Your second paragraph captures a small part of AV software weakness. Other vulnerabilities are more technically oriented.
Your last statement is a no brainer though! Of course everyone is morally obliged to secure their computer but that's an ideal statement. Not everyone is capable by itself of securing their own computer and not everyone cares about it or has the power to let an expert do it (e.g. a technologically challenged secretary). Moreover, everyone should first practice safe computing, common sense, reality awareness etc. before weighing the benefits and disadvantages of using AV products or other scanners/malware.
Frankly, I feel I am morally obligated to help disadvantaged users of poor quality software truly understand how their poor choices have made them vulnerable. The best way to help those individuals is to not use any software on my system designed to protect those individuals rather than myself.
Here is a quick, easy list of 47 known exploits of various anti-malware software implementations, in particular this is the results of a search for "Sophos" which offers a well known security suite for Mac OS X.
Are you suggesting that Mac users should be obligated to use software that removes malware targeted at Microsoft Windows operating systems thus causing Mac users to experience performance issues and open potential exploits on their systems as well?
Thanks for the link MBP
From reading the info contained in your link, most of the so called exploits seem to related to the inability of AV software to scan compressed files (unless I missed something). I had initially assumed that you were refering to exploits which actively manipulated the software to do the bidding of others. Sorry I don't understand which exploits will occur as a result of MAC users having AV installed- could you elaborate please.
Never-the-less though, I don't see why accepting that AV programs will not always find malware is justification for never using them. surely something that catches 99.9% is better than no protection.
I don't accept that you are being asked to install AV just for the benefit of windows users, MAC malware exists, as evidenced by FlashBack. Had more MAC owners had AV then the problem might have been dealt with quicker. On a wider note perhaps AV software should indeed target all malware, irrespective of the target OS. Knowing that AV software will target your malware might make the scapegraces think twice about hacking web and ,mail servers.
Refusing to have AV, as a matter of principle, because the users of an alternative OS might gain some benefit sounds extremely childish. I agree that AV software did have a noticeable impact on computers years ago but if you are concerned that it will be akin to pouring treacle on your machine then perhaps it is time you upgraded.
Your second paragraph captures a small part of AV software weakness. Other vulnerabilities are more technically oriented.
Your last statement is a no brainer though! Of course everyone is morally obliged to secure their computer but that's an ideal statement. Not everyone is capable by itself of securing their own computer and not everyone cares about it or has the power to let an expert do it (e.g. a technologically challenged secretary). Moreover, everyone should first practice safe computing, common sense, reality awareness etc. before weighing the benefits and disadvantages of using AV products or other scanners/malware.
Hi Andre
i did read through your link, tbh I probably still don't know what fuzzy is, err.. other than the sensation related to excess alcohol consumption.
I wasn't trying to suggest that AV scanners are the be all and end all of security but that they should be part of it.
With regard to the wider question of personal responsibility, it is regrettable that it is socially acceptable to proudly pronounce that one is IT illiterate, by contrast we would mock anyone that says "I don't read so gud". Hopefully if all of the major OS vendors were more honest about the weaknesses in their systems, we, as the public would eventually become more proactive and alert. When one of the biggest players in the market uses slight of hand to make it look as though they provide an option that is impregnable people will believe them and flock to them under the impression that they can be as cavalier as they want.
As with insurance scams, we are all the victims of malware, either directly or indirectly, it hits all of our wallets to a degree
i did read through your link, tbh I probably still don't know what fuzzy is, err.. other than the sensation related to excess alcohol consumption.
I wasn't trying to suggest that AV scanners are the be all and end all of security but that they should be part of it.
With regard to the wider question of personal responsibility, it is regrettable that it is socially acceptable to proudly pronounce that one is IT illiterate, by contrast we would mock anyone that says "I don't read so gud". Hopefully if all of the major OS vendors were more honest about the weaknesses in their systems, we, as the public would eventually become more proactive and alert. When one of the biggest players in the market uses slight of hand to make it look as though they provide an option that is impregnable people will believe them and flock to them under the impression that they can be as cavalier as they want.
As with insurance scams, we are all the victims of malware, either directly or indirectly, it hits all of our wallets to a degree
I agree. So sad that Google has so many robots convinced that Android and Google Play are safe when they clearly are not.
How is this not clear, "Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function."
You seem to not understand that anti-malware applications actually have vulnerabilities themselves.
By the way, what is MAC? Are you referring to a MAC Address?
Frankly, I feel I am morally obligated to help disadvantaged users of poor quality software truly understand how their poor choices have made them vulnerable. The best way to help those individuals is to not use any software on my system designed to protect those individuals rather than myself.
I agree!
@hungover: You have to take into account that AV software in itself as MacBook Pro stated can open doors to exploits (vulnerabilities). Don't think as AV or any other malware scanner for that matter, is a "magical barrier" as those companies that created them would like you to think of. It's not anything magical neither barrier neither shield or anything, it's just a pice of software, just as the OS itself but scaled a lot down and with a more focused purpose. Having said that you have to understand that software, just as everything else in nature is not perfect, is not without flaw and without vulnerabilities. So given those arguments even if one decides to install and run AV software on a computer, even for the 0,0001% potential threats that are out there NOW he in fact opens up another door to other potential exploits. I't like trying to patch a whole in the tire but in the mean time when applying the patch possibly create another hole in the patch itself (if that's easier to comprehend as an analogy).
Similarly, because there are no known signatures for Mac viruses (because no viruses yet exist), there is no way to prevent infections that might be developed. The security software would have to be updated to provide any protection, but that update mechanism also serves as a potential vector for distributing elements of malicious attacks, either directly or by opening up potential new vulnerabilities.
Were there some real, plausible risk of Mac viruses being developed (say, you operated a large lab of Macs that served as a valuable target for attackers), it might make some sense to install anti-virus tools so that you could mitigate damage once a threat was discovered. It also might make some sense for some institutions to install tools that limit what software its users can install.
However, for home users, Mac anti-virus makes no sense whatsoever. All it can possibly do is slow down the system, add some irritating interruptions, and provide a false sense of security while actually undermining real security by adding new layers of potential vulnerabilities. Very targeted attacks, ones that might exploit a vulnerability to gain access to your system, are not preventable with anti-virus software that only scans for known patterns of malicious software.
Really, how useful is it to install anti-virus software that can realistically only stop you from installing software you should know better than to attempt to install in the first place, whether it’s the pirated version of Photoshop or the pirated version of iWork or an unknown anti-virus package from the web? Yes, those are the four fearsome malware examples Goodin cited as his “rising tide” of Mac malware, and which, coincidentally, Intego cites as the reasons to buy its Mac software.
Of course, the security experts at Kaspersky, Symantec, Intego, and others don’t want you to know that. They want you to read scary articles like those that regularly appear on CNET, Wired, and the Register, which are based on press releases issued by those vendors, all suggesting that Macs are really damn close to being dangerous to use, and that their products are really critical for your continued safety.
Because when you’re in the business of fear, an educated population is the worst thing you can imagine, and a lazy media content with republishing your press releases is your only hope in preventing that from happening.
That's the same story with the Flashback trojan. When it hit some macs (i highly doubt it was anything close to 600.000) please understand AV software couldn't do squat about it because there were no signatures of the trojan available. As the quoted article states: imagine covering yourself with band-aids with the hope of avoiding any potential for infection; the reality would be that those bandages wouldn’t do anything to protect you from being infected if you were actually injured, and up to that point they would only serve as a potential media for culturing infectious bacteria and keeping it in contact with your body.
@hungover: You have to take into account that AV software in itself as MacBook Pro stated can open doors to exploits (vulnerabilities). Don't think as AV or any other malware scanner for that matter, is a "magical barrier" as those companies that created them would like you to think of. It's not anything magical neither barrier neither shield or anything, it's just a pice of software, just as the OS itself but scaled a lot down and with a more focused purpose. Having said that you have to understand that software, just as everything else in nature is not perfect, is not without flaw and without vulnerabilities. So given those arguments even if one decides to install and run AV software on a computer, even for the 0,0001% potential threats that are out there NOW he in fact opens up another door to other potential exploits. I't like trying to patch a whole in the tire but in the mean time when applying the patch possibly create another hole in the patch itself (if that's easier to comprehend as an analogy).
That's the same story with the Flashback trojan. When it hit some macs (i highly doubt it was anything close to 600.000) please understand AV software couldn't do squat about it because there were no signatures of the trojan available. As the quoted article states: imagine covering yourself with band-aids with the hope of avoiding any potential for infection; the reality would be that those bandages wouldn’t do anything to protect you from being infected if you were actually injured, and up to that point they would only serve as a potential media for culturing infectious bacteria and keeping it in contact with your body.
Would you advocate that people keep their life savings under their bed, afterall we know that safes and banks have vulnerabilites that can be exploited. Having to visit the ATM or turn the tumbler on a safe might be an added inconvinience but IMO it is a "neccessary evil".
I don't recall suggesting that AVS is a magic bullet but I still contend that it should be part of a wider approach to security.
It is interesting that you quote an out of date article; the (flawed) crux of which is that AVS is not neccessary because the only way to infect a Mac is via pirated software. It points to the fact that AVS definition updates can be hijacked, such AVS vulnerabilities have been cited on numberous occassions throughout this thread yet to date no one has been able to provide a recent real world example of AVS corrupting a computer after having been comprimised in such a way.
I disagree that AVS would have offered no protection at all from FlashBack. With any brand new "virus" there will initially a number of owners running AVS that are infected but other users will be protected once the definitions are released. In the example of FlashBack the major AV vendors were able to offer Mac owners protection long before Apple.
The way in which viruses are spread has changed over the years; initially via floppies and later via email. The email threat has been reduced by the use of AV software at both the the server and desktop level. Increasingly they are now spread over the internet (largely by Linux servers via SQL exploits). Malware is the responsibility of not just end users but also OS vendors and service providers. It is no longer acceptable for OS vendors to pretend that users can be secure without being proactive, fortunately this is a philosophy that apple seem to be adopting but until they take that extra step and say we recommend that you, the owner, use some kind of malware protection the wider Mac community will continue to wheel out the same tired arguments.
The entrenched position of some owners is a akin to the freeloading principle adopted by parents who refuse to inoculate their infants. Why risk the health of your child when you know that odds of contracting a disease is mitigated by the other parents who have taken that risk for the collective good?
I agree. So sad that Google has so many robots convinced that Android and Google Play are safe when they clearly are not.
How is this not clear, "Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function."
You seem to not understand that anti-malware applications actually have vulnerabilities themselves.
By the way, what is MAC? Are you referring to a MAC Address?
???
savonaccessfilter.sys - Local Users Gain Elevated Privileges
I thought that the conversation was about viruses. All of a sudden you are concerned about someone using your computer locally. At the risk of bursting your bubble, anyone with local access can harvest your personal data... regardless of which OS you have.
Do you really need to ask what a MAC is or are you incredibly insecure? Should I ask you to clarify whether your use of the word Mac is a reference to Apple computers or apparel commonly worn by men who like to expose themselves?
Would you advocate that people keep their life savings under their bed, afterall we know that safes and banks have vulnerabilites that can be exploited. Having to visit the ATM or turn the tumbler on a safe might be an added inconvinience but IMO it is a "neccessary evil".
I don't recall suggesting that AVS is a magic bullet but I still contend that it should be part of a wider approach to security.
It is interesting that you quote an out of date article; the (flawed) crux of which is that AVS is not neccessary because the only way to infect a Mac is via pirated software. It points to the fact that AVS definition updates can be hijacked, such AVS vulnerabilities have been cited on numberous occassions throughout this thread yet to date no one has been able to provide a recent real world example of AVS corrupting a computer after having been comprimised in such a way.
I disagree that AVS would have offered no protection at all from FlashBack. With any brand new "virus" there will initially a number of owners running AVS that are infected but other users will be protected once the definitions are released. In the example of FlashBack the major AV vendors were able to offer Mac owners protection long before Apple.
The way in which viruses are spread has changed over the years; initially via floppies and later via email. The email threat has been reduced by the use of AV software at both the the server and desktop level. Increasingly they are now spread over the internet (largely by Linux servers via SQL exploits). Malware is the responsibility of not just end users but also OS vendors and service providers. It is no longer acceptable for OS vendors to pretend that users can be secure without being proactive, fortunately this is a philosophy that apple seem to be adopting but until they take that extra step and say we recommend that you, the owner, use some kind of malware protection the wider Mac community will continue to wheel out the same tired arguments.
The entrenched position of some owners is a akin to the freeloading principle adopted by parents who refuse to inoculate their infants. Why risk the health of your child when you know that odds of contracting a disease is mitigated by the other parents who have taken that risk for the collective good?
Haha don't even get me started with the banking sector d-bate. In many ways keeping your money under the sofa in those troubled times can be safer than depositing them to a bank. Ask Lehman Brothers! Not a very good analogy though and for the sake of not entering the banking sector d-bate let's discuss on another analogy.
Quoting an out of date article is still better than not quoting anything in the first place (i.e.: smacking around words). Nobody said the article is fresh as home cooked bread and nor does it have to be. With regard to your request for a "real world example" this thing can spin both ways meaning no one has been able to show a real world example of why Apple computers need AV software.
Regarding your definitions comments, i'm telling you again: the definitions will only help you if your lucky enough to be susceptive to get infected after you get the AV definitions updated.That's sometimes days or weeks after a 0 day malware is out on the market and widely known.
Can you please provide some facts to this statement:
Quote:
Increasingly they are now spread over the internet (largely by Linux servers via SQL exploits).
?
I agree with this: It is no longer acceptable for OS vendors to pretend that users can be secure without being proactive; HOWEVER proactive doesn't really mean or rely on AV software. For me proactive defines avoiding social engineering techniques (what recently happened for some Macintosh users) by practicing common sense, reality awareness and others such measures. In fact if you're not proactive with those things first, it's kind of useless to having AV installed, as if you're fooled into installing something that you should know it's strange or fishy or forbidden (see porn apps/ sites), then it's in vane the AV software will yell this and that and you still disregard it and any kind of common sense.
With regard to this: ...we recommend that you, the owner, use some kind of malware protection; I SIMPLY CAN'T agree with you for 2 reasons:
1. Apple is being diligent enough to offer software protection out of the box: gatekeeper, sandbox, malware definitions etc. No need right now for any other user or third party software.
2 and most important: there is no self-replicating malware out there in the wild for Macs.
Regarding your last paragraph see the above 2 reasons and the fact that you don't compare apples with apples (pun intended). You compare Apple with Oranges, meaning you probably assume that PC-Windows users having so much indoctrination with using AV software (and based on good reasons) that it became almost a religion on the Windows world, that implies that those PC users in fact protect also the other community of Mac users. If that's what you implied then the analogy you provided is false because in this case it's not children playing with other children, it's children playing with monkeys. Knowing scientifically that monkey diseases cannot pass to humans (don't take it literally please) there's no reason to inoculate human infants. In fact you can't even do it because to inoculate someone you'd have to know what you inoculate him against. Not knowing that = impossible to develop a vaccine.
Haha don't even get me started with the banking sector d-bate. In many ways keeping your money under the sofa in those troubled times can be safer than depositing them to a bank. Ask Lehman Brothers! Not a very good analogy though and for the sake of not entering the banking sector d-bate let's discuss on another analogy.
Quoting an out of date article is still better than not quoting anything in the first place (i.e.: smacking around words). Nobody said the article is fresh as home cooked bread and nor does it have to be. With regard to your request for a "real world example" this thing can spin both ways meaning no one has been able to show a real world example of why Apple computers need AV software.
Regarding your definitions comments, i'm telling you again: the definitions will only help you if your lucky enough to be susceptive to get infected after you get the AV definitions updated.That's sometimes days or weeks after a 0 day malware is out on the market and widely known.
Can you please provide some facts to this statement:
?
I agree with this: It is no longer acceptable for OS vendors to pretend that users can be secure without being proactive; HOWEVER proactive doesn't really mean or rely on AV software. For me proactive defines avoiding social engineering techniques (what recently happened for some Macintosh users) by practicing common sense, reality awareness and others such measures. In fact if you're not proactive with those things first, it's kind of useless to having AV installed, as if you're fooled into installing something that you should know it's strange or fishy or forbidden (see porn apps/ sites), then it's in vane the AV software will yell this and that and you still disregard it and any kind of common sense.
With regard to this: ...we recommend that you, the owner, use some kind of malware protection; I SIMPLY CAN'T agree with you for 2 reasons:
1. Apple is being diligent enough to offer software protection out of the box: gatekeeper, sandbox, malware definitions etc. No need right now for any other user or third party software.
2 and most important: there is no self-replicating malware out there in the wild for Macs.
Regarding your last paragraph see the above 2 reasons and the fact that you don't compare apples with apples (pun intended). You compare Apple with Oranges, meaning you probably assume that PC-Windows users having so much indoctrination with using AV software (and based on good reasons) that it became almost a religion on the Windows world, that implies that those PC users in fact protect also the other community of Mac users. If that's what you implied then the analogy you provided is false because in this case it's not children playing with other children, it's children playing with monkeys. Knowing scientifically that monkey diseases cannot pass to humans (don't take it literally please) there's no reason to inoculate human infants. In fact you can't even do it because to inoculate someone you'd have to know what you inoculate him against. Not knowing that = impossible to develop a vaccine.
We seem to be in accordance on some points but then appear to suffer from differing opinions as to which end of the egg to break open first. For example, I admit that I was unaware that OSx now scans incoming files and assesses them according to file signatures. That strikes me as being a postivie step on Apple's behalf, indeed I would go so far as to call it AVS (likening it to Windows Defender). Frankly I don't care which vendor is offering AVS protection so long as it exists. It does however seem to make (some of) your reservations about AVS moot.
I am not sure why you considered that you need to stress the fact that there is no self-replicating malware out there in the wild for Macs. I agree with you and have not suggested otherwise. I have attempted to use the term virus in inverted commas in an attempt to make it clear that i am referring to malware in general. Thus far it has been Apple that has chopped and changed the definition to suit which ever marketing ploy they are adopting, thereby forcing devotees to qualify that they are discounting proof of concept viruses or other forms of malware.
Off hand I am unable to provide concrete evidence that the web has become the key route for the distribution of malware but for the reasons mentioned previously I am happy to accept that the statement is feasible. I questioned the validity of the site that you quoted given that it predates much of the recent (but "rare") Mac malware.
With regard to my inoculation analogy- I concede that if we use the term virus in it's strictest sense then my point is flawed, if however we are using the term to refer to malware then (IMO) it stands.
Comments
Frankly, I feel I am morally obligated to help disadvantaged users of poor quality software truly understand how their poor choices have made them vulnerable. The best way to help those individuals is to not use any software on my system designed to protect those individuals rather than myself.
Quote:
Originally Posted by MacBook Pro
Here is a quick, easy list of 47 known exploits of various anti-malware software implementations, in particular this is the results of a search for "Sophos" which offers a well known security suite for Mac OS X.
Are you suggesting that Mac users should be obligated to use software that removes malware targeted at Microsoft Windows operating systems thus causing Mac users to experience performance issues and open potential exploits on their systems as well?
Thanks for the link MBP
From reading the info contained in your link, most of the so called exploits seem to related to the inability of AV software to scan compressed files (unless I missed something). I had initially assumed that you were refering to exploits which actively manipulated the software to do the bidding of others. Sorry I don't understand which exploits will occur as a result of MAC users having AV installed- could you elaborate please.
Never-the-less though, I don't see why accepting that AV programs will not always find malware is justification for never using them. surely something that catches 99.9% is better than no protection.
I don't accept that you are being asked to install AV just for the benefit of windows users, MAC malware exists, as evidenced by FlashBack. Had more MAC owners had AV then the problem might have been dealt with quicker. On a wider note perhaps AV software should indeed target all malware, irrespective of the target OS. Knowing that AV software will target your malware might make the scapegraces think twice about hacking web and ,mail servers.
Refusing to have AV, as a matter of principle, because the users of an alternative OS might gain some benefit sounds extremely childish. I agree that AV software did have a noticeable impact on computers years ago but if you are concerned that it will be akin to pouring treacle on your machine then perhaps it is time you upgraded.
Quote:
Originally Posted by AndreiD
Read this paper pls! The net is abundant of such papers or publications regarding AV software vulnerabilities and exploits.
Your second paragraph captures a small part of AV software weakness. Other vulnerabilities are more technically oriented.
Your last statement is a no brainer though! Of course everyone is morally obliged to secure their computer but that's an ideal statement. Not everyone is capable by itself of securing their own computer and not everyone cares about it or has the power to let an expert do it (e.g. a technologically challenged secretary). Moreover, everyone should first practice safe computing, common sense, reality awareness etc. before weighing the benefits and disadvantages of using AV products or other scanners/malware.
Hi Andre
i did read through your link, tbh I probably still don't know what fuzzy is, err.. other than the sensation related to excess alcohol consumption.
I wasn't trying to suggest that AV scanners are the be all and end all of security but that they should be part of it.
With regard to the wider question of personal responsibility, it is regrettable that it is socially acceptable to proudly pronounce that one is IT illiterate, by contrast we would mock anyone that says "I don't read so gud". Hopefully if all of the major OS vendors were more honest about the weaknesses in their systems, we, as the public would eventually become more proactive and alert. When one of the biggest players in the market uses slight of hand to make it look as though they provide an option that is impregnable people will believe them and flock to them under the impression that they can be as cavalier as they want.
As with insurance scams, we are all the victims of malware, either directly or indirectly, it hits all of our wallets to a degree
I agree. So sad that Google has so many robots convinced that Android and Google Play are safe when they clearly are not.
How is this not clear, "Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function."
You seem to not understand that anti-malware applications actually have vulnerabilities themselves.
By the way, what is MAC? Are you referring to a MAC Address?
Quote:
Originally Posted by MacBook Pro
Frankly, I feel I am morally obligated to help disadvantaged users of poor quality software truly understand how their poor choices have made them vulnerable. The best way to help those individuals is to not use any software on my system designed to protect those individuals rather than myself.
I agree!
@hungover: You have to take into account that AV software in itself as MacBook Pro stated can open doors to exploits (vulnerabilities). Don't think as AV or any other malware scanner for that matter, is a "magical barrier" as those companies that created them would like you to think of. It's not anything magical neither barrier neither shield or anything, it's just a pice of software, just as the OS itself but scaled a lot down and with a more focused purpose. Having said that you have to understand that software, just as everything else in nature is not perfect, is not without flaw and without vulnerabilities. So given those arguments even if one decides to install and run AV software on a computer, even for the 0,0001% potential threats that are out there NOW he in fact opens up another door to other potential exploits. I't like trying to patch a whole in the tire but in the mean time when applying the patch possibly create another hole in the patch itself (if that's easier to comprehend as an analogy).
Moreover, please read this well put article also. Especially focus on the Prophylaxis not Always a Panacea. Better yet i'll quote the article directly:
Quote:
Similarly, because there are no known signatures for Mac viruses (because no viruses yet exist), there is no way to prevent infections that might be developed. The security software would have to be updated to provide any protection, but that update mechanism also serves as a potential vector for distributing elements of malicious attacks, either directly or by opening up potential new vulnerabilities.
Were there some real, plausible risk of Mac viruses being developed (say, you operated a large lab of Macs that served as a valuable target for attackers), it might make some sense to install anti-virus tools so that you could mitigate damage once a threat was discovered. It also might make some sense for some institutions to install tools that limit what software its users can install.
However, for home users, Mac anti-virus makes no sense whatsoever. All it can possibly do is slow down the system, add some irritating interruptions, and provide a false sense of security while actually undermining real security by adding new layers of potential vulnerabilities. Very targeted attacks, ones that might exploit a vulnerability to gain access to your system, are not preventable with anti-virus software that only scans for known patterns of malicious software.
Really, how useful is it to install anti-virus software that can realistically only stop you from installing software you should know better than to attempt to install in the first place, whether it’s the pirated version of Photoshop or the pirated version of iWork or an unknown anti-virus package from the web? Yes, those are the four fearsome malware examples Goodin cited as his “rising tide” of Mac malware, and which, coincidentally, Intego cites as the reasons to buy its Mac software.
Of course, the security experts at Kaspersky, Symantec, Intego, and others don’t want you to know that. They want you to read scary articles like those that regularly appear on CNET, Wired, and the Register, which are based on press releases issued by those vendors, all suggesting that Macs are really damn close to being dangerous to use, and that their products are really critical for your continued safety.
Because when you’re in the business of fear, an educated population is the worst thing you can imagine, and a lazy media content with republishing your press releases is your only hope in preventing that from happening.
That's the same story with the Flashback trojan. When it hit some macs (i highly doubt it was anything close to 600.000) please understand AV software couldn't do squat about it because there were no signatures of the trojan available. As the quoted article states: imagine covering yourself with band-aids with the hope of avoiding any potential for infection; the reality would be that those bandages wouldn’t do anything to protect you from being infected if you were actually injured, and up to that point they would only serve as a potential media for culturing infectious bacteria and keeping it in contact with your body.
Quote:
Originally Posted by AndreiD
I agree!
@hungover: You have to take into account that AV software in itself as MacBook Pro stated can open doors to exploits (vulnerabilities). Don't think as AV or any other malware scanner for that matter, is a "magical barrier" as those companies that created them would like you to think of. It's not anything magical neither barrier neither shield or anything, it's just a pice of software, just as the OS itself but scaled a lot down and with a more focused purpose. Having said that you have to understand that software, just as everything else in nature is not perfect, is not without flaw and without vulnerabilities. So given those arguments even if one decides to install and run AV software on a computer, even for the 0,0001% potential threats that are out there NOW he in fact opens up another door to other potential exploits. I't like trying to patch a whole in the tire but in the mean time when applying the patch possibly create another hole in the patch itself (if that's easier to comprehend as an analogy).
Moreover, please read this well put article also. Especially focus on the Prophylaxis not Always a Panacea. Better yet i'll quote the article directly:
That's the same story with the Flashback trojan. When it hit some macs (i highly doubt it was anything close to 600.000) please understand AV software couldn't do squat about it because there were no signatures of the trojan available. As the quoted article states: imagine covering yourself with band-aids with the hope of avoiding any potential for infection; the reality would be that those bandages wouldn’t do anything to protect you from being infected if you were actually injured, and up to that point they would only serve as a potential media for culturing infectious bacteria and keeping it in contact with your body.
Would you advocate that people keep their life savings under their bed, afterall we know that safes and banks have vulnerabilites that can be exploited. Having to visit the ATM or turn the tumbler on a safe might be an added inconvinience but IMO it is a "neccessary evil".
I don't recall suggesting that AVS is a magic bullet but I still contend that it should be part of a wider approach to security.
It is interesting that you quote an out of date article; the (flawed) crux of which is that AVS is not neccessary because the only way to infect a Mac is via pirated software. It points to the fact that AVS definition updates can be hijacked, such AVS vulnerabilities have been cited on numberous occassions throughout this thread yet to date no one has been able to provide a recent real world example of AVS corrupting a computer after having been comprimised in such a way.
I disagree that AVS would have offered no protection at all from FlashBack. With any brand new "virus" there will initially a number of owners running AVS that are infected but other users will be protected once the definitions are released. In the example of FlashBack the major AV vendors were able to offer Mac owners protection long before Apple.
The way in which viruses are spread has changed over the years; initially via floppies and later via email. The email threat has been reduced by the use of AV software at both the the server and desktop level. Increasingly they are now spread over the internet (largely by Linux servers via SQL exploits). Malware is the responsibility of not just end users but also OS vendors and service providers. It is no longer acceptable for OS vendors to pretend that users can be secure without being proactive, fortunately this is a philosophy that apple seem to be adopting but until they take that extra step and say we recommend that you, the owner, use some kind of malware protection the wider Mac community will continue to wheel out the same tired arguments.
The entrenched position of some owners is a akin to the freeloading principle adopted by parents who refuse to inoculate their infants. Why risk the health of your child when you know that odds of contracting a disease is mitigated by the other parents who have taken that risk for the collective good?
Quote:
Originally Posted by MacBook Pro
I agree. So sad that Google has so many robots convinced that Android and Google Play are safe when they clearly are not.
How is this not clear, "Unspecified vulnerability in the filter driver (savonaccessfilter.sys) in Sophos Anti-Virus before 7.6.20 allows local users to gain privileges via crafted arguments to the NtQueryAttributesFile function."
You seem to not understand that anti-malware applications actually have vulnerabilities themselves.
By the way, what is MAC? Are you referring to a MAC Address?
???
savonaccessfilter.sys - Local Users Gain Elevated Privileges
I thought that the conversation was about viruses. All of a sudden you are concerned about someone using your computer locally. At the risk of bursting your bubble, anyone with local access can harvest your personal data... regardless of which OS you have.
Do you really need to ask what a MAC is or are you incredibly insecure? Should I ask you to clarify whether your use of the word Mac is a reference to Apple computers or apparel commonly worn by men who like to expose themselves?
Quote:
Originally Posted by hungover
Would you advocate that people keep their life savings under their bed, afterall we know that safes and banks have vulnerabilites that can be exploited. Having to visit the ATM or turn the tumbler on a safe might be an added inconvinience but IMO it is a "neccessary evil".
I don't recall suggesting that AVS is a magic bullet but I still contend that it should be part of a wider approach to security.
It is interesting that you quote an out of date article; the (flawed) crux of which is that AVS is not neccessary because the only way to infect a Mac is via pirated software. It points to the fact that AVS definition updates can be hijacked, such AVS vulnerabilities have been cited on numberous occassions throughout this thread yet to date no one has been able to provide a recent real world example of AVS corrupting a computer after having been comprimised in such a way.
I disagree that AVS would have offered no protection at all from FlashBack. With any brand new "virus" there will initially a number of owners running AVS that are infected but other users will be protected once the definitions are released. In the example of FlashBack the major AV vendors were able to offer Mac owners protection long before Apple.
The way in which viruses are spread has changed over the years; initially via floppies and later via email. The email threat has been reduced by the use of AV software at both the the server and desktop level. Increasingly they are now spread over the internet (largely by Linux servers via SQL exploits). Malware is the responsibility of not just end users but also OS vendors and service providers. It is no longer acceptable for OS vendors to pretend that users can be secure without being proactive, fortunately this is a philosophy that apple seem to be adopting but until they take that extra step and say we recommend that you, the owner, use some kind of malware protection the wider Mac community will continue to wheel out the same tired arguments.
The entrenched position of some owners is a akin to the freeloading principle adopted by parents who refuse to inoculate their infants. Why risk the health of your child when you know that odds of contracting a disease is mitigated by the other parents who have taken that risk for the collective good?
Haha don't even get me started with the banking sector d-bate. In many ways keeping your money under the sofa in those troubled times can be safer than depositing them to a bank. Ask Lehman Brothers!
Quoting an out of date article is still better than not quoting anything in the first place (i.e.: smacking around words). Nobody said the article is fresh as home cooked bread and nor does it have to be. With regard to your request for a "real world example" this thing can spin both ways meaning no one has been able to show a real world example of why Apple computers need AV software.
Regarding your definitions comments, i'm telling you again: the definitions will only help you if your lucky enough to be susceptive to get infected after you get the AV definitions updated.That's sometimes days or weeks after a 0 day malware is out on the market and widely known.
Can you please provide some facts to this statement:
Quote:
Increasingly they are now spread over the internet (largely by Linux servers via SQL exploits).
?
I agree with this: It is no longer acceptable for OS vendors to pretend that users can be secure without being proactive; HOWEVER proactive doesn't really mean or rely on AV software. For me proactive defines avoiding social engineering techniques (what recently happened for some Macintosh users) by practicing common sense, reality awareness and others such measures. In fact if you're not proactive with those things first, it's kind of useless to having AV installed, as if you're fooled into installing something that you should know it's strange or fishy or forbidden (see porn apps/ sites), then it's in vane the AV software will yell this and that and you still disregard it and any kind of common sense.
With regard to this: ...we recommend that you, the owner, use some kind of malware protection; I SIMPLY CAN'T agree with you for 2 reasons:
1. Apple is being diligent enough to offer software protection out of the box: gatekeeper, sandbox, malware definitions etc. No need right now for any other user or third party software.
2 and most important: there is no self-replicating malware out there in the wild for Macs.
Regarding your last paragraph see the above 2 reasons and the fact that you don't compare apples with apples (pun intended). You compare Apple with Oranges, meaning you probably assume that PC-Windows users having so much indoctrination with using AV software (and based on good reasons) that it became almost a religion on the Windows world, that implies that those PC users in fact protect also the other community of Mac users. If that's what you implied then the analogy you provided is false because in this case it's not children playing with other children, it's children playing with monkeys. Knowing scientifically that monkey diseases cannot pass to humans (don't take it literally please) there's no reason to inoculate human infants. In fact you can't even do it because to inoculate someone you'd have to know what you inoculate him against. Not knowing that = impossible to develop a vaccine.
Quote:
Originally Posted by AndreiD
Haha don't even get me started with the banking sector d-bate. In many ways keeping your money under the sofa in those troubled times can be safer than depositing them to a bank. Ask Lehman Brothers!
Quoting an out of date article is still better than not quoting anything in the first place (i.e.: smacking around words). Nobody said the article is fresh as home cooked bread and nor does it have to be. With regard to your request for a "real world example" this thing can spin both ways meaning no one has been able to show a real world example of why Apple computers need AV software.
Regarding your definitions comments, i'm telling you again: the definitions will only help you if your lucky enough to be susceptive to get infected after you get the AV definitions updated.That's sometimes days or weeks after a 0 day malware is out on the market and widely known.
Can you please provide some facts to this statement:
?
I agree with this: It is no longer acceptable for OS vendors to pretend that users can be secure without being proactive; HOWEVER proactive doesn't really mean or rely on AV software. For me proactive defines avoiding social engineering techniques (what recently happened for some Macintosh users) by practicing common sense, reality awareness and others such measures. In fact if you're not proactive with those things first, it's kind of useless to having AV installed, as if you're fooled into installing something that you should know it's strange or fishy or forbidden (see porn apps/ sites), then it's in vane the AV software will yell this and that and you still disregard it and any kind of common sense.
With regard to this: ...we recommend that you, the owner, use some kind of malware protection; I SIMPLY CAN'T agree with you for 2 reasons:
1. Apple is being diligent enough to offer software protection out of the box: gatekeeper, sandbox, malware definitions etc. No need right now for any other user or third party software.
2 and most important: there is no self-replicating malware out there in the wild for Macs.
Regarding your last paragraph see the above 2 reasons and the fact that you don't compare apples with apples (pun intended). You compare Apple with Oranges, meaning you probably assume that PC-Windows users having so much indoctrination with using AV software (and based on good reasons) that it became almost a religion on the Windows world, that implies that those PC users in fact protect also the other community of Mac users. If that's what you implied then the analogy you provided is false because in this case it's not children playing with other children, it's children playing with monkeys. Knowing scientifically that monkey diseases cannot pass to humans (don't take it literally please) there's no reason to inoculate human infants. In fact you can't even do it because to inoculate someone you'd have to know what you inoculate him against. Not knowing that = impossible to develop a vaccine.
We seem to be in accordance on some points but then appear to suffer from differing opinions as to which end of the egg to break open first. For example, I admit that I was unaware that OSx now scans incoming files and assesses them according to file signatures. That strikes me as being a postivie step on Apple's behalf, indeed I would go so far as to call it AVS (likening it to Windows Defender). Frankly I don't care which vendor is offering AVS protection so long as it exists. It does however seem to make (some of) your reservations about AVS moot.
I am not sure why you considered that you need to stress the fact that there is no self-replicating malware out there in the wild for Macs. I agree with you and have not suggested otherwise. I have attempted to use the term virus in inverted commas in an attempt to make it clear that i am referring to malware in general. Thus far it has been Apple that has chopped and changed the definition to suit which ever marketing ploy they are adopting, thereby forcing devotees to qualify that they are discounting proof of concept viruses or other forms of malware.
Off hand I am unable to provide concrete evidence that the web has become the key route for the distribution of malware but for the reasons mentioned previously I am happy to accept that the statement is feasible. I questioned the validity of the site that you quoted given that it predates much of the recent (but "rare") Mac malware.
With regard to my inoculation analogy- I concede that if we use the term virus in it's strictest sense then my point is flawed, if however we are using the term to refer to malware then (IMO) it stands.