Slashdot Mirror
Should Mac Users Run Antivirus Software?
adamengst sends in an article from TidBITS in which Macintosh security expert Rich Mogull explains why he doesn't use antivirus software on the Mac, and why most Mac users shouldn't bother with it either. The article also touches on the question of when an increasing Mac market share might tip it over an inflection point into more active attention from malware writers. (Last month Apple had 14% of PC sales, but 25% of dollar value.)
What's my explanation for your perfectly good logic? Mac users have a false sense of security (see ensuing posts about Mac security totaling Herculean proportions).
My work here is dung.
Ha. I already don't run AV on the PC either.
Well tell me why I really need to? I mean I have it installed, but I certainly don't have that stupid active scanning thing turned on. So when I open a file, my computer really needs to open it twice? Bull.
I get my mail from gmail (so attachments already scanned there). I use FireFox (so little chance of infection there). I do scan things that might possibly contain a virus -- anything from a usenet newsgroup or from P2P (which is only a few executables ever anyway); And I do let it scan the whole thing once a week (and never finds anything I didn't already know about, of course).
And you know what? My old computer running Win2K runs faster than most any new computers out there with AV turned on. To date, I've never been bitten by any viruses.
"They said I probly shouldn't fly with just one eye," "I am Bender. Please insert girder."
I used to work at a computer lab that was all Macs at a school. For a short while we didn't run any AV software on the machines--until we started getting complaints from other departments that files that were coming from us had viruses. Turns out that Office for Mac is a perfect vector for all those pesky macro viruses that would find their way onto machines. It wasn't incredibly serious, but it was enough to get us to put AV software back on the Macs.
This guy's the limit!
And how is the antivirus going to catch the problem when it first appears? When large scale OS-X viruses start appearing the existing AV software won't recognize them or know how to handle them. The software needs to have either a signature of known viruses or a heuristic that catches likely viruses. Without a large pool of OS X viruses it would be next to impossible for any AV software to protect against future threats. AV software is reactive security, not proactive. The only thing an AV program before then will do is protect against some older Mac OS virus and help avoid passing windows virus, that and decrease performance and increase energy usage. As the article says the best thing to do is be smart about how you use the computer and keep abreast of any changes. Because of their limited numbers any notable Mac viruses will get reported soon after they are found, at which point it may be worthwhile reconsidering the use of AV software. Just because there is not such thing as a secure computer doesn't mean that best way to balance the risks / cost ratio for all systems is the same.
The right question is "Should Apple take security more seriously?" YES and "Should Apple be more proactive in dealing with security issues?" YES. "Should Apple be closely following the tactics of various malware propagators and bot net operators?" YES.
Bringing the Anti-virus & Registry Cleaner snake oil salesmen to the Mac isn't going to do anyone any good.
Having said all that I used to use clam but never reinstalled it when I move to Leopard...
Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
I note that Leopard Server runs ClamAV by default, and does so without user intervention. Of course the mission for the server release is different from that of the desktop, and there may be an expectation that you'll be interacting with Windows at some point. It's capable of supporting Windows clients, and for that you should have an AV suite. It would be beyond foolish not to have one.
Still, many people interact with Windows from their client Macs too, but not everyone. Windows is not a part of my life, for instance.
Apple obviously felt it necessary to include an AV suite for the server release. They've tailored it for the OS, so why not ship it by default with the client release as well? Perhaps because they feel it isn't necessary, and they're choosing to err on the side of fewer wasted cycles for the majority of their users? I suspect that if a bona fide threat to OS X ever does appear ClamAV will be made available for the client release via Software Update the next day.
Especially when you start talking upgrades they seem to be pricey. Looking at an iMac right now they want $500 to go from 1GB (the default and minimum) to 4GB. Hop over to Dell and going from 512MB (default and minimum) to 4GB is only $170. Now yes, I realise you can buy aftermarket parts, but that defeats part of the point of getting an OEM system and certainly an Apple: support. You get everything from the OEM, they are your one stop for support, particularly with Apple who also makes the OS. You start buying aftermarket, that is no longer the case.
Now that aside, the other problem I find is that while their prices are often comparable for a system at a given point, they don't actually offer what many want. The towers are a good example. Yes, actually, their towers are fairly competitive pricewise when you spec out a similar Dell workstation with dual quad cores, lots of registered ECC RAM capacity, and so on. However the problem is what if I don't want that? What if I want a single quad core (or dual core), non-ECC RAM, and so on? There's plenty of cases where this is a much better option.
Let's say I don't have software that scales up to 8 cores. This is fairly common these days. So let's say I'd like a quad core with 4GB of RAM. If I go the Apple tower route, $2800 is the price for that. That isn't unreasonable, since it is a single Xeon, with support for a second one, and registered, ECC RAM, which is really expensive. However, Gateway (or I suppose MPC now since they bought Gateway's business division) would be happy to sell me a E-6610Q with similar specs (HD, video, etc) for about half that ($1300).
Now the thing is, the sort of system I listed is quite useful. We buy a good number of them here (that's why I know about it) for research. There's a lot of cases where someone wants a system that has a good processor, plenty of RAM (we often get 8GB even, which is still cheap) but just really doesn't have use for a full on workstation class system. This is even more true now that processors have gone multi-core. While 8 cores is great, there are just a lot of things that are hard to write to make use of that many. So if you aren't using more than 4, the second processor, and all the associated cost, isn't useful.
That is the main reason I'd say Apple isn't competitive on price. A mid range tower is something that there is a whole lot of market for, but they just don't sell. If you don't want an all in one, your only option is super high end. If you don't have a need for the extra hardware, that is just money wasted.
Same goes for people at home. For example I like to play games. An all in one wouldn't work for me. Sure, I could get a similar monitor (24" widescreen), CPU (Core 2 Duo) and RAM (4GB) to what I have. However I can't get the graphics card I have, and I can't ever upgrade it. That is a show stopper right there, since the core of the system will last a good deal longer than the video card. It'd be a waste to buy a new system when only one component needs updating. Likewise the monitor will outlast the system, again a waste to upgrade.
That's my objection to the argument that Apple is a good value for equivalent hardware. That is true in a narrow sense sometimes, but given that they don't have a solution for a large number of people, it isn't true over all.
We run Sophos Anti Virus at my company since it runs on Mac OS and Windows. We've actually caught Windows viruses on removable media from home users and alerted them about their infection.
In theory, that user went home and dealt with the problem - maybe preventing an issue for someone else down the road.
We also caught a virus on a BRAND NEW digital picture frame. Again, it was a windows virus, but we may have prevented a windows infection by detecting it on a Mac.
If everyone was diligent about security - including those that "don't need to be concerned", we might have less of this crap floating around.
-ted
A lot of companies run antivirus software even on their high end Solaris and AIX machines. Not because there is a likelihood of a RTM worm repeating itself, but because of legal reasons. A lot of corporate clients require their vendors to "have antivirus protection on all computers", a very wide and sweeping statement.
One reason I can see putting AV on a Mac is so people (and companies) can check this box, saying that all their machines that handle customer data have antivirus protection installed, even if the utility is just triggered from a cronjob that does a scan down the filesystem for infected Windows files every so often.
Historically, before OS X, Macs did have some viruses, although relatively few of them were malicious. Before Word macro viruses became common, John Norstead's Disinfectant was one of the more used anti-virus utilities that offered not just scanning, but in memory protection.
There's a reason I have a "bad things can't happen to me" attitude. I've been using the Mac for twenty years, and have never had a virus. Or adware. Or malware. Or any of that other stuff everyone else apparently has to worry about. I've been online constantly since the early 90s, I even surfed bareback in Mac OS 9. Nothing.
Recently I converted a friend to the Mac. She was at her brother's house, and wanted to download pictures off his camera. He offered to get the CD for drivers, and she said she didn't need it. His reply was that she had become "one of those smug Mac users." She said she then realized why people like me are always dismissed by people like you. Its like you can't believe that my reality is what it is, and has been for a long time. Do I take security seriously, yes. Strong passwords, SSL connections, and other ways. A good security policy does not have to include AV ware. And until there is some report somewhere of an actual in the wild Mac virus/adware/malware attack, I will continue to run my Macs without any third party "solutions" that often do far more harm than good to your mac.
So don't worry about me too much.
oh, and there is a reason to leave to doors unlocked. to remind yourself to not always live in fear.
Be kind, for everyone you meet is fighting a difficult battle. - Plato
That it isn't that I don't like it. There are two big problems:
1) There is a major segment of the market that Macs don't cover. Basically anyone who doesn't want an all-in-one, but doesn't want or can't afford a high end workstation. They have no offerings for that market. If I was the weirdo for wanting that, I'd be ok with it, but that is the major market out there. There's a whole lot of reason to want a computer like that. For example in our instructional labs, we can't afford high end workstations, not when we are getting 50 computers, nor do we have a need for that power. However an all-in-one is a bad idea. Why? Because monitors last a lot longer than computers. One of our labs has undergone two upgrades to the computers but is still using the same monitors. Eventually they'll have to be replaced, but LCDs last a good long time.
This is a real good thing, because generally it is a situation like "You have $50,000 to spend on the lab." Ok, that's $1000 per computer. Well, $150 not spent on a monitor is $150 that can be spent on a faster processor or more memory and so on. No reason to replace a perfectly good monitor just because the computer is out of date. It is a non-trivial part of the budget that would have to be spent on even a fairly small monitor.
2) All the arguments that macs are "good value for the money." No, they aren't for most people. Most people don't want a workstation, if they did, that'd be the big sales from most companies. However there is very little software that can even make use of all that, let alone people who use it. It isn't a good value to most people so the argument is bogus. It is like trying to argue that an BMW R8 is a "good value" for a normal car. No, it's not. It may be a good value for a performance luxury car, however most people aren't after that. While it may well justify it's $100,000+ price tag, that doesn't change the fact that it is $100,000 and more car than most people need or can afford.
That has always been one of Apple's value problems is this bundling of things people don't need. It isn't that nobody needs them, just that most peopel don't need them. However it raises cost a lot and thus makes it not a good deal for the majority of people. I wouldn't call a Precision Workstation a good deal over all either. If you need those features, ok you get a good price for them, but it still is high priced. You pay a big premium for things like 2 processors and more than 8GB of RAM. It isn't a case where 8GB = $X and 16GB = $2*X. It is more like 16GB = $5*X or $8*X. You aren't doubling the cost to get these things, you are more than doubling it. What's more, they don't double performance. 8 cores are not twice as fast as 4 other than very special cases. As I said, there's precious little that can use all that, and even some of the apps that can (like say a good DAW) don't really have a use for it in most situations. Likewise getting more RAM doesn't help performance unless you actually have apps that need it. Just having more sitting there doesn't help.
There are plenty of cases with PCs where I give the advice of "Don't go above this unless you really need it because it incurs a big premium." The problem with Macs is, you just don't have that option. You want a tower? You get a bunch of expensive hardware, need it or not. Thus it really isn't a good value for most people.