Apple Says Macs Are Safe, No Antivirus Needed

lobridge writes "Over the last two days multiple news feeds (and Slashdot) have been reporting that Apple has been quietly recommending antivirus software for their machines. It appears now that Apple has deleted an entry on their forums that suggested this and are saying that Mac computers are 'safe out of the box.'"

Safe... until

[revlayle]

Safe out of the box... that is until a user starts clicking on things.

Re:Safe... until

[cslax]

But but but... It just works!!

Re:Safe... until

[AKAImBatman]

Safe out of the box... that is until a user starts clicking on things.

Even after the user starts clicking on things, Macs are generally safe. The user must explicitly punch holes in their system to create most vulnerabilities.

Honestly, the original tech note struck me as an attempt by Apple to say something that Apple politically couldn't say: Mac antivirus software primarily protects against Windows viruses. If Windows exists on your network or runs on your Mac via virtualization, your windows systems will be safer if you run Mac antiviral software. (Macs can't get infected, but they can be carriers!) Thus running antiviral software is a "good idea" and presents "one more program" that must be defeated.

Of course, once the press got wind of this poorly worded tech note, it made more sense for Apple to simply pull it rather than take the political hit of wording it correctly.

Re:Safe... until

Whoa...hold on there,son. The fact that they publish security updates proves them wrong.

Maybe there aren't many (or any) viruses, worms and whatnot targeting the platform today, but they will come, and when they arrive, it will be a good idea to have some protection installed beforehand. A relative few will still get infected before the AV industry can react, but the rest will be safe as soon as a definition update appears that detects the threat.

Re:Safe... until

[JustinOpinion]

something that Apple politically couldn't say: Mac antivirus software primarily protects against Windows viruses

Considering that Apple runs ads that directly state that "PCs" get viruses whereas "Macs" do not, I don't see why they would mind saying roughly the same thing in a tech note.* Seems to me that they have already taken a pretty visible stance on that political issue.

That having been said, I suspect you are right: once this whole issue blew up, it was safer to completely distance themselves from the original tech note, rather than try and explain why they had originally issued it.

[*] Conceivably the tech note was written by some lower-level employee who didn't want to say something controversial. So instead he/she left it vague and just suggested that "antivirus is a good idea" and so on.

Re:Safe... until

[revscat]

Maybe there aren't many (or any) viruses, worms and whatnot targeting the platform today, but they will come, and when they arrive, it will be a good idea to have some protection installed beforehand.

People have been saying the same damn thing for 8 years. "Just wait, one day OS X will get a virus. You'll see."

Ok, well, after hearing this for almost a decade I'm kinda starting to get skeptical.

Re:Safe... until

[AndGodSed]

Hey. If you wiki you will see that there are viruses for Linux (I think the count is 4000ish), and below is a link to at least one Mac virus that I could find on Wikipedia (one search, I am lazy)

http://en.wikipedia.org/wiki/NVIR_(computer_virus)

I agree strongly with the sentiment that Antivirus for Linux and MacOS are largely to protect against spreading windows virii

If you pass along an infected e-mail you are spreading a virus that could have stopped with you.

Another point to consider is weaknesses in other applications such as flash, Macoffice, silverlight (wich has a Linux beta) and so on.

OS vulnerability (or lack thereof) is only part of the puzzle.

If you are running apache php and firefox a simple script will crash your whole system regardless of OS.

A simple script along the lines of while $value is less than 1000000000 do value+1 and echo "the value is".$value

(I put in an EXTREMELY simplified version since /. did not want to show the full script, but most of you guys should get the idea)

In fact I embedded it in php and I caused my machine to run out of memory and lock up by simply accessing localhost in firefox. This is on an ubuntu box, running apache and FF with PHP.

If you are creative you can get up to a lot of mischief, regardless of platform.

Re:Safe... until

Puh lease. For years there were far more Apache installations and they didn't get ass-raped the way IIS did/does.

It has nothing to do with installation base and far more to do with idiot coding practices.

Re:Safe... until

[Graff]

below is a link to at least one Mac virus that I could find on Wikipedia (one search, I am lazy)

http://en.wikipedia.org/wiki/NVIR_(computer_virus)

I agree strongly with the sentiment that Antivirus for Linux and MacOS are largely to protect against spreading windows virii

If you pass along an infected e-mail you are spreading a virus that could have stopped with you.

The NVIR virus last worked on MacOS 8, it didn't work under MacOS 9 and it certainly doesn't work under Mac OS X. Basically the last operating system it worked on was obsolete over 10 years ago. There are no current Mac OS X viruses in the wild.

In regards to spreading Windows viruses yeah I feel bad for Windows users but I won't spend my own money and processor cycles on worrying about their systems. If they want to protect their systems then they should take steps to protect themselves. They could also dump Windows and get an operating system that isn't so ridden with viruses and malware. That's their own choice and problem, not mine.

Re:Safe... until

[nine-times]

A) The idea that Windows only gets compromised because of its large market share isn't firmly founded. Even if you think it's true, it's far from being widely accepted.

B) Even if OSX becomes just as frequently compromised as Windows, it still doesn't make sense to buy an Antivirus program now. Most AV packages rely on databases of known-viruses, and aren't very effective against new/unknown viruses. Therefore, even if you have AV software for your Mac, they won't detect any threats until after they're known. Therefore, it doesn't make sense to bother to install anything until after there are known threats for OSX, and there aren't any yet.

So mostly, installing AV software on OSX will just use up resources and *maybe* help to protect Windows machines you're trading files with.

Also, I don't know about you, but I evaluate AV software before I buy it for what's most efficient and effective at the time when I buy it. Until there are real threats against OSX, there's no way to measure how effective it is at protecting you from those threats, so there's nothing to recommend one package over another except for what uses the least resources. And do you know what uses the least resources? Having no AV software installed.

Re:Safe... until

[MindlessAutomata]

fyi, it really is "viruses", not virii.

Re:Safe... until

[p0tat03]

The point I think he's trying to make is that, as of yet anyhow, OS X viruses and malware have to be explicitly let in through the front door via user stupidity (or just plain ignorance/don't know better). On the other hand, MS's track record has shown numerous ways for software to sneak onto your machine without user intervention whatsoever.

I personally think that OSX's sudo password prompt needs to be beefed up to show exactly what the app is attempting to access. If I'm installing some app that wants to add a file to /usr/bin, sure. If it wants to REMOVE a file I'd be a lot of more suspicious. As of right now both cases will simply show a nondescript "enter admin password" prompt, which is insufficient.

Re:Safe... until

[FictionPimp]

Well, as my Admin account, I can download an application and drop it in my Application folder. No password is required. Now I can run that application and it can access /Library /Applications, my files, etc. It would stand to reason it could also replace apps in the /Application folder with compromised ones without issue.

With my non-admin account, it prompts for an admin password before letting me copy files in to the /Applications folder.

In fact from apples own security guidelines document they state,
"Each user needing administrator access should have an administrator account in addition to a standard or managed account. Administrator users should only use their administrator accounts for administrator purposes. By requiring an administrator to have a personal account for typical use and an administrator account for administrator purposes, you reduce the risk of an administrator performing actions like accidentally reconfiguring secure system preferences."

Seems to the the admin account lets you do some pretty dangerous things without realizing they are dangerous. Like maybe run a script that installs a comprised version of a application.

This is different then ubuntu. In ubuntu you can not simply copy files from your desktop into /usr/local/bin and let anyone run them. You have to specify your password.

Running as an admin is OSX is not a good practice.

Wrong, and bad summary, as usual

[daveschroeder]

First, that article had been there for quite some time (but was just updated in the last week of November, when the IT press noticed it), and was just a generic recommendation for antivirus software on Mac OS X, and pointed at some third parties who provide such software. Second, the representative did NOT say "No Antivirus Needed"; on the contrary, the representative said antivirus software offers additional protection.

Antivirus software has always been recommended in our environment on all systems, including Mac OS X. But the very real fact is that -- for whatever reasons, many of which can be argued to no end -- Macs have far less problems with malware and serious security vulnerabilities that have a real impact on users.

As Macs are increasingly used in mixed environments, antivirus software is always prudent, as Mac antivirus software also recognizes and captures Windows viruses in addition to Mac, stopping inadvertent spread. For example, Symantec's full array of virus definitions for Windows and Mac OS are included in the definitions on both platforms.

Malware exists for Mac OS X (and Mac OS before), and always has in various forms. Nearly all of them -- even the recent highly publicized cases -- are trojans requiring deliberate user interaction, and have no mechanism for mass-propagation. The proliferation of hardware- and software-based firewalls and other changes have helped the situation on all platforms.

Porn video codec trojans requiring user interaction -- even as their prevalence increases as Mac marketshare grows -- do not rise to the level of vulnerabilities potentially allowing remote administrative control of all versions of Windows without any user interaction or knowledge, nor the massive worms of old costing untold manhours and untold billions in recovery and lost productivity.

Macs have very real security problems, and Macs have malware specifically targeted at the platform. But for a variety of reasons, Mac OS X is, in a very real sense, a more secure computing platform with respect to malware. This does not mean there are not legitimate concerns and gripes, does not mean Apple has made some poor decisions with respect to security, and does not excuse gloating fanboys.

But frankly, Mac users always should have been running some kind of antivirus software, even if only to prevent unknowing propagation of Windows malware, and institutions such as ours have recommended this as policy for years. But since Apple updated a knowledgebase article, and since the trend has been to give an inordinate level of coverage to any Mac security issue, however minor, I'm sure this will continue to be melodramatically blown out of proportion.

Macs have far less problems with "malware" and related issues than Windows. Not all of this is only due to marketshare. Some is due to changing strategies of malware writers, new attacks on browsers and other cross-platform applications, increased attention to network security, better user education, and number of other factors. But even as Mac marketshare grows and the platform is increasingly targeted, there still have not been any high-impact massive issues with malware and/or severe security vulnerabilities as there have been on Windows.

Apple has come a long way on security response from its attitudes even a couple of years ago, and still has a long way to go. But if a benign recommendation for AV software get blown up into a huge issue with media extrapolating that this must mean Apple is under heavy attack, and indeed, Apple may even be aware of an impending flood of malware, I'm not surprised Apple responded by simply pulling the article altogether. The perception in the marketplace is that Macs have a lot less problems with malware. That's completely accurate. Why would Apple want that correct perception tarnished by a bunch of sensationalism?

Re:Wrong, and bad summary, as usual

[ericrost]

Nice long post, but you have one MAJOR fallacy included:

As Macs are increasingly used in mixed environments, antivirus software is always prudent, as Mac antivirus software also recognizes and captures Windows viruses in addition to Mac, stopping inadvertent spread. For example, Symantec's full array of virus definitions for Windows and Mac OS are included in the definitions on both platforms.

Wrong. Totally wrong. Mac antivirus software ONLY scans for W32 viruses as those are the only payloads that there are definitions for. You run that as a dontation of CPU cycles to your clueless Windows running counterparts who can't be bothered to run an OS designed from the ground up for multi-user networked security (like Linux, BSD, or as a result, MacOS)

Re:Wrong, and bad summary, as usual

[Graff]

Here's a better article that's less inflammatory and also contains a statement directly from Apple:

"We have removed the KnowledgeBase article because it was old and inaccurate," an Apple spokesman said in an e-mailed statement. "The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100% immune from every threat, running antivirus software may offer additional protection."

Sounds a bit more reasonable than the story text posted here on Slashdot.

Re:Wrong, and bad summary, as usual

[ericrost]

Ok,

but read the DB closely:

# Number of Infections: 0 - 49
# Number of Sites: 0 - 2

So, its been detected at somewhere in the area of 1 or 2 sites. Ever. Not really losing sleep over it, but I'll concede the point that there kinda sorta is one virus definition in the virus scanner.

the second one isn't even protected against by the AV software.

Are there any Mac Viruses?

[LWATCDR]

I mean is there? Anti-virus programs work by looking for specific code. If that code doesn't exists yet what does it look for? Windows viruses?

Re:Bullshit

[Henry+V+.009]

If you're on the internet, you're vulnerable. Period.

I browse the web using telnet. Sometimes I do have to break out my calculator to handle https sites.

Father Steve was just testing our loyalty

[elrous0]

He was separating out the false believers from the flock.

hexually transmitted

[girlintraining]

Could you have maybe said that shorter? Something like "Hey, they're only suggesting that you wrap your system before practicing unsafe hex. But we have a lower rate of hexually transmitted malware than Windows. We do advise that you contact your vendor immediately if you have a software install lasting longer than four hours as this could indicate a more serious technical condition."

Re:hexually transmitted

[erroneus]

So it is unlikely that people with things to say have no desire to be complete and accurate in their thoughts, ideas and expressions? It only takes one quick generalization before people start blasting you with "that's not true because it's not true for me."

While there may be some moments when it is possible to be both brief, accurate and complete, I would suggest that those moments are the exception and not the rule. Just as with your short conclusion, it is completely presumptive and incorrect. I would be neither on Apple's payroll nor in a basement if I were to have responded in similar fashion. Your mind has been dulled by 30 minute episodes and 10 minute commercial breaks.

Sure has been a lot of Apple bashing on the net

[NinthAgendaDotCom]

Lately I've seen a few of these posts on various sites. I think it's the case of Apple being big enough and successful enough over the past few years that they fall into the same category as Google, Microsoft, etc.: no longer a cute underdog, no longer immune from attacks. There's always been some anti-Apple sentiment ("one button mouse!" etc.), but lately it seems more pointed and directed, more tactical.

They are still recommending antivirus!

[secmartin]

Actually, they are still recommending the use of antivirus. Cnet quotes an Apple spokesperson saying:

The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box. However, since no system can be 100 percent immune from every threat, running antivirus software may offer additional protection.

Windows Vista is full of "protection", but I use antivirus on that as well. I love MacOS X, and I'm sure it's more secure, but there will be viruses and other malware on MacOS sooner or later.

By the way, isn't it ironic that Apple is still offering ClamXav for download on their own website?

Re:Bullshit

[Abreu]

...You actually get used to reconstructing the web page in your head, much like web developers can see their sites when writing code.

I don't even see the code anymore. I just see blond, brunette, redhead...

Everyone needs anti-virus software these days!

[unix_geek_512]

C'mon apple, get real!

Everyone needs anti-virus software these days!

Apple, Linux, *BSD and Unix included.

I don't care what apple or anyone else says, you need all the protection you can get.

I have been using anti-virus software on *nix systems for years and will continue to do so.

Semper Fi!

Pulled Outdated Tech Note

[macs4all]

Does ANYONE RTFA?

Oh, I forgot! This is Slashdot.

Apple pulled the tech note because it was OUTDATED, not because they wanted to "censor" it.

The "real" question is "Why was this a 'story' in the first place?" I believe it was 'planted' by Microsoft, to attempt to derail serious holiday Mac purchasing, by sowing the seeds of FUD.

Show me even ONE true worm-type virus for OS X, and I will entertain the idea that there is something "there".

Until then, it's just disingenuous FUD. (Which I think is the only kind of FUD available)...