Apple now "encourages" antivirus use for Mac OS X - Page 2

Many people and businesses run "mixed" networks, with Macs and Windows PCs under the same roof, transferring files back and forth. Even if a virus doesn't affect the Mac, it can still be a carrier.

Having said that, I've never thought about putting AV software on my Mac. I wouldn't put it on a Linux box, either. Hell, I barely think about AV software on Windows.

I don't have AV software even on my PC...

If you:
- have a small set of known, trusted websites you visit
- only install software from reputable companies (and not pirate copies)
- don't open strange emails
- keep backups

Then you should be ok. And if you're using a Mac you're almost certainly ok.

I'm with Mr Me... been using Macs since 1987 and never lost a file to a virus and have never (ever) seen an OSX virus. I used to use virus software because there were several viruses (e.g. Microsoft macro viruses) on OS 7, 8 and 9 that could potentially do damage, but haven't had any AVS installed for the last several years.

At work I'm on a Windows network (with just a few minor access issues) and live under a constant barrage of viruses, spy-ware, worms and trojans that keep taking out my colleagues' Windblows PCs (and USB drives). I think Apple might be worried about infection of the the Windows partition and/or might be getting ready to do battle with viruses on the iPhone (which is becoming a dominant and attractive platform for attacks), viruses which might migrate to the Mac since they're both OSX. I expect Apple to keep ahead of the nasties.

I've been staying away from Norton and McAffee because they almost always were more trouble than they were worth. Another problem I see is that for some people, the protection of antivirus makes people feel safe enough to engage in risky behavior. My dad double clicked an attachment thinking that he was safe, when the antivirus was broken or disabled. Even using a Mac isn't ironclad protection, and that too can lull people into a sense of protection. Preventing malware requires more than one stage of protection.


Not entirely true. The people that make viruses stand to make money too, they are now used to set up botnets for sending spam or to sniff passwords from banking sites. Malware creation is now a shadow industry in itself.


Even trusted web sites can be hacked, though sticking to a few sites is a way to minimize exposure.

Another big way to minimize exposure is to use alternate web browsers. Internet Explorer is a big bogeyman.

I'm using the free iAntivirus which has a very small footprint. Very easy to install, you even forget it's there. Besides, it only has virus definitions for the Mac so it is not bloated with those for Windows.

Given my experiences with Norton products on Windows over the years, I'd rather risk the virus than install their bloaty junk on OSX.

I also think this is just Apple covering their arses, because if a Mac virus DID hit amidst all these "virus-free" claims, they would be sued into oblivion.

I think you need to be careful with that! Recent Parallels and Fusion allow shared folders, maybe even by default. This exposes your mac home folder to Windows and its viruses. If Windows got a virus that tried to delete all files, the mac files in those folders would go too. OSX would be safe, and the mac unaffected. But, as I understand it, your files are not.

I address this by restricting the shared folders. I remove the user folder (or is it the users documents folder?) share and set up a new one to a folder within my documents folder. That, and any sub folders, is all Windows has access to.

And why should virus authors care about how much money you have or your attitude? They are in a (very lucrative) business, and these supposed characteristics of the Mac User have no economical impact on their business model.

Nowadays, the main purposes of virus as an economical activity are mainly :

- building computer farms, that can be used for illegal activities thanks for the cumulated bandwidth and processing power : SPAM, code cracking, DoS attacks...
- gathering private information : credit card, bank account...
- gathering corporate information : infected computer can provide an access inside the company, and that access can be used to gather data. Data that can be used either to blackmail or to sell to competitors.

It makes sense to target PC/Windows. The market share argument is a valid one. Not only because you have a much bigger potential base to infect. But also because more computer means more exchanges between them, and faster and broader contamination.
Another explanation is that PC are dominant in corporations. And corporations mean more processing power, more bandwidth and potentially marketable information.
The profile of the PC user is also different from the profile of the Mac user. PC users tend to download illegal material more, to install lots of "funny" stuff... This makes it a more interesting platform to target.

You have to consider building virus as any other economic activity. On one hand, you have the cost and on the other the benefits. Building a Mac virus is more costly than building a PC one, and the potential benefits are much smaller. This doesn't mean that it is impossible for a virus to target the Mac, it just means that it's not as profitable as targetting the PC/Windows world...

deleted

So basically, a company can say anything, and make any claims it wants as long as they follow it with a fine-print disclaimer worded in legalese? Wouldn't the more sensible approach be to not make such claims in the first place?

While everyone is bashing lawyers for initiating lawsuits, why aren't these people saying anything about the marketing departments that make questionable claims in the first place? Which lawyers are considered worse? The ones who file frivolous lawsuits or the ones who defend companies that engage in scumbag business practices?

I have had more problems caused by anti-virus software than I have by actual viruses.

For a virus to successfully target the Mac, it would have to use an innovative and unorthodox attack method.
If the virus is that smart, I doubt whether these dumb file scanners would do any good whatsoever.

C.

Unless and until it has been demonstrated that there actually are OS X viruses out there that I'm in any danger of picking up, I'd rather stick with a clean system uncluttered by AV software.

If it did wipe out your files you've always got yesterday's, and the day before, and the day before, etc. all the way back to when you first turned on Time Machine. You DO run Time Machine, right? Best protection you can have for an accidental wipe (or intentional, in the case of a Windows virus).

Safest thing to do though, if you're running Windows via Fusion you only grant Windows network access to/from the host Mac and use the Mac to d/l anything you need on the Windows side, then drag it from Mac to Windows' window. Works for me.

This newsarticle is wrong. The knowledge base article has been there for a while, it just was updated a few days ago. Click the link to the german or french version of the article (left side), the date those two were last changed is July 30, 2008.

I read a prior knowledge base article recommending AV sometime last summer (2007) and it didn't look new then either.

Unless the virus has a delay before it does anything and then all your backups will have the virus on them.

I see the point of Apple recommending Virus scanners, there may not be many at the mo and there haven't been any big ones. But the fact is most of the Mac market doesn't have any protection so when someone does come out with a big one it will spread through all of them and spread fast with nothing in its way.

I for one though don't really bother. The same goes for Windows as well, in all the years I've used windows (since 95) I've never had one Virus. I don't download crap and my ISP scans my emails for virus's so the risk is low.

Oh no! I hate anti-virus software, there is nothing worse than a buggy anti-virus application. Hello 'Hang-time' groggy machines, web access shutdown until update loads, general performance malaise. Say it's not true.

We Mac users need to move away from the term AV. As posters have already mention a virus is self-replicating, hasn't been seen on OS X ever and until such time I'm not wasting processor cycles.

As a fairly savvy computer user I (hope) that I can spot a phish or attempts at a trojan. Apple should move to providing an iSecure type package to help less confident users spot these scams. The recent anti-phishing work in Safari is a welcome example.

Any news on when Disinfectant's getting released again? ;-p http://homepage.mac.com/j.norstad/di...ant-retire.txt

My recollection of the ad was not that the Mac was immune, but rather that there were much more viruses for Windows than the Mac. Has this changed?

I think the catch-all term is now malware. Anti-malware software is probably more accurate. AV software doesn't just look for virus, generally they look for other forms of malware too.

I have spent many long hours cleaning malware from Windows machines - and I can tell you for sure that it often takes multiple products to do the job effectively - and in some cases those tools each have to be run multiple times to clean everything. Some of them do not search the system restore volumes for example. What you have to watch for is folks who don't know better and install so many different anti virus, anti spyware, anti etc etc etc that their system ends up spending 90% of its CPU cycles scanning files. I have personally seen cases where Norton was disabled by a virus. I have also seen too many cases where a user had anti-virus software that expired a year ago and was doing little to no good.

On Mac - the last time I saw an actual factual in the wild virus was around 1990 and that was cdev which made exactly one copy of itself onto each mounted volume (hard drive, floppy) and caused no harm. I did have a virus scan running on my Mac OS X systems until recently when I found that it was causing frequent runaway CPU usage and so I have turned them off for now.

On the PC side there is a ton of software out there that will scan for free but not clean unless you pay - or some which can only be run manually unless you pay. I think most ISPs now provide free Anti-Virus (for PC at least) so that is a good place for most folks to start. My standard procedure on any PC machine I work on is to do the following:
1. get rid of any and all junk the user already had running.
2. make sure all windows and office updates and java, adobe, etc updates are done
3. run Malwarebytes.org anti-malware (found 1 thing on my work PC that enterprise Trendmicro Officescan missed)
4. run safety.live.com scanner (mostly I use the registry repair but will run the full scan on a machine that is suspect)
5. run housecall.trendmicro.com (can take a very long time on a slow machine which has not had regular maintenance)
6. install and run whatever your ISP provides - I use CA - but only their Anti-Virus and Anti-Spyware (most anti-spam software is kind of a pain and the firewall takes a lot of hands on to get configured properly)
7. run a disk clean up (and remove restore points)
8. run a disk defrag (often multiple times)
9. run everything again to be sure

On the Mac side
1. run Apple Software Update every so often
2. run Disk utilities Repair Permissions after major updates
3. that's about it - once a year or so hook the machine up in Firewire target mode and run DiskWarrior and defrag (if I remember to do it)

Years ago there was a product called White Knight (or at least that is the way I remember it) for pre-OS X Macs - that scanned for "virus like activity" which means things like a program writing over its own code - or an application writing to a system file. The basic idea was that properly coded software that has no malicious intent should not be doing those things - there were 6 separate categories. The main benefit was that it could catch a previously unknown virus without needing to know a single bit of the code responsible for the virus. One of the major problems with it was that nearly every piece of software published by Microsoft violated one or more of those rules just to function normally - and so you would have to grant MS software permission to do things that proper code should not be allowed to do - which then opened the door to a virus which either presented itself as the MS software or infected the MS software being allowed to do exactly the things you do not want a virus to do. There was another free anti-virus tool many years ago on Mac that I don't recall the name of, published by a team at a university I think, who finally gave up on it in part because the incidence of any actual virus activity on the Mac in the 1990s was very nearly non-existent. I did use Symantec and Norton tools for years through OS 9 - but ran into way too much trouble with Norton on early OS X to keep it.

To those without AV on Windows - I tried that on a couple slower Windows 2000 computers thinking that perhaps the way they are used and with older versions of IE etc the risk would be low - guess again - I am now in the process of making sure that every PC I am responsible for has a decent set of anti-malware tools running.

Once SL comes out, you'll need to change this to SLApple!

Seriously, thanks for the comments. Very helpful to understand what is and is not going on in the AV world.

I ran ClamXav to see if I was infected. The fact that I wasn't didn't surprise me, but the results at the end stating that their are 468,953 known viruses did.

------ SCAN SUMMARY ------
Known viruses: 468953
Engine version: 0.94.2
Scanned directories: 17762
Scanned files: 55836
Infected files: 0

Macs don't contribute to the bottomlines of their owners? The average corporate Windows machine is more likely to be used by its wage slaves. The average Mac is more likely to be used by its creative professionals. You believe that the wage slave's computer is a richer target than that of the creative professional?


Repeating a nonsense argument is not the same thing as producing evidence to support the argument.

I believe nearly all of those are PC-only and are only scanned for on the Mac as they might be in a file on the Mac though they cannot do any harm on the Mac - they can be spread. While I am not sure I thought the list of potential exploits on Mac OS X was somewhere around 10 with none of them able to spread without direct user interaction and administrator password authentication.

I'm 98% sure that Fusion 2 (which I run) has shared folders on by default, but read-only, not read/write. So in theory the virus couldn't do anything to the OSX files.

Also to address the overall topic: I don't really want to run AV at this point, however I do run Trend's Housecall every once and awhile just to make sure. It's nice because you don't have to install anything, just go to the website and it runs from there.

http://housecall65.trendmicro.com/

I think what Apple means by using multiple applications is that Mac users as a whole use different ones, not that an individual Mac user uses multiple. This way virus writers have a harder time penetrating and spreading the viruses from one machine to another. Maybe even in your home, you can run different ones on different machines if you have more than one Mac.

However, I don't recommend Symantec's Norton Anti-Virus for Mac. I've not read many positive things about it. The biggest complaint is that it installs stuff all over your Mac and is hard to uninstall.

I've been most pleased with Intego Virus Barrier as it leaves a small footprint. You'll probably forget that it's on your machine until you see it updating. I used V4 and then stopped using it when Time Machine came out because they were conflicting. However, I hear that adding the TM back up drive to VB's scanning exception list fixes the issue.

(I don't work for Intego, just relating a personal experience).

In response to lilgto64:

One of the most sensible posts I have read in a long time with a touch of practical advice thrown in for good measure.

lilgto64 touches on a lot of stuff. A few things I would like to add to the mix. I read an article this last few days (can't find the damn thing and not even in my history so if it strikes a chord with someone could they please post the link?) regarding botnets and how the Anti Virus companies were singularly failing in stopping them because of the techniques they use to mask what they do and that the major vendors were having little to no impact. There is where the real future danger may lie. At the moment I hear nothing to suggest that they will have an impact of OS X but who knows? If the AV companies cannot cope with this then we could be in for serious trouble.

I too support a reasonable sized network. I always had AV software installed even on the Macs even though they outnumber the Windows boxes by at least 4:1. We use Sophos installed on to a Windows Server and all the clients get their updates from that. So far it has been successful in so far as when a Mac sees a virus it is obviously always a Windows one, however as has been stated here I see that as a good way to get rid of any Windows virus as it in a "sterile" environment on the Mac and in my book easier to be got rid of than if it were already on a PC. That is the principal reason we also put Sophos on to our Macs, to better protect the PCs. lilgto64's methods will also be a tool in my future arsenal and for that I thank him.

I want to take up the point of Macs being excluded by their market share. I really don't agree even though Lictor does bring up some valid points. In a sense that they are uneconomical to build is due to the OS being that much more secure and difficult to break down. However safety by obscurity doesn't follow. If that were the case then no viruses pre OS X should also surely not have existed and they did. The software that lilgto64 could not remember the name of I think was called Disenfectant. It was our primary weapon against viruses so they did exist and could replicate themselves even by putting in an infected floppy disk meant it could copy itself on to the uninfected drive. However I do agree with Lictor that it is just too much in the way of hard work to get what they need. But that a Mac user is in some way less of an economic target, I just don't buy.

And we did get a Mac virus that caused some harm. Back in the day when Aldus produced Pagemaker we were running a demonstration with a company representative from Aldus with a large audience of people. He was demonstrating the latest release that no one had and it was a pre-build. He could not get it to install and work. After over an hour trying to I thought to run Disenfectant, it found a virus, got rid of it and the install worked just in time for the start of the demo. Lots of sweat running there I can tell you. So a malicious virus was there and nearly caused a lot of harm.

History lesson over!

A friend of mine has been using Intego Virus Barrier for the past 2 years and he says that it works well.

Trojans and keyloggers do exist for OSX. And many WoW players have gotten burned by a keylogger.

That said I run both operating system, Leopard and Vista and have never had a windows virus in my life. I have been known to visit sites that you may suspect are full of viruses but have never been infected. You really have to intentionally give yourself a virus these days. Stupid people opening every stupid email attachment they get, installing all sorts of those stupid toolbars and other nonsense.

Viruses in a windows environment are not hard to avoid. Most people are just uneducated and paranoid.

Unless you have any folders shared with Windows. In which case, any and all files (not executables, unless you're storing Windows binaries in there) are susceptible to whatever the malware does. If it's the kind of malware that wipes files, they're equally wipeable.

Mac-haters will be coming out of their rooms quick!

The sky has fallen!

Agree that there may be a lot of legal talk here getting blown up as news, but I think this makes it all the more significant that Oracle dare to advertise their systems as "Unbreakable" in massive ads in The Economist and airports. I work with Oracle's enterprise systems and everything Oracle do there, Apple could do in their own systems. to take computer security to the next level. I wish Steve Jobs would talk tech to Larry Ellison more often - about various things. In the same way that Micro-softTarget have ignored file security for decades, so Apple ignore App security. Come on Apple! You have a great selling point, but you have to push the envelope to stay ahead and keep us safe.

[QUOTE=Haggar;1344846]So basically, a company can say anything, and make any claims it wants as long as they follow it with a fine-print disclaimer worded in legalese? Wouldn't the more sensible approach be to not make such claims in the first place?

Not if you're a quack. While the government require them to say, "This product is not intended to cure, treat, prevent, ....any disease" the rest of their advertising suggests just the opposite and these products are marketed to people who flunked science and logic

I would like to see Apple push this further, with each app having a separate 'user' that runs it, giving it only the permissions it requires for its job (provided thru online app delivery). If my typing course asks to do anything that is unrelated to teaching me typing, I want OSX to say NO!

Some cosmologists have theorized that there is a substance called dark matter which is affecting the rotation of galaxies.

No one has ever seen this stuff or can accurately describe it.

I think I am going to install anti dark matter software on my Mac, just in case.

Does AntiVirus for the Mac remove Windows?

1) I wouldn't touch anything from Symantec with a 10-foot pole let alone install it on a Mac or PC.

2) If I did install an antivirus software, I wouldn't allow it to automatically scan my machine. I'd manually request the scan.

As one person said, antivirus software is just as much a virus as any virus software.

Bullsh*it! and stop spreading FUD! There are NO keyloggers for OSX, none! If you have any evidence to the contrary then post it here and now or STFU! And by evidence I don't mean inane threads posted by WOW idiots who've installed Windows on their mac and then bitch about having their account information stolen. I've seen these threads and all they are evidence of is what happen to a human brain when exposed to the peverted mediocrity of Winblows for years!