Slashdot Mirror
Should Mac Users Run Antivirus Software?
adamengst sends in an article from TidBITS in which Macintosh security expert Rich Mogull explains why he doesn't use antivirus software on the Mac, and why most Mac users shouldn't bother with it either. The article also touches on the question of when an increasing Mac market share might tip it over an inflection point into more active attention from malware writers. (Last month Apple had 14% of PC sales, but 25% of dollar value.)
We've been over this already today: http://it.slashdot.org/article.pl?sid=08/03/18/1724245
.dmg file... which is, you guessed it! An archive format. :-)
Most Mac programs come packaged in a
Say it isn't so. Everyone knows macs are just as cheap as PCs!
"but money is the God of Algiers & Mahomet their prophet." - Rich. O'Bryen June 8th 1786
It's called a Disk Image. If you have it mounted, then you can scan it with any anti-virus program. There's no reason not to use anti-virus on Macs. ClamAV is free and works quite well.
The Macs are to fast, they need av software to slow them down so the PC gets a chance.
Short answer: Yes
Long answer:
If your Mac runs MS-Office software or other cross-platform software that has infectable data files, you are vulnerable to some Macro viruses.
If your Mac can run MS-Windows binaries you may be vulnerable to some Windows viruses.
If your Mac hosts files on a mixed network your Mac should protect itself from hosting infected files.
So, unless you've got an all-Mac/no-Windows network or your Mac doesn't run or host Windows files, AND you do not run any cross-platform files that have infectable data files, you should protect yourself and your network.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I've been running ClamXav, http://www.clamxav.com/ , for a long time. I normally don't run full scans, but I do use the Sentry ability on any download directories. So anything I download is scanned. Nothing so far :)
15 years of no viruses, no malware, etc. The secret? No secret, just avoid being stupid. AV software is like driving a car with the intention of crashing it all the time, but wearing a seatbelt and thinking everything's OK.
The twitter monologues. Click on my homepage and be amazed.
...is obvious
Molasses let your mid-1980s vintage Macs run at 0.25, 0.5, 0.75, or 1.0 x normal speed.
At 0.25 speed you could actually see the windows redraw.
It was a great April Fools joke.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
What's my explanation for your perfectly good logic? Mac users have a false sense of security (see ensuing posts about Mac security totaling Herculean proportions).
My work here is dung.
I primarily use a Mac, and I have ClamXav installed. Mostly out of curiosity. I run it occasionally, but it has never found any viruses. I won't hold my breath.
Follow me
While the the door locking answer isn't completely straightforward, it's also not all that difficult.
... ..
The reality is that today the suburban household is relatively safe. There are hundreds of thousands of burglars and other criminals floating around the city, but many less are known to target the suburbs, and many of those are aimed at apartments with no picket fence to climb (and thus have no effect on a middle class homeowner).
It's not that the suburban house is inherently more secure against thieves than urban apartments; the numerous crimes reported in recent years are just as dangerous as their Windows equivalents. But most security experts agree that criminals these days are driven by financial incentives, and it's far more profitable to target the least protected and most accessible domiciles.
.
The article's facts are reasonable but not a very well reasoned argument on why to not run anti-viral software. If the suites were so intrusive/resource consuming as to truly hinder normal use, it would at least start a debate. However, just because you live in a quiet neighborhood doesn't mean you leave your keys in your car when you go into the corner store.
Yes, by about ten years.
The twitter monologues. Click on my homepage and be amazed.
There's no reason not to build a nuclear bomb shelter either, except that most people don't need it, it won't work and it's a waste of money. Now that I think about it, there are more reasons to build a shelter than there are to run AV on modern *nix derivatives. AV programs are a terrible performance drain on the one system that needs it but is never really protected by it.
http://slashdot.org/comments.pl?sid=216934&cid=17629948
Ha. I already don't run AV on the PC either.
Well tell me why I really need to? I mean I have it installed, but I certainly don't have that stupid active scanning thing turned on. So when I open a file, my computer really needs to open it twice? Bull.
I get my mail from gmail (so attachments already scanned there). I use FireFox (so little chance of infection there). I do scan things that might possibly contain a virus -- anything from a usenet newsgroup or from P2P (which is only a few executables ever anyway); And I do let it scan the whole thing once a week (and never finds anything I didn't already know about, of course).
And you know what? My old computer running Win2K runs faster than most any new computers out there with AV turned on. To date, I've never been bitten by any viruses.
"They said I probly shouldn't fly with just one eye," "I am Bender. Please insert girder."
And if Rich Mogull is arrogant enough to believe he doesn't need it, then he shouldn't be calling himself a security expert. The fact is that virused propagate for two reasons:
1. Because an exploited security hole in the OS let's them get in and out, and
2. Because the virus has a similar enough system to propagate to.
Yep, Windows has security holes (but then so has OS X) but the greater issue is that Windows own levels of high compatibility going right from DOS up to Vista means that a well-written virus will probably be able to run on just about any PC.
Switch to a Mac, and you still have a population of similar-enough machines across which a virus can also propagate and it is very dangerous to assume anything otherwise.
Gentoo Linux - another day, another USE flag.
I think it depends what kind of user are you talking about.
If a user is careful about not downloading programs from random sites and installing those, as well as careful in opening email attachments.. i think one should be good to go without antivirus on most of the OS's not only OS-X
OTOH, if one just open every email attachment (s)he gets.. then even antivirus can not help sometimes (e.g. against some new vulnerability)
Isn't 5 percent of computers enough to be worth infecting? How about the fame of creating the first Mac OS X Leopard worm?
Help! I'm a slashdot refugee.
I have ClamXav installed, and run it every now and then, and it never finds anything (apart from warnings about oversize archives - i.e. large zip files). It almost goes without saying that when a genuine malware threat hits the OS X platform, it will be all over the news - or at least the news I read, anyway.
The Mothership
I run ubuntu on my desktop, and dont run random executables. Why would I need AV ?
I want to delete my account but Slashdot doesn't allow it.
IMHO Mac users who send out files to people should probably use a virus checker. It's just polite. The fact that something can't cause damage to your machine doesn't mean you shouldn't check it to make sure it won't hurt someone else's I'm kinda being hypocritical here, seeing as in my years running Macs and Linux boxes, I've rarely run virus checkers, but then again, I hardly forward email and almost never deal with attachments.
Just because it won't effect you doesn't mean it won't effect someone you know. Now here's where everyone will start saying, "it's teh windoze uzer's own fault! Dey shouldn't be so dumb!" but seriously people, if you want to show people that Unix is a better choice, show them by helping, not by hurting.
"Don't meddle in the affairs of a patent dragon, for thou art tasty and good with ketchup." ~ohcrapitssteve
My major concern would be with swapping USB flash drives between machines from home and work and such. Might as well have the defense up if it doesn't interfere with what you do.
I wrote this but first, I don't know what I was thinking.
"Why wouldn't you? Cause the risk is low? Thats like having sex with a girl and not wearing a condom cause the risk is low of catching something. You might as well put the extra layer of protection just as some sort of defense just to be on the safe side."
The problem with privilege separation in Windows is that it's often not adequate. Too much stuff demands being run as a power user or administrator. I tried to do it with my parent's computers and there's always a hangup with one program or another. So you can use a plain user account, you're not going to be doing as much with it.
I used to work at a computer lab that was all Macs at a school. For a short while we didn't run any AV software on the machines--until we started getting complaints from other departments that files that were coming from us had viruses. Turns out that Office for Mac is a perfect vector for all those pesky macro viruses that would find their way onto machines. It wasn't incredibly serious, but it was enough to get us to put AV software back on the Macs.
This guy's the limit!
the primary difference is the elevation of privleges. Malware and viruses on Windows have no problem taking over the whole machine, because regardless of what user is running the malware, the whole box can be taken over because the user has full admin privleges.
For a *nix environment, even if malware got in through the user's browser, it still needs an escalation of privleges to do real bad harm. Without it, the damage is largely contained to the data in the user's directory.
If there were widespread vulnerabilities in OS X the way Windows does, wouldn't someone want the bragging rights to say that they wrote the first OS X virus?
A sentence you'll never see on an Internet discussion board: "You know what? You're right."
.. they wouldn't know how.
I think we can keep recursing like this until someone returns 1
Macs dont have viruses.
.. browse files, launch whatever apps you feel like. When you go to a PC store or section within a store .. the PCs are always locked down and have a demo running on it. It just seems to me like Apple is rightfully confident malware can't run on the Mac.
If you go to an APple retail store you can play with the Macs, get on the internet
That will hopefully start to change now with Vista, but IMO it should have been forced in the Windows 2000 timeframe. We'd all be better off.
The twitter monologues. Click on my homepage and be amazed.
AV software on an Internet-connected computer is like driving on a highway where every 100th car has been taken over by a suicidal maniac bent on destroying everything in its path, but using armor-plating thinking that will improve the odds of surviving the day in one piece.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
This is just a teeny-weeny bit unreal. Close inspection reveals that the cited article refers to US-based PC retail sales.
There is more to the world than the US. And there's more to sales than retail sales. Apple has much lower sales penetration in Europe and Asia, and it has much lower sales in the commercial sector. Apple might be on enjoying a renaissance, but don't be fooled by inappropriate statistics.
One thing that worries me is I see a lot of Mac users who have the "Macs can't have bad things happen to them," attitude. This is dangerous in general, but particularly with Macs becoming more popular. In general it is just bad because it leads to lax security policies. For example we got a notice here that a computer was doing bad things. Tracked it down, it was a Mac. We disconnected it and found the owner. Their response? "But Macs can't be hacked!" Ya well turns out they can if you are dumb enough to have a world writable FTP server with the root directory of /, which is what this idiot had done. I don't even know that it was being used for anything other than a public warez FTP, but still, the point is MacOS couldn't defend against extreme stupidity.
So I think it is a good idea for Mac users to run AV scanners, and other security tools, just in case. Even if you've never found anything, better to have a good security policy than to end up being sad later on.
Think of it like having a house in a good neighbourhood: Just because your place has never been broken in to, doesn't mean you should leave the door unlocked. Sure it might not be common where you live, but that doesn't mean it is impossible. Practise good security and it isn't a problem.
I take the same view with computer security. I mean for that matter I've never had a virus on my Windows system, and I don't find it likely that I will. I don't do the sorts of things that are going to get you infected. However, I am going to be safe about it, rather than being sorry that I was arrogant in assuming my knowledge made me invincible.
It is unfortunate that developers make silly assumptions, such as assuming ones application directory is writable (hint: application settings should be a per-user setting and stored in the user's home directory somewhere... in the case of Windows, in the %APPDATA% directory structure.)
GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
Anti-virus software is only as good as it's detection methods are. Since detection methods are usually only helpful for known viruses the likely hood of anti-virus software actually being helpful is minimal. Chances are that an update will fix the exploit in line with an update to your anti-virus software but alas, by then, it's too late. Then again Apple doesn't have a very good track record on issuing fast updates to combat known exploits.
The issue is no different on OSX, Linux, or Windows. They all have holes. You just need to give someone enough incentive to go stealing pieces of the pie. Windows just happens to have more of it.
Macs are secure dummy. Look whose sneezing. Get a Mac!
I can't tell you how long it's been since I've had a virus. Just don't open those idiot emails, don't follows links in them, don't follow links in IMs, use FireFox, etc... viruses and spyware go down to nearly nil if you just stop using IE and be smart about your email.
I'd worry about viruses on my Mac, but I'm spending more of my worrying time making sure that someone looking like Chase isn't trying to steal my account information through a phishing attempt that got past Gmail.
And seeing how good Gmail has gotten about that lately, I'm not spending that much worrying time on phishing at all.
-Rob
Biblical fiscal responsibility
The right question is "Should Apple take security more seriously?" YES and "Should Apple be more proactive in dealing with security issues?" YES. "Should Apple be closely following the tactics of various malware propagators and bot net operators?" YES.
Bringing the Anti-virus & Registry Cleaner snake oil salesmen to the Mac isn't going to do anyone any good.
Having said all that I used to use clam but never reinstalled it when I move to Leopard...
Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
I don't run any virus protection on Windows XP. I've been using it since it came out. I didn't run virus protection on Win2K either.
I have never had a virus infection on my internet-connected computer.
I don't think Mac users, Windows users, or other OS users for that matter should run anti-virus software. As many people have already pointed out your computer takes a performance hit, having to scan for a virus on every file read or write.
People should learn not to open files from e-mail unless they know that the file is coming from a reliable source. I do not use an anti-virus application on my Mac, but then again I didn't run one on my Linux box before that or my Windows box before that. I just plainly did not open attachments or or download files that I could not verify came from a reliable source.
How hard is it really for someone to send an e-mail back to their friend or family member and ask them if they created the file they sent, or know who created the file personally? If they say they did, then you stand a fairly good chance it did not contain a virus. If they say no they received it in an e-mail sent to them by who knows who, then tell them you won't be opening it. This leads me to chain e-mail and e-mail forwarding etiquette in general, but that is another story.
That being said, anyone who does not want to learn common sense, should go ahead and install an anti-virus application, take the performance hit and live with it. Don't call the rest of us when you get infected either, while running your ever up to date anti-virus application, call your anti-virus software developer and complain. I am at the point personally where I won't be doing viruses for much longer, whether that is on Windows, other OS's or Mac. I have cleaned enough viruses from other peoples computers, that if they don't hurry up and smarten up they are on their own.
If I ever feel the need for an anti-virus application, I will be running it on demand, and the darn thing better not install any services that will slow my machine down. The only time my machine should slow down from running an anti-virus is if I tell it to run a scan.
Regards,
Ryan Pritchard
Fun Extends All Basic Life Expectancies
I note that Leopard Server runs ClamAV by default, and does so without user intervention. Of course the mission for the server release is different from that of the desktop, and there may be an expectation that you'll be interacting with Windows at some point. It's capable of supporting Windows clients, and for that you should have an AV suite. It would be beyond foolish not to have one.
Still, many people interact with Windows from their client Macs too, but not everyone. Windows is not a part of my life, for instance.
Apple obviously felt it necessary to include an AV suite for the server release. They've tailored it for the OS, so why not ship it by default with the client release as well? Perhaps because they feel it isn't necessary, and they're choosing to err on the side of fewer wasted cycles for the majority of their users? I suspect that if a bona fide threat to OS X ever does appear ClamAV will be made available for the client release via Software Update the next day.
I can't spell that word. Anyways, if you run that program remember that you need to patch the Windows installation and run an Anti-Virus on it just like if it was it's own computer.
The whole signature based approach to AV seems so bizarre. Imagine trying to get into a nightclub.. The bouncer has a list. If you want to get in, he checks the list. If you're *not* on the list, then you can get in. The club owner is concerned because he keeps his wine and beer in the club and doesn't want it to disappear overnight.
Of course the problem with analogies is that they can fail. No one wants the Microsoft solution where applications need to be certified to run. This might be equivalent to the bouncer calling the club owner to see if someone is allowed in. Or having a list where only people on the list are allowed in...
Then you have to hire a couple bouncers because every minute you're checking if someone is allowed in. The club owner gets called all the time because he has to OK every single app. So he makes a declaration that anyone wearing acceptable clothing is allowed in. This works for a while, until some people you don't want in start wearing some acceptable clothing.
So maybe the club owner decides to change how he operates. Instead of keeping the wine and beer freely accessible to anyone who enters the club, he puts it behind a bar. People can come in, have fun, but they'll never be able to get the beer and wine unless they can show some ID. The club owner also starts putting all the important papers in a locked room away from the bar.
So strained analogies aside, whether or not you use an AV scanner can be irrelevant. If you can sandbox your web and email then you'd not have to worry about a whole class of vulnerabilities.
I can't get into trendy clubs anyway, so take it how you will.
anti virus software is designed to make you feel safer without actually doing that much. Typically, all of the anti virus vendors out there combined can't remove more than a third of the viruses that will end up on your computer if it gets exposed while unpatched to the virus stew out on networks like comcast.
The truth is that running behind a hardware firewall and a NAT, having unnecessary services turned off, not running software from untrusted sources, and running everything you can as an unprivileged user are the best methods for preventing infection. If you actually do get infected, you're pretty much screwed. It's very unlikely that AV software will be able to remove all of the viruses on your machine. You pretty much have to reinstall.
For all of these reasons, I actually advise that even windows users do *not* run AV software, as it often provides a false sense of security. In addition to that, AV software often bogs down your computer and screws with your network traffic. A number of AV packages will actually listen in on your network traffic to see if virus traffic is being transmitted. Since everything has to be scanned before it is sent out, this will greatly increase your latency, decrease your throughput, and cause unnecessary CPU activity for network IO.
Cheap routers for home use largely make AV software obsolete on the home front, where it was most used. The places where you have to worry are large businesses and dorms. At dorms I advise that you throw a cheap router in between your windows box and the network connection. In businesses, the IT department will track what viruses are on the network you should just be careful to stay patched and not *introduce* any new viruses by running untrusted software.
As far as macs go, I've never even met anyone who's gotten a virus for his mac, and I used macs for well over 10 years. As long as there aren't too many macs on a given network, it is impossible for viruses to spread. Windows viruses can spread because there are many viruses written for them, and because there are networks with thousands of windows machines attached.
Especially when you start talking upgrades they seem to be pricey. Looking at an iMac right now they want $500 to go from 1GB (the default and minimum) to 4GB. Hop over to Dell and going from 512MB (default and minimum) to 4GB is only $170. Now yes, I realise you can buy aftermarket parts, but that defeats part of the point of getting an OEM system and certainly an Apple: support. You get everything from the OEM, they are your one stop for support, particularly with Apple who also makes the OS. You start buying aftermarket, that is no longer the case.
Now that aside, the other problem I find is that while their prices are often comparable for a system at a given point, they don't actually offer what many want. The towers are a good example. Yes, actually, their towers are fairly competitive pricewise when you spec out a similar Dell workstation with dual quad cores, lots of registered ECC RAM capacity, and so on. However the problem is what if I don't want that? What if I want a single quad core (or dual core), non-ECC RAM, and so on? There's plenty of cases where this is a much better option.
Let's say I don't have software that scales up to 8 cores. This is fairly common these days. So let's say I'd like a quad core with 4GB of RAM. If I go the Apple tower route, $2800 is the price for that. That isn't unreasonable, since it is a single Xeon, with support for a second one, and registered, ECC RAM, which is really expensive. However, Gateway (or I suppose MPC now since they bought Gateway's business division) would be happy to sell me a E-6610Q with similar specs (HD, video, etc) for about half that ($1300).
Now the thing is, the sort of system I listed is quite useful. We buy a good number of them here (that's why I know about it) for research. There's a lot of cases where someone wants a system that has a good processor, plenty of RAM (we often get 8GB even, which is still cheap) but just really doesn't have use for a full on workstation class system. This is even more true now that processors have gone multi-core. While 8 cores is great, there are just a lot of things that are hard to write to make use of that many. So if you aren't using more than 4, the second processor, and all the associated cost, isn't useful.
That is the main reason I'd say Apple isn't competitive on price. A mid range tower is something that there is a whole lot of market for, but they just don't sell. If you don't want an all in one, your only option is super high end. If you don't have a need for the extra hardware, that is just money wasted.
Same goes for people at home. For example I like to play games. An all in one wouldn't work for me. Sure, I could get a similar monitor (24" widescreen), CPU (Core 2 Duo) and RAM (4GB) to what I have. However I can't get the graphics card I have, and I can't ever upgrade it. That is a show stopper right there, since the core of the system will last a good deal longer than the video card. It'd be a waste to buy a new system when only one component needs updating. Likewise the monitor will outlast the system, again a waste to upgrade.
That's my objection to the argument that Apple is a good value for equivalent hardware. That is true in a narrow sense sometimes, but given that they don't have a solution for a large number of people, it isn't true over all.
that's kind of what he said. macs are more expensive.
if they're connected to the internet.
Orbis terrarum est non altus satis
We run Sophos Anti Virus at my company since it runs on Mac OS and Windows. We've actually caught Windows viruses on removable media from home users and alerted them about their infection.
In theory, that user went home and dealt with the problem - maybe preventing an issue for someone else down the road.
We also caught a virus on a BRAND NEW digital picture frame. Again, it was a windows virus, but we may have prevented a windows infection by detecting it on a Mac.
If everyone was diligent about security - including those that "don't need to be concerned", we might have less of this crap floating around.
-ted
And for the same reason I never used AV software in Windows....it's not necessary as long as you exercise some common sense and self control.
Since they are less aware of their system's vulnerabilities... And the odd quircks of Mac OS X where a file can be named Document.doc and have a Word icon, yet be a perfectly valid double-clickable executable, or have a malicious resource fork attached to it...
Obama likes poor people so much, he wants to make more of them.
A lot of companies run antivirus software even on their high end Solaris and AIX machines. Not because there is a likelihood of a RTM worm repeating itself, but because of legal reasons. A lot of corporate clients require their vendors to "have antivirus protection on all computers", a very wide and sweeping statement.
One reason I can see putting AV on a Mac is so people (and companies) can check this box, saying that all their machines that handle customer data have antivirus protection installed, even if the utility is just triggered from a cronjob that does a scan down the filesystem for infected Windows files every so often.
Historically, before OS X, Macs did have some viruses, although relatively few of them were malicious. Before Word macro viruses became common, John Norstead's Disinfectant was one of the more used anti-virus utilities that offered not just scanning, but in memory protection.
The only reason I require folks to run antivirus software on the Mac is because of Microsoft products. We have had several macro viruses spread across campus through the sharing of Microsoft Office documents.
Never ask for directions from a two-headed tourist! -Big Bird
AV Software has the tendency to annoy the shit out of the user (constant nagging to be updated or upgraded, scanning your entire hard drive every time you turn the computer on, ruining your computer's Internet connection because of false attacks, etc...
The best protection for people like me (which naturally translates to the majority of the slashdot crowd), is a combination of common sense and in the event you suspect some nastiness is going on, house call. Use it for a full system scan, or just to scan specific directories (IE, a 'download' directory for stuff from a not-so-innocent origin). It supports Windows, Macs, Linux, and even Solaris. Seems to do the trick for me.
I stopped using AV on Windows machines about 10 years ago, and have not had any malware problems since then. (aside from some opt-in spyware that used to come with free software, which I promptly removed myself) The performance hit from the large AV footprint was to onerous to handle anymore. I used to work in a computer shop, and the AV software really didn't seem to be protecting any of my users anyways. Fully patched and updated systems would still come in riddled with trojans and spyware. The newest class of malware is simple too evasive, using multiple attack vectors and social engineering to overcome most system protections. The only thing I do now is follow 'best practices'. Don't click on links in unfamiliar emails, pay attention to the the URLs that links are taking you to, close or endtask dialogue boxes from websites (and acutally read them), and use a resident registry modification monitor to see if something is changing startup files(I use Spybot). And most of all, have multiple backups of anything you have that you don't want to lose forever. If you are still getting viruses, you probably are doing something stupid.
OS X/Unix/Linux is antivirus software. Say all you want about market share, there really is a difference between *nix and Windows.
I'm confused. You mean "M$ Windoze LOLOL", right?
Oh, you're trying to get out of the karma hell all your accounts are in for trolling. Never mind.
Total cost of ownership. No anti virus software to purchase, install, maintain. No wait for computer to do anything while anti-virus does something (which is really doing nothing in my case). No explaining to clients about why they need to spend money and time on anti-virus software. You can add things up in any manner you like but not messing with anti virus software is a substantial savings. I stopped supporting anti- virus software in the early 90's (Mac 9-X). I like to think that I believe that my time is precious (half my life now gone). And performing ritualistic acts of virus checking and virus definition updating actually became a virus itself. I was infected with the illogical idea that I had to protect something that was well protected by the use of an operating system that has/had no virus problem. Jump up and down, scream and yell, but, I have not spent my time or my clients time/money nor have I had any processor waste on the "wait" for Anti-virus any of the 50+ computers (9 & X) I have maintained for last 15 years. I support people and companies that just want to get their work done and so far Apple has helped to make that reality. Yes, I do spend time and money with backups and acknowledge that not using AV is risky. The cost / benefit analysis of purchasing and maintaing anti virus software for X weighs heavy with cost and has no benefit. I know little more that nothing about Windows, but I deal with a few xp machines/networks and I am always amazed at the great amount of time and cost involved with making the computer work - because I am too paranoid to have a Window machine without AV. My prudent nature will act once I have to start dealing with Apple machines with multiple OS. Or more that ten people have a Real problem with virus on X.
I have both Norton AV and Clamav running on Mac systems. There are only a few pieces of malware for Macs (non-potent) now but since we have share files and data between other OS we need to scan files that we get from them which can be infected even they won't really affect the Mac. If you have virtualization programs like Parallels or VMware and have Windows, an piece of malware can infect the virtual OS. Remember the recently VMware announced an vulnerability in VMware where the guest OS can affect host OS.
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
The worst stuff from email with sends all of us junk that hopefully that the mail server will filter out most malware but your system will need to filter any leakers that pass through the mail server.
We have been under the radar of most of the malware writers but as Mac gets more popular we will get a dose of Windows malware pain sooner or later.
Anti virus sotware is a waste of time and money.
I'm using a Mac, and I also use Windows on the same machine via Parallels Desktop.
Personally, I don't run any anti virus software at all. It's installed; I do a scan perhaps every few months, and it's not found any viruses on either the Mac side or the Windows side in over a year. I certainly don't have any 'always on auto protect' crap turned on.
I really do think anti virus software generates the false impression that you're protected, when in fact people need to start taking more responsibility for what they do online. I'm in favour of any software that helps people make decisions about the sort of sites they are accessing. Just look at the Firefox 3 beta for an example.
But anti-virus software? It's resource hungry and expensive. Honestly, don't bother. Just know what you're downloading and take proper precautions. And help others do the same.
"We live in a global world" - Harvey Pitt, former Securities and Exchange Commission Chairman
...don't need to run antivirus software. Period. In fact, I view AV software as malicious code itself. Look at all the problems it causes, and the cpu and disk cycles it wastes scrawling through its heuristics and signature list on disk and memory access.
AV is an attempt at a technical solution to a user stupidity issue. If you don't do dumb shit, you don't get infected.
I'm not talking about worms (which AV does nothing about). I'm talking viruses, trojans, spyware, and the like.
- Run in a "normal" user account, as opposed to administrator. If you need to do something administrative, it simply prompts you for an admin name and password. That's easy enough to do on the rare occasion that it's needed. Most things that "normal" users need to do are possible without admin privileges due to the well thought out design of the OS.
- Only execute software that appears to be from a reputable source. This is easy enough to do because Mac OS X warns you whenever you try to run a program that was downloaded.
- Back up your data frequently! This is a good thing to do on any computer, whether Mac, Windows, Linux, *BSD, or the world's most widely used operating system, Sendla. But on a Mac with Leopard, it's easy. Just get a Firewire or USB drive, plug it in, tell it to use that for backups, and that's it. Just remember to plug it in once every few days.
Beyond that, if, by some extremely rare circumstance, you happen to be an unlucky enough soul to actually get a virus on a Mac, just blow everything off the hard drive, reinstall Mac OS X, and restore your crap from the Time Machine backup.There is no need to run some stupid garbage virus protection software. All those programs do is sit around, waste resources, slow your whole system down, and fail to recognize any real viruses while your PC endlessly grinds away with thousands of spam/spyware/adware/viruses, and runs at speeds that make snail mail look like subspace communications.
Current AVs rely on databases of known definitions. With few definitions for OS X, and no current malware in the wild, there is no point to a database. Heuristics are shit, and easy to fool currently, also subject to false positives(a customer brought in a computer once where Norton was going off on DaggerFall's setup.ini, for example, but riddled with shit like sdbot that should have been caught), making the point moot. Great way to slow down your system and throw away some money, though!
www.isoHunt.com
It doesn't matter what you do at home. Your computer is your business. However, if you refuse to run an AV no matter the platform in an enterprise/business environment, you put everyone at risk. To break it down: At home: Do what you want At work: Run an antivirus program Very simple.
Victory shall be mine!
I think it's about time I put to use what I've learned over at http://vx.netlux.org/lib/vxx03.html
But first I should also have the anti-virus software ready to sell to all infected Apple PC customers. Isn't this how Windows PC antivirus companies started?
I don't even run AV software on my PC, and I've yet to encounter any problems. I really don't see what the fuss is about.
Done with slashdot, done with nerds, getting a life.
I mean one who's actually practicing celibacy...
listen up. antivirus is a good thing. repeat, a good thing. all these twats saying they have never been infected.... give me a break. you probably ARE infected and don't have a clue... BECAUSE YOU DONT RUN ANTIVIRUS.
If you mod me down, I will become more powerful than you can imagine....
The doom and gloom crowd has predicted Mac OS X would get overrun by virii and malware for 7 years now, so far very little in that direction has materialized. Status today is that there are no malware for OS X exists today. I just don't bother with anti-virus. Mac OS X is such a serene platform. It's funny to hear that the wolf is coming every 6 month or so. What happens? Nada, nothing whatsoever, zip, zilch! I enjoy the peace and quiet, I can spend time on being productive instead of thinking of malware. As for the Office macrovirii: Most often there is a Windows path in the instruction, such as C:\, no good on Mac.
Is there any effective anti-malware software for Mac? I had something back in the System 7.5 days, I guess it worked, but the thing is, since there are no in-the-wild examples, we don't know what kind of system hooks they will employ. The days of self-replicating computer viruses are basically over. What we have now are a variety of worms and rootkits, whose general behavior characteristics are well-documented. But since we don't know *how* anyone will try to attack Macs, we don't know what kind of software will be effective against it or how to evaluate the software that says it protects you.
On a side note, Linux etc can easily be exploited, too--how many times do you run './configure' or 'make install' as root without reading scripts you're running?
Hospitals do not provide protection from broken bones. They patch you up after the fact. The same goes for A/V software. It does not protect you. It might heal you.
But if you want to talk about post-infection cleanup, A/V software is not the only option. Indeed, it is frequently the least efficient option. I make decent money doing Windows support on the side. A typical post-infection cleanup costs 3-4 hours of labor if you try to A/V it. It costs about 1 hour labor to wipe and reinstall Windows. To reimage incurs the minimum 30 minute labor charge, even though it takes less than 30 minutes.
Now apply this to a Mac. It comes with Time Machine. Why on earth would you waste your time (and possibly money) on A/V software?
And we haven't even started the discussion about the Norton or McAfee "cure" being worse than the disease. And we haven't mentioned that the primary factories of malware are funded as "research" by the biggest A/V names. Fox? Chickens?
A/V software is so '80's.
My point was the over all mentality of "nothing bad can happen to Macs." This is an example of the extreme in stupidity, which is why I like to use it. The point is to not act like your platform is immune, but rather go to the other extreme and act like it is vulnerable. Even if it isn't, you secure against the case that it might be. It is the difference between proactive and reactive security. You can be reactive about things and wait until a problem happens, then cry about it, then fix that specific problem, then rinse and repeat. Or you can be proactive and try to head off security problem initially.
If you're the slightest bit savvy and behind a consumer router, you can get by a completely unpatched pirated copy of Windows XP running SP 2. How do I know this? This describes my wife's computer, and she has never once been infected, though it's virtually unchanged since the release of SP2 (it can't get updates because it fails the WGA test). Of course, she knows enough not to download and run "extra special good happy screensaver plugin.exe" - and she can SEE the extensions of attachments because the default switching-off of extension display has itself been switched off. I think AV software is the biggest swindle in the history of computers, at least the stuff you pay for. I run AVG because I like to download warez, but that's a different story.
The flag just makes more sense than the constitution. - Judas Gutenberg
The antivirus software for OS X just isn't of the same quality as the antivirus software for Windows. I'm not going to make any judgments on the overall quality of Windows antivirus software, and I'm not saying this to disparage those who write antivirus software for OS X, but I don't think the antivirus vendors treat security on OS X seriously. I can't really blame them for this. After all, the OS X market is much smaller than the Windows market, OS X users are less likely to purchase antivirus software, and they're barely keeping up with the current Windows malware as is.
As a result, the OS X antivirus products tend to be buggy. A few years ago I was supporting customers who were running Norton on OS X. I commonly ran into two problems with the software. First, the uninstaller which shipped with the software didn't work. It failed to detect the presence of Norton on the system, even though it had been installed using the installer program on the same CD. Luckily the manual removal process wasn't that hard. This wouldn't have been a problem if I didn't have to uninstall it so often. The software would occasionally decide to take up all of the available RAM and CPU time. I can only assume that it was scanning either network traffic or running processes, because this did not correspond to hard disk activity. In one particularly nasty case, a user with both Limewire and Norton set to open at login on an iBook could not use the computer at all. It took an excess of fifteen minutes to log in, open a Finder window, navigate to the Utilities folder, and open Activity Monitor. Turns out that Limewire was doing something that Norton didn't like, but it was Norton that was causing the problem.
Norton also had a particularly nasty false positive which hit many of my users. Most of them kept their cool and called in for advice, but some of them hit the panic button and started reformatting their systems. Because of the performance problems, the fact that the users didn't really see any benefit to the antivirus software to begin with, and other small problems like this one, users would frequently install Norton and then come back a month later and ask it be uninstalled because it kept slowing down their system.
Switching them to McAfee didn't really resolve the issue. McAfee would launch at login and try to update the current virus definitions. More often than not, this would fail. McAfee initially claimed that this was due to their update servers' poor availability. The Windows version of McAfee was having update issues as well, so it was a plausible explanation. However, the OS X machines continued to not get new updates for months after the availability issues subsided. Turns out that updating didn't work correctly in what was then known as Virex. A few months later, McAfee issued a patch which had to be manually installed to fix the issue. The uninstaller for McAfee actually works, but isn't very user friendly. It's just a shell script which uses sudo to perform some actions. From a tech support point of view, I love how quick and easy it is. If I have remote access to a machine, I can uninstall McAfee. However, it's not a very good soloution for normal users. I've had to field a fair amount of support calls which basically boiled down the users, not seeing bullets being displayed when they entered their passwords, assumed that their passwords were not being entered. So while McAfee doesn't have as many annoying problems as Norton had, they didn't throughly test their updating code, took a long time to come out with a patch, and didn't bother to put together a GUI installer.
Because OS X antivirus software just isn't a priority for the antivirus vendors, it's hard to advise a user to install an antivirus product on their Mac. Considering that every solution I've tested seems incomplete, I find it hard to believe that the designers of these products have sat down and had a hard look at how malware would take advanta
True words, but consider this saying: "It says FOOLPROOF not DUMMYPROOF". Considering most PC/Mac users are not able to avoid being stupid, it is a safe bet to use AV products. If people could avoid being stupid, we wouldn't need AV... then again PC Techs and Geek Squad would be out of a job. The point is - While some of us don't need these products, most do because most have yet to learn to drive. Whether they need the belt or not is another issue.
Security really isn't a problem for me and shouldn't be for the smart ones out there. All it is bad habits. For example I have a friend who was running Windows 2000 and in the last 6 months he got a new computer running XP of course. Now and then (before he got his new computer) he would ask me to fix his computer, just too much pr0n and a trojan or two. So once he got his XP computer, you can expect what happened. I think of it as bad computing habits, if you are smart, you don't open those .exe attachments, you don't download pirated software (thats another story) or anything of the dumbass-ness. ;)
Are you implying that the *format* has the security holes? It's not the format that has the holes. It's the *operating system code* that implements it that has the holes. (Specifically the part of the kernel that handles filesystems.) In other words, it's a relatively small amount of code that the vendor is highly motivated to fix (especially in light of the recent publicity about archive formats.
This has no bearing on the usefulness of anti-virus per se. ANYTHING that opens that format might be vulnerable. It's not likely to stay vulnerable. And new security holes are unlikely to be introduced. (There's just not that much burning reason to tweak dmg format as far as I know.) So positing this as a reason to now use anti-virus in particular is a bit arbitrary. Shouldn't you just not use anything involving dmg format? Shouldn't you just never open any files ever?
I don't use anti virus software anywhere, and I haven't had a virus on a desktop machine in... wait I've never had one. Now you may ask "how do I know"? I regularly install AV software on my windows boxes, scan, and then uninstall. AV software is so horrible for performance, I absolutely hate it.
I've even begun doing the same with spybot since it runs an agent in the background now which causes a considerable performance hit.
I've seen AV software cause many more problems than I've ever seen it solve or prevent.
Never had a virus. I still don't know what it is that users do that causes viruses.
That it isn't that I don't like it. There are two big problems:
1) There is a major segment of the market that Macs don't cover. Basically anyone who doesn't want an all-in-one, but doesn't want or can't afford a high end workstation. They have no offerings for that market. If I was the weirdo for wanting that, I'd be ok with it, but that is the major market out there. There's a whole lot of reason to want a computer like that. For example in our instructional labs, we can't afford high end workstations, not when we are getting 50 computers, nor do we have a need for that power. However an all-in-one is a bad idea. Why? Because monitors last a lot longer than computers. One of our labs has undergone two upgrades to the computers but is still using the same monitors. Eventually they'll have to be replaced, but LCDs last a good long time.
This is a real good thing, because generally it is a situation like "You have $50,000 to spend on the lab." Ok, that's $1000 per computer. Well, $150 not spent on a monitor is $150 that can be spent on a faster processor or more memory and so on. No reason to replace a perfectly good monitor just because the computer is out of date. It is a non-trivial part of the budget that would have to be spent on even a fairly small monitor.
2) All the arguments that macs are "good value for the money." No, they aren't for most people. Most people don't want a workstation, if they did, that'd be the big sales from most companies. However there is very little software that can even make use of all that, let alone people who use it. It isn't a good value to most people so the argument is bogus. It is like trying to argue that an BMW R8 is a "good value" for a normal car. No, it's not. It may be a good value for a performance luxury car, however most people aren't after that. While it may well justify it's $100,000+ price tag, that doesn't change the fact that it is $100,000 and more car than most people need or can afford.
That has always been one of Apple's value problems is this bundling of things people don't need. It isn't that nobody needs them, just that most peopel don't need them. However it raises cost a lot and thus makes it not a good deal for the majority of people. I wouldn't call a Precision Workstation a good deal over all either. If you need those features, ok you get a good price for them, but it still is high priced. You pay a big premium for things like 2 processors and more than 8GB of RAM. It isn't a case where 8GB = $X and 16GB = $2*X. It is more like 16GB = $5*X or $8*X. You aren't doubling the cost to get these things, you are more than doubling it. What's more, they don't double performance. 8 cores are not twice as fast as 4 other than very special cases. As I said, there's precious little that can use all that, and even some of the apps that can (like say a good DAW) don't really have a use for it in most situations. Likewise getting more RAM doesn't help performance unless you actually have apps that need it. Just having more sitting there doesn't help.
There are plenty of cases with PCs where I give the advice of "Don't go above this unless you really need it because it incurs a big premium." The problem with Macs is, you just don't have that option. You want a tower? You get a bunch of expensive hardware, need it or not. Thus it really isn't a good value for most people.
This isn't news, and especially isn't news for nerds... Windows, Linux, MacOS, it doesn't matter...
Don't run programs of which you don't know the origin (commercial games from big store - yes, hacked games from random illegal Internet site, no)
Don't let programs run automatically ever (autorun, activex in browser without prompts, email attachments etc.)
Don't run programs just because something in an email, on a webpage, on a game, tells you to - double check first.
Use only trusted, well known mediums to obtain the things you want, whether that's a game magazine or a download site.
You DO NOT NEED something running 24/7 and taking up CPU all the time, intercepting every disk access to stop you getting a virus. You just need to follow some simple rules. My girlfriend manages them with little to no training - never had a virus. If in doubt, you ask someone in the know. They will tell you if something is safe and should be able to do so over the phone or IM it's that easy. They don't even need to SEE the file itself or its contents, they can tell from your description of where it came from.
You only need antivirus if you run a network where the users deliberately "forget" their training. Unfortunately, that's most corporate networks. Therefore most corporations do "need" it. That's their own problem for running systems that allow execution of arbitrary programs for normal users. It shouldn't be required EVER in a corporate environment unless they are on the development team. Bring back the good old days of "Press 1 for receipts, 2 for stock control, 3 for staff databases"... by restricting the interface, you restrict the possibilities.
Number of viruses I've had - zero. Number of viruses witnessed first-hand - hundreds of thousands. Number of machines cleaned for other people - hundreds. Number of antivirus programs installed on those computers - hundreds. Number of effective antivirus programs when used on novice user's computers? Zero. Number of antivirus programs installed on any OS on my own personal machines - zero.
What do I do when I need to check someone's computer? Free virus checkers RUN FROM KNOWN-GOOD, CHECKSUM-VERIFIED executables stored on READ-ONLY media of my own. See. The rules apply even then. Amazing, isn't it?
I have seriously removed more antivirus programs than the number of computers I've fixed. They are an absolute waste of time as they are only "after-the-event" - they hardly detect any "real" viruses, if they do detect them, they can't clean them or remove them effectively. And, besides, it's too late by the time an antivirus program spots something - it's already running. Most AV are easy for viruses to disable or fool anyway, so they are just false psychological reinforcement for novice users. Once users are SHOWN that the AV did absolutely nothing to stop the virus they just got, I ask them if they want to renew it next year (so that they remember come the time). I have dozens of people who ask me to remove it there and then and put something "that works" on. I tell them it doesn't work like that, but I can install a free antivirus and at least save them some money, if not save them completely from viruses.
It's amazing the amount of people I've dealt with who are shocked that:
1) The expensive antivirus that they've been paying every year for has never really worked properly and they've had viruses all along. Or hasn't updated in five years. Or says it's updating and isn't. Or says it's running and isn't.
2) The same expensive antivirus is useless at detecting some stuff and useless at removing anything (the amount of times I've run "clean" only to have the same message pop up again on another file, repeated ad inifitum). Cleaning from within an infected operating system is very difficult (I've done it successfully many times but never with an automated antivirus tool) and is only really any good if you absolutely CANNOT get the virus off any other way without losing data.
3) The same
By any reasonable definition, no, they don't. There have been a couple of extremely limited proof-of-concept viruses in the past few decades, which have infected approximately no one.
But it's not cheap. The cost is, in fact, huge.
Antivirus software is incredibly invasive, mucking about to do secret things in kernelspace, inserting itself into nearly every action performed by a machine. It takes substantial resources to accomplish this dubious goal, and alters the system in unpredictable ways.
The "more security is always better" rationale that you propose is too simplistic. Security measures must always be evaluated by comparing their benefits against their costs. Your estimation wildly exaggerates the (nonexistent) benefits of antivirus software while completely glossing over its substantial costs.
Antivirus software is categorically a foolhardy and dangerous thing to ever run on one's machine at all. The only strange edge case in which it represents an improvement is if one is using software like Windows, which is so wildly hole-ridden that security is expected to come from third parties. But even there, the correct solution is not to add more layers to shore up a quicksand foundation, but to simply replace it with a sane operating system.
It's not popularity that gives Windows such a vigorous viral ecosystem. It's Internet Explorer and "Active Content" and merging the desktop and the browser. In 1997 the virus situation on Windows went from something not much different from any other platform to something insane, all thanks to applications using COM and the HTML control, particularly Outlook and Explorer. Before then the very idea that software would even provide a mechanism to run untrusted code outside a sandbox ... no matter how that mechanism was hedged about with security dialogs and warnings ... was just bad science fiction. Nobody in the security business believed anyone could be so stupid as to implement that. I mean there was a virus hoax going around about a virus that could run just by *opening an email message*. It was a joke.
Then Microsoft implemented it.
This is such a fundamental design flaw that even the horrible security flaws that Safari seems to have borrowed from IE (like the idea of running installers after you download them) pale to insignificance in comparison. Hell, it makes Firefox's daft XPI installer seem sane.
Until Apple invents something as insanely stupid as this, I wouldn't worry too much.
All that says is Apples are overpriced.
America, Home of the Brave.
Not until Mac becomes a tall enough poppy to warrant the attention of virus writers. OSX isn't more secure, its just that no one cares enough to bother to find the holes in an OX used by girls.
Utilizing the synergization of benchmark e-solutions to pre-workaround action items!
Building a computer is cheaper than buying a prebuilt computer.
The exposure argument (more Macs results in more exploits) made in the article is flawed.
Mac OS X is already extremely exposed because it runs on many servers (connected to the internet).
Getting into a server is the real price money and very attractive to malevolent hackers.
It is even more exposed because lots of shared BSD code is also running on lots of servers.
Mac OS X is inherently more secure than whatever Windows OS. Not (only) because it is based on BSD which is designed to be secure, but because of the shared BSD (and even Linux) code.
Apple is like Microsoft doing its best to fix all security issues, but Apple is unlike Microsoft 'assisted' by a army of open source programmers that raise the issues within the shared open source code. So security is not a vendor issue alone as far as Mac OS X is concerned.
Apple has a roughly 8% market share, and other *NIX machines roughly 1%. Within the same order of magnitude.
So, when Linux and FreeBSD users start installing desktop AV software in droves, I'll start worrying about my Macs.
that Macs last and last and last.
I own a PowerBook G4, a G5 iMac, a MacBook Pro and a couple of BIG (2TB) external drives because they have LASTED that long.
My Linux box and my wife's XP box have both NEEDED WORK and I've got a spare ready to go for the next time they crap out. (As long as the drive is good, I can just swap it out, otherwise, I can recover from the network backup.)
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
You've got to be kidding right? Have you ever tried to open, say, a Mac Pro and a Dell, to take a look on how they're built? Did you notice the super solid, tight tolerances, and quality of the electronic components on an Apple? Did you notice how think and well machined is the Mac Pro aluminum case is? Dell, you've cables flying everywhere, massive use of plastic, super wide tolerances. Dell *may* cost less, but *sure* is cheaper value. And I'm talking about Dell, that is what I consider the second in the PC manufacturer arena as far as build quality is concerned.
Apple is gaining PC desktop market share by the day, and this is going to put Apple more on the spotlight for virus/malware writers. Forget about the funny "Nice Apple dude, and fat Windows whimp" ad spot, you definitely need AV on a Mac. And the more Apple is becoming relevant on the PC desktop market, the more the need is real.
Isn't this security by obscurity in a way? Whether you realize it or not, you're vulnerable regardless what OS you're running. Maybe not as vulnerable as Windows users, but there's a billion reasons for that. Since the perfect software/hardware platform has yet to be invented, I would strongly suggest using as much security as possible to protect your system.
Nobody should run anti-virus software. It doesn't really work most of the time, it fscks up your computer, and the real problem could be solved just by some user education and smart computing behavior. Servers that handle file transfers are the ones that should do virus scanning. A trusted source for getting files should be trustworthy in every regard - good security, virus scanning, etc.
At what price learning? At what cost wisdom? The price is a man's peace of mind, and the cost is his life.
On a mac, files that are downloaded off the internet are flagged as such and when you double-click them, if they're executable, a dialog box comes up asking you if you really wanted to execute that file, seeing as it's been downloaded off the internet. This is an effective enough safeguard I think.
If you just refuse to ever double click on anything, you are in the extreme minority. A double-click, for 99.999% of people, is easier than right-clicking and sifting through a list of applications. Right-clicking on a JPEG image on my mac, for instance, brings up basically a list of every single application I have.
than what you do know. I consider the anti-virus software I run on my Macbook Pro to be there more so that I don't have to keep constantly up to date with whatever might be happening in the world of security/vxers. Put it this way - you can go out in your car without a spare tyre or a can of tyre-weld or whatever. Yes, you're more than likely going to get to your destination - but there's an element of risk, just like running OSX without anti-virus software. Theoretically, you're not likely to get a virus in the current environment. That's not to say it's a dead cert, though.
More foo at http://blog.garysmith.org.uk
So I say lets make a Mac virus. That way, we can show those arrogant bastards! Who's with me!?