As the original poster and a returner to Macs after 20+ years I'm learning alot here.
It seems most people think it will never happen to them. Forgive me if I think thats a little ostrich like.
I continue to look for a solution to my concern.
Thanks everybody
It would be ostrich-like if we were ignoring actual evidence of malware causing problems. As of right now though, that danger hasn't materialized. When it finally does materialize, it is exceedingly unlikely to affect users prior to them having the chance to reevaluate and start using an AV product.
I'd characterize this position as putting the danger in perspective relative to other dangers to our computers. It isn't dogmatic blindess, nor is it saying Macs are immune.
Keep in mind that this is coming from an IT manager that has enacted a policy at his company that includes gateway AV protection on top of desktop AV software. I look at the logs daily and know exactly what dangers lurk out there. Our servers are fully patched RHEL boxes and our desktops are primarily Windows XP. I am no ostrich but rather a well informed professional basing his opinion on the data available.
It would be ostrich-like if we were ignoring actual evidence of malware causing problems. As of right now though, that danger hasn't materialized. When it finally does materialize, it is exceedingly unlikely to affect users prior to them having the chance to reevaluate and start using an AV product.
I'd characterize this position as putting the danger in perspective relative to other dangers to our computers. It isn't dogmatic blindess, nor is it saying Macs are immune.
Keep in mind that this is coming from an IT manager that has enacted a policy at his company that includes gateway AV protection on top of desktop AV software. I look at the logs daily and know exactly what dangers lurk out there. Our servers are fully patched RHEL boxes and our desktops are primarily Windows XP. I am no ostrich but rather a well informed professional basing his opinion on the data available.
Dfiler: You're on a soapbox. The OP wants to know about virus and security software for Mac not backup and accidental deletion prevention. Stick to the OPs original question and just offer advice on security software.
Peterball: the link I posted yesterday contains reviews for a number of security softwares. If you've already made up your mind that you need such software then head to the reviews and pick what meets your budget and level of concern
As the original poster and a returner to Macs after 20+ years I'm learning alot here.
It seems most people think it will never happen to them. Forgive me if I think thats a little ostrich like.
I continue to look for a solution to my concern.
Thanks everybody
Technically, if you do one thing (turn off open safe tiles after downloading in the Safari preferences) you reduce the possibility for malware to launch and run without you giving it your admin password so low as to be trivial at this point in time.
Should you give a program your password explicitly, there is no software package which can save you. On any platform. (although Little Snitch helps as an emergency outgoing backstop)
With no registry, there are no complicated extraction procedures on OS X once any malware has been identified by the security industry. You don't need malware extraction software because of this, just delete the file(s) identified.
It just happens that only one trojan/worm has has any success at all on OS X in the last nine years, and that was quite meager. Much of that difference is technology based -- OS X has no ActiveX. That is the huge hole that most of the Windows problems revolve around one way or another.
With Snow Leopard fully implementing a 64-bit address space randomization the days of buffer overflow attacks are gone, the whole mechanism breaks. That is only partially true in the current Leopard, but the portions that are randomized have made buffer overflow malware attacks in Leopard low-ish probability of success. Fixing this and the Java vulnerability this week make the attackable vectors REALLY hard to find, the fuzzing tools will become all but irrelevant for finding vulnerabilities to exploit. And fuzzing is how almost all the vulnerabilities are being found now.
I run an anti-virus program because I don't want to propagate Windows virii from shared files and attachments. I currently have zero fear of an OS X based virus/worm due to the technical (not obscurity) differences in OS design compared to Windows.
edit-I forgot to mention earlier that I run Little Snitch so I am aware of what is outgoing on my machine. Setting it up to deny outgoing network transmission requests automatically, unless I override the denial, gives me pretty quick awareness if an app is doing something I was not expecting. As long as that is running I can be reasonably comfortable nasties aren't wreaking havoc in the background sharing my information. Other than MS Office, I haven't had to explicitly deny outgoing connections in a VERY LONG TIME. The combination of Little Snitch and turning off "open safe files" is about as hardcore as you need to be on a Mac to remain in control of your own box.
Dfiler: You're on a soapbox. The OP wants to know about virus and security software for Mac not backup and accidental deletion prevention. Stick to the OPs original question and just offer advice on security software.
Peterball: the link I posted yesterday contains reviews for a number of security softwares. If you've already made up your mind that you need such software then head to the reviews and pick what meets your budget and level of concern
This is addressing the original poster. He asked about the merit of various AV programs. Basically, which one is worth running?
My advice has been that they are all of little utility and that time is better spent on an improved backup strategy. It was also important to rebut a few posts which seemed to mischaracterize the threat posed to OS X users.
Here's what I'm curious of: Peter, are you running a backup utility such as TimeMachine? And is an archive periodically being moved off-site? Not to accuse you of anything, nor to say that these haven't been considered. Rather, my experience has shown that this is a wise way to approach the subject when asked about Mac AV software by a home user. Without knowing anything about you, it is the best place to start. People frequently seek out security or AV software on the Mac because they think it is the best way to safe guard their computer. What they don't realize is that because the risk is so low, attention is better spent elsewhere.
As the original poster and a returner to Macs after 20+ years I'm learning alot here.
It seems most people think it will never happen to them. Forgive me if I think thats a little ostrich like.
I continue to look for a solution to my concern.
...
If you were a Mac user 20 years ago, then you know that there were Mac viruses back then. If memory serves, there were 26 Mac-specific viruses. The other malware that affected Mac pre-MacOS X were cross-platform Microsoft Office macroviruses written largely using Visual BASIC for Applications. These were follow-ons to the first cross-platform virus, a Word 6 macrovirus. The advent of VBA enabled "script kiddies." Do you see a pattern? Microsoft provided virus-enabling technology. Prior to VBA, viruses were constrained to program code. Viruses required skilled assembly language programmers to write them. After VBA, viruses could be hosted by document files. To write one required only a nitwit with an idea and a text editor.
Even though Office macroviruses could infect both Macs and Windows, their damage on the Mac was limited to Office files. On Windows, they had the run of the System. They could damage anything. This was all before MacOS X.
When you left the Mac, there were few viruses, but every application could be infected. With the advent of the first Mac viruses, the Mac community responded with freeware antivirus utilities like Disinfectant and commercial utilities like Symantec Antivirus for the Macintosh. Most infections of the era spread via floppy disk. With antivirus software installed and enabled, it was impossible for a virus to escape detection and removal. Although MacOS 9 was technically vulnerable, there were periods when more than a year passed between new viruses. Bill Gates claimed that the Mac's small marketshare was responsible. The real reason was clearly the Mac's superior design.
With the release of MacOS X, Mac-specific viruses are a thing of the past. The MacOS X permissions model does not permit viruses to be installed automatically whether or not you have antivirus software. Without automatic installation, you can't have self-propagation. Without propagation, a piece of code no matter how malicious is just another file.
Yes I am using Time Machine on a 500Gb USB drive. I'm used to PC's and am a bit anal about backup normally doing son,father,grandfather. Time Machine is very funky
I only keep apps on the Mac and all data is on another 1Tb USB,
That works for me
Quote:
Originally Posted by dfiler
This is addressing the original poster. He asked about the merit of various AV programs. Basically, which one is worth running?
My advice has been that they are all of little utility and that time is better spent on an improved backup strategy. It was also important to rebut a few posts which seemed to mischaracterize the threat posed to OS X users.
Here's what I'm curious of: Peter, are you running a backup utility such as TimeMachine? And is an archive periodically being moved off-site? Not to accuse you of anything, nor to say that these haven't been considered. Rather, my experience has shown that this is a wise way to approach the subject when asked about Mac AV software by a home user. Without knowing anything about you, it is the best place to start. People frequently seek out security or AV software on the Mac because they think it is the best way to safe guard their computer. What they don't realize is that because the risk is so low, attention is better spent elsewhere.
If you were a Mac user 20 years ago, then you know that there were Mac viruses back then. If memory serves, there were 26 Mac-specific viruses. The other malware that affected Mac pre-MacOS X were cross-platform Microsoft Office macroviruses written largely using Visual BASIC for Applications. These were follow-ons to the first cross-platform virus, a Word 6 macrovirus. The advent of VBA enabled "script kiddies." Do you see a pattern? Microsoft provided virus-enabling technology. Prior to VBA, viruses were constrained to program code. Viruses required skilled assembly language programmers to write them. After VBA, viruses could be hosted by document files. To write one required only a nitwit with an idea and a text editor.
Even though Office macroviruses could infect both Macs and Windows, their damage on the Mac was limited to Office files. On Windows, they had the run of the System. They could damage anything. This was all before MacOS X.
When you left the Mac, there were few viruses, but every application could be infected. With the advent of the first Mac viruses, the Mac community responded with freeware antivirus utilities like Disinfectant and commercial utilities like Symantec Antivirus for the Macintosh. Most infections of the era spread via floppy disk. With antivirus software installed and enabled, it was impossible for a virus to escape detection and removal. Although MacOS 9 was technically vulnerable, there were periods when more than a year passed between new viruses. Bill Gates claimed that the Mac's small marketshare was responsible. The real reason was clearly the Mac's superior design.
With the release of MacOS X, Mac-specific viruses are a thing of the past. The MacOS X permissions model does not permit viruses to be installed automatically whether or not you have antivirus software. Without automatic installation, you can't have self-propagation. Without propagation, a piece of code no matter how malicious is just another file.
Let's not overstate the case though. Self propagating viruses are still possible. It's just that one hasn't been written yet and that writing one is not easy. Exploits have existed that could have provided a way for a non-trojan virus to gain root access.
It's the severity and likelyhood of that danger that is in dispute.
Comments
As the original poster and a returner to Macs after 20+ years I'm learning alot here.
It seems most people think it will never happen to them. Forgive me if I think thats a little ostrich like.
I continue to look for a solution to my concern.
Thanks everybody
It would be ostrich-like if we were ignoring actual evidence of malware causing problems. As of right now though, that danger hasn't materialized. When it finally does materialize, it is exceedingly unlikely to affect users prior to them having the chance to reevaluate and start using an AV product.
I'd characterize this position as putting the danger in perspective relative to other dangers to our computers. It isn't dogmatic blindess, nor is it saying Macs are immune.
Keep in mind that this is coming from an IT manager that has enacted a policy at his company that includes gateway AV protection on top of desktop AV software. I look at the logs daily and know exactly what dangers lurk out there. Our servers are fully patched RHEL boxes and our desktops are primarily Windows XP. I am no ostrich but rather a well informed professional basing his opinion on the data available.
It would be ostrich-like if we were ignoring actual evidence of malware causing problems. As of right now though, that danger hasn't materialized. When it finally does materialize, it is exceedingly unlikely to affect users prior to them having the chance to reevaluate and start using an AV product.
I'd characterize this position as putting the danger in perspective relative to other dangers to our computers. It isn't dogmatic blindess, nor is it saying Macs are immune.
Keep in mind that this is coming from an IT manager that has enacted a policy at his company that includes gateway AV protection on top of desktop AV software. I look at the logs daily and know exactly what dangers lurk out there. Our servers are fully patched RHEL boxes and our desktops are primarily Windows XP. I am no ostrich but rather a well informed professional basing his opinion on the data available.
Dfiler: You're on a soapbox. The OP wants to know about virus and security software for Mac not backup and accidental deletion prevention. Stick to the OPs original question and just offer advice on security software.
Peterball: the link I posted yesterday contains reviews for a number of security softwares. If you've already made up your mind that you need such software then head to the reviews and pick what meets your budget and level of concern
As the original poster and a returner to Macs after 20+ years I'm learning alot here.
It seems most people think it will never happen to them. Forgive me if I think thats a little ostrich like.
I continue to look for a solution to my concern.
Thanks everybody
Technically, if you do one thing (turn off open safe tiles after downloading in the Safari preferences) you reduce the possibility for malware to launch and run without you giving it your admin password so low as to be trivial at this point in time.
Should you give a program your password explicitly, there is no software package which can save you. On any platform. (although Little Snitch helps as an emergency outgoing backstop)
With no registry, there are no complicated extraction procedures on OS X once any malware has been identified by the security industry. You don't need malware extraction software because of this, just delete the file(s) identified.
It just happens that only one trojan/worm has has any success at all on OS X in the last nine years, and that was quite meager. Much of that difference is technology based -- OS X has no ActiveX. That is the huge hole that most of the Windows problems revolve around one way or another.
With Snow Leopard fully implementing a 64-bit address space randomization the days of buffer overflow attacks are gone, the whole mechanism breaks. That is only partially true in the current Leopard, but the portions that are randomized have made buffer overflow malware attacks in Leopard low-ish probability of success. Fixing this and the Java vulnerability this week make the attackable vectors REALLY hard to find, the fuzzing tools will become all but irrelevant for finding vulnerabilities to exploit. And fuzzing is how almost all the vulnerabilities are being found now.
I run an anti-virus program because I don't want to propagate Windows virii from shared files and attachments. I currently have zero fear of an OS X based virus/worm due to the technical (not obscurity) differences in OS design compared to Windows.
edit-I forgot to mention earlier that I run Little Snitch so I am aware of what is outgoing on my machine. Setting it up to deny outgoing network transmission requests automatically, unless I override the denial, gives me pretty quick awareness if an app is doing something I was not expecting. As long as that is running I can be reasonably comfortable nasties aren't wreaking havoc in the background sharing my information. Other than MS Office, I haven't had to explicitly deny outgoing connections in a VERY LONG TIME. The combination of Little Snitch and turning off "open safe files" is about as hardcore as you need to be on a Mac to remain in control of your own box.
Dfiler: You're on a soapbox. The OP wants to know about virus and security software for Mac not backup and accidental deletion prevention. Stick to the OPs original question and just offer advice on security software.
Peterball: the link I posted yesterday contains reviews for a number of security softwares. If you've already made up your mind that you need such software then head to the reviews and pick what meets your budget and level of concern
This is addressing the original poster. He asked about the merit of various AV programs. Basically, which one is worth running?
My advice has been that they are all of little utility and that time is better spent on an improved backup strategy. It was also important to rebut a few posts which seemed to mischaracterize the threat posed to OS X users.
Here's what I'm curious of: Peter, are you running a backup utility such as TimeMachine? And is an archive periodically being moved off-site? Not to accuse you of anything, nor to say that these haven't been considered.
As the original poster and a returner to Macs after 20+ years I'm learning alot here.
It seems most people think it will never happen to them. Forgive me if I think thats a little ostrich like.
I continue to look for a solution to my concern.
...
If you were a Mac user 20 years ago, then you know that there were Mac viruses back then. If memory serves, there were 26 Mac-specific viruses. The other malware that affected Mac pre-MacOS X were cross-platform Microsoft Office macroviruses written largely using Visual BASIC for Applications. These were follow-ons to the first cross-platform virus, a Word 6 macrovirus. The advent of VBA enabled "script kiddies." Do you see a pattern? Microsoft provided virus-enabling technology. Prior to VBA, viruses were constrained to program code. Viruses required skilled assembly language programmers to write them. After VBA, viruses could be hosted by document files. To write one required only a nitwit with an idea and a text editor.
Even though Office macroviruses could infect both Macs and Windows, their damage on the Mac was limited to Office files. On Windows, they had the run of the System. They could damage anything. This was all before MacOS X.
When you left the Mac, there were few viruses, but every application could be infected. With the advent of the first Mac viruses, the Mac community responded with freeware antivirus utilities like Disinfectant and commercial utilities like Symantec Antivirus for the Macintosh. Most infections of the era spread via floppy disk. With antivirus software installed and enabled, it was impossible for a virus to escape detection and removal. Although MacOS 9 was technically vulnerable, there were periods when more than a year passed between new viruses. Bill Gates claimed that the Mac's small marketshare was responsible. The real reason was clearly the Mac's superior design.
With the release of MacOS X, Mac-specific viruses are a thing of the past. The MacOS X permissions model does not permit viruses to be installed automatically whether or not you have antivirus software. Without automatic installation, you can't have self-propagation. Without propagation, a piece of code no matter how malicious is just another file.
I only keep apps on the Mac and all data is on another 1Tb USB,
That works for me
This is addressing the original poster. He asked about the merit of various AV programs. Basically, which one is worth running?
My advice has been that they are all of little utility and that time is better spent on an improved backup strategy. It was also important to rebut a few posts which seemed to mischaracterize the threat posed to OS X users.
Here's what I'm curious of: Peter, are you running a backup utility such as TimeMachine? And is an archive periodically being moved off-site? Not to accuse you of anything, nor to say that these haven't been considered.
If you were a Mac user 20 years ago, then you know that there were Mac viruses back then. If memory serves, there were 26 Mac-specific viruses. The other malware that affected Mac pre-MacOS X were cross-platform Microsoft Office macroviruses written largely using Visual BASIC for Applications. These were follow-ons to the first cross-platform virus, a Word 6 macrovirus. The advent of VBA enabled "script kiddies." Do you see a pattern? Microsoft provided virus-enabling technology. Prior to VBA, viruses were constrained to program code. Viruses required skilled assembly language programmers to write them. After VBA, viruses could be hosted by document files. To write one required only a nitwit with an idea and a text editor.
Even though Office macroviruses could infect both Macs and Windows, their damage on the Mac was limited to Office files. On Windows, they had the run of the System. They could damage anything. This was all before MacOS X.
When you left the Mac, there were few viruses, but every application could be infected. With the advent of the first Mac viruses, the Mac community responded with freeware antivirus utilities like Disinfectant and commercial utilities like Symantec Antivirus for the Macintosh. Most infections of the era spread via floppy disk. With antivirus software installed and enabled, it was impossible for a virus to escape detection and removal. Although MacOS 9 was technically vulnerable, there were periods when more than a year passed between new viruses. Bill Gates claimed that the Mac's small marketshare was responsible. The real reason was clearly the Mac's superior design.
With the release of MacOS X, Mac-specific viruses are a thing of the past. The MacOS X permissions model does not permit viruses to be installed automatically whether or not you have antivirus software. Without automatic installation, you can't have self-propagation. Without propagation, a piece of code no matter how malicious is just another file.
Let's not overstate the case though. Self propagating viruses are still possible. It's just that one hasn't been written yet and that writing one is not easy. Exploits have existed that could have provided a way for a non-trojan virus to gain root access.
It's the severity and likelyhood of that danger that is in dispute.