Apple Says Macs Are Safe, No Antivirus Needed

lobridge writes "Over the last two days multiple news feeds (and Slashdot) have been reporting that Apple has been quietly recommending antivirus software for their machines. It appears now that Apple has deleted an entry on their forums that suggested this and are saying that Mac computers are 'safe out of the box.'"

Re:Safe... until

[AKAImBatman]

Safe out of the box... that is until a user starts clicking on things.

Even after the user starts clicking on things, Macs are generally safe. The user must explicitly punch holes in their system to create most vulnerabilities.

Honestly, the original tech note struck me as an attempt by Apple to say something that Apple politically couldn't say: Mac antivirus software primarily protects against Windows viruses. If Windows exists on your network or runs on your Mac via virtualization, your windows systems will be safer if you run Mac antiviral software. (Macs can't get infected, but they can be carriers!) Thus running antiviral software is a "good idea" and presents "one more program" that must be defeated.

Of course, once the press got wind of this poorly worded tech note, it made more sense for Apple to simply pull it rather than take the political hit of wording it correctly.

Re:Bullshit

[TheLostSamurai]

I browse the web using telnet. Sometimes I do have to break out my calculator to handle https sites.

You jest, but having written several web server applications in the past, I have essentially had to browse web sites via a console interface in order to debug my programs. You actually get used to reconstructing the web page in your head, much like web developers can see their sites when writing code.

Why don't they recommend common sense

[dedazo]

That's what I've been using with various versions of Windows the last 12 years and I've never had any problems.

Security updates

[Jabbrwokk]

Good point, after reading your post I ran Software Update on my Tiger machine at work and found a 72.5 MB security update waiting to be downloaded and installed.

And most of the updates seem to be the kind of stuff that gets patched on Windows machines.

I guess Apples and PCs have many of the same security issues, the difference is that fewer people care to exploit them on Macs and also that it's easier to take advantage of click-happy users on a Windows computer to pull off an exploit. "Durr... naked pictures of Britney? CLICKCLICKCLICKCLICKpwned."

Re:Better title

VIrologists might prefer that you use virii.

A computer virus is not a virus, but rather something new so go ahead and make up a new word with an arbitrary plural form.

That way, virologists can search databases for viruses safely without worrying about contaminating hits for references about virii.

Re:Safe... until

[LordKronos]

Not yet been invented != Not yet been named and publicized

The strength of Mac

[guruevi]

The strength of Mac against viruses lays solely in the use of very stable FOSS solutions for the basics (very close to stable Debian versions) and then building on top of that (Aqua, CoreAudio, CoreImage etc. don't have any links to sockets). Really, what services CAN lay bare on a Mac to the internet: SSH (OpenSSH), E-mail (Postfix), Webserver (Apache). On the program side, you have Safari (Webkit) or Mozilla with Flash (Adobe) or Java (Sun) and those don't come above user level without requiring extreme interaction from the user (passwords). There is no such thing as ~/Library/StartupItems or ~/Library/LaunchDaemons and you need to become root to put stuff in /Library.

Of course as soon as a vulnerability is reported the community fixes it which trickles down to other vendors like Apple, RedHat etc. and many of those vulnerabilities for Apache or Postfix are hardly exploitable or only for rare setups (usually buffer overflows which could lead to an exploit if somebody was savvy enough to analyze all of them and see where they have space enough to load their own stuff and then call it too).

To have a successful attack on a Mac would also mean that you can successfully attack Linux or other Unixes or it would require a serious bug in certain programs (like Safari or Mail) which also allows to unnoticeable have a huge payload to replace things like Safari with a 'hacked' version or implement a plugin that does something weird.

Re:PR move

[prockcore]

OS X (and other BSD based OS) and Linux are based on different design principles and mostly immune to viruses.

OSX might be immune to worms, it is *not* immune to viruses.

Here is how OSX is wide open to viruses: I put out a shareware app that does something useful on the mac. When you download and run the program, it first infects a random app in your applications folder, like iTunes, then does whatever it was supposed to do. When you next run iTunes, it too infects a random app in your applications folder, and so forth. Soon, all of your applications are infected, and you don't even know about it.

This is possible because the default user can write to the applications folder without needing a password. Thus any application you run on OSX can silently modify iTunes, Safari, iPhoto, whatever.

Re:Wrong, and bad summary, as usual

[daveschroeder]

E.g.:

Symantec: The attached installer will automatically update Norton AntiVirus for Mac virus definitions and engine files to detect and repair the most recently discovered Macintosh and PC viruses.

Sophos: Integrated cross-platform virus detection means Windows viruses can be deleted and cleaned on a Mac OS X computer.

Re:Wrong, and bad summary, as usual

[ThrowAwaySociety]

Nice post, but you have one MAJOR fallacy included.

Wrong. Totally wrong. Mac antivirus software ONLY scans for W32 viruses as those are the only payloads that there are definitions for.

Wrong. Totally wrong.

http://www.symantec.com/security_response/threatexplorer/azlisting.jsp?azid=O

Yes, there are fewer than a dozen OSX.* malware variatns for which definitions exist, and most of them are essentially never seen in the wild...but that's infintely more than none.

Something to try:

[kuzb]

Next time you think operating system XYZ is so secure that nothing unwanted can get in, go to defcon, turn on your laptop and it's wifi and connect to the local access point. I give you 10 minutes before someone is downloading all your porn.

People who think anything is immune on a network are laughable.

Re:Safe... until

[p0tat03]

Correction: You use Windows because it's what most programs *you know* run on. I've converted from Windows a long time ago and I can do everything I did on my old machine on the Mac. Ripping CDs? No problem, UI is better too. Web design? Photo manipulation? Video editing? Yes, yes, and yes. Coding, watching movies, playing music... need I go on?

Re:Safe... until

[p0tat03]

I left the ridiculous upgrade cycle behind a long time ago. When I got into college (still into PC gaming at the time) I made the mistake of buying a clunker of a "gaming laptop". Never again. My laptop is for work and for mobility, I have an Xbox 360 at home for a good reason.

But you're right, gaming isn't great on the Mac. But if you're talking about productivity tools - office suites, IM/chat, etc etc, the Mac is in every way comparable to the PC, and in many cases superior.

Re:Safe... until

[quarkscat]

And why would you PAY for anti-virus software, when even the big commercial AV vendors cannot protect against zero-day viruses? For Mac OS X, check out: ClamXAV and for other UNIXes try: ClamAV They are both based upon the same anti-virus scan engine, and both make use of anti-virus definition files which are updated DAILY (see "daily.cvd" on these websites. As far as the Mac OS X platform NOT being vulnerable - don't you believe it for one minute! I have a PPC-based Mac, a Ti Powerbook that is running 10.5.5 (as an update from 10.3.9, not installed to a bare disk.) I generally have it "locked down" pretty well, having had made use of Apple's security guidelines PDFs from their website. Not very long ago, I visited some "naughty" websites, and my computer "caught" something. I cannot say that it was a virus or a worm, but it DID catch something. A portion of the display (a rectangular section in the middle of the screen) went blank, and I found that I could not shut down the laptop, even using the "kill -9" routine as the root account user. Finder had been corrupted (in memory only, praise bob). I resorted to disconnecting power, AND removing the battery, which I left out for nearly 2 hours (to make certain that all its' memory had "zeroed out". When I replaced the battery, reconnected the power cord, and booted up,, I found that all appeared to be normal. I immediately downloaded the most recent "daily.cvd" (see above), and scanned the entire hard disk for viruses. None were found, and since that time I am confident that "whatever" struck my laptop was only able to affect program memory. I also use a free version of "Tripwire", and it could not find any files that had become corrupted. (This is not a fast process, I can assure you of that!) I am convinced that I was hit by a virus or worm, and that I was able to expel it from my computer. Unfortunately, Apple has done a number of things to make it far easier for a virus or worm to strike the Mac platform. Switching to the i386 from the PPC was okay, except that Apple has been messing with the OS in bad ways: (1) changing the built-in firewall from a root-based service to an application, then (2) including Google verification in Safari without allowing the user any means of altering or disabling this feature, AND then (3) beginning to incorporate Win32 compatibility with the inclusion of .NET libraries. The Mac OS X platform has not become less vulnerable, but way more so (IMHO).