Slashdot Mirror
Apple Quietly Recommends Antivirus Software For Macs
Barence writes "After years of boasting about the Mac's near invincibility, Apple is now advising its customers to install security software on their computers. Apple — which has continually played on Windows' vulnerability to viruses in its advertising campaigns — issued the advice in a low-key message on its support forums. 'Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.' It goes on to recommend a handful of products." Reader wild_berry points out the BBC's story on the unexpected recommendation.
is this a scare tactic for apple to push some payfor software and get people to buy it. or have apple started to loose confidence in their operating system? or even worse, do they know something we dont? are they expecting an attack?
portfolio
Well what do they expect they start to get a larger market share they start to be the target of more blackhats.
https://www.speakservers.com/
I've been running Sophos on both my Macs for a year or so... Not so much because I felt I needed them... but because I come from the PC world and felt nekked without an AV program... and my work covers the license costs which made the decision a no brainer.
Interestingly enough... to date, they have only detected MS based viruses.
No Nyarlathotep, No Chaos
Know Nyarlathotep, Know Chaos
Yes Apples can get malware (general term) if you are a complete dumb ass. Until self-propagating zero-interaction attacks appear, leave me alone.
Conservative, mod down for violating
I have Quicktime.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
Don't those AV programs mostly scan for Windows viruses on the Mac so you don't pass around those viruses to Windows users?
This story is just wrong. That document is several years old. Apple advises to install security software since years. They just added new names for recommended software products and therefore updated the issue date on the document.
So basically the cost of 2 new mac books?
[rim-shot] Thanks folks, im here all week.
I noticed the "Old Article: 4454" string on the page. Anybody have any idea what the old knowledge base article used to say? And what era it was from?
This guy's the limit!
Actually, in a way, this is a good sign for them. It means that they're getting enough market share for the virus and malware writers to actually give a shit.
SJW: Someone who has run out of real oppression, and has to fake it.
http://www.dailymotion.com/video/x7kr6e_mapple-the-simpsons_fun
Having multiple products deployed mean that the virus programmers have different applications to circumvent. But that's multiple products on different machines-- you wouldn't expect one user to run all of the anti virus products on one machine.
http://www.geoffreylandis.com
Well, duh... With the Apple CEO engaging in the unhygienic practice of peeing on all the hardware before it ships, no wonder users are being advised to get some sort of protection against pathogens.
Or was that the Mapple CEO... meh, they probably all do it.
Well, aside from the fact that this Apple support document is not exactly brimming with information, using an antivirus program on a Mac makes perfect sense in a mixed environment with other operating systems.
:)
Although your Mac may be safe from the vast majority of malware stuff circulating right now, it can still spread them around and infect for example the other Windows machines on the network (those Microsoft Office macrovirus infections are a good example).
Also, with all the nice virtualisation programs available on the Mac and BootCamp, it makes sense as a Mac user to be more aware of potential malware problems , although then the antivirus solution should be inside that environment, I think. Also those antivirus programs open up a whole other can of worms, because those antivirus companies are splendid examples of honesty and efficient programming, as we all well know
This doesn't apply. Macs are not an isolated community. They share data and documents freely with Windows systems, just as Linux systems do. The reason why there are fewer viruses for MacOS is similar to why there are fewer botnets that run on Linux servers.
Antivirus and antispyware protection is like putting buckets in the attic, instead of fixing the roof.
You have strange ideas of trustworthy sources for 'facts'.
"Most people, I think, don't even know what a rootkit is, so why should they care about it?"
Isn't the main problem with Windows security, and thus the spread of viruses on that platform, due to the fact that Windows users run as root by default? Since Mac users must enter their password anytime they or a program attempt to write to system directories, isn't the Mac platform largely safe from viruses?
I'm not bashing Microsoft. If Microsoft could find a way to force all third party software developers to make their programs run from non-admin users, I'm sure they would have made users non-admin by default by now.
This space left intentionally blank.
To add to your statement, I also think they're protected by the fact that if you're taking the time to right a piece of malicious code you generally want it to have the greatest impact possible. Why cut out 80% of the market by finding something to exploit on the mac? Seems like a lot of work to get oneself in to a niche market.
This has more to do with the protection from law suit from clueless users who might get some virus or whatever installed and claim "what, you have not told me I need an anti-virus software".
But in all seriousness, I would never ever, ever install any kind of anti-virus crap on Windows, let alone non-Windows OS. Those things are more taxing and costly (as in CPU and disk arm cycles) than a virus :D. I have used Windows for decades and never had a virus, and I sure as hell won't be installing anti-virus software on my Macs now.
As the island of our knowledge grows, so does the shore of our ignorance.
Because of the better inherent security in the operating system model is true that mac/linux is probably safer from direct attacks on the OS but is just as prone to browser attacks and social engineering attacks?
I mean, when root privilege is required to affect the core system this should inherently be safer then Win32 where everybody is an administrator.
Disclaimer: Feel free to flame me to a crisp on my lack of knowledge, but I'll make it clear that I am not an expert in computer security and I am interested in a genuine answer about how vulnerable Linux is compared to Windows.
From what I can tell of the article Win32 is hit hard because it is the softer more numerous target, but as Linux takes hold it will become a more attractive target. But because everybody has the source code presumably this means more eyes scanning for errors and potential security risks fixed faster?
What is up with all of the "Apple Quietly" articles? Search for the phrase in google, you'll see what I mean.
...you can hear the heads of a million fanboys going poof!
I did. They do. I'm clearly missing your pun. Mind clarifying it for me?
Did you click the link in the article?
http://support.apple.com/kb/HT2550
I assume the roof in that metaphor is the user?
Because running a Trojan is something people do, downloading and installing malware usually is too.
The "this file came from the internet" warning could help, and the "enter your password" warning may also, but in the end, if someone wants to do it, you need AV software to stop them.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
The college I attend actually requires all mac users to install Symantic Corporate to be allowd on the network. Their justification is that this will prevent WINDOWS virus from passing through macs and then hitting the Windows boxes as the mac users send them on. We have a good security team and I can understand why they would want to do this.
As macs are being used in Enterprise environments they can harbor virus infected files silently before going back into the network. One computer that missed new definitions can be taken down when that file gets passed to it. Its up to you but if you are in Enterprise situations you better comply.
As for multiple AV systems, that is retarded. They will fight for resources and cause performance to be brought down. Just pick one and run with it. If you want.
Procrastinating life a way at a rapid rate of speed.
Indeed. Just look at Linux. It had a great security record up until the start of this decade. Then, once it gained a lot of popularity on servers, we started to see millions of infected Linux servers, linked together in botn...
Oh. Well damn. It seems that despite being the near ideal target for virus-writers (always on, very fast links, powerful hardware), the most popular server platform on earth doesn't have a major virus problem. Huh. Maybe an OSs security record isn't directly linked to its popularity...
The real litigious bastards...
Hell they even gave it away with old .mac accounts. And apple support always had lines saying to use protection. How is it all of a sudden new? They have been saying to use protection for YEARS now.
"Slashdot, where telling the truth is overrated but lying is insightful."
Somebody on AppleInsider brought up this very interesting point:
http://forums.appleinsider.com/showpost.php?p=1344735&postcount=13
I agree.
There are no shortages of bottom feeding trial lawyers looking for a meal at Apple's treasury.
Think of the liability, if Apple wasn't cautioning users about security and the steps they should consider, when someone finally cracks OSX, and OSX malware finally breaks into the wild.
This is just smart business.
This space left intentionally blank.
I am increasingly annoyed by Apple's following Microsoft in "Security Theatre" techniques like the Leopard "OMG you downloaded that file from TEH INTERWEBS!" dialogs, but this is going too far.
Antivirus software does not make any difference to the virus writing process. It can only detect and block existing exploits. Until there ARE active exploits in the wild all it can do is cause time and data loss through false positives.
"After years of boasting about the Mac's near invincibility..." I've been a Mac user for over 22 years. While I have heard many of my fellow Mac users boast about the lack of viruses and other malware for Macs- mainly out of ignorance or just to taunt Windows users- there have been Mac viruses in the past (e.g., nVIR) and there will be Mac viruses in the future. I've always been concerned that complacency regarding Mac malware would eventually result in heinousness once some bad actor sunk their teeth into it.
The result of these years of complacency is that there are no good Mac antivirus applications. There are some passable ones and there are some awful ones. One of the better ones is ClamXAV but it is only as good as its virus definitions.
This is not news. Apple has always recommended that users of its products run anti-virus software. The reason that this got 'amped-up' was because Brian Krebs at the Washington Post 'noticed' the Apple Support document while trolling around their site enjoying the new, harder to use, design layout. What he failed to notice -and mention in his blog- was the article was modified from an earlier one that said basically the same thing. It's prudent for Apple to have been saying this all along so as to avoid any liability. To use the old /. saying, "Nothing to see here; move along."
Sig this!
i agree with what you are saying, but i think you mean 94%. because as far as i can tell apple market share is hovering around 6%. that is based on actual units sold, not a page view metric. every % that i have seen that is higher is not based on real numbers but an extrapolation of site visits.
if anyone has firm numbers reflecting a different market share, i would be interested to see it.
"Herd Immunity"
You keep using that expression. I don't think it means what you think it means.
as a young geek, the internet has taught me that security through obscurity is pointless.
Reply to That ||
As others have stated that's a total myth and is simply not true.
Apple has about 10% right now, so by your theory 10% of viruses should be for OSX. Number of viruses in the wild? Zero.
Doh! I completely misread the post as "take the time to code a antivirus for their system?"
But if Mcafee and Symantec perform on Macs as they do on Windows I reckon that I weren't completely off target.
"I have downloaded hundreds and hundreds of records, why would I care if somebody downloads ours?" Robin Pecknold
I think that's a bit of faulty reasoning. For though Macs are a small percentage of the computers, they still represent millions of consumers. If that reasoning was correct, since Macs and Linux represent X% of users, they should be getting X% of viruses. By their nature they don't get viruses mainly due to the nature of their OS that programs can't autorun without permission. As demographics go, they also represent more affluent consumers. So more likely Macs will be the targets of malware as opposed to viruses.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Viruses and trojans (as opposed to worms) are a user stupidity issue. You can't fix that with technology. For a computer to be useful, it needs to run programs that the user launches. Trying to put something in the way to analyze whether what that user wanted to do is not what the user wanted to do is never going to be successful.
of course, things like MSIE make things bad, as the user has no control over what is going on with the software they run. But that is a problem with a single piece of software that is used as a propagation tool. Surely, the problem should be solved THERE. Same goes for office software with built in interpreters.
Even a not-so-savvy user can avoid infections without running AV (which, IMHO is an infection of its own), simply by using software that does not have the vectors in the first place.
Agreed, however this is still news because the platform is under such control by Apple. They could quietly and easily put not only hardware and software in place. But implement more effective procedures in their software process to make security tighter. And we wouldn't be the wiser.
Shai Schticks:"You don't make peace with friends, you make peace with enemies"
I could be wrong on this, but it seems to me that as a virus writer it would be much more lucrative to target desktops of average home users (who seldom have a clue what they're doing) than to target servers run by admins who supposedly know what they're doing and are paid significant sums of money (and thus spending a significant amount of time) for the sole purpose of keeping these systems running properly.
you wouldn't expect one user to run all of the anti virus products on one machine.
It seems you've never had to do IT support for any rich old clueless porn addicts. Lucky you.
which is totally what she said
if you're taking the time to right a piece of malicious code you generally want it to have the greatest impact possible
Yes, and being the first person to come up with a true Mac OS X self-replicating malware wouldn't have any impact at all, would it?
Please just stop with the stupid 'market share' argument. Not everyone who writes malware wants to run a Windows botnet for fun and profit. There are also a lot of people out there who would looooooooove the notoriety that would be attached to being the first guy to do it on Mac OS X. They've been working at it for nearly eight years and haven't succeeded yet. And Apple is working hard to ensure they don't succeed.
~Philly
Yup, no Linux viruses in the wild. I take it you missed the articles that periodically appear about Windows worms being spread via compromised Linux servers starting around 2001?
I am TheRaven on Soylent News
Where did you get that statistic, Apple website? Or are you just simply confused about the defenition of "the wild"?
http://www.symantec.com/security_response/writeup.jsp?docid=2006-063013-2645-99
http://www.symantec.com/security_response/writeup.jsp?docid=2001-060806-1018-99
http://www.symantec.com/security_response/writeup.jsp?docid=2006-060110-4631-99
http://www.symantec.com/security_response/writeup.jsp?docid=2006-021715-3051-99
http://www.symantec.com/security_response/writeup.jsp?docid=2006-031413-1704-99
http://www.symantec.com/security_response/writeup.jsp?docid=2008-062513-3120-99
http://www.symantec.com/security_response/writeup.jsp?docid=2008-111315-1230-99
http://www.symantec.com/security_response/writeup.jsp?docid=2006-021614-4006-99
http://www.symantec.com/security_response/writeup.jsp?docid=2006-110217-1331-99
http://www.symantec.com/security_response/writeup.jsp?docid=2007-110101-2320-99
http://www.symantec.com/security_response/writeup.jsp?docid=2008-062404-1222-99
Bow before me, for I am root.
http://blogs.technet.com/security/archive/2008/05/15/q1-2008-client-os-vulnerability-scorecard.aspx Really don't know how 'truthful' this article is, but it appears to show OS X as really quite vulnerable.
The market share is (as plenty others have already mentioned) is a myth. Both Apple and *nix have enough units connected to the internet to be a valuable target. Of course the easy pickings are Windows PC's due to multiple reasons (also mentioned many times by others).
Apple & *nix tout their invulnerability to malware but Apple has one flaw here that Unix / Linux does not....a standard suite of apps the malware writer KNOWS is installed, and knowing Apple's Stalinist view to giving the consumer choice, they KNOW Apple have all but blocked any competing app from their platform.
Writing malware apps for Linux / Unix is much harder due to the variety of apps installed on any given system. Do you write for KDE? That leaves about 60% of Linux / Unix PC's unaffected. Do you write for Thunderbird? Not everyone uses (or has installed) Thunderbird. Linux / Unix come in all flavors with widely different choices of applications both installed by default, and in the repos. An attack which exploits a flaw in Thunderbird on Ubuntu may not affect Thunderbird on Fedora because of the way that either distro modifies a library.
Windows has long had the same problem in that the same suite of apps like Internet Explorer, Windows Explorer, Windows Messenger, Outlook Express are installed on EVERY Windows PC with no way to remove them, even if the user uses a different application for the purpose.
If a malware writer exploits iTunes they know it will affect EVERY Mac. They also know Apple have an image to protect and will know through watching Apple's corporate actions that they have no problem sticking their heads in the sand pretending nothing is wrong until they get a fix for the problem.....which gives the malware writers a window to exploit Apple users, to make it worthwhile writing the malware in the first place.
By comparison any exploit found to Linux / Unix will be out in the open and developers will be discussing then fixing it in no time, so the window is much, much shorter.....in addition to being a lot less certain how many users could be infected.
Just because your PC (with any OS) is vulnerable to an exploit until it's patched, does not mean you're going to be exploited. You may never visit a site which has the drive by malware ready to hit you in that time window, or receive that spam email with the JavaScript instruction hidden inside.
It does also help that for the most part people who use non-Windows OS's tend to have made the conscious choice to avoid Windows, which means they are a little more tech savy, many of whom will have other protective measures in place, like plain text emails and some level of control over scripted actions from websites.....oh yeah, and not running by default as an administrator helps a LOT.
Yes. That must be the only reason. Windows is obviously just as secure as OSX and other Unix based OSes. *rolls eyes*
With the amount of people that hate Mac fanboys you'd think that virus writers would be well on their way by now if there were any real remote exploits they could make use of. I'm not saying it's impossible to write a virus for Macs or Linux - the authors of any software are only human after all. But the whole design ethos is just much better than that of Windows. If I were a virus writer I would try to write a virus for Macs/Linux just for the challenge and the geek cred.
which is totally what she said
From Apple's support page:
"Apple encourages the widespread use of multiple antivirus utilities..."
and further down:
"Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apples recommendation or endorsement."
Slashdot announces that thousands of low uid's have become available as many long time slashdotters heads mysteriously explode.
"I don't have to think. I only have to do it. The results are always perfect, but that's old news." - Meat Puppets
Anti-Virus software sadly is sometimes a huge performance hit, especially to the hard drive and especially coming from Norton of McAfee. Anybody have any suggestions on a Nod32 equivalent for Mac? We need something with good real time protection, highly efficient and not bloatware.
"They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety" Franklin
they never should have touted "practically zero virus's" as a mac feature...especially when they were gaining market share. But they will never really take a massive slice of PC market the way they run things. Closed x86 HW is stupid. There was a reason for apple HW when they were PPC, but not now... All I want from apple is to be able to run macOS on my intel box...why are they sooo scared of upsetting MS? they dont sell many desktops anyway and they would still sell lots of funky looking apple laptops IMHO...I want competition. Linux cannot provide it. Apple never really tried. Why wont they take MS head on? Imagine in this anti-vista climate they release macOS for ALL PC's...MS might be forced to really make a better OS...this is what competition does...
...it's so sterile!
In the apt words of Dennis Ritchie, "One of the comforting things about old memories is their tendency to take on a rosy glow."
According to one of the guys who was there on day zero, UNIX was *not* designed from day one to be a networked multi-user OS and security and separation of concerns were *not* there from the beginning.
http://cm.bell-labs.com/who/dmr/hist.html/ In the latter half of 1971 (nearly two years after UNIX's "day one"), "with no memory protection ... every test of a new program required care and boldness, because it could easily crash the system". Sounds like somebody describing Windows a decade ago, doesn't it?
Please stop parroting the fallacy that the reason UNIX is more secure is because it has always been secure. Security, networking ... these were later additions to UNIX too, the real difference is that the additions were better architected.
Reader wild_berry points out the BBC's story on the unexpected recommendation.
Only to brainless idiots that actually believed the hyperbole feed to them by Apple would it actually be an unexpected recommendation. The "we are secure and Windows is not" garbage was just a marketing ploy. Anyone with a brain would have known that any Networked Operating System has some level of vulnerability and is likely to be exposed at some point.
I have to say that many admins also do not have a clue what they're doing.
ClamAV is included with Mac OS X Server, but not the desktop Mac OS X.
Also, it doesn't appear that Apple is recommending that a user stack more than one AntiVirus package on a given system, rather, they are refraining from picking a single package so that the market is heterogeneous. This affords better protection to the herd as a whole. I agree the technical bulletin is a bit ambiguous on this point.
If you mod me down, I shall become more powerful than you could possibly imagine.
im not sure i agree fully.
;)
although linux is widely used in the server world, there is no dominant linux distro. each distro (even the big three: redhat, suse and debian) is a combination of varying security tools (firewalls, ssh, etc) and kernel configurations - each of which could be at any version. if it's too hard for software companies to port their software over to linux because of the inter-distro incompatibilities, it's probably even harder for the malware people. (i think it's called 'security-through-incompatability' - the very same thing that protects vista
i think the same thing protects os x, albeit to a lesser extent - they release a new version roughly every 18 months, each one adding significant security enhancements. from a hackers point of view, it fragments an already tiny market.
xp on the other hand, has been around for a heck of a long time. patches are released, but overall the security model has remained unchanged for the better part of a decade. it's not nearly as much of a moving target, but even if half the users upgrade to the newer secure patch, then hackers will still have many millions of targets in either half of the market.
CONFESSION: i made up all my numbers to help convey my point.
"Multiple AV products"? More often than not, that is going to cause all kinds of issues. If Apple is recommending virus protection, they should also recommend a specific one or two, instead of having some of their users install 2 or more AV clients, which could totally bork their machine.
So if Windows is the least secure because is is the most used, the least used systems must be the most secure? Right? So things like BeOS, Amiga OS etc. are the best thing to migrate to for security!
I thought it was a good idea
Wrong. There are OSX virus out there. Also to note, just because Apple has 10% (I would have to check that number) doesn't mean it will have 10% of all viruses. With a 90% to 10% ratio of use, the higher use OS will have an order of magnitude more viruses. Most virus writers want to attack as many people as possible and there for will devote their effort to the platform that will effect the most computers.
I love riling Mac fan boys, they get so uppity, especially early in the morning.
No, the Windows problem was that to migrate from DOS + Windows shell to Windows NT, was a slow, painful 10 year process with LOTS of growing pains. Windows 4.x series (Win95, Win98, WinME) were supposed to be a singular OS before the transition to NT, and was created because the uptick to NT 3.51 was low because of the RAM requirements. The original plan was 3.1 for home users, NT 3.1 for "Workstations," and Win32s was released to let people target both OSes.
As we moved through Win 3.11 w/ Win32s -> Win95 -> Win98 -> WinME, the NT systems grew in popularity. Lack of advanced DirectX support prevented NT 4.0's being the transition, Win2K was close but price kept it out, and WinXP finally merged the OSes. By that point, it'd been 8 years or so since the first 32-bit programs came out. The ones targeted mass market, originally Win32s, and later Win95/NT4 libraries, were generally assuming the consumer version. On the consumer Windows, there WAS NO SECURITY model, so it was common for applications to assume lots of access. This meant that while NT 4.0/Win2K gained market share and had the security model from the NT system, the security wasn't used and users had full access to the drive, because the alternative was broken software.
To not break applications from 1995 - 1998, in the early 2000s we were still shipping OSes with most of the system being world writable.
So while Windows possessed a security model that could work, in practice, it was never implemented, because it required locking down the system on each system, so instead of protecting OS directories, we used the "bolt on" security like Group Policies, etc., to prevent users from doing things. I worked with a bunch of Citrix systems in the late 90s, and we were able to lock down those machines, because you were only talking about locking down a single machine or two, and the defaults were more reasonable. There was PLENTY of software that wouldn't run under Winframe 1.x/2.x gold (2.0 never shipped, Microsoft pulled the license, then bought it to ship Terminal Server and Citrix moved the addons into Metaframe), not because it required the NT 4/Win95 libraries (we could always confirm that using 2.0 Gold that was NT 4 based), but because it made assumptions about access that was reasonable for Win 3.11/Win95, but not NT based OSes. Citrix, targeting big budget Enterprises could get away with that, Microsoft reaching the entire market could not.
I assume that this has been fixed in Vista, but I haven't used it, I switched to Mac OS X in the mean time.
At least they are truthful, you know. They "get" it. Not like the antivirus companies.
Using virus scanners makes it more difficult to write a good virus. That's it.
Assorted stuff I do sometimes: Lemuria.org
I actually trust the 'page hits' stat more then the 'units sold' stat. The 'units sold' stat does not cover anything more then new units this year, there is no accounting for junking old systems, wiping and installing linux, etc. The 'page hits' sold is only based on usage, which doesn't really care if the unit is new or old, just that it's connected and used on the internet. If you have a sufficiently broad spectrum of websites covered by the stat tracking you can get a fairly good idea of the number of units out in the market. (at least for the user side, server side is more difficult, especially when considering internal servers that have no exposure to the internet).
So I guess what I'm saying is that both are inaccurate in different ways, I just think that the 'page hits' are closer to the truth.
DEMETRIUS: Villain, what hast thou done?
AARON: Villain, I have done thy mother.
Shakespeare invents 'your mom'
The old MacOS had a free product that almost everyone used, Disinfectant, maintained by one guy who quit because the virus writers had completely given up with improvements to the Mac's OS, around when OS 8 came out. MacOS X is on a completely different plane, in terms of security. It would arguably be more useful to come up with software that would look into downloaded files for trojan profiling, maybe as part of a user-friendly HIDS, than worry too much about AV.
That said, AV on a Mac is useful for:
1) Self-modifying environments - What comes immediately to mind are MS Office macro viruses (or virii if you're a lazy typist, and I am). It's conceivable that Javascript may be the new way forward with this, with browsers suddenly a new platform all their own, and one that has access to your Mac's file system.
2) Being a good netizen - Stripping out virii from anything that crosses your file system is good manners, whether it can infect your box or not. Helps cut down on useless network traffic and DDOS attacks, even if just a very little bit.
To add to your point, Vista is XP with a service patch and a spiffy UI, so windows virus writers have a huge market to go after (XP and Vista) :)
DEMETRIUS: Villain, what hast thou done?
AARON: Villain, I have done thy mother.
Shakespeare invents 'your mom'
No, the closed hardware platform makes sense - they can write an OS that runs much more smoothly on the hardware they KNOW is in there. Fewer issues with cheaply made third party crap needing support so smaller install footprint (check how much bloat installing all the printer drivers that come with OS X by default adds - personally I always uncheck them at install and just install the printer drivers I need from the manufacturer's sites).
Additionally you CAN run OS X on your intel box. You just have to purchase your intel box from Apple. Too expensive? Then have a look at ebay for second hand Minis going for a couple of hundred quid. If you're really not seriously into running OS X enough to fork out for more high end hardware to run it then surely this is a viable option for something to 'play' with. If you DO really want to run OS X seriously, and want decent hardware to run it on to get the best performance out of it, then what's so hard about buying a new Mac? I really don't understand all the fuss. If I want cheaper fuel (price per litre) in my car I'd run a petrol car, but I want better mileage so I have a diesel - I don't moan every time they drop the price of petrol but not diesel just because it won't run my car. There is a choice (and even some cheaper options for just dipping your toe in), it's really that simple.
Tsssk... some people ;P
That's all? Let's make it even more accurate...
The Vista guy, in his kingly garb, also weighs 350 pounds and has the flu. When he tries to whack the Mac guy over the head, he misses and collapses, coughing and wheezing.
And the Mac guy is smirking the whole damn time.
1) I write an application using interface builder. The icon is extra shiny - the UI is sexy - attaching knobs, sliders, buttons, progress bars showing "blood vessels" being filled with pure green glowing fluid. It looks like it is doing all sorts of things, claims to utilize a new Quantum computing algorithm no one else can. 2) In order to detect all zero computer virus, trojan, etc. It doesn't need to "do" anything. I therefore make sure it does nothing. Just looks sexy and like it's always working away.... 3) I include a full warranty, plus up to $1,000,000 if any Mac OS X virus destroys your data. Satisfaction guaranteed, 90 day money back offer. 4) Profit!!!!! In fact, since there has never been a virus on Mac OS X, what criteria can we use to evaluate the ability of antivirus software which has nothing to detect? Republicans confirm, it is easy to scare people, especially non tech people.
It's just misspelled. 'Hurd Immunity': a system gets no viruses because it has no users.
Real Daleks don't climb stairs - they level the building.
...can't last forever. As in, the Mac platform is no longer a minor niche thing, and with the fundamental change to a BSD/*nix base which opens the architecture to creative accessibility, viruses were a matter of time on the Mac. About damn time they came clean and did the responsible thing and admit it isn't invulnerable. If you want a large market share, it will come with a price of making it a target for miscreants.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)
I work in a school with a mix of Macs and Windows machines. We've run Sophos AV on all of these machines for a couple of years now and I found that by protecting the Macs, we've also enhanced the protection of our Windows machines.
One of our teachers attached one of those cheap digital photo frames to one of our Macs, and Sophos found and removed a Windows virus. We may have prevented the infection of her home computer by detecting the virus on a Mac.
While the Mac was not vulnerable to the Windows virus, having anti virus software on the Macs may have prevented a Windows infection at her house. No matter your platform preference, we can all agree that one less spam spewing bot on the internet is a good thing.
The entire computing ecosystem benefits from everyone running AV software.
-ted
Even though Mac users are a small percentage of computer home users, they still represent millions and millions of consumers. Also the average Mac user is likely to be more affluent and less technologically minded. So there is a market. Due to the nature of OS X (which is Unix based), they are less likely to be affected by viruses because viruses cannot self-replicate and run in OS X. Trojans on the other hand will affect all systems. I would expect to see more OS X specific Trojans in the future.
Well, there's spam egg sausage and spam, that's not got much spam in it.
All of those are trojans with exception of 2 proof of concept worms from 2006 and 2007 that have long been patched.
All those trojans require a user to double click the executable/installer, enter their administrative password and allow the thing to execute. That's hardly a virus and has everything to do with user stupidity and nothing to do with OS security or popularity.
I don't use or know about the Mac but, unlike Windows, I have yet to hear of a virus bringing down hundreds of thousands of Macs within a short period of time. (CodeRed, anyone?) Until that event appears in the newspapers, and there would be no way to keep it secret, how can one say the Mac is vulnerable? It's looks like a concession to the anti-virus houses, now that windows has pre-empted them with its own product.
How much of Apple's "new vulnerability", if it is indeed vulnerable, could be attributed to the fact that their OS is a proprietary, closed source application which lacks the "To a 1000 eyeballs all bugs are shallow" benefit?
Linux netbook market share is now around 30%. How long do you guys think it will be before a real (infects tens or hundreds of thousands) virus shows up. (Ya, I know. Some wanker is going to suggest that they have to sell a hundred thousand first. ha ha.)
Running with Linux for over 20 years!
So all that hype about Macs being really safe is actually dependent on the Market share?
...when you consider that 99% of malware requires user interaction with said malware (clicking, opening, whatever) to get it onto the system in the first place....which you never do with any server, let alone a Linux server.
Desktop dominance != server dominance; you can't compare infection rates between the two.
throw new NoSignatureException();
Is 2009 going to be the Year of Mass OS X Infestation or the Year of the Linux Desktop?
That latter is more likely.
Even DNF is even more likely.
They had 5 years to get applications re-written to work right.
The even could have created a virtual backwards compatibility mode where it ran such applications in a sandbox
What kind of sandbox would you recommend for non-free applications between 10 and 95 years old? A lot of these were published by a company that has been out of business for years. In fact, some 20-year-old applications are still in use, such as NES games running in Nintendo's Virtual Console emulator or fan-made emulators. Should Microsoft likewise incorporate its PC emulator and a copy of Windows 98 Second Edition into future versions of Windows?
AFAIK this has always been Apple's policy. All they did was update the posting slightly to show the latest leading commercial AV software. Here's the previous update from a year and a half ago. I assume it was just an update of the one previous to it. (I think you will find that it looks very familiar!)
http://web.archive.org/web/20080113164722/http://docs.info.apple.com/article.html%3Fartnum%3D4454
"Mac OS: Antivirus Utilities
Last Modified on: June 08, 2007
Article: 4454
This article describes the antivirus utilities that are available for the Mac OS.
Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one program to circumvent, thus making the whole virus writing process more difficult. Here are some of the available antivirus utilities:
Intego VirusBarrier X4
Publisher: Intego
License: commercial
Norton Anti-Virus for Macintosh (formerly SAM)
Publisher: Symantec
License: commercial
Virex
Publisher: McAfee
License: commercial
This article provides information about a non-Apple product. Apple, Inc. is not responsible for its content. Please contact the vendor for additional information.
-- My apologies if the above facts contain any opinions, or vice versa! --
real slogan is 'no refunds'.
Steve Mobs.
The Kruger Dunning explains most post on
There was never a virus for an MS product until there was one.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
... let me know.
"Some 3rd party vendors have spent quite a bit of time and money catering to CIOs freaked out about Macs appearing on their networks and have created or ported AV apps to the Mac, but no-one is buying these apps at all. We promised them we'd at least suggest to people that they buy AV software, just to keep them happy."
Nothing to see here, please move along.
The heat from below can burn your eyes out
This is obviously a result of their growing user base, much like Windows more market share means more viruses or attacks...but not always, of course. I think this happens, because not only is their market share expanding, but their consumers are getting dumber. It's easy to get someone to put a virus on their own computer when they don't know what's going on. Even with Windows a smart user can avoid viruses, but incompetent users are more prone to viruses.
I don't remember hearing apple bragging about their invincibility. Could I see a reference?
I can fully believe they discussed the fact that PCs are generally full of viruses and macs are not, that's just an observation--but there is a big difference between that observation and actually claiming that you are invulnerable.
Now, if the article had claimed that Mac fanboys have claimed that the mac is invincible, I wouldn't have blinked.
>Run multiple anti virus solutions...
Are they serious, they never tries to turn on a computer that had symantec, mcafee, adware, spybot all installed at the same time.... I guess M$ is a bit ahead of them on that then...
Apple has NEVER not recommended users install AntiVirus software. One of the first benefits of subscribing to Apple's DotMac web service, a service that is roughly as old as the first Gold Master release of OSX itself, was a complimentary copy of AntiVirus software (McAfee Virex 7.0, released September 2001).
The offer only applies to v7x; which no longer compatible with the latest OSX version, which probably goes a much longer way to explain why Apple is now recommending users install their own choice of a competitive application.
The most recent ad campaign, which does mention vulnerabilities to various malware on Windows machines, comes after more than two decades of people clamoring for Apple to do just that in it's marketing and sales literature. Rather than all of a sudden "quietly" recommending AV software, Apple has always (quietly) recommended it.
The (very lightweight) BBC article comes across as written by someone who only recently started paying attention to Apple, perhaps after her dad bought her an iPod in Journalism school.
UAC in Windows Vista is there to protect users from themselves.
I'm not talking about UAC. Apple's already got that, sudo and the password dialog... and it comes up a lot less than UAC because OS X is based on UNIX... which has had that kind of protection for almost 40 years now.
I'm talking about using dialog boxes as if they're a security system.
I'm talking about "Internet Explorer wants to do something really stupid, that nobody would ever want to do, but we're going to wrap it up in a bunch of jargon that sounds complicated so you just hit the 'allow' button." "Allow" "Cancel".
I'm talking about "Automatically open 'Safe' files after downloading". At least Safari lets you turn that off. To turn off the equivalent in IE you have to make the "stupid security dialog" problem worse!
I'm talking about "Let's pretend software installers and disk images are 'Safe' files." Not as stupid as Microsoft's ActiveX mess, but still pretty damn stupid.
I'm talking about "Let's warn about EVERY downloaded file, to train people to automatically approve all the dialogs they see." In 20 years as a system administrator, I never had anyone download an infected file and run it twice. I've had a number of people, including PhD programmers and engineers, come to me with "I hit OK *AGAIN* and now my computer's acting funny" multiple times.
If Windows was an airplane, when you got to 20,000 feet a dialog would pop up on the seat in front of you saying "Should the aircraft explode now?"... and someone would ALWAYS press "yes".
THAT is the kind of security theatre I'm talking about. Not UAC, but the decade of absolutely daft and criminally stupid design decisions that went before it, and that have now infected Apple with the meme that "asking before we do something that might be dangerous makes it OK".
Sheesh.
Well, if there's group of users that has been told repeatedly that their computer is safe from viruses, that it "just works," and that they don't need to be concerned with computer threats of any kind...it's Apple users. Sitting in their offices, wearing their turtlenecks and sipping their lattes, the only thing about phishing they've heard about is that it happens to other people. Uglier people. They're not used to having to defend themselves, not like Windows users. Windows users have a battle-scarred paranoia...they've seen worms that can rewrite their BIOS, steal their credit cards, and kidnap their firstborn. Their 50 yard stares have been earned by fixing their mom's computer for the eighth time this month, and damnit if they're going to lose another computer to some Ethiopian scammer...not after the last time. Their nightmares are the stuff of Steven King novels, the earlier stuff with lovecraftian clowns and superplagues that are the start of apocalyptic battles between good and evil. Their best days on the internet involve life and death struggles against the next pop-up, because it might be their last. Ironically, Mac users have never had to live with the terror that clicking on that "win a free iPod" might just cause their computer to explode, spamming their grandmother with anal tranny porn on its way out. Maybe it's time they should... ...wait, what the hell was I talking about?
you have a good measure of units in the market that hit a group of websites that are reporting back to the market research company. there are all kinds of factors that can manipulate the stats to favor or disfavor a certain OS. the gaming rig that you don't allow on the net isn't getting counted and neither is the mac pro that is rendering video all day long. i have a pile of pcs in my basement running a combination of ubuntu and win2000 and they rarely are on the net.
i wish there was a better way to get true numbers, but i can't agree that it is most accurate to only count PCs that are actively browsing the web.
Might be a good name for an Apple-developed AV solution.
On the other hand, virus writers have a lot of opportunity for virus names like iFormatYourDrive.
Rather than giving the root account a password and then disabling which should in theory block this kind of attack AFAIK?
Viruses do not inherently require root access. If your user account is capable of downloading and executing outside code, then it can in theory be infected. Email viruses, for example, generally run and propagate just fine in a Windows restricted user account. The presumably-secure FreeBSD kernel of MacOS would do nothing to prevent this. It's a combination of saner email clients (no talk of "rich experiences" like on the MS side), and the lack of high value targets (botnets require homogeneity so they can all run the same spam server / DDoS / whatever).
-Graham
This is interesting their encouraging this. This would be in the same way that a anti-virus scanner is a good idea on linux. Your OS, although may be immune, it could be a carrier for viruses with the movement of files. Also without widely installed AV if there is an OSX specific outbreak then it could cause havoc and undo alot of the Apple PR machines hard work.
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
Sounds like a bad idea to me. I have never used a Mac before, but this is a no no in Windows.
It might makes sense that more layer of AV means more security, unfortunately in practice things doesn't work that way.
AV works by installing hooks in OS itself to monitor system activities. (eg. open a file) Having multiple AV means different AV might interfere each other. In the end, you might end up with unstable system instead of more security.
They generally come in before you type your password.
Since installing game pack makes sense to need a password, a site that has been compromised by SQL injection can spread the bad.
But the Virus scanner will say: This installer has a virus, hopefully that will stop someone from entering their password.
Of course attempting to get porn, or illegally free games can lead to similar problems without the compromised site.
I guess the hope is that the AV software makes people realize they are doing something stupid/the site they were browsing was.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
Virus: a computer program that can copy itself and infect a computer without permission or knowledge of the user.
Apple has 20% market share in US, 10% market share in the world. So far 0 virus.
Note that according to the virus definition above Im not counting those that you have to execute yourself and provide with your admin password.
Do you think the difference is just attributable to Apple's market share?
In comparison Windows has 100,000+ and its the only support of the whole antivirus industry.
There aren't many virus-infected Windows servers out there, either. Viruses have always been the desktop disease - by their very nature, they rely upon desktop usage patterns (downloading and installing new software from untrustworthy sources on the Net and other external sources such as floppies/USB sticks); and guess what OS still takes up the majority of that?
It doesn't really matter. If the downloaded file does not automatically open people are rarely "caught" by it... and in the past decade I have only had one user come to me a second time after explicitly opening a downloaded file saying they had gotten a virus from it... I've had several people repeatedly come to me telling me they "clicked the wrong button" again and their computer was acting funny. Not just two or three times, some of them.
The exposure from downloaded files that do not automatically open or unpack is very low, and virtually everyone learns not to open files in their download folder they didn't expect to see there. The security problem is caused by automatically opening or unpacking downloaded files, and is best fixed by simply not doing that.
... between the keyboard and chair.
Mac users may be more vulnerable to social engineering due to complacency. In away this may be social engineering by apple to counter this?
After logging in slashdot still does not take you back to the page you were on. It's been that way for 20 years.
takes up 30% of the CPU.
Apple merely updated their standard antivirus recommendation page to increment the version of one of their recommended antivirus products from v4 to v5.
The page obviously popped to the top of the watchlists of some hysterical tech "journalists" who didn't know any better, and they immediately started screeching "Macs get viruses too! Yay!"
Still, it got a few more pageviews and no doubt some ad clickthrus for the sites in question, so I guess it met or exceeded the only journalism standards that really apply these days.
People didnt bother hacking apples before because there wasnt any information worth taking stored on them. The majority of large companies used PC or Linux. Now with more companies using apples there is more insentive to hack em.
Even you cover this story, which is totally wrong! This support document has been there for quite some time, but was only recently updated. Just click the German or French link at the side and you'll see that those documents were last updated July 30, 2008.
I hoped that at least here on slashdot, a little research would be done before claiming that "now, Apple suddenly recommends Antivirus Software". Not to mention that Apple itself offered an Anti-Virus Software until 2005...
this sig is useless
Your need to run a daily virus scan to clean out your 24 hours' accumulation of crap says more about you and your usage habits than it does about Windows.
--Jeremy
Jesus was a liberal
Calling someone a "hater" only means you can not rationally rebut their argument.
If it's the one I'm thinking of, it dates back to the Classic days and thus didn't have to deal with any of that pesky Admin/non-Admin stuff as it happily wiped your drive.
As digg and gizmodo point out... http://gizmodo.com/5100996/false-alarm-apple-mac-os-x-anti+virus-recommendation-is-old
I'm really surprised that the vast majority of people have never run anti-virus software. I always assume people have the software and just run it every once in a while. I use ClamXAV when I want to scan a file I've downloaded or received via email, but I don't have it set up to continually scan. I read a post today at Mac Guru Lounge on the Top 5 Mac Security Tips for the Holidays, which also talked about running AV software.
1) Write app which "looks" like it does something. 2) Make it shiny icons & UI 3) Guarantee up to 1 million USD 4 any data loss via virus. 4) Profit!!! I think physical access is required for even theoretical exploits. How do we know "any" Mac OS X antivirus app works? It has to find nothing to prove it.... hmm. What a racket!
My understanding is that Microsoft Windows is allowed to have so many vulnerabilities because vulnerabilities make Microsoft more money. See the July 17, 2005 New York Times article, Corrupted PC's Find New Home in the Dumpster.
Windows allows several degradation paths, all of which make more money for Microsoft. People who don't know how to maintain Windows, a very difficult and very technical task, buy new computers and in doing that pay for another copy of another vulnerable version of Windows. Here are a few of the paths of degradation:
"It was later revealed that the document was about a year old and only caught the attention of industry watchers after Apple recently updated it"
"Apple has removed a widely publicized support document from its website that encouraged Mac OS X users to install antivirus software, explaining that its operating system was designed with safeguards to protect against malicious attacks on its own."
It appears that there is a worm in the Apple as well. There is no such thing as a bulletproof or totally safe OS, and smugness will definitely not protect a system, either.
On Vista most stuff gets installed into \Program Files, with some occasional libraries into \WINDOWS, neither of which are writable to user accounts without elevation.
Oh ? You mean the thing that 99% of all Vista users quickly disable because they are fed-up of constant "Cancel or Allow ?" screen-blocking pop-up ?~
And the remaining 1% have taken the habit to "ok-/allow-" click through and developed it into a spinal reflex which doesn't require any thinking effort from the brain ?~
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
macs were never invulnerable, it's just that no one ever bothered making viruses for macs as they were pretty much unused in any sort of serious way. the recent apple revival and hardcore attacks against windows inevitably led some people to actually making viruses for the mac. it's entirely believable, and entirely plausible, and it's one more fallacy apple can no longer spin. enjoy your apple tax people.
It's not any better or worse than similar prompts in OS X or, say, Ubuntu.
I'm not against the idea it self of having write restriction to system folders.
I mean, in fact, it is a good move from Microsoft to finally try to enforce privileges (like every decent OS did for the past decades) instead of the tradition of "user-land software can pretty much do anything" carried over from the Win9x family and from DOS before that.
What else do you expect from it? To read your mind?
What I want is a slightly better organised system which doesn't *constantly* submerge the user under a constant flow of pop-ups.
Take a good OS : my favorite OS is OpenSUSE - everything administrative is in an administration program called YaST. If you want to setup something, you fire up yast, type your root password one single time to run YaST as root, do all the administration you need and then close YaST.
Nothing anoying.
Under Vista the situation is a different beast :
- navigation inside the control panel isn't straight forward and you get constantly authorisation pop-ups.
- lots of configuration is dispersed at separate places, where you have to "right clic"+"properties" on different objects. Not a single tool, but lots of entry points each asking its privilege.
- Linux has a tendency to make a difference between "configuration" and "setting" (a system wide parameter that change how the computer works vs. something that the user set to her/his taste). The former needs privileges, the later doesn't. Under Linux you can freely set the keyboard layout or the timezone used on your desktop. Vista will require privilege once entering the clock settings (...well at least its an improvement over XP which required privilege even to show the calendar because it was on the same window too...)
- Windows completely lack an elegant drivers to access several important function. Thus there's a proliferation of simple "status" programs which nonetheless require direct hardware access.
Hardware monitors (CPU, GPU & HDD temperatures, etc.) require full authorisation (either to give full access to the software or because the software relies on non-Microsoft-approved drivers).
Under Linux, kernel drivers (i2c and lm_sensors, for example) take care of that and the monitors don't require any special privilege
- Some time up to 3 pop-up can appear in a row for a single logical action. This multiplication of alerts exacerbate the problem and pushes more user into ignoring the message and just clicking OK.
And that's not counting all the application which for some reason or another decide that they should do restricted stuff, because up to XP this has always worked as the system was constantly running with full rights and thus trigger "Cancel or Allow" for trivial user actions which should never have.
Yes this is mainly the fault of 3rd parties writing bad code. But Microsoft is guilty a lot, because :
- they are the one which kept the "run as administrator" strategy for all this years, thus encouraging 3rd party developers to make crappy software
- they should have put more efforts in abstracting/sand boxing/isolating/emulating these privileged operation. There's something like that, but given the constant flow of pop-ups it isn't enough efforts yet.
All this add up into a bad user experience, with alerts always interrupting and annoying the user. To the point that lots of them disable this security and revert to XP-style policy, thus negating any benefit that the reintroduction of privileges in Vista would have brought.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
I posted a reply, but it appears it didnt work so here goes again - Closed X86 makes it easier for apple yes but they will never compete for real market share if they dont abandon this policy at some point. I still think closed x86 is silly. apple easily has the resources to fully support x86. with their cash cows IPOD, IPHONE, they are in a position to compete with ms directly for once in their histroy and they would probably do well. Competition is serisouly missing from this market and people are crying out for a choice. you talk about stability - I have an xp system, its stable as any mac. Why? I know what Im doing. the reason pc has this rubbish instable tag is due to 98% market share and a bunch of twits that get tonnes of virus's searching for porn and whatever else...they should go back to their typewriter and forget about the computer. You ever done tech support? sometimes the halfwits dont know where the space bar is...I shit you not If mac had more market penetration they would have same problems...simple. But the pro's outweigh the cons IMHO... I have also never had any issue with any 3rd party devices and drivers no matter how cheap. and ive used a crapload of devices. PS... car analogies are just lame