Apple Quietly Recommends Antivirus Software For Macs

Barence writes "After years of boasting about the Mac's near invincibility, Apple is now advising its customers to install security software on their computers. Apple — which has continually played on Windows' vulnerability to viruses in its advertising campaigns — issued the advice in a low-key message on its support forums. 'Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.' It goes on to recommend a handful of products." Reader wild_berry points out the BBC's story on the unexpected recommendation.

a way to make money

[Bizzeh]

is this a scare tactic for apple to push some payfor software and get people to buy it. or have apple started to loose confidence in their operating system? or even worse, do they know something we dont? are they expecting an attack?

Re:a way to make money

[bytethese]

It does sound like a possible "setup". Macworld 2009 debuts new AV software? Who knows. Maybe the Mac has starting to reach that point where virus writers and security aficionados have enough a base to target their efforts? After all, Mac does seem to be gaining market share year by year.

Re:a way to make money

[YttriumOxide]

Maybe the Mac has starting to reach that point where virus writers and security aficionados have enough a base to target their efforts?

Perhaps, but I am still waiting to see a real "virus" that hits MacOS. There's been a few trojans (such as the one mentioned in TFA), but nothing that qualifies as a virus yet as far as I know. It is likely much harder to write a real virus (rather than a trojan) for MacOS than Windows as you'll need to find a privilege escalation exploit (need I say, without local access) in one of the standard services first, all of which tend to be pretty robust and having a core that comes from the open source and Unix worlds... as far as I know, there aren't any such exploits known right now.

Trojans can of course still be fairly nasty, as there's a lot of stupid users in the world (of any OS)

Disclosure: I do use MacOS X as my primary OS at home, but I'm definitely not a "fanboy" (I also have Linux systems at home and use primarily Windows at work - I consider myself "OS agnostic").

Re:a way to make money

[CFTM]

I don't know why you want to wait, it will happen in time. This is not meant as a critique of Apple in anyway, I am of the belief that over a long enough time frame, with enough market penetration, Mac viruses will become more common. It's not that Macs are inherently that much more stable, rather the market penetration is such that it makes more sense for people creating malicious viruses to focus on the PC instead. Why create a virus that only hits 7% of computers when you can hit one that hits 85% of computers?

I also would wager that the Mac OS is probably a bit more secure than Windows, because well, it's Windows...that being said if there's enough code there will be mistakes that can be exploited that's the nature of the human element.

Re:a way to make money

[mario_grgic]

I wish people would stop parroting this fallacy all the time. Market share has nothing to do with how easy it is to break into a system.

If you have something like windows where security is bolted on after the fact, and OS that was never meant to be a multi-user OS connected to the internet (all these were added as features later on and done poorly) then you will have a system that is much harder to keep secure.

UNIX on the other hand was designed from day one to be networked multi-user OS, and security and separation of concerns was there from beginning.

Re:a way to make money

[v1]

Macs definitely are susceptible to malware, as the recent DNS trojan has demonstrated. Any app that asks for and gets your admin password is going to play with your computer, that's pretty hard to beat.

Viruses, and worms in particular, do covert, automated spreading. Worms are able to exploit on-by-default network services remotely in the background. (we just had a new one announced yesterday! affects xp AND vista, good lord you'd think they'd learn by now!) Viruses require the ability to circumvent LOCAL security, and get their hooks in the system and replicate locally without user interaction/permission. OS X (and unix in general) are designed from the ground up with this in mind, and have always been far less vulnerable to these two issues.

I don't see this changing anytime soon, just due to the differing design philosophies inside the two systems. From the start of OS X, apps didn't just have free access to do as they pleased, they were restricted by a security model, and learned to develop in OS X under these restrictions, being forced to learn good coding practice. Windows started in the wide open, and their devs got used to it, before they realize the scope of their mistake and tried to close the doors. The devs refused to stop writing apps that just "oh lets just assume we have full write access to the entire hard drive" etc. and so MS has had to go very slowly to avoid completely destroying their established software market. That's hard to overcome.

Even today I can count on one hand all the mac apps I've ran into that either (1) have to be installed while logged in as an admin, or (2) will only run properly (or completely) when logged in as an admin. And I count those developers as idiots for not knowing what they're doing and just assuming they have privs. Until Windows software approaches these numbers, I don't think we can call the Windows security model "fixed".

There are two things that most interest me here. First, Norton has been considered anything from "bad" to "poison" to OS X from the get-go. It's been known to create a wide variety of system problems, and in most cases, when OS X is misbehaving, and they admit they are running norton, the first advice they get is to remove it. (and "good luck removing it" to boot) Symantec has been of little help there, their first "removal tool" was 300+ lines of terminal commands, and still didn't completely uproot it. Their current removal tools are more effective and user-friendly though. So to see Apple RECOMMEND norton is something of a shock. I don't know of a single person in any of the mac support forums that recommends anything for Norton besides uninstalling it.

Second, I thought AV products don't "stack" well? Our PC tech here is constantly having problems with computers that come in and are running 2-4 AV software, and they're fighting like cats and dogs and crippling the system to where only a fresh install will fix it. From what I read on that Apple post, it sounds like Apple is encouraging you to install multiple AV software. And OS X already runs ClamAV doesn't it? Although I have yet to see such a thing get pushed out, I assume Clam can get updates via SoftwareUpdate? I seriously question where they're going by recommending you install additional (or possibly multiple) AV software.

Re:a way to make money

[deraj123]

Except the GP didn't say that it was easier to break into the system - he said that more people are going to try. I think he neglects to mention an underlying assumption that no software is perfect, and given enough time and effort, the chances of finding a security flaw that can be exploited is greater than zero in ANY piece of software. While this assumption won't always be true, it's completely reasonable for us to make it when considering the security of our systems - for we don't really have any way of disproving it for any particular piece of software.

Re:a way to make money

[TheRaven64]

It doesn't when you're talking about manual attacks, but it does for automated attacks. Compromise one Windows machine, and it's trivial to find a load more Windows machines to attack. Compromise one Mac, and it's much harder to find the next Mac to attack.

UNIX on the other hand was designed from day one to be networked multi-user OS, and security and separation of concerns was there from beginning.

Oh, this just makes me laugh. Operating system the first Internet worm ran on? UNIX. It wasn't until the mid '90s that people started saying 'UNIX Security' without laughing.

Re:a way to make money

[Anivair]

You're wrong. Market share has everything to do with how easy it is to break into a computer. They are, in fact, directly proportional. the easier it is to break in, the bigger your market share. Just ask Debian.

Re:a way to make money

[squiggleslash]

I wish people would stop parroting this fallacy all the time. Market share has nothing to do with how easy it is to break into a system.

Look at AROS! It has no security whatsoever, not even memory management between processes, so despite only having a hundred or so users, it must have zillions of virusses. But, of course, it DOESN'T. So far as I'm aware, nobody's bothered to write one, and it's unlikely any AROS virus would actually be effective.

All viruses require a reasonable level of market share to operate, because one of the principles they rely upon is a network effect, and you just plain cannot get a network effect without a decent market share. So marketshare is, very much, a pre-requisite for a successful virus. It's not the only one, but when people say "Mac OS X hasn't been attacked yet because it doesn't have enough marketshare", they're right. That's one fundamental reason. And unless you can show that any other reasons apply, it's likely to be the only reason.

If you have something like windows where security is bolted on after the fact, and OS that was never meant to be a multi-user OS connected to the internet (all these were added as features later on and done poorly) then you will have a system that is much harder to keep secure.

UNIX on the other hand was designed from day one to be networked multi-user OS, and security and separation of concerns was there from beginning.

It's frankly hilarious that Unix, on which the first worms operated, can be held up as some system that had security built-in from the start. It's also untrue that Windows, that is, the operating system known as Windows today, was "never meant to be a multi-user OS connected to the internet". Unless you're talking about Windows Me and its predecessors (98, 95, 3.1, et al), then that's completely false. Current versions of Windows (XP, Vista, 2003, et al) are derived from Windows NT, which was designed, from the beginning, to be "a multi-user OS connected to the internet".

In fact, Windows NT and its successors have a more advanced security model than Unix, allowing more than a separation of users and groups.

The issue with Windows is two fold. First, marketshare. And second, an over complex user-environment where too much functionality is available on the "user" side of the security wall. Both of these issues affected Unix up until the mid nineties, where its disproportionate share of Internet nodes and the amount of stuff running as the default user (which in Unix was root, which also happened to be the account with the most rights.)

There's little reason to believe that Mac OS X is protected from viruses by anything other than its low market share at this point. There's not a large enough group of users for network effects to take over. It is not an inherently secure operating system. The default user is generally set up with administration privileges, and it just takes a buffer overflow or other ordinary vulnerability in a client application like a web browser plug-in for a virus or worm to have complete access to the user's files, and enough access to be able to modify many of the applications the user is likely to run.

Fundamentally, Mac OS X has the same problem as Windows, and the same problem the "run-everything-as-root" Unixes did in the eighties and early nineties: too much functionality available to the default user. To fix this, you need to change the model somewhat. The very least Apple could do is set Mac OS X up so that the installer actively discourages setting up the default user as an administrator.

Re:a way to make money

[domatic]

I don't see this changing anytime soon, just due to the differing design philosophies inside the two systems. From the start of OS X, apps didn't just have free access to do as they pleased, they were restricted by a security model, and learned to develop in OS X under these restrictions, being forced to learn good coding practice.

There is another common stupidity that many Mac developers seem to have that still persists from the Classic days. Many OS X devs still act as though the user installing the app is the only one on the system. A good example is Adobe Reader. EVERY user that runs Reader for the first time will be pestered to enter an administrator password the first time the software is run. The only workaround is to copy some preference files into every home directory on the system and if there is an update to Reader then that has to be done again. Yeah, yeah, I know just use Preview but things like that happening are common. It isn't OS X' fault. There is provision for system wide app settings; it's just that OS X devs tend not to use them the way Windows devs assume everyone is an administrator.

Re:a way to make money

[notthepainter]

Even today I can count on one hand all the mac apps I've ran into that either (1) have to be installed while logged in as an admin, or (2) will only run properly (or completely) when logged in as an admin.

At a previous job I had the task of making the installer for our consumer level OS X product. I had to fight with management to get them to let me spend the time to get it installed both as a drag install and to do it without requiring admin accesses. (Our product installed an item in System Preferences so this wasn't a no-brainer.)

I eventually prevailed and coded it "correctly" and was quite gratified to read in reviews how good the installation process was. It can be done but the non-Mac managers mindset just often doesn't see the need for doing it the "Mac" way.

Re:a way to make money

[jsalbre]

From what I read on that Apple post, it sounds like Apple is encouraging you to install multiple AV software. And OS X already runs ClamAV doesn't it? Although I have yet to see such a thing get pushed out, I assume Clam can get updates via SoftwareUpdate?

I don't think they're suggesting that each machine run multiple AV systems, just that there are multiple AV systems in use among all machines, thus decreasing the chances that a virus can exploit a weakness in a particular scanner and remain undetected.

Also, OS X Server comes with ClamAV, but standard OS X does not. However, ClamXAV is available (completely free of course) for OS X and provides a simple way to install ClamAV and a GUI for management. I'm a bit surprised Apple doesn't list it on the recommendation page.

Re:a way to make money

[bkaul]

Second, I thought AV products don't "stack" well? Our PC tech here is constantly having problems with computers that come in and are running 2-4 AV software, and they're fighting like cats and dogs and crippling the system to where only a fresh install will fix it. From what I read on that Apple post, it sounds like Apple is encouraging you to install multiple AV software. And OS X already runs ClamAV doesn't it? Although I have yet to see such a thing get pushed out, I assume Clam can get updates via SoftwareUpdate? I seriously question where they're going by recommending you install additional (or possibly multiple) AV software.

I don't think they're recommending multiple AV installations on any given system, but rather a variety of AV programs being used by their user base at large. So, a virus writer will not be able to count on everyone having exactly the same configuration, and would have to plan to defeat a variety of AV programs if he wanted to ensure the effectiveness of his malicious code. This wouldn't be because all of them would be installed on a computer, but because any one of several would be installed, and he couldn't predict which.

Re:a way to make money

[chaim79]

Mid 90's? so win 95? how did the security of Unix compare to the security of windows 95?

Maybe they stopped laughing at Unix security because they found something else that truly showed how bad security could be. :)

Re:a way to make money

[VirusEqualsVeryYes]

Why create a virus that only hits 7% of computers when you can hit one that hits 85% of computers?

Yeah. Why achieve the fame and glory of being the first to write a real Mac OS X virus? Why feel satisfied in crushing the worldview of every Mac fanboy in existence?

There's just no draw.

Re:a way to make money

[vertinox]

I think he neglects to mention an underlying assumption that no software is perfect, and given enough time and effort, the chances of finding a security flaw that can be exploited is greater than zero in ANY piece of software.

I don't believe this to be true if enough focus on security is made.

Software can be made secure at the expense of functionality. Now this doesn't ever solve the problem of local access, but if you made your OS into a glorified terminal server, you can prevent automated attacks by restricted what the user can do by default.

Of course the user might be hindered somewhat, but sometimes that is the price to pay.

Re:a way to make money

[Mister+Whirly]

I recall people saying just the opposite when DOS for PCs was starting to become popular. Back then, people were writing worms for Unix systems, and there wasn't much "in the wild" for DOS. But no need to change your strategy as things obviously never change in the technology realm...

Re:a way to make money

[egomaniac]

It's Ctrl-Cmd-D. It will define the word under the cursor.

Re:a way to make money

[LandDolphin]

Market share will never come into the equation, it will always be the ease of making the virus.

Your absolute shows a lack of thoguht into the situation that is common in America (I am assuming that you're and American, me too).

Both "Market Share" and "Ease of Making the Virus" are reasons viruses get created. Both are factors into the equation, along with others I am sure. To say anything "will never come into the equation" is very short sighted and flat out wrong.

Re:a way to make money

[_Sprocket_]

All viruses require a reasonable level of market share to operate, because one of the principles they rely upon is a network effect, and you just plain cannot get a network effect without a decent market share. So marketshare is, very much, a pre-requisite for a successful virus. It's not the only one, but when people say "Mac OS X hasn't been attacked yet because it doesn't have enough marketshare", they're right. That's one fundamental reason. And unless you can show that any other reasons apply, it's likely to be the only reason.

Fair point. However, Mac OS X has far more market share than something like Aros. We're talking somewhere above 8% of the market right now. That's an appreciable install base and certainly worth targeting. By comparison, the Witty worm targeted (and infected) an install base of only 12,000 systems. So sure - install base might be a factor. But it is hardly the only one.

There's little reason to believe that Mac OS X is protected from viruses by anything other than its low market share at this point. There's not a large enough group of users for network effects to take over. It is not an inherently secure operating system. The default user is generally set up with administration privileges, and it just takes a buffer overflow or other ordinary vulnerability in a client application like a web browser plug-in for a virus or worm to have complete access to the user's files, and enough access to be able to modify many of the applications the user is likely to run.

Fundamentally, Mac OS X has the same problem as Windows, and the same problem the "run-everything-as-root" Unixes did in the eighties and early nineties: too much functionality available to the default user. To fix this, you need to change the model somewhat. The very least Apple could do is set Mac OS X up so that the installer actively discourages setting up the default user as an administrator.

Wait a minute here. Correct me if I'm wrong, but my impression is that the "administrator" setting of an account allowed sudo access. That's a little different than running as root. Is there something else going on in the Mac userland?

It should also be noted that we've heard these warnings before. The doomsday scenario has yet to come to pass. And while I agree that some of the perception of imperviousness is misplaced, I am also inclined to believe there's a bit more at work here than some critics want to believe.

Re:a way to make money

[LO0G]

Good points all, but I think you forgot one major aspect of the "market share" argument.

There hasn't been a true "virus" out there in the wild for years (to me, a true virus means self propogating malware - malware that modifies existing binaries and relies on those modified binaries being distributed). Instead there's a TON of malware intended on converting machines into botnet clients.

The vast majority of malware (maybe as much as 95% or higher) these days is really "crimeware" - software intended to aid in criminal activity (identity theft, click fraud,etc).

As a criminal, let's say that it's going to cost me $10,000 to hire some eastern european hacker to develop malware for my criminal enterprise (number totally made up). I get to chose which platform I have the hacker target - I can target Windows with 90% of the market, I can target OSX with 8% of the market or I can target Linux with 2% of the market (market share numbers also made up, but probably in the right ballpark).

That means that if I'm interested in profit (and this IS a criminal enterprise, so profit is the primary motive), I want to have my hacker target the platform with the highest ROI. That means that the hacker's going to go after Windows and ignore OSX and Linux.

As the Mac's market share increases, it is going to be an increasingly more attractive target for hackers, because the ROI is higher.

Re:a way to make money

[Me!+Me!+42]

Mmm, I don't think so.
AFAIK this has always been Apple's policy. All they did was update the posting slightly to show the latest leading commercial AV software. Here's the previous update from a year and a half ago. I assume it was just an update of the one previous to it. (I think you will find that it looks very familiar!)
http://web.archive.org/web/20080113164722/http://docs.info.apple.com/article.html%3Fartnum%3D4454
"Mac OS: Antivirus Utilities
Last Modified on: June 08, 2007
Article: 4454
This article describes the antivirus utilities that are available for the Mac OS.

Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one program to circumvent, thus making the whole virus writing process more difficult. Here are some of the available antivirus utilities:

Intego VirusBarrier X4
Publisher: Intego
License: commercial

Norton Anti-Virus for Macintosh (formerly SAM)
Publisher: Symantec
License: commercial

Virex
Publisher: McAfee
License: commercial

This article provides information about a non-Apple product. Apple, Inc. is not responsible for its content. Please contact the vendor for additional information.

Article 17159: "Locating Vendor Information" can help you search for a particular vendor's address and phone number. Keywords: ktech kmosx"

Re:a way to make money

[xbytor]

>I don't know why you want to wait,

Because, after a decade and a half running Windows of various flavors and several years doing tech support (aka virus removal specialist) part time, I've learned that keeping a Windows system clean takes more than a bit of common sense in addition to time and (possibly) money. Now that I'm on OS X, I just need common sense. I'm not going to waste any time or money on this "problem" until I hear of thousands of other Mac boxes going down in flames. When these dead canaries start being reported, I'll start paying attention.

Re:a way to make money

[Bobfrankly1]

Real virus writers are more concerned with making gobs of money with as little investment as possible. Mac doesn't play into that role yet, as the aforementioned marketshare is still small by comparison.

Also, virus writers are likely to stick to Windows for the same reason many users do, they already know it. Why spend the extra time learning a new OS to infect the minority when you can target the majority in much less time? That leaves you with so much more time to spend your pilfered moneys.

Re:a way to make money

[Too+Much+Noise]

Why create a virus that only hits 7% of computers when you can hit one that hits 85% of computers?

Yeah. Why achieve the fame and glory of being the first to write a real Mac OS X virus? Why feel satisfied in crushing the worldview of every Mac fanboy in existence?

There's just no draw.

The 90s called andd they want their virus-writer stereotype back. In case you haven't noticed, these days big viruses get written for money - huge botnet herds and all that. Search for it on /. if you're really that new here. There is also stealing CC info, but I'd guess the guys writing browser exploits have at least the 2 neurons required to look at the stats of the browsers hitting the sites they infected to see what targets make more sense to code for. Once it makes sense financially to add detection and infection code for Macs, there's little doubt that it will be added. It's a 'free market' and it will behave as such.

So, for glory and fanboy crushing, no draw indeed.

Re:a way to make money

[nsayer]

Windows NT, which was designed, from the beginning, to be "a multi-user OS connected to the internet".

[citation needed]

I will grant you that NT was designed to be connected to a network, but I find it incredulous that the designers had in mind a publicly accessible one, much less the Internet as we know today. Even Billy got it wrong in the first edition of The Road Ahead and had to revise his pontifications.

Re:a way to make money

[mrinvader]

AFAIK, OS-X processes run as the (nonprivileged) user, and only during software installation and system changes are user actions run as root. HAL implementations and things allow user interactions, such as a user being able to execute a dialup operation or to mount media. When a system update or a new piece of software is to be installed, or a system setting such as en/disabling a service, a dialog asks for the user's permission. Most better linux distros do this through sudo or it's guified variants. I almost NEVER am asked for permission to do something because I almost never make changes to the SYSTEM.

To play devils advocate, the same may be said for Fista, but Fista asks permission for EVERYTHING!! The user is so often annoyed by the stupid mother%$#@%%^# UAC bull%$#% that they no longer pay attention to whats going on requiring a priv elevation and just click (I agree)(I agree)(I agree)(I agree)WTF!?(I agree)(I agree)Leamme alone willya(I agree)(I agree)STFU i keel you(I agree)(I agree)(I agree)AGGGGGHHHHHHH THE %$#@!?(I agree)[DOOMSDAY] %&^%% NO CARRIER

That implementation is a recipe for disaster. I actually ship all Fista installs with UAC Off because it does no good anyway, plus, most remote control implementations don't work for %$%# under it.

Now, anything prior to Winders Fista, it's practically a hard REQUIREMENT to run as admin. Even something as harmless as Acrobat Reader will not run well without God privileges.

Re:a way to make money

[Penguinisto]

Depends - those "billions" of zombies have to be defended against other bot herders, are likely to have already been strip-mined of any useful identity information (e.g. the data has already been stolen and sold) and are highly liable to simply bog down and/or die, causing the owner(s) to get a clue and fix the thing(s).

Meanwhile, you still have all those Macs sitting there, with 99.9% (or so) of their owners perfectly oblivious to anyone putting it towards nefarious use.

Sure, you have to put more work in up-front, but once you get in, you get a much greater and more long-term return, and/or get some very quality information. Why? Well... one: the owner obviously has some ducats in his wallet - he bought a Mac. two: odds are very good that nobody else has pilfered the data. three: there's almost always enough resource horsepower to go around on a Mac, so you can get a lot done on one without alerting anyone --especially the owner/user-- that you're doing it.

No matter how you slice it, you simply get a better return on busting into OSX machines... but then, crims are usually too lazy to think such things through, no?

/P

Re:a way to make money

[_Sprocket_]

As a criminal, let's say that it's going to cost me $10,000 to hire some eastern european hacker to develop malware for my criminal enterprise (number totally made up). I get to chose which platform I have the hacker target - I can target Windows with 90% of the market, I can target OSX with 8% of the market or I can target Linux with 2% of the market (market share numbers also made up, but probably in the right ballpark).

That means that if I'm interested in profit (and this IS a criminal enterprise, so profit is the primary motive), I want to have my hacker target the platform with the highest ROI. That means that the hacker's going to go after Windows and ignore OSX and Linux.

As the Mac's market share increases, it is going to be an increasingly more attractive target for hackers, because the ROI is higher.

Sure - market share is one factor on ROI. But it's not the only factor. Another big part of ROI is how long you get to keep control of your target. If the target doesn't remain compromised very long, then you've wasted your resources (unless of course you only needed a short window - but that's implying a targeted attack and is beyond the scope of this conversation). The thing is, if you look at malware in the wild, you'll find that there are plenty of examples for Unix malware but they just don't survive long (with one exception - more on that shortly). This makes Unix platform poor ROI performers for bot herders to target.

Yet that 8% of the market issue still persists. Is that a significant enough number to warrant interest from malware producers? I don't see why not. An 8% market still a sizable number of potential hosts - far larger than most botnets. The Witty worm demonstrated that not only will small numbers be targeted, but doing so can be very successful. If the Mac's 8% were fertile territory, it would be very much in a botnet herder's interests to target it.

We know 8% market share is suitable because botnet herders are going after smaller targets; namely the 2% Linux market. But there's some caveats to this. First - we're dealing with a very different mode of attack. Researchers at Sophos believe that the attack involves a 6yr-old piece of malware - a virus called Linux/Rst-B. But the interesting thing is that if the virus is being used, it's as something of a simplified rootkit. Hosts are either being intentionally infected by this virus to provide a quick root shell or the attackers are moving around tools that are unintentionally infected. In either case, the existence of this malware is due to an already bad situation. Secondly, we're probably not really dealing with 2% - its more like ~12% of the server market. So we're dealing with a larger market share but hardly the largest (still a strike against marketshare driving attacks).

So what is making Linux worth the ROI? Smaller numbers. Compromised Linux hosts are providing stable controllers for botnets. As one needs fewer controllers than zombies in a botnet, Linux fits the bill nicely. All one needs is a mismanaged server on a stable link and a controller is gained.

So what do we get with all this? Marketshare isn't the driver that people make it out to be. Numbers are important. But there are additional factors that add weight to that importance. In the end, it's all about ROI. And that determines whether a platform makes a good target.

Re:a way to make money

[svank]

The only computer that is guaranteed to be secure is one that is encased in concrete and dropped to the bottom of the ocean.

Not if it's encased with a large battery and satellite connection to the Internet.

Re:a way to make money

[node+3]

All viruses require a reasonable level of market share to operate, because one of the principles they rely upon is a network effect, and you just plain cannot get a network effect without a decent market share. So marketshare is, very much, a pre-requisite for a successful virus. It's not the only one, but when people say "Mac OS X hasn't been attacked yet because it doesn't have enough marketshare", they're right. That's one fundamental reason. And unless you can show that any other reasons apply, it's likely to be the only reason.

This is called critical mass. The fact that there's a very healthy third-party developer market for OS X is strong evidence that it's reached a sufficient critical mass to attract virus writers. The fact that there are trojans out for OS X is strong evidence for such critical mass.

So, you must be wondering, why aren't there any actual viruses for OS X? It's because they're too damned hard to write. Trojans? No problem. Worms? Sure, but they won't be long-lived. Viruses, though, on OS X are a nut that's yet to be cracked.

People always like to bring up how most malware is meant to earn money, or that most people use Windows, so it's a bigger target. This only explains why OS X has less viruses than Windows. What it doesn't explain is why OS X has no viruses. You'd expect at least one or two, if for nothing else than the fame and to take Mac users down a peg.

The very least Apple could do is set Mac OS X up so that the installer actively discourages setting up the default user as an administrator.

You do not understand how Mac OS X operates. Admin accounts are not the same as the user Administrator or the group Administrators (on Windows), nor the same as root on Unix. They are basically equivalent to a Unix user in the sudoer's file. You have to enter your password to elevate your privileges, just like you do in Unix, and similar to what you have to do in Vista (although the OS X/Unix way is a bit more secure in that someone can't just walk up to your unlocked computer and start wreaking superuser havoc without your password).

Not suprised

[SchizoStatic]

Well what do they expect they start to get a larger market share they start to be the target of more blackhats.

Sophos

[gammygator]

I've been running Sophos on both my Macs for a year or so... Not so much because I felt I needed them... but because I come from the PC world and felt nekked without an AV program... and my work covers the license costs which made the decision a no brainer.

Interestingly enough... to date, they have only detected MS based viruses.

Re:Sophos

[gEvil+(beta)]

Interestingly enough... to date, they have only detected MS based viruses.

When I ran a lab of Macs several years ago, we ran AV software on all the machines. It was mostly there to strip out the Word macro viruses that students would bring in from their home computers. I'm not aware of the software catching any viruses that could actually have done anything to the machines themselves.

Re:Sophos

[SaDan]

The only Trojan I've ever seen for Mac was in a Word document macro years ago. The payload was empty if you opened the file on a Windows system, but on a Mac system it would try to wipe the drive.

Let the flame wars begin

[m0s3m8n]

Yes Apples can get malware (general term) if you are a complete dumb ass. Until self-propagating zero-interaction attacks appear, leave me alone.

I don't need a virus to affect my system

[Shivetya]

I have Quicktime.

Does a Mac AV program really do anything?

[grapes911]

Don't those AV programs mostly scan for Windows viruses on the Mac so you don't pass around those viruses to Windows users?

Re:Does a Mac AV program really do anything?

[FictionPimp]

That is what I always thought, in fact looking at clamXav it appears to only scan for windows viruses.

Re:Does a Mac AV program really do anything?

[kimvette]

It also detects apache worms. Back in the day SuSE shipped with a vulnerable Apache build and I had to clean a server. ClamAV made it simple to remove the worm, without my having to prune every directory by hand.

Old document

This story is just wrong. That document is several years old. Apple advises to install security software since years. They just added new names for recommended software products and therefore updated the issue date on the document.

Re:Multiple antivirus products?

[Geoffrey.landis]

Not multiple antivirus products on the same machine!

Having multiple products deployed mean that the virus programmers have different applications to circumvent. But that's multiple products on different machines-- you wouldn't expect one user to run all of the anti virus products on one machine.

a necessity

Well, duh... With the Apple CEO engaging in the unhygienic practice of peeing on all the hardware before it ships, no wonder users are being advised to get some sort of protection against pathogens.

Or was that the Mapple CEO... meh, they probably all do it.

Makes sense in heterogenous networks

[bomanbot]

Well, aside from the fact that this Apple support document is not exactly brimming with information, using an antivirus program on a Mac makes perfect sense in a mixed environment with other operating systems.

Although your Mac may be safe from the vast majority of malware stuff circulating right now, it can still spread them around and infect for example the other Windows machines on the network (those Microsoft Office macrovirus infections are a good example).

Also, with all the nice virtualisation programs available on the Mac and BootCamp, it makes sense as a Mac user to be more aware of potential malware problems , although then the antivirus solution should be inside that environment, I think. Also those antivirus programs open up a whole other can of worms, because those antivirus companies are splendid examples of honesty and efficient programming, as we all well know :)

Re:A good sign for Apple

[Yvanhoe]

Stop this myth. It has more to do with ease of attack than market shares. There used to be (I don't know the numbers these days) more than 50% of servers on various unix. Still close to no virus there (and, I believe, none active).

1% of the market share would still make a valuable bot-net. Even 10% of this 1%. It translates into cash money. If it were easy, some people would have done it.

Re:Herd Immunity

This doesn't apply. Macs are not an isolated community. They share data and documents freely with Windows systems, just as Linux systems do. The reason why there are fewer viruses for MacOS is similar to why there are fewer botnets that run on Linux servers.

Antivirus and antispyware protection is like putting buckets in the attic, instead of fixing the roof.

Re:Oh Shit

[Aphoxema]

You have strange ideas of trustworthy sources for 'facts'.

If you listen carefully...

[scubamage]

...you can hear the heads of a million fanboys going poof!

My campus requires it

[tecker]

The college I attend actually requires all mac users to install Symantic Corporate to be allowd on the network. Their justification is that this will prevent WINDOWS virus from passing through macs and then hitting the Windows boxes as the mac users send them on. We have a good security team and I can understand why they would want to do this.

As macs are being used in Enterprise environments they can harbor virus infected files silently before going back into the network. One computer that missed new definitions can be taken down when that file gets passed to it. Its up to you but if you are in Enterprise situations you better comply.

As for multiple AV systems, that is retarded. They will fight for resources and cause performance to be brought down. Just pick one and run with it. If you want.

Re:Herd Immunity

[maztuhblastah]

The only reason macs have been able to get away with claiming such great security records (statistically) is herd immunity.

Indeed. Just look at Linux. It had a great security record up until the start of this decade. Then, once it gained a lot of popularity on servers, we started to see millions of infected Linux servers, linked together in botn...

Oh. Well damn. It seems that despite being the near ideal target for virus-writers (always on, very fast links, powerful hardware), the most popular server platform on earth doesn't have a major virus problem. Huh. Maybe an OSs security record isn't directly linked to its popularity...

Um huh? Apple has always recommended protection

[falcon5768]

Hell they even gave it away with old .mac accounts. And apple support always had lines saying to use protection. How is it all of a sudden new? They have been saying to use protection for YEARS now.

Re:Um huh? Apple has always recommended protection

[Golias]

Hell they even gave it away with old .mac accounts. And apple support always had lines saying to use protection. How is it all of a sudden new? They have been saying to use protection for YEARS now.

Very true.

And I've been ignoring the recommendation for years now. Guess which AV app I'm going to install today.

That's right. None. Running an AV program on a Mac makes about as much sense as using a rope to tie down your car every time you park it in your garage.

Re:Um huh? Apple has always recommended protection

[Prien715]

They have been saying to use protection for YEARS now.

And yet, AIDs is still an epidemic.

Re:Um huh? Apple has always recommended protection

[jeffasselin]

Correct. They've always had a similar article, listing antivirus solutions. This is just an updated version with current products.

Re:Herd Immunity

[TheMeuge]

"Herd Immunity"

You keep using that expression. I don't think it means what you think it means.

Re:A good sign for Apple

[elrous0]

Very few virus writers target servers, Unix or otherwise, because they're generally not admined by some grandma in Albany who will open an exe file sent to her by a stranger with the subject heading "I love you."

Re:Admin user

[SuiteSisterMary]

Well, that's the issue. You've been able to write software for Windows that allows for non-admin since 1999. My Documents, no user files in Program Files, non-admin logins, the whole nine yards.

But, of course, developers are lazy. They don't want to write proper software.

Can Microsoft force it? Of course. They tried it with Vista and UAC; pop up a little 'fuck you' every time a program does something the Windows 95 paradigm. And they got raked over the coals for it.

It's in the Details

[jDeepbeep]

If you follow the apple store link in TFA, it's interesting to note the description for the first product (Intego VirusBarrier X5) says this:

Now that you've installed Windows on your Intel-based Mac, you're vulnerable to a whole new range of security threats: Viruses, spyware, adware, and hackers are all waiting to compromise your Windows setup. No matter if you're running Windows in Boot Camp, Parallels Desktop, or VMWare's Fusion, it requires Windows-specific protection. VirusBarrier Dual Protection is the answer. It provides security for both Mac OS X and Windows, ensuring that you'll have total protection for both operating systems.

Re:"Apple Quietly"??

[Bearpaw]

Any information release by Apple that doesn't occur during a Special Event seems to be suspect.

("In other news, Steve Jobs quietly blows his nose. Will this fuel more concerns about his health?")

Re:Herd Immunity

[UnknowingFool]

The only reason macs have been able to get away with claiming such great security records (statistically) is herd immunity.

I think that's a bit of faulty reasoning. For though Macs are a small percentage of the computers, they still represent millions of consumers. If that reasoning was correct, since Macs and Linux represent X% of users, they should be getting X% of viruses. By their nature they don't get viruses mainly due to the nature of their OS that programs can't autorun without permission. As demographics go, they also represent more affluent consumers. So more likely Macs will be the targets of malware as opposed to viruses.

A way to make news.

[Ostracus]

Agreed, however this is still news because the platform is under such control by Apple. They could quietly and easily put not only hardware and software in place. But implement more effective procedures in their software process to make security tighter. And we wouldn't be the wiser.

Re:Multiple antivirus products?

[somersault]

you wouldn't expect one user to run all of the anti virus products on one machine.

It seems you've never had to do IT support for any rich old clueless porn addicts. Lucky you.

Re:Herd Immunity

[TheRaven64]

Yup, no Linux viruses in the wild. I take it you missed the articles that periodically appear about Windows worms being spread via compromised Linux servers starting around 2001?

ClamAV is included with Mac OS X Server

[Gary+W.+Longsine]

ClamAV is included with Mac OS X Server, but not the desktop Mac OS X.

Also, it doesn't appear that Apple is recommending that a user stack more than one AntiVirus package on a given system, rather, they are refraining from picking a single package so that the market is heterogeneous. This affords better protection to the herd as a whole. I agree the technical bulletin is a bit ambiguous on this point.

Windows security model

[alexhmit01]

The issue with Windows is two fold. First, marketshare. And second, an over complex user-environment where too much functionality is available on the "user" side of the security wall. Both of these issues affected Unix up until the mid nineties, where its disproportionate share of Internet nodes and the amount of stuff running as the default user (which in Unix was root, which also happened to be the account with the most rights.)

No, the Windows problem was that to migrate from DOS + Windows shell to Windows NT, was a slow, painful 10 year process with LOTS of growing pains. Windows 4.x series (Win95, Win98, WinME) were supposed to be a singular OS before the transition to NT, and was created because the uptick to NT 3.51 was low because of the RAM requirements. The original plan was 3.1 for home users, NT 3.1 for "Workstations," and Win32s was released to let people target both OSes.

As we moved through Win 3.11 w/ Win32s -> Win95 -> Win98 -> WinME, the NT systems grew in popularity. Lack of advanced DirectX support prevented NT 4.0's being the transition, Win2K was close but price kept it out, and WinXP finally merged the OSes. By that point, it'd been 8 years or so since the first 32-bit programs came out. The ones targeted mass market, originally Win32s, and later Win95/NT4 libraries, were generally assuming the consumer version. On the consumer Windows, there WAS NO SECURITY model, so it was common for applications to assume lots of access. This meant that while NT 4.0/Win2K gained market share and had the security model from the NT system, the security wasn't used and users had full access to the drive, because the alternative was broken software.

To not break applications from 1995 - 1998, in the early 2000s we were still shipping OSes with most of the system being world writable.

So while Windows possessed a security model that could work, in practice, it was never implemented, because it required locking down the system on each system, so instead of protecting OS directories, we used the "bolt on" security like Group Policies, etc., to prevent users from doing things. I worked with a bunch of Citrix systems in the late 90s, and we were able to lock down those machines, because you were only talking about locking down a single machine or two, and the defaults were more reasonable. There was PLENTY of software that wouldn't run under Winframe 1.x/2.x gold (2.0 never shipped, Microsoft pulled the license, then bought it to ship Terminal Server and Citrix moved the addons into Metaframe), not because it required the NT 4/Win95 libraries (we could always confirm that using 2.0 Gold that was NT 4 based), but because it made assumptions about access that was reasonable for Win 3.11/Win95, but not NT based OSes. Citrix, targeting big budget Enterprises could get away with that, Microsoft reaching the entire market could not.

I assume that this has been fixed in Vista, but I haven't used it, I switched to Mac OS X in the mean time.

Re:Windows security model

"I assume that this has been fixed in Vista, but I haven't used it, I switched to Mac OS X in the mean time."

Isn't it funny how so many people here admit to not having used a Windows operating system since 3 or 4 versions ago, yet they also seem to be "experts" on how Windows security works. That would be akin to a Windows user complaining about how crappy Macs are now because OS 7.5 was so sucky.

Re:Herd Immunity

[meringuoid]

"Herd Immunity": You keep using that expression. I don't think it means what you think it means.

It's just misspelled. 'Hurd Immunity': a system gets no viruses because it has no users.

I've got to call cough! *bullshit* cough!

[gordguide]

Apple has NEVER not recommended users install AntiVirus software. One of the first benefits of subscribing to Apple's DotMac web service, a service that is roughly as old as the first Gold Master release of OSX itself, was a complimentary copy of AntiVirus software (McAfee Virex 7.0, released September 2001).

The offer only applies to v7x; which no longer compatible with the latest OSX version, which probably goes a much longer way to explain why Apple is now recommending users install their own choice of a competitive application.

The most recent ad campaign, which does mention vulnerabilities to various malware on Windows machines, comes after more than two decades of people clamoring for Apple to do just that in it's marketing and sales literature. Rather than all of a sudden "quietly" recommending AV software, Apple has always (quietly) recommended it.

The (very lightweight) BBC article comes across as written by someone who only recently started paying attention to Apple, perhaps after her dad bought her an iPod in Journalism school.

They've had it too good for too long...

[dannydawg5]

Well, if there's group of users that has been told repeatedly that their computer is safe from viruses, that it "just works," and that they don't need to be concerned with computer threats of any kind...it's Apple users. Sitting in their offices, wearing their turtlenecks and sipping their lattes, the only thing about phishing they've heard about is that it happens to other people. Uglier people. They're not used to having to defend themselves, not like Windows users. Windows users have a battle-scarred paranoia...they've seen worms that can rewrite their BIOS, steal their credit cards, and kidnap their firstborn. Their 50 yard stares have been earned by fixing their mom's computer for the eighth time this month, and damnit if they're going to lose another computer to some Ethiopian scammer...not after the last time. Their nightmares are the stuff of Steven King novels, the earlier stuff with lovecraftian clowns and superplagues that are the start of apocalyptic battles between good and evil. Their best days on the internet involve life and death struggles against the next pop-up, because it might be their last. Ironically, Mac users have never had to live with the terror that clicking on that "win a free iPod" might just cause their computer to explode, spamming their grandmother with anal tranny porn on its way out. Maybe it's time they should... ...wait, what the hell was I talking about?

Re:Symantec *IS* the virus

[Macrat]

takes up 30% of the CPU.