Should Mac Users Run Antivirus Software?

adamengst sends in an article from TidBITS in which Macintosh security expert Rich Mogull explains why he doesn't use antivirus software on the Mac, and why most Mac users shouldn't bother with it either. The article also touches on the question of when an increasing Mac market share might tip it over an inflection point into more active attention from malware writers. (Last month Apple had 14% of PC sales, but 25% of dollar value.)

No

[willyhill]

I don't use AV for Windows, either. At least not in "resident" mode. I have a scanner I use occasionally on stuff I download that I don't fully trust.

15 years of no viruses, no malware, etc. The secret? No secret, just avoid being stupid. AV software is like driving a car with the intention of crashing it all the time, but wearing a seatbelt and thinking everything's OK.

It's called a waste of time and cycles.

[Mactrope]

There's no reason not to build a nuclear bomb shelter either, except that most people don't need it, it won't work and it's a waste of money. Now that I think about it, there are more reasons to build a shelter than there are to run AV on modern *nix derivatives. AV programs are a terrible performance drain on the one system that needs it but is never really protected by it.

Just like Linux

[aitikin]

IMHO Mac users who send out files to people should probably use a virus checker. It's just polite. The fact that something can't cause damage to your machine doesn't mean you shouldn't check it to make sure it won't hurt someone else's I'm kinda being hypocritical here, seeing as in my years running Macs and Linux boxes, I've rarely run virus checkers, but then again, I hardly forward email and almost never deal with attachments.

Just because it won't effect you doesn't mean it won't effect someone you know. Now here's where everyone will start saying, "it's teh windoze uzer's own fault! Dey shouldn't be so dumb!" but seriously people, if you want to show people that Unix is a better choice, show them by helping, not by hurting.

Re:Then Rich Mogull Ain't No Security Expert

[reidconti]

Mac users really should stop being so blase about anti-virus software on their Macs because they should run it. snip

Switch to a Mac, and you still have a population of similar-enough machines across which a virus can also propagate and it is very dangerous to assume anything otherwise. Why? How dangerous? And how is it dangerous to assume otherwise?

Why should I spend my time, money, and CPU cycles on running AV on a system that has an essentially 0 rate of virus infection? I've got a firewall on my network, *and* I've got the host firewall running on my Mac. I read my email in GMail and almost never open documents in Office, except those that come thru my work mail (via Entourage), which is scanned at the corporate level anyway.

I back up my files, so I'm not at (too much) risk for data loss.

Maybe once there are *real* viruses out there for the Mac, I will reevaluate. Maybe I will be unlucky, be one of the first ones to be hit by a Mac virus in the wild and have to spend a few hours reinstalling all my apps and restoring from backups. But so far, if I ran AV, I'd just be investing real time and money into defending against an all-but-nonexistent threat. The cost/benefit just isn't there.

Re:Then Rich Mogull Ain't No Security Expert

[z4ce]

Any computer expert doesn't need anti-virus. As a matter of a fact, anyone remotely computer savvy doesn't need anti-virus. As long as you keep your patches up to date you're basically as secure as you can be from viruses assuming you don't allow the virus in.

If a virus is sophisticated enough to spread without user interaction chances are it spreads faster than definition files (e.g. SQL Slammer).

I have run without anti-virus for about 15 years or so and I have only been infected with two viruses. One from the MS-DOS days by leaving a disk in a computer and another that wasn't strictly a virus but malware from mistyping a domain. Malware that anti-virus wouldn't have detected or prevented anyway.

It seems like there are only two cases both of which anti-virus is pretty much useless for sophisticated users: 1) The virus is old. In which case it would require manual intervention to install into your system since a patch has been released. or 2) The virus is new. In which case the definition files won't catch it anyway. (yeah, I know heuristics.. but come on they never really work beside throwing false positives).

Good idea

[Sycraft-fu]

One thing that worries me is I see a lot of Mac users who have the "Macs can't have bad things happen to them," attitude. This is dangerous in general, but particularly with Macs becoming more popular. In general it is just bad because it leads to lax security policies. For example we got a notice here that a computer was doing bad things. Tracked it down, it was a Mac. We disconnected it and found the owner. Their response? "But Macs can't be hacked!" Ya well turns out they can if you are dumb enough to have a world writable FTP server with the root directory of /, which is what this idiot had done. I don't even know that it was being used for anything other than a public warez FTP, but still, the point is MacOS couldn't defend against extreme stupidity.

So I think it is a good idea for Mac users to run AV scanners, and other security tools, just in case. Even if you've never found anything, better to have a good security policy than to end up being sad later on.

Think of it like having a house in a good neighbourhood: Just because your place has never been broken in to, doesn't mean you should leave the door unlocked. Sure it might not be common where you live, but that doesn't mean it is impossible. Practise good security and it isn't a problem.

I take the same view with computer security. I mean for that matter I've never had a virus on my Windows system, and I don't find it likely that I will. I don't do the sorts of things that are going to get you infected. However, I am going to be safe about it, rather than being sorry that I was arrogant in assuming my knowledge made me invincible.

Re:Good idea

[nine-times]

Ya well turns out they can if you are dumb enough to have a world writable FTP server with the root directory of /, which is what this idiot had done. I don't even know that it was being used for anything other than a public warez FTP, but still, the point is MacOS couldn't defend against extreme stupidity.

So I think it is a good idea for Mac users to run AV scanners, and other security tools, just in case. Even if you've never found anything, better to have a good security policy than to end up being sad later on.

If you're dealing with users setting up poorly configured FTP servers, no AV scanner I've ever seen is going to keep them from doing that.

Re:There are differences between Windows/*nix

[jroysdon]

Yes/no. While you can run as a non-admin user on Windows, many apps won't work this way. At a minimum many require Power User access (I think that is the group). I set up my in-laws to use a non-Admin and they cannot access their Kodak camera unless they switch to Administrator (which they do and tell it to download, and then switch back to their regular user). They rarely install apps, but if they need to, again, they just switch to Administrator (showing them how to "Run As" is harder than just having them switch users). I can't recall the rest of the apps, but a number of customers cannot run as a non-local administrator.

Re:Then Rich Mogull Ain't No Security Expert

[pandrijeczko]

Deal with it Macs are very secure compared to PCs.

PS. If you mean "Windows" then say "Windows" rather than "PCs". I'm not getting into a "my brother is bigger than your brother" argument but my Linux PCs are probably far more secure than your Mac. That's because security is my job, I've a decade of Linux experience with an additional 15 years of UNIX experience and I am forever fiddling about with the bloody things to make them as secure as possible. If you do the same with your Mac(s) then good on you.

PPS. And before I get called a zealot, I also run a number of XP PCs with AVG Antivirus on them that also never get viruses because I watch where I surf, never install pirated software and never open an email attachment that I'm not 100% confident about.

You're kidding, right?

[Shadow-isoHunt]

Current AVs rely on databases of known definitions. With few definitions for OS X, and no current malware in the wild, there is no point to a database. Heuristics are shit, and easy to fool currently, also subject to false positives(a customer brought in a computer once where Norton was going off on DaggerFall's setup.ini, for example, but riddled with shit like sdbot that should have been caught), making the point moot. Great way to slow down your system and throw away some money, though!

Re:Nay!

[vux984]

let's compare shall we

Your link took me to a page featuring the inspiron line, from a A749 to a A1199 pc. Which are you talking about? I assume you've decided to compare to the A1199 because you mention it being only 50 more than the A1148 mini-superdrive.

So, right off the top, you've gone way outside the paremters for the challenge. The mac-superdrive is like the black macbook; it -is- overpriced for what you get relative even to the other macs. But ok, I'll run with it...

lets compare shall we:

bigger HD - check
better cpu - check
ram - check (although Vista needs more than Leopard, so that's a bit of a wash)
3d card - check
lcd incl. - check
dvi out - check (although its not clear the incl. lcd actually supports dvi)
os home premium - check

bluetooth - fail
wifi - fail
firewire - fail
gigabit - fail
optical audio connectors - fail

Hmmm... overall, I'd call that a fail. That's not to say its a bad unit, but it doesn't exactly come close to meeting the dell challenge I issued.

lets look at the base line mini "combodrive". for $50 less dell gives twice the hd space and a 19" monitor

That dell also ships with Vista home basic; there goes your $50 less. And its still 8x times the size. Getting that down is worth 175 (the value of an LCD) to a lot of people.

And the HD space; the value of that is pretty small even if you need it. And not everyone needs it. Its worthless if you don't fill it. I recently upgraded my parents PC, and after 6 years they still had less than 20GB of data (and that was after ripping their CD collection; so they won't keep growing at that pace unless they buy a video camera and start making movies). So for them whether the new unit has 80, 160, or 320 is pretty much a non-issue. They'll benefit from a faster CPU, they'll benefit from wifi... but not a bigger hard drive. And guess what, the mini is targeted at people like my parents. Its not a power-users PC.

so all you are paying for is the wank factor, thank you very much.

You must mean to say "instead of a faster CPU, more ram, bigger hard drive and bundling a cheap as dirt monitor" your dollars are instead being directed towards "faster networking, firewire, wireless network, bluetooth, and a much quieter and smaller form factor", at about the same price.

please stop spouting nonsense about mac's competing with pc's on price.

I would if you'd show me a PC with the -same- specs as a mac mini that's significantly cheaper. Showing me a PC which trades a bunch of the specs away in exchange for a faster CPU and bigger hard drive at the same price point just proves my point.

After you cram all those missing features back into a dell its going to cost quite a bit more. So you can either drop the LCD to bring the price back down, and then you've still got to credit the mac mini some $$$ for the value of beign 1/8th size... so there goes the value of your cpu/hard drive/ram upgrades.

At the end of the day the mac mini is very price competitive. But its true the specs it focusses its value proposition on aren't where dell emphasizes its value.