Slashdot Mirror
Should Mac Users Run Antivirus Software?
adamengst sends in an article from TidBITS in which Macintosh security expert Rich Mogull explains why he doesn't use antivirus software on the Mac, and why most Mac users shouldn't bother with it either. The article also touches on the question of when an increasing Mac market share might tip it over an inflection point into more active attention from malware writers. (Last month Apple had 14% of PC sales, but 25% of dollar value.)
Say it isn't so. Everyone knows macs are just as cheap as PCs!
"but money is the God of Algiers & Mahomet their prophet." - Rich. O'Bryen June 8th 1786
It's called a Disk Image. If you have it mounted, then you can scan it with any anti-virus program. There's no reason not to use anti-virus on Macs. ClamAV is free and works quite well.
Short answer: Yes
Long answer:
If your Mac runs MS-Office software or other cross-platform software that has infectable data files, you are vulnerable to some Macro viruses.
If your Mac can run MS-Windows binaries you may be vulnerable to some Windows viruses.
If your Mac hosts files on a mixed network your Mac should protect itself from hosting infected files.
So, unless you've got an all-Mac/no-Windows network or your Mac doesn't run or host Windows files, AND you do not run any cross-platform files that have infectable data files, you should protect yourself and your network.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I've been running ClamXav, http://www.clamxav.com/ , for a long time. I normally don't run full scans, but I do use the Sentry ability on any download directories. So anything I download is scanned. Nothing so far :)
15 years of no viruses, no malware, etc. The secret? No secret, just avoid being stupid. AV software is like driving a car with the intention of crashing it all the time, but wearing a seatbelt and thinking everything's OK.
The twitter monologues. Click on my homepage and be amazed.
What's my explanation for your perfectly good logic? Mac users have a false sense of security (see ensuing posts about Mac security totaling Herculean proportions).
My work here is dung.
There's no reason not to build a nuclear bomb shelter either, except that most people don't need it, it won't work and it's a waste of money. Now that I think about it, there are more reasons to build a shelter than there are to run AV on modern *nix derivatives. AV programs are a terrible performance drain on the one system that needs it but is never really protected by it.
http://slashdot.org/comments.pl?sid=216934&cid=17629948
Ha. I already don't run AV on the PC either.
Well tell me why I really need to? I mean I have it installed, but I certainly don't have that stupid active scanning thing turned on. So when I open a file, my computer really needs to open it twice? Bull.
I get my mail from gmail (so attachments already scanned there). I use FireFox (so little chance of infection there). I do scan things that might possibly contain a virus -- anything from a usenet newsgroup or from P2P (which is only a few executables ever anyway); And I do let it scan the whole thing once a week (and never finds anything I didn't already know about, of course).
And you know what? My old computer running Win2K runs faster than most any new computers out there with AV turned on. To date, I've never been bitten by any viruses.
"They said I probly shouldn't fly with just one eye," "I am Bender. Please insert girder."
And if Rich Mogull is arrogant enough to believe he doesn't need it, then he shouldn't be calling himself a security expert. The fact is that virused propagate for two reasons:
1. Because an exploited security hole in the OS let's them get in and out, and
2. Because the virus has a similar enough system to propagate to.
Yep, Windows has security holes (but then so has OS X) but the greater issue is that Windows own levels of high compatibility going right from DOS up to Vista means that a well-written virus will probably be able to run on just about any PC.
Switch to a Mac, and you still have a population of similar-enough machines across which a virus can also propagate and it is very dangerous to assume anything otherwise.
Gentoo Linux - another day, another USE flag.
I think it depends what kind of user are you talking about.
If a user is careful about not downloading programs from random sites and installing those, as well as careful in opening email attachments.. i think one should be good to go without antivirus on most of the OS's not only OS-X
OTOH, if one just open every email attachment (s)he gets.. then even antivirus can not help sometimes (e.g. against some new vulnerability)
IMHO Mac users who send out files to people should probably use a virus checker. It's just polite. The fact that something can't cause damage to your machine doesn't mean you shouldn't check it to make sure it won't hurt someone else's I'm kinda being hypocritical here, seeing as in my years running Macs and Linux boxes, I've rarely run virus checkers, but then again, I hardly forward email and almost never deal with attachments.
Just because it won't effect you doesn't mean it won't effect someone you know. Now here's where everyone will start saying, "it's teh windoze uzer's own fault! Dey shouldn't be so dumb!" but seriously people, if you want to show people that Unix is a better choice, show them by helping, not by hurting.
"Don't meddle in the affairs of a patent dragon, for thou art tasty and good with ketchup." ~ohcrapitssteve
I used to work at a computer lab that was all Macs at a school. For a short while we didn't run any AV software on the machines--until we started getting complaints from other departments that files that were coming from us had viruses. Turns out that Office for Mac is a perfect vector for all those pesky macro viruses that would find their way onto machines. It wasn't incredibly serious, but it was enough to get us to put AV software back on the Macs.
This guy's the limit!
If there were widespread vulnerabilities in OS X the way Windows does, wouldn't someone want the bragging rights to say that they wrote the first OS X virus?
A sentence you'll never see on an Internet discussion board: "You know what? You're right."
Macs dont have viruses.
.. browse files, launch whatever apps you feel like. When you go to a PC store or section within a store .. the PCs are always locked down and have a demo running on it. It just seems to me like Apple is rightfully confident malware can't run on the Mac.
If you go to an APple retail store you can play with the Macs, get on the internet
That will hopefully start to change now with Vista, but IMO it should have been forced in the Windows 2000 timeframe. We'd all be better off.
The twitter monologues. Click on my homepage and be amazed.
This is just a teeny-weeny bit unreal. Close inspection reveals that the cited article refers to US-based PC retail sales.
There is more to the world than the US. And there's more to sales than retail sales. Apple has much lower sales penetration in Europe and Asia, and it has much lower sales in the commercial sector. Apple might be on enjoying a renaissance, but don't be fooled by inappropriate statistics.
One thing that worries me is I see a lot of Mac users who have the "Macs can't have bad things happen to them," attitude. This is dangerous in general, but particularly with Macs becoming more popular. In general it is just bad because it leads to lax security policies. For example we got a notice here that a computer was doing bad things. Tracked it down, it was a Mac. We disconnected it and found the owner. Their response? "But Macs can't be hacked!" Ya well turns out they can if you are dumb enough to have a world writable FTP server with the root directory of /, which is what this idiot had done. I don't even know that it was being used for anything other than a public warez FTP, but still, the point is MacOS couldn't defend against extreme stupidity.
So I think it is a good idea for Mac users to run AV scanners, and other security tools, just in case. Even if you've never found anything, better to have a good security policy than to end up being sad later on.
Think of it like having a house in a good neighbourhood: Just because your place has never been broken in to, doesn't mean you should leave the door unlocked. Sure it might not be common where you live, but that doesn't mean it is impossible. Practise good security and it isn't a problem.
I take the same view with computer security. I mean for that matter I've never had a virus on my Windows system, and I don't find it likely that I will. I don't do the sorts of things that are going to get you infected. However, I am going to be safe about it, rather than being sorry that I was arrogant in assuming my knowledge made me invincible.
The right question is "Should Apple take security more seriously?" YES and "Should Apple be more proactive in dealing with security issues?" YES. "Should Apple be closely following the tactics of various malware propagators and bot net operators?" YES.
Bringing the Anti-virus & Registry Cleaner snake oil salesmen to the Mac isn't going to do anyone any good.
Having said all that I used to use clam but never reinstalled it when I move to Leopard...
Nothing in the world is more dangerous than sincere ignorance and conscientious stupidity.
I note that Leopard Server runs ClamAV by default, and does so without user intervention. Of course the mission for the server release is different from that of the desktop, and there may be an expectation that you'll be interacting with Windows at some point. It's capable of supporting Windows clients, and for that you should have an AV suite. It would be beyond foolish not to have one.
Still, many people interact with Windows from their client Macs too, but not everyone. Windows is not a part of my life, for instance.
Apple obviously felt it necessary to include an AV suite for the server release. They've tailored it for the OS, so why not ship it by default with the client release as well? Perhaps because they feel it isn't necessary, and they're choosing to err on the side of fewer wasted cycles for the majority of their users? I suspect that if a bona fide threat to OS X ever does appear ClamAV will be made available for the client release via Software Update the next day.
Yes/no. While you can run as a non-admin user on Windows, many apps won't work this way. At a minimum many require Power User access (I think that is the group). I set up my in-laws to use a non-Admin and they cannot access their Kodak camera unless they switch to Administrator (which they do and tell it to download, and then switch back to their regular user). They rarely install apps, but if they need to, again, they just switch to Administrator (showing them how to "Run As" is harder than just having them switch users). I can't recall the rest of the apps, but a number of customers cannot run as a non-local administrator.
Especially when you start talking upgrades they seem to be pricey. Looking at an iMac right now they want $500 to go from 1GB (the default and minimum) to 4GB. Hop over to Dell and going from 512MB (default and minimum) to 4GB is only $170. Now yes, I realise you can buy aftermarket parts, but that defeats part of the point of getting an OEM system and certainly an Apple: support. You get everything from the OEM, they are your one stop for support, particularly with Apple who also makes the OS. You start buying aftermarket, that is no longer the case.
Now that aside, the other problem I find is that while their prices are often comparable for a system at a given point, they don't actually offer what many want. The towers are a good example. Yes, actually, their towers are fairly competitive pricewise when you spec out a similar Dell workstation with dual quad cores, lots of registered ECC RAM capacity, and so on. However the problem is what if I don't want that? What if I want a single quad core (or dual core), non-ECC RAM, and so on? There's plenty of cases where this is a much better option.
Let's say I don't have software that scales up to 8 cores. This is fairly common these days. So let's say I'd like a quad core with 4GB of RAM. If I go the Apple tower route, $2800 is the price for that. That isn't unreasonable, since it is a single Xeon, with support for a second one, and registered, ECC RAM, which is really expensive. However, Gateway (or I suppose MPC now since they bought Gateway's business division) would be happy to sell me a E-6610Q with similar specs (HD, video, etc) for about half that ($1300).
Now the thing is, the sort of system I listed is quite useful. We buy a good number of them here (that's why I know about it) for research. There's a lot of cases where someone wants a system that has a good processor, plenty of RAM (we often get 8GB even, which is still cheap) but just really doesn't have use for a full on workstation class system. This is even more true now that processors have gone multi-core. While 8 cores is great, there are just a lot of things that are hard to write to make use of that many. So if you aren't using more than 4, the second processor, and all the associated cost, isn't useful.
That is the main reason I'd say Apple isn't competitive on price. A mid range tower is something that there is a whole lot of market for, but they just don't sell. If you don't want an all in one, your only option is super high end. If you don't have a need for the extra hardware, that is just money wasted.
Same goes for people at home. For example I like to play games. An all in one wouldn't work for me. Sure, I could get a similar monitor (24" widescreen), CPU (Core 2 Duo) and RAM (4GB) to what I have. However I can't get the graphics card I have, and I can't ever upgrade it. That is a show stopper right there, since the core of the system will last a good deal longer than the video card. It'd be a waste to buy a new system when only one component needs updating. Likewise the monitor will outlast the system, again a waste to upgrade.
That's my objection to the argument that Apple is a good value for equivalent hardware. That is true in a narrow sense sometimes, but given that they don't have a solution for a large number of people, it isn't true over all.
We run Sophos Anti Virus at my company since it runs on Mac OS and Windows. We've actually caught Windows viruses on removable media from home users and alerted them about their infection.
In theory, that user went home and dealt with the problem - maybe preventing an issue for someone else down the road.
We also caught a virus on a BRAND NEW digital picture frame. Again, it was a windows virus, but we may have prevented a windows infection by detecting it on a Mac.
If everyone was diligent about security - including those that "don't need to be concerned", we might have less of this crap floating around.
-ted
Since they are less aware of their system's vulnerabilities... And the odd quircks of Mac OS X where a file can be named Document.doc and have a Word icon, yet be a perfectly valid double-clickable executable, or have a malicious resource fork attached to it...
Obama likes poor people so much, he wants to make more of them.
A lot of companies run antivirus software even on their high end Solaris and AIX machines. Not because there is a likelihood of a RTM worm repeating itself, but because of legal reasons. A lot of corporate clients require their vendors to "have antivirus protection on all computers", a very wide and sweeping statement.
One reason I can see putting AV on a Mac is so people (and companies) can check this box, saying that all their machines that handle customer data have antivirus protection installed, even if the utility is just triggered from a cronjob that does a scan down the filesystem for infected Windows files every so often.
Historically, before OS X, Macs did have some viruses, although relatively few of them were malicious. Before Word macro viruses became common, John Norstead's Disinfectant was one of the more used anti-virus utilities that offered not just scanning, but in memory protection.
The only reason I require folks to run antivirus software on the Mac is because of Microsoft products. We have had several macro viruses spread across campus through the sharing of Microsoft Office documents.
Never ask for directions from a two-headed tourist! -Big Bird
This is exactly how many bars, nightclubs, and restaurants operate. They have a list of "undesirables" (usually with pictures) who have caused problems in the past who aren't allowed in. Bouncers and maître d's are supposed to know the faces on the list.
It's not perfect, but blocking 95% of the problem is better than blocking nothing.
--
I stopped using AV on Windows machines about 10 years ago, and have not had any malware problems since then. (aside from some opt-in spyware that used to come with free software, which I promptly removed myself) The performance hit from the large AV footprint was to onerous to handle anymore. I used to work in a computer shop, and the AV software really didn't seem to be protecting any of my users anyways. Fully patched and updated systems would still come in riddled with trojans and spyware. The newest class of malware is simple too evasive, using multiple attack vectors and social engineering to overcome most system protections. The only thing I do now is follow 'best practices'. Don't click on links in unfamiliar emails, pay attention to the the URLs that links are taking you to, close or endtask dialogue boxes from websites (and acutally read them), and use a resident registry modification monitor to see if something is changing startup files(I use Spybot). And most of all, have multiple backups of anything you have that you don't want to lose forever. If you are still getting viruses, you probably are doing something stupid.
``No one wants the Microsoft solution where applications need to be certified to run.''
Actually, I do want that solution, and I've advocated it before. What is important, though, is that you can choose your own trust providers (so that the control is not all in a single entity's hands).
Interestingly, this is pretty much what things like apt-get give you. Provided you only install software through apt-get, you get to choose your trust providers (by adding repositories to sources.list), and you can then only install software that has been approved by them.
It works for me. I have about 20000 packages to choose from. They cover my needs. All of them are free software, and none of the ones I have installed have displayed malicious behavior. Did I mention that apt-get also graciously handles dependencies, and makes keeping the system up to date really easy and quick?
Please correct me if I got my facts wrong.
I have both Norton AV and Clamav running on Mac systems. There are only a few pieces of malware for Macs (non-potent) now but since we have share files and data between other OS we need to scan files that we get from them which can be infected even they won't really affect the Mac. If you have virtualization programs like Parallels or VMware and have Windows, an piece of malware can infect the virtual OS. Remember the recently VMware announced an vulnerability in VMware where the guest OS can affect host OS.
http://www.vmware.com/security/advisories/VMSA-2008-0005.html
The worst stuff from email with sends all of us junk that hopefully that the mail server will filter out most malware but your system will need to filter any leakers that pass through the mail server.
We have been under the radar of most of the malware writers but as Mac gets more popular we will get a dose of Windows malware pain sooner or later.
Running AV all the time is like walking around all the time wearing a condom, just in case you have sex with a hooker.
Build a man a fire, he's warm for one night. Set him on fire, and he's warm for the rest of his life.
Anti virus sotware is a waste of time and money.
I'm using a Mac, and I also use Windows on the same machine via Parallels Desktop.
Personally, I don't run any anti virus software at all. It's installed; I do a scan perhaps every few months, and it's not found any viruses on either the Mac side or the Windows side in over a year. I certainly don't have any 'always on auto protect' crap turned on.
I really do think anti virus software generates the false impression that you're protected, when in fact people need to start taking more responsibility for what they do online. I'm in favour of any software that helps people make decisions about the sort of sites they are accessing. Just look at the Firefox 3 beta for an example.
But anti-virus software? It's resource hungry and expensive. Honestly, don't bother. Just know what you're downloading and take proper precautions. And help others do the same.
"We live in a global world" - Harvey Pitt, former Securities and Exchange Commission Chairman
...don't need to run antivirus software. Period. In fact, I view AV software as malicious code itself. Look at all the problems it causes, and the cpu and disk cycles it wastes scrawling through its heuristics and signature list on disk and memory access.
AV is an attempt at a technical solution to a user stupidity issue. If you don't do dumb shit, you don't get infected.
I'm not talking about worms (which AV does nothing about). I'm talking viruses, trojans, spyware, and the like.
- Run in a "normal" user account, as opposed to administrator. If you need to do something administrative, it simply prompts you for an admin name and password. That's easy enough to do on the rare occasion that it's needed. Most things that "normal" users need to do are possible without admin privileges due to the well thought out design of the OS.
- Only execute software that appears to be from a reputable source. This is easy enough to do because Mac OS X warns you whenever you try to run a program that was downloaded.
- Back up your data frequently! This is a good thing to do on any computer, whether Mac, Windows, Linux, *BSD, or the world's most widely used operating system, Sendla. But on a Mac with Leopard, it's easy. Just get a Firewire or USB drive, plug it in, tell it to use that for backups, and that's it. Just remember to plug it in once every few days.
Beyond that, if, by some extremely rare circumstance, you happen to be an unlucky enough soul to actually get a virus on a Mac, just blow everything off the hard drive, reinstall Mac OS X, and restore your crap from the Time Machine backup.There is no need to run some stupid garbage virus protection software. All those programs do is sit around, waste resources, slow your whole system down, and fail to recognize any real viruses while your PC endlessly grinds away with thousands of spam/spyware/adware/viruses, and runs at speeds that make snail mail look like subspace communications.
Current AVs rely on databases of known definitions. With few definitions for OS X, and no current malware in the wild, there is no point to a database. Heuristics are shit, and easy to fool currently, also subject to false positives(a customer brought in a computer once where Norton was going off on DaggerFall's setup.ini, for example, but riddled with shit like sdbot that should have been caught), making the point moot. Great way to slow down your system and throw away some money, though!
www.isoHunt.com
[...] the damage is largely contained to the data in the user's directory.
True, but the user data _is_ the very thing you want to protect.
Feel free to mess up anything you find below C:\Windows, I'll at most be annoyed, everything in there can be replaced. However, the day you start leaking my personal data...
Yeah, that fame for creating a Mac virus would be great, until your bragging gets to the feds. I don't think most black hats are in it for the recognition, and if they are they're not in it for long.
Give me Classic Slashdot or give me death!
I don't even run AV software on my PC, and I've yet to encounter any problems. I really don't see what the fuss is about.
Done with slashdot, done with nerds, getting a life.
The doom and gloom crowd has predicted Mac OS X would get overrun by virii and malware for 7 years now, so far very little in that direction has materialized. Status today is that there are no malware for OS X exists today. I just don't bother with anti-virus. Mac OS X is such a serene platform. It's funny to hear that the wolf is coming every 6 month or so. What happens? Nada, nothing whatsoever, zip, zilch! I enjoy the peace and quiet, I can spend time on being productive instead of thinking of malware. As for the Office macrovirii: Most often there is a Windows path in the instruction, such as C:\, no good on Mac.
My point was the over all mentality of "nothing bad can happen to Macs." This is an example of the extreme in stupidity, which is why I like to use it. The point is to not act like your platform is immune, but rather go to the other extreme and act like it is vulnerable. Even if it isn't, you secure against the case that it might be. It is the difference between proactive and reactive security. You can be reactive about things and wait until a problem happens, then cry about it, then fix that specific problem, then rinse and repeat. Or you can be proactive and try to head off security problem initially.
The antivirus software for OS X just isn't of the same quality as the antivirus software for Windows. I'm not going to make any judgments on the overall quality of Windows antivirus software, and I'm not saying this to disparage those who write antivirus software for OS X, but I don't think the antivirus vendors treat security on OS X seriously. I can't really blame them for this. After all, the OS X market is much smaller than the Windows market, OS X users are less likely to purchase antivirus software, and they're barely keeping up with the current Windows malware as is.
As a result, the OS X antivirus products tend to be buggy. A few years ago I was supporting customers who were running Norton on OS X. I commonly ran into two problems with the software. First, the uninstaller which shipped with the software didn't work. It failed to detect the presence of Norton on the system, even though it had been installed using the installer program on the same CD. Luckily the manual removal process wasn't that hard. This wouldn't have been a problem if I didn't have to uninstall it so often. The software would occasionally decide to take up all of the available RAM and CPU time. I can only assume that it was scanning either network traffic or running processes, because this did not correspond to hard disk activity. In one particularly nasty case, a user with both Limewire and Norton set to open at login on an iBook could not use the computer at all. It took an excess of fifteen minutes to log in, open a Finder window, navigate to the Utilities folder, and open Activity Monitor. Turns out that Limewire was doing something that Norton didn't like, but it was Norton that was causing the problem.
Norton also had a particularly nasty false positive which hit many of my users. Most of them kept their cool and called in for advice, but some of them hit the panic button and started reformatting their systems. Because of the performance problems, the fact that the users didn't really see any benefit to the antivirus software to begin with, and other small problems like this one, users would frequently install Norton and then come back a month later and ask it be uninstalled because it kept slowing down their system.
Switching them to McAfee didn't really resolve the issue. McAfee would launch at login and try to update the current virus definitions. More often than not, this would fail. McAfee initially claimed that this was due to their update servers' poor availability. The Windows version of McAfee was having update issues as well, so it was a plausible explanation. However, the OS X machines continued to not get new updates for months after the availability issues subsided. Turns out that updating didn't work correctly in what was then known as Virex. A few months later, McAfee issued a patch which had to be manually installed to fix the issue. The uninstaller for McAfee actually works, but isn't very user friendly. It's just a shell script which uses sudo to perform some actions. From a tech support point of view, I love how quick and easy it is. If I have remote access to a machine, I can uninstall McAfee. However, it's not a very good soloution for normal users. I've had to field a fair amount of support calls which basically boiled down the users, not seeing bullets being displayed when they entered their passwords, assumed that their passwords were not being entered. So while McAfee doesn't have as many annoying problems as Norton had, they didn't throughly test their updating code, took a long time to come out with a patch, and didn't bother to put together a GUI installer.
Because OS X antivirus software just isn't a priority for the antivirus vendors, it's hard to advise a user to install an antivirus product on their Mac. Considering that every solution I've tested seems incomplete, I find it hard to believe that the designers of these products have sat down and had a hard look at how malware would take advanta
That it isn't that I don't like it. There are two big problems:
1) There is a major segment of the market that Macs don't cover. Basically anyone who doesn't want an all-in-one, but doesn't want or can't afford a high end workstation. They have no offerings for that market. If I was the weirdo for wanting that, I'd be ok with it, but that is the major market out there. There's a whole lot of reason to want a computer like that. For example in our instructional labs, we can't afford high end workstations, not when we are getting 50 computers, nor do we have a need for that power. However an all-in-one is a bad idea. Why? Because monitors last a lot longer than computers. One of our labs has undergone two upgrades to the computers but is still using the same monitors. Eventually they'll have to be replaced, but LCDs last a good long time.
This is a real good thing, because generally it is a situation like "You have $50,000 to spend on the lab." Ok, that's $1000 per computer. Well, $150 not spent on a monitor is $150 that can be spent on a faster processor or more memory and so on. No reason to replace a perfectly good monitor just because the computer is out of date. It is a non-trivial part of the budget that would have to be spent on even a fairly small monitor.
2) All the arguments that macs are "good value for the money." No, they aren't for most people. Most people don't want a workstation, if they did, that'd be the big sales from most companies. However there is very little software that can even make use of all that, let alone people who use it. It isn't a good value to most people so the argument is bogus. It is like trying to argue that an BMW R8 is a "good value" for a normal car. No, it's not. It may be a good value for a performance luxury car, however most people aren't after that. While it may well justify it's $100,000+ price tag, that doesn't change the fact that it is $100,000 and more car than most people need or can afford.
That has always been one of Apple's value problems is this bundling of things people don't need. It isn't that nobody needs them, just that most peopel don't need them. However it raises cost a lot and thus makes it not a good deal for the majority of people. I wouldn't call a Precision Workstation a good deal over all either. If you need those features, ok you get a good price for them, but it still is high priced. You pay a big premium for things like 2 processors and more than 8GB of RAM. It isn't a case where 8GB = $X and 16GB = $2*X. It is more like 16GB = $5*X or $8*X. You aren't doubling the cost to get these things, you are more than doubling it. What's more, they don't double performance. 8 cores are not twice as fast as 4 other than very special cases. As I said, there's precious little that can use all that, and even some of the apps that can (like say a good DAW) don't really have a use for it in most situations. Likewise getting more RAM doesn't help performance unless you actually have apps that need it. Just having more sitting there doesn't help.
There are plenty of cases with PCs where I give the advice of "Don't go above this unless you really need it because it incurs a big premium." The problem with Macs is, you just don't have that option. You want a tower? You get a bunch of expensive hardware, need it or not. Thus it really isn't a good value for most people.
This isn't news, and especially isn't news for nerds... Windows, Linux, MacOS, it doesn't matter...
Don't run programs of which you don't know the origin (commercial games from big store - yes, hacked games from random illegal Internet site, no)
Don't let programs run automatically ever (autorun, activex in browser without prompts, email attachments etc.)
Don't run programs just because something in an email, on a webpage, on a game, tells you to - double check first.
Use only trusted, well known mediums to obtain the things you want, whether that's a game magazine or a download site.
You DO NOT NEED something running 24/7 and taking up CPU all the time, intercepting every disk access to stop you getting a virus. You just need to follow some simple rules. My girlfriend manages them with little to no training - never had a virus. If in doubt, you ask someone in the know. They will tell you if something is safe and should be able to do so over the phone or IM it's that easy. They don't even need to SEE the file itself or its contents, they can tell from your description of where it came from.
You only need antivirus if you run a network where the users deliberately "forget" their training. Unfortunately, that's most corporate networks. Therefore most corporations do "need" it. That's their own problem for running systems that allow execution of arbitrary programs for normal users. It shouldn't be required EVER in a corporate environment unless they are on the development team. Bring back the good old days of "Press 1 for receipts, 2 for stock control, 3 for staff databases"... by restricting the interface, you restrict the possibilities.
Number of viruses I've had - zero. Number of viruses witnessed first-hand - hundreds of thousands. Number of machines cleaned for other people - hundreds. Number of antivirus programs installed on those computers - hundreds. Number of effective antivirus programs when used on novice user's computers? Zero. Number of antivirus programs installed on any OS on my own personal machines - zero.
What do I do when I need to check someone's computer? Free virus checkers RUN FROM KNOWN-GOOD, CHECKSUM-VERIFIED executables stored on READ-ONLY media of my own. See. The rules apply even then. Amazing, isn't it?
I have seriously removed more antivirus programs than the number of computers I've fixed. They are an absolute waste of time as they are only "after-the-event" - they hardly detect any "real" viruses, if they do detect them, they can't clean them or remove them effectively. And, besides, it's too late by the time an antivirus program spots something - it's already running. Most AV are easy for viruses to disable or fool anyway, so they are just false psychological reinforcement for novice users. Once users are SHOWN that the AV did absolutely nothing to stop the virus they just got, I ask them if they want to renew it next year (so that they remember come the time). I have dozens of people who ask me to remove it there and then and put something "that works" on. I tell them it doesn't work like that, but I can install a free antivirus and at least save them some money, if not save them completely from viruses.
It's amazing the amount of people I've dealt with who are shocked that:
1) The expensive antivirus that they've been paying every year for has never really worked properly and they've had viruses all along. Or hasn't updated in five years. Or says it's updating and isn't. Or says it's running and isn't.
2) The same expensive antivirus is useless at detecting some stuff and useless at removing anything (the amount of times I've run "clean" only to have the same message pop up again on another file, repeated ad inifitum). Cleaning from within an infected operating system is very difficult (I've done it successfully many times but never with an automated antivirus tool) and is only really any good if you absolutely CANNOT get the virus off any other way without losing data.
3) The same
By any reasonable definition, no, they don't. There have been a couple of extremely limited proof-of-concept viruses in the past few decades, which have infected approximately no one.
But it's not cheap. The cost is, in fact, huge.
Antivirus software is incredibly invasive, mucking about to do secret things in kernelspace, inserting itself into nearly every action performed by a machine. It takes substantial resources to accomplish this dubious goal, and alters the system in unpredictable ways.
The "more security is always better" rationale that you propose is too simplistic. Security measures must always be evaluated by comparing their benefits against their costs. Your estimation wildly exaggerates the (nonexistent) benefits of antivirus software while completely glossing over its substantial costs.
Antivirus software is categorically a foolhardy and dangerous thing to ever run on one's machine at all. The only strange edge case in which it represents an improvement is if one is using software like Windows, which is so wildly hole-ridden that security is expected to come from third parties. But even there, the correct solution is not to add more layers to shore up a quicksand foundation, but to simply replace it with a sane operating system.