execute, you aren’t going to be a Typhoid Mary to Windows users. If these conditions do not apply, yeah, maybe you should run ClamAV.

The only reason I suggest one is because many of them have some sort of autoupdate function. In theory, the program’s updater should get the definitions to your computer before word-of-mouth informs an average uninvolved user that a virus is out. But of course, YMMV.

How is tomorrow’s AV software going to be any different from today’s with updated definitions?

One of the problems with freeware is that you often get what you pay for. There is some good freeware out there, but more of the good software is shareware. Shareware is usually in the $15-$25 range, which makes it relatively cheap, though.

You should, if you haven’t already, go to the Safari --> Preferences --> General menu, and uncheck the “Open ‘safe’ files after downloading” checkbox. That will prevent two kinds of exploits. One relies on tricking you into downloading something with a false extension (leading either your or the system to believe that it’s a “safe” file even though it’s not) which will then automatically execute upon download. Another is that running the program or mounting its disk image auto-downloads an additional file without direct interaction from you. Good security practice dictates that nothing runs without an explicit interaction with you. I’m actually surprised that Apple doesn’t have that option disabled by default.

If you want to check outgoing traffic to make sure that something suspicious isn’t going on with your connection, Little Snitch is a good program. It’s not free, however, and you’ll probably have to read up a bit on network ports to know if it’s okay to block or let the traffic through when LS pops up a dialog box. It depends on your level of paran . . . ahem, desired security.