Slashdot Mirror
Apple Says Macs Are Safe, No Antivirus Needed
lobridge writes "Over the last two days multiple news feeds (and Slashdot) have been reporting that Apple has been quietly recommending antivirus software for their machines. It appears now that Apple has deleted an entry on their forums that suggested this and are saying that Mac computers are 'safe out of the box.'"
The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, running antivirus software may offer additional protection.
Windows Vista is full of "protection", but I use antivirus on that as well. I love MacOS X, and I'm sure it's more secure, but there will be viruses and other malware on MacOS sooner or later.
By the way, isn't it ironic that Apple is still offering ClamXav for download on their own website?
Nice long post, but you have one MAJOR fallacy included:
Wrong. Totally wrong. Mac antivirus software ONLY scans for W32 viruses as those are the only payloads that there are definitions for. You run that as a dontation of CPU cycles to your clueless Windows running counterparts who can't be bothered to run an OS designed from the ground up for multi-user networked security (like Linux, BSD, or as a result, MacOS)
My Babylon
Wrong. Totally wrong. A cursory search of the Symantec (for example) DB shows a number of Mac specific attack signatures, including a fun looking AppleScript mass-mailing worm, an OS-level buffer overflow vuln, etc. A tiny minority of the total, sure, but not zero.
OS designed from the ground up for multi-user networked security (like Linux, BSD, or as a result, MacOS)
Pull the other one, it's got bells on! BSD I can maybe buy, but Linux is no more "designed from the ground up for multi-user networked security" than XP. Single root user with unlimited power and an unchangable ID? Overly coarse-grained FS ACLs? The problem with Windows isn't the design (at least, not in anything post-NT), it's the fact that most installations intentionally defeat the security model to make things "easier".
---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"
Here's a better article that's less inflammatory and also contains a statement directly from Apple:
"We have removed the KnowledgeBase article because it was old and inaccurate," an Apple spokesman said in an e-mailed statement. "The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100% immune from every threat, running antivirus software may offer additional protection."
Sounds a bit more reasonable than the story text posted here on Slashdot.
Sapere aude!
Ok,
but read the DB closely:
So, its been detected at somewhere in the area of 1 or 2 sites. Ever. Not really losing sleep over it, but I'll concede the point that there kinda sorta is one virus definition in the virus scanner.
the second one isn't even protected against by the AV software.
My Babylon
Hey. If you wiki you will see that there are viruses for Linux (I think the count is 4000ish), and below is a link to at least one Mac virus that I could find on Wikipedia (one search, I am lazy)
http://en.wikipedia.org/wiki/NVIR_(computer_virus)
I agree strongly with the sentiment that Antivirus for Linux and MacOS are largely to protect against spreading windows virii
If you pass along an infected e-mail you are spreading a virus that could have stopped with you.
Another point to consider is weaknesses in other applications such as flash, Macoffice, silverlight (wich has a Linux beta) and so on.
OS vulnerability (or lack thereof) is only part of the puzzle.
If you are running apache php and firefox a simple script will crash your whole system regardless of OS.
A simple script along the lines of while $value is less than 1000000000 do value+1 and echo "the value is".$value
(I put in an EXTREMELY simplified version since /. did not want to show the full script, but most of you guys should get the idea)
In fact I embedded it in php and I caused my machine to run out of memory and lock up by simply accessing localhost in firefox. This is on an ubuntu box, running apache and FF with PHP.
If you are creative you can get up to a lot of mischief, regardless of platform.
Seven Days with Ubuntu Unity
below is a link to at least one Mac virus that I could find on Wikipedia (one search, I am lazy)
http://en.wikipedia.org/wiki/NVIR_(computer_virus)
I agree strongly with the sentiment that Antivirus for Linux and MacOS are largely to protect against spreading windows virii
If you pass along an infected e-mail you are spreading a virus that could have stopped with you.
The NVIR virus last worked on MacOS 8, it didn't work under MacOS 9 and it certainly doesn't work under Mac OS X. Basically the last operating system it worked on was obsolete over 10 years ago. There are no current Mac OS X viruses in the wild.
In regards to spreading Windows viruses yeah I feel bad for Windows users but I won't spend my own money and processor cycles on worrying about their systems. If they want to protect their systems then they should take steps to protect themselves. They could also dump Windows and get an operating system that isn't so ridden with viruses and malware. That's their own choice and problem, not mine.
Sapere aude!
Does ANYONE RTFA?
Oh, I forgot! This is Slashdot.
Apple pulled the tech note because it was OUTDATED, not because they wanted to "censor" it.
The "real" question is "Why was this a 'story' in the first place?" I believe it was 'planted' by Microsoft, to attempt to derail serious holiday Mac purchasing, by sowing the seeds of FUD.
Show me even ONE true worm-type virus for OS X, and I will entertain the idea that there is something "there".
Until then, it's just disingenuous FUD. (Which I think is the only kind of FUD available)...
fyi, it really is "viruses", not virii.
If Apple was serious about security, they would have you make a user account and an admin account. This run as admin by design crap is silly.
I think you are confused about what an "Admin" account is on Mac OS X. It's not really an admin account, but a user that through sudo can temporarily have super-user access. There is no need to create separate account because without an explicit user action, the account has no special privileges. As a matter of fact, there is no root user unless you go out of your way and adding a root user is actually less secure. It's a UN*X thing, not a Mac thing and debian/Ubuntu work exactly the same way.
Some privacy policy Slashdot.
Well, as my Admin account, I can download an application and drop it in my Application folder. No password is required. Now I can run that application and it can access /Library /Applications, my files, etc. It would stand to reason it could also replace apps in the /Application folder with compromised ones without issue.
With my non-admin account, it prompts for an admin password before letting me copy files in to the /Applications folder.
In fact from apples own security guidelines document they state,
"Each user needing administrator access should have an administrator account in addition to a standard or managed account. Administrator users should only use their administrator accounts for administrator purposes. By requiring an administrator to have a personal account for typical use and an administrator account for administrator purposes, you reduce the risk of an administrator performing actions like accidentally reconfiguring secure system preferences."
Seems to the the admin account lets you do some pretty dangerous things without realizing they are dangerous. Like maybe run a script that installs a comprised version of a application.
This is different then ubuntu. In ubuntu you can not simply copy files from your desktop into /usr/local/bin and let anyone run them. You have to specify your password.
Running as an admin is OSX is not a good practice.