Is anti-virus protection necessary?

On Nov 23, 2005, at 3:44 PM, fred128 wrote:

> I now have friends who've recently switched from Windows machines
> asking me whether they should be buying anti-virus software for
> their new Macs. I'm inclined to tell them "no". Am I wrong?

ClamAV is an open-source anti-virus tool that now has an OS X client.

<http://www.clamxav.com/>

I have yet to install it (I too haven't used anti-virus in years on a
Mac), but we use ClamAV on our mail systems. In general, ClamAV's
virus definitions are updated faster than our commercial products
which means clamAV catches more than those other ones (names withheld).

I would feel pretty comfortable saying no, and offering this as a
extra option.

Steve Cochran

On Nov 23, 2005, at 3:44 PM, fred128 wrote:

> I now have friends who've recently switched from Windows machines
> asking me whether they should be buying anti-virus software for
> their new Macs. I'm inclined to tell them "no". Am I wrong?

The arguments for:

* Mac anti-virus software will recognize Windows viruses. If you do
a lot of file-swapping with people on Windows machines, and one of
those files has a virus, you won't be vulnerable to it, but if you
pass that file on to someone else, the virus will still be there.
Having anti-virus software will prevent you from spreading Windows
viruses to Windows users.

* It's possible that someday there will be a Mac virus. If you have
anti-virus software in place, and you have the discipline of updating
your virus definitions frequently, you'll be several steps ahead of
the rest of the Mac world, who may be slow to respond because they
did not think a Mac virus was possible.

The argument against:

* Anti-virus software costs money and time that can be better spent
on other things, since there are -zero- known Mac viruses.

(If you poke around a bit online, you can find probably expansions on
all of these arguments online.)

My inclination would not be to simply recommend against anti-virus
software, but to lay out these arguments. The answer isn't as cut-
and-dried on the Mac as it is on Windows, and some of your friends
might be in situations where they should be running anti-virus software.

Charlton


--
Charlton Wilbur
cwilburchromatico.net

> [I tend to agree with you - I haven't run any anti-virus software
> regularly since Disinfectant. But, like you, I'm relatively careful
> about what I do, and I keep very good backups as well. -Adam]

I agree with Adam - my original PBG4 has been living on my DSL line
(and numerous client networks) with OS9 and later OS X without any
problems for over 4 years. Like you, I'm careful, and keep backups. I
have found it useful to run a scan now and then with clamXav (free,
<http://www.markallan.co.uk/clamXav/>, which has never found a Mac
virus, but often spots PC virii in my trash & junk mailboxes.

My home desktop (used primarily by 2 teenagers) has had some weird
things happen occasionally, but nothing that I have actually pinned
down to a virus.

I think 'careful' is an important word here,

Roger

Roger Henriques
rdh at rhen dot com

 

At 12:44 PM -0800 11/23/05, fred128 wrote:
>I have been running a Mac OS X laptop for several years without any anti-virus protection and have had no problems. I'm careful about firewall settings, Word macros, and email attachments (and Sony-BMG CDs!).
>
>I now have friends who've recently switched from Windows machines asking me whether they should be buying anti-virus software for their new Macs. I'm inclined to tell them "no". Am I wrong?

I agree with you. I don't run anti-virus software on my Macs, since there are no known viruses to detect. Of course I take the same precautions as you, and I run nightly backups.

At 9:36 PM -0800 11/23/05, Charlton Wilbur wrote:
>The argument against:
>
>* Anti-virus software costs money and time that can be better spent
>on other things, since there are -zero- known Mac viruses.

Other arguments against:

* Anti-virus software only recognizes viruses by signature. If/when a virus comes out, it won't be recognized until the virus definitions file is updated. I'm assuming that the first Mac virus will be enough of a media event (at least in the Mac community) that I'll hear about it, and I'll buy anti-virus software then. Or Apple may issue an OS update that quickly closes the attack vector.

* Any software that patches out your kernel tends to make your machine unstable. Apple's kext documentation is not so good. Unless you are an Apple engineer (or take one to lunch often) your chances of releasing a completely debugged kext are low. My current Mac is the most stable computer system I've ever owned. I like it that way.
--

David


 

> Having anti-virus software will prevent you from spreading Windows
> viruses to Windows users.

        I too do not run any antivirus software on my Mac. All Windows
boxes that I deal with have antivirus software on them, I won't let a
windows machine (at home or at work) near my network if it doesn't.
Not without running a full scan on it first.

> The argument against:
>
> * Anti-virus software costs money and time that can be better spent
> on other things, since there are -zero- known Mac viruses.

        I would disagree here. There are "-zero-" known OS X viruses,
however there are a few floating around for earlier systems.
Granted, new users will be getting OS X with new machines but I just
thought I'd mention it ;-)


        Is it possible that some recently discovered Unix viruses MAY be
able to infect OS X machines, since OS X is just a GUI on top of a
Unix shell??

Jason


-------------------------------------
Jason Campbell
Technician
Psychology Department
University of Otago

Ph (03) 479 7668


 

On Nov 24, 2005, at 6:36 AM, Charlton Wilbur wrote:

>
> * Anti-virus software costs money and time that can be better spent
> on other things, since there are -zero- known Mac viruses.

There are no Mac _system_ viruses. If, however, you exchange lots of
Word and Excel files with others, especially PC users, you're better
off protecting against macro viruses. You can of course turn off
macros in files with macros, but some of us get file where we need to
use the macros... Most or all Mac antivirus software protect against
macro viruses.


Kirk
            Author of: Take Control of Users & Accounts in Tiger
                       http://www.mcelhearn.com/tco.html
                - - - - - -
              Read my blog: Kirkville -- http://www.mcelhearn.com
           Musings, Opinion and Miscellanea, on Macs, iPods and more
        Kirk McElhearn | Chemin de la Lauze | 05600 Guillestre | France


 

At 12:36 AM 11/24/2005 -0800, Charlton Wilbur wrote:
>The arguments for:

Another argument for: when a fast-spreading email worm breaks out, AV
software (if up to date) will stop it without the manual sorting which
would be required without AV software.

OTOH, it's likely that your mailbox will already be stuffed by the time the
AV software is updated, and in any case you'll have to download the updates
before you're protected, since waiting for automatic updates will be too
slow. Also, if you have a good email provider, then they are running AV
software anyway, which you can probably configure to drop virus-laden email
at the server.

In one outbreak a couple of years ago, I received thousands of copies of
one worm. Fastmail.fm blocked them all -- after a delay of a few hours
during which I received several hundred copies. Since then, they have
switched to ClamAV (already mentioned here) and believe that they get
updates for fast-spreading outbreaks much more quickly.

One problem with most current AV software is that it still works under the
original virus paradigm: that the malware would be a parasite infecting a
file that you actually want. Thus all the efforts to repair and quarantine
files, and to notify the recipient of the blocked file. But I have never
received this type of attack: virus-laden email has *always* been a worm of
some kind, and I'm sure this is true for at least 99.999% of virus
receptions today (though not all). It seems to be difficult to convince
Symantec and the others who make money on complicated repair schemes that
the only needed response to a virus-laden email is to delete both the email
and the attachment -- silently.

Edward
Art Works by Melynda Reid: http://paleo.org

On 11/24/05 16:12, "David Shayer" <tidbitsentience.com> wrote:

> * Anti-virus software only recognizes viruses by signature. If/when a virus
> comes out, it won't be recognized until the virus definitions file is updated.
> I'm assuming that the first Mac virus will be enough of a media event (at
> least in the Mac community) that I'll hear about it, and I'll buy anti-virus
> software then. Or Apple may issue an OS update that quickly closes the attack
> vector.
>

That's not completely correct. AV can also detect virus-like behavior.

> * Any software that patches out your kernel tends to make your machine
> unstable. Apple's kext documentation is not so good. Unless you are an Apple
> engineer (or take one to lunch often) your chances of releasing a completely
> debugged kext are low. My current Mac is the most stable computer system I've
> ever owned. I like it that way.

Prior to tiger, this was true. With Mac OS X 10.4, Apple has a proper API
or KPI really.

--
John C. Welch Writer/Analyst
Bynkii.com Mac and other opinions
jwelchbynkii.com

On 25/11/2005 11:12 AM, "David Shayer" <tidbitsentience.com> spake thus:

> * Any software that patches out your kernel tends to make your machine
> unstable.

I'm not sure what this has to do with it. Plugging into the kernel should be
absolutely unnecessary for AV software. ClamAV certainly doesn't (it can't
by definition, as it's cross-platform).

--
Nigel Stanger, Dunedin, NEW ZEALAND.
http://public.xdi.org/=nigel.stanger

At 12:44 PM -0800 11/23/05, fred128 wrote:
>I now have friends who've recently switched from Windows machines asking
>me whether they should be buying anti-virus software for their new Macs.
>I'm inclined to tell them "no". Am I wrong?

        I occasionally run ClamAV via clamXav.app <http://www.clamxav.com/>
which is a Mac front end to the open source project
<http://www.clamav.net/>, but mostly as a curiosity. It scans for lots of
non-Mac malware, but I don't know if it picks up any Mac specific files
(are there even any that it should be looking for?).



--
* Johann Beda - contact link: <http://public.xdi.org/=j-beda> *
* Johann's MostlyMac Computer Consulting - <http://mmcc.beda.ca/> *

Jason Campbell said:

>> The argument against:
>>
>> * Anti-virus software costs money and time that can be better spent
>> on other things, since there are -zero- known Mac viruses.
>
> I would disagree here. There are "-zero-" known OS X viruses,
>however there are a few floating around for earlier systems.
>Granted, new users will be getting OS X with new machines but I just
>thought I'd mention it ;-)
>
>
> Is it possible that some recently discovered Unix viruses MAY be
>able to infect OS X machines, since OS X is just a GUI on top of a
>Unix shell??


There are *no* viruses for OS X specifically. However, that doen't mean
that there is no malware that Mac-users running OS X ever need to be
concerned about. Fortunately what exists is extremely rare, but it does
exist.

There are literally thousands of Word and Excel macro viruses that will
run on the Mac versions of these programs, some of which are sincerely
malicious. You can keep them from running by enabling "macro virus
protection" in preferences in those programs. But this feature doesn't
tell you if a macro is malicious or if it is legitimate. (Business users,
who frequently receive legitimate Word and Excel documents with embedded
macros, may prefer to have an anti-viral
program that can actually detect and clean a malicious macro from a
document, and preserve the document.)

There are two or three Trojans/worms for OS X (not just "concepts"), but
they are incredibly rare, and they aren't self-propogating, so you are
unlikely to encounter them, and only then if you engage in downloading
from peer to peer networks. Trojans for OS X include Opener/Renepo, the
WordInstaller Trojan, MacCowHand, and MP3/Concept. MP3/Concept, of
course, does not exist in the wild as anything other than a non-malicious
proof-of-concept.

http://www.sophos.com/virusinfo/analyses/maccowhanda.html
http://www.macintouch.com/opener02.html
http://securityresponse.symantec.com/avcenter/venc/data/macos.mw2004.trojan.htm
http://www.macworld.co.uk/news/index.cfm?NewsID=8406
http://www.intego.com/news/pr41.asp
http://www.securityfocus.com/archive/1/395107/2005-04-03/2005-04-09/0

As for MP3/Concept, when someone posts a proof-of-concept on the
Internet, my personal feeling is that it is sort of like providing a
construction kit for psychopathic geeks to create malware. Thus, the mere
existence of such a proof-of-concept on the Internet heralds the need for
increased security.

There is no spyware for the Mac that can be diseminated via a Web site or
e-mail, though there is spyware that can be installed if one has physical
access to a Mac.

There are classic viruses (for OS 8/9) that can infect Classic running
under OS X, but they have become very rare because they were designed to
propagate via floppy, and Macs haven't used floppies in ages. (Folks
don't seem to share user-recorded CD's with the frequency that they did
floppies.)

Windows users like to bring up the issue of the Macintosh being a carrier
of Windows viruses. This is a silly assertion. There is just about zero
likelihood that you will be spreading Windows viruses to your
Windows-using colleagues. You would practically have to do it on
purpose. The only surreptitious viruses that you might pass to a
Windows-using colleague is a Word or Excel macro virus, and that assumes
that you haven't opened these files yourself, you just received them and
then passed them along. In any case, any Windows user who isn't running
good, meticulously updated anti-virus software, deserves any viruses they
get. There are literally over 100,000 Windows viruses. Windows users
should protect themselves. As a Mac user you shouldn't have to worry
about Windows viruses.


Most Mac users feel that using anti-viral software
is a waste of money, and that is a reasonable conclusion given the
extreme rarety of malware for the Macintosh. However, Mac malware does
exist. An ordinary home user probably doesn't need anti-virus software.
However, if you use your Mac in a business context, and your data is very
important, you may not want to leave your data open to even a miniscule
threat, and you may want anti-virus software. (Of course, it is also a
good idea to have multiple backups, multiple firewalls, etc., but a
really infectious virus sometimse can find its way through even the best
defenses.)

Note that good commercial anti-viral software has an auto-update feature
similar to OS X's and that the companies that make anti-viral software
aggressively look for new viruses and update users' software to deal with
them. If a new, very malicious and infectious OS X virus were to
suddenly appear in the wild, users with good anti-viral software already
installed would be the very first ones protected against it, and the most
likely ones not to be infected at all.

Randy B. Singer
Co-Author of: The Macintosh Bible (4th, 5th and 6th editions)

Routine OS X Maintenance and Generic Troubleshooting
http://www.macattorney.com/ts.html

Stephen A. Cochran Lists said:

>ClamAV is an open-source anti-virus tool that now has an OS X client.
>
><http://www.clamxav.com/>
>
>I have yet to install it (I too haven't used anti-virus in years on a
>Mac), but we use ClamAV on our mail systems. In general, ClamAV's
>virus definitions are updated faster than our commercial products
>which means clamAV catches more than those other ones (names withheld).

I have a real problem with ClamXav. ClamXav is an OS X port of ClamAV,
which is a UNIX server anti-virus application for use with Windows
networks. The problem is that ClamXav uses ClamAV's anti-viral database,
with no additions in consideration of the Macintosh.
You can search the ClamAV database here:
http://clamav-du.securesites.net/cgi-bin/clamgrok
As a test, do a search for "Macintosh", or "Opener", or "Renepo" and see
if anything shows up.
What this means is that ClamXav doesn't look for anything that is
Macintosh-only, or even anything just because it is Macintosh-related.

In addition, if a Macintosh-only virus were to appear in the wild, there
is no indication that the ClamAV database would be updated to deal with
it. As far as I can tell, no one is writing and adding virus definitions
to the ClamAV database for Macintosh malware. (The developer of ClamXav
has admitted that not only has he not contributed any such definitions,
but that he doesn't know how write such definitions.) In other words,
ClamXav is practically worthless for use with the Macintosh, and worse, I
fear that it lulls Mac users into a false sense that it is protecting
them, when in fact it doesn't protect them from much at all. (It does
provide protection from cross-platform Word and Excel macro viruses.)

Since ClamXav does not scan for Macintosh-only viruses, if you use
Classic, ClamXav does not protect you from any OS 9 viruses, which can
also infect Classic. It also does not scan for the three known OS X
Trojans in the wild, or the "Concept" Trojan (which is not a real, or
malicious, Trojan, but it does sort of provide a model for someone who
wants to create one, so it would be nice if your anti-viral software
identified derivatives of it.)

Also, ClamXav does not disinfect infected files and software. It can
only flag such software for you. You then have to delete such software
to be rid of the virus.

ClamXav also does not scan files interactively.
 
ClamXav *is* good at scanning for, and detecting Windows viruses on your
Macintosh, but that is of questionable value, as these are harmless on
the Mac, and they are easy to detect and just trash. (Usually they
manifest themselves as gibberish e-mail attachments.) A Macintosh is
highly unlikely to spread Windows viruses to Windows users, so software
to detect Windows viruses resident on a Mac is of questionable value.

I don't see ClamXav as being a substitute for a commercial anti-virus
program. It might be a worthwhile utility to use in addition to a
commercial anti-virus program that does not comprehensively scan for
Windows-only viruses, if, for some reason, you find that important.

The gentleman who has ported ClamAV to the Mac, and who is providing
ClamXav for free, is to be commended for providing a free product to the
Macintosh community. However, even though he does not disagree with any
of what I have said above (this all came up on Macintouch), he also
doesn't clearly state it on his Web site. So folks are lured into
thinking that their Macs are completely protected, and will be in the
future in the event of a very serious threat, when they aren't. That does
the Macintosh community a very serious disservice.


Randy B. Singer
Co-Author of: The Macintosh Bible (4th, 5th and 6th editions)

Routine OS X Maintenance and Generic Troubleshooting
http://www.macattorney.com/ts.html

On 11/29/05 13:53, "Randy B. Singer" <randymacattorney.com> wrote:

> Most Mac users feel that using anti-viral software
> is a waste of money, and that is a reasonable conclusion given the
> extreme rarety of malware for the Macintosh. However, Mac malware does
> exist. An ordinary home user probably doesn't need anti-virus software.
> However, if you use your Mac in a business context, and your data is very
> important, you may not want to leave your data open to even a miniscule
> threat, and you may want anti-virus software. (Of course, it is also a
> good idea to have multiple backups, multiple firewalls, etc., but a
> really infectious virus sometimse can find its way through even the best
> defenses.)

GLBA and HIPAA both are pretty clear that anti-virus anti-malware protection
BEYOND, "It's a Mac" are important parts of compliance with those
regulations. It isn't mandatory regardless of platform under either, but if
you have a problem due to malware regardless of platform, not having AV
software when it's available is going to be seen as a lack of due diligence.

--
John C. Welch Writer/Analyst
Bynkii.com Mac and other opinions
jwelchbynkii.com

On 11/29/05 13:53, "Randy B. Singer" <randymacattorney.com> wrote:

> I don't see ClamXav as being a substitute for a commercial anti-virus
> program. It might be a worthwhile utility to use in addition to a
> commercial anti-virus program that does not comprehensively scan for
> Windows-only viruses, if, for some reason, you find that important.
>
> The gentleman who has ported ClamAV to the Mac, and who is providing
> ClamXav for free, is to be commended for providing a free product to the
> Macintosh community. However, even though he does not disagree with any
> of what I have said above (this all came up on Macintouch), he also
> doesn't clearly state it on his Web site. So folks are lured into
> thinking that their Macs are completely protected, and will be in the
> future in the event of a very serious threat, when they aren't. That does
> the Macintosh community a very serious disservice.

ClamAV was really never a desktop product. It's more of a server product,
and is quite good at that.

For clients, a little folder action shell scripting and Virex 7.2 takes care
of many needs without the need for kernel extensions.

I posted a set of scripts on versiontracker:

<http://www.versiontracker.com/dyn/moreinfo/macosx/18081>

Note that they delete infected files quickly and quietly, there's no
cleaning.

Not the most elegant setup, but a solution that works across many OS X
versions.

--
John C. Welch Writer/Analyst
Bynkii.com Mac and other opinions
jwelchbynkii.com

At 11:53 AM -0800 11/29/05, Randy B.Singer wrote:
>In addition, if a Macintosh-only virus were to appear in the wild, there
>is no indication that the ClamAV database would be updated to deal with
>it. As far as I can tell, no one is writing and adding virus definitions
>to the ClamAV database for Macintosh malware. (The developer of ClamXav
>has admitted that not only has he not contributed any such definitions,
>but that he doesn't know how write such definitions.) In other words,
>ClamXav is practically worthless for use with the Macintosh, and worse, I
>fear that it lulls Mac users into a false sense that it is protecting
>them, when in fact it doesn't protect them from much at all. (It does
>provide protection from cross-platform Word and Excel macro viruses.)

        I see that one can submit virus samples to them at
<http://www.clamav.net/sendvirus.html> I wonder if they would accept any
old Classic malware? Does anyone have any samples?


--
* Johann Beda - contact link: <http://public.xdi.org/=j-beda> *
* Johann's MostlyMac Computer Consulting - <http://mmcc.beda.ca/> *

On 29 Nov 2005, at 12:53 , Randy B. Singer wrote:

> As a test, do a search for "Macintosh", or "Opener", or "Renepo"
> and see
> if anything shows up.

THese are not viruses in any sense of the word. They do not infect
applications. YOu have to INSTALL them. you have to validate with
your admin password. They are trivial to look for on your system.

--
and I lift my glass to the Awful Truth / which you can't reveal to
the Ears of Youth / except to say it isn't worth a dime


 

Google Kreme said:

>> As a test, do a search for "Macintosh", or "Opener", or "Renepo"
>> and see
>> if anything shows up.
>
>THese are not viruses in any sense of the word. They do not infect
>applications. YOu have to INSTALL them. you have to validate with
>your admin password. They are trivial to look for on your system.


I didn't say that they were viruses. I said that they were "Trojans",
right?

http://en.wikipedia.org/wiki/Trojan_horse_%28computing%29

A Trojan is still Mac malware that (at least I, I don't know about you)
want to be protected from. And they aren't "trivial" to look for. A
Trojan can masquerade as just about anything. Folks still don't aren't
sure how Opener arrives, it is that non-trivial to look for.

All of the major commercial anti-virus applications look for and
eradicate these Trojans. ClamXav does not. I don't know about you, but
I would like to be protected from Trojans.

Randy B. Singer
Co-Author of: The Macintosh Bible (4th, 5th and 6th editions)

Routine OS X Maintenance and Generic Troubleshooting
http://www.macattorney.com/ts.html

On 11/30/05 12:13, "Google Kreme" <gkremegmail.com> wrote:

>> As a test, do a search for "Macintosh", or "Opener", or "Renepo"
>> and see
>> if anything shows up.
>
> THese are not viruses in any sense of the word. They do not infect
> applications. YOu have to INSTALL them. you have to validate with
> your admin password. They are trivial to look for on your system.

On 10.4 (maybe 10.3.9) and greater true.

On a stock pre-10.3.8/9 and earlier system, if you're an administrator user,
(as every Mac OS X's default first user is), no, actually, you don't need to
auth at all to create /Library/StartupItems and have it set world-writeable.

--
John C. Welch Writer/Analyst
Bynkii.com Mac and other opinions
jwelchbynkii.com

An antivirus software is yet another piece of software that needs to be maintained on a computer. Aside from the virus definitions, the application itself needs to be launched periodically, kept updated (which entails downloading, extracting, copying etc). And may possibly require things to launch at startup (this is a generalisation).

Is this really worth it, given the dearth of reports of viral activity that directly affect Macintoshes? I certainly would not install one for my parents, even though they are (compared to me) less likely to practice “safe computing”.

Off the top of my head, the Mac softwares that have caused the most headaches, have been: an iTunes updater that deleted a home directory, Word macro virii, a system software updater that disabled FireWire drives, or disabled 3rd party RAM. Anyone (who has read Matt Neuburg’s Definitive Guide to AppleScript maybe) can create a little Applescript that moves files from the home directory to trash. And then paste a different icon on it, and induce someone to double click on it. With shell scripting, there’s even greater potential for malware.

I think there is a lot of possible malware on the Macintosh, which are not protected by the presence of anti-virus software. Anti-virus software should be way down the list of concerns for most Mac users. New users are better off grasping the logic of being wary of launching unfamiliar files, or holding off system updates for a while etc. And having scheduled back up -- a process that takes more memory muscle than launching an anti-virus program.

IMHO on Mac OS X, anti-virus software is a little more useful than Norton-branded software -- but that’s cold comfort.

On 3/12/2005, at 7:20 PM, fcchuan wrote:

> An antivirus software is yet another piece of software that needs
> to be maintained on a computer. Aside from the virus definitions,
> the application itself needs to be launched periodically, kept
> updated (which entails downloading, extracting, copying etc). And
> may possibly require things to launch at startup (this is a
> generalisation).
>
> Is this really worth it [...]

Any anti-malware (virus/spyware/trojan/etc) software should launch at
startup/login and not need to be launched periodically. It should be
capable of updating itself, without the user doing any manual
downloading/extracting/copying (having the user approve the update,
unless blanket update approval is given).

If the anti-malware software *doesn't* do all of this transparently,
then you need better software, not to give up on using it altogether.

It seems to me that the "do I need anti-virus protection" question is
pretty similar to ones you ask yourself when figuring out a backup
scheme. Would you care if an OS X virus appeared and infected your
machine? Could you easily repair it (e.g. from a machine that can't
be affected (e.g. a Windows/Linux machine, or one not networked)? Is
everything important backed up anyway? (If not, it should be).
Could you manage without the machine for a small amount of time if
necessary?

=Tony.Meyer

On Dec 2, 2005, at 11:20 PM, fcchuan wrote:

> Anti-virus software should be way down the list of concerns for most
> Mac users. New users are better off grasping the logic of being wary
> of launching unfamiliar files, or holding off system updates for a
> while etc. And having scheduled back up -- a process that takes more
> memory muscle than launching an anti-virus program.

This is certainly my view. No one has ever been crippled by a Mac
virus, as far as I know. But (in the Apple Forums at least) I have
seen dozens of users have part or all of their system made
non-functional by immediately installing every Apple update that comes
out when they have no backup or other way to return to the status quo
ante. All it takes is for one crucial app to stop working to really
ruin your day or week.

You know, some people have said on threads like this to have antivirus software available "just in case" a virus actually comes out-and they've been saying this for years.

Yet OS X is still essentially virus-free, all these years it's been out. How many new viruses and worms have come out for XP in that time? A few hundred at least.

Sure there are a few trojans, and a proof-of-concept virus, but not much has come of either of them. If this had been Windows, there would have been multiple versions of malware created from the MP3 concept virus alone. And there would definitely have been multiple means created to automatically deliver the Opener trojan, by email, by website, by file-share, etc., etc.

As I said before, OS X has been out for several years now. If there had been a way to create a fast-spreading virus or worm on this platform, someone would have found it. Quite frankly, I don't think Mac users running OS X have to worry about viruses and worms. Hence, antivirus software is useless to us.

Not that we can skip around the 'Net worry free, but we just have other problems. The Unix foundations of OS X make us vulnerable to other types of attacks, through buffer overflow vulnerabilities and badly created temp files with incorrect permissions and other such problems Linux and BSD admins have to deal with. But we can deal with most of those problems with a properly configured firewall, and regularly updated applications and OS'es. We already have the firewall, and Apple is pretty good with supplying updates when needed.

So, to answer the question, is antivirus protection necessary? I'd say no, with a caveat. That caveat is, keep Software Update running regularly and learn to configure your firewall. Just because there are no OS X viruses and worms, and there aren't likely to be any in the future, doesn't mean OS X is invulnerable.

(Of course, a few months from now some OS X virus or worm will come out and make a liar out of me ;))

------------------------------------------------------------------- Victor Daniel a.k.a The MacNut macnutdca.net macnutmacnuthome.com Listmom, ClarisWorks/AppleWorks email list: <http://awlist.macnuthome.com/>

On 12/5/05 10:37, "macnut" <macnutmacnuthome.com> wrote:

> Not that we can skip around the 'Net worry free, but we just have other
> problems. The Unix foundations of OS X make us vulnerable to other types of
> attacks, through buffer overflow vulnerabilities and badly created temp files
> with incorrect permissions and other such problems Linux and BSD admins have
> to deal with. But we can deal with most of those problems with a properly
> configured firewall, and regularly updated applications and OS'es. We already
> have the firewall, and Apple is pretty good with supplying updates when
> needed.

None of that will help with a trojan. There is a tendency to not take
trojans seriously. This is of course a bad idea and one that should be
ruthlessly stamped into a faint smear on the tile.

Trojans are MUCH harder to protect against, but they're much more dangerous
too, and for them, you cannot rely on OS X to help. You have to have layers
of protection, and a decent AV/Anti-Malware program is part of that.

--
John C. Welch Writer/Analyst
Bynkii.com Mac and other opinions
jwelchbynkii.com

[OK, enough of a tangent here... -Adam]


On 02 Dec 2005, at 23:20 , fcchuan wrote:

> an iTunes updater that deleted a home directory,

This is not right. There was an iTunes update that could, under very
odd circumstances, have deleted data off a DRIVE (or partition).
However, the setup for this would require drives named like this:

Primary Drive:
"Word otherword"

another drive:
"Word"

because of the way the updater worked, it would delete all the data
on "Word".

So, if your primary drive was named "Macintosh HD" and you had a
second drive named "Macintosh" you would lose data. If the second
drive was named "Macintosh HD2" you would not.

I've had anti-virus software running on my Macs since System 7. I've used software like Disinfectant, Symantec Anti-Virus, Virex and (until recently) Norton Anti-Virus. Until recently, I thought it was important to use anti-virus software and advised anyone who asked to do so. However, I've NEVER seen any of these utilities detect a virus until, I think, about a year or so ago. That ONE time it was an attachment in a piece of spam: some Windows virus I don't remember. I would have trashed it anyway.

This "protection" did come at a price. My Macs were slowed down when they were scanned. I've had some freezes and unexpected quits I think were caused by anti-virus activities like disks being scanned on mount.

Recently I upgraded my aging Cube to an all new iMac. The Cube was running 10.3.9. The iMac came with Tiger. I used the migration utility to copy my data and such from the Cube to the iMac. This utility faithfully copied all of my stuff, including the Norton Systemworks components, to the iMac.

When I booted the iMac I had to deal with numerous messages that popped up notifying me that some Norton Anti-Virus thing did not load properly. Turning to the Symantec support pages it was clear that the version of Norton Anti-Virus I owned (as part of Norton Systemworks) was not Tiger compatible, which was also the case for most of Norton Systemworks. There was NO upgrade for Norton Systemworks (and none planned), only for Norton Anti-Virus.

I decided to remove all of Norton Systemworks from my iMac. The uninstaller that came on the CD did not work at all. The upgraded uninstaller that I downloaded from Symantec could not find any Symantec components! I had to manually search for "symantec", "Norton", etc. to find the components I had to remove. Fortunately that was relatively easy with Spotlight and fortunately I could remove all of them from within the Finder.

I have now also removed all of Norton Systemworks from my PowerBook G4, which is still running 10.3.9. Here the Symantec uninstaller did find and removed Symantec Systemworks components, but not all of them as I discovered when I performed some searches. But I managed to get rid of those as well. My first impression, after a few weeks, is that the PowerBook is running better (faster, less inexplicable "hangs") than before.

My conclusion: Anti-Virus software on a Mac is not worth the trouble. It slows down the computer and can cause other inexplicable problems without offering additional protection. I would NOT advice anyone to install an Anti-Virus utility on a Mac. I DO advice using a properly set-up firewall, using a non-admin account for your daily work, making regular (daily) back-ups of your data, trashing any e-mail attachments you do not completely trust and only downloading software from reliable sources.

On 12/10/05 23:53, "Frans Moquette" <fransmoquette.nl> wrote:

> My conclusion: Anti-Virus software on a Mac is not worth the trouble. It
> slows down the computer and can cause other inexplicable problems without
> offering additional protection. I would NOT advice anyone to install an
> Anti-Virus utility on a Mac. I DO advice using a properly set-up firewall,
> using a non-admin account for your daily work, making regular (daily) back-ups
> of your data, trashing any e-mail attachments you do not completely trust and
> only downloading software from reliable sources.

You do realize that Symantec is not the end all and be all of AV software on
the Mac, right?

--
John C. Welch Writer/Analyst
Bynkii.com Mac and other opinions
jwelchbynkii.com

Frans Moquetter said:

>My conclusion: Anti-Virus software on a Mac is not worth the trouble. It
>slows down the computer and can cause other inexplicable problems without
>offering additional protection. I would NOT advice anyone to install an
>Anti-Virus utility on a Mac.

Your experience with Symantec/Norton products shouldn't be extrapolated
to apply to all other anti-virus products for the Macintosh. (Just as
you shouldn't infer that all hard drive repair utilities are as
potentially dangerous as Disk Doctor.)

About a year ago I tested all of the popular anti-virus software products
for OS X, and I found that Intego's Virus Barrier was by far the best.
It extracts no noticeable performance penalty, and it runs completely in
the background, never interupting your work to do a virus scan. My Mac
is just as stable with it running as without.

I understand that Virus Barrier has been completely and significantly
updated recently, and I haven't tried the new version, so I can't tell
you if it is still the same, but my hope and expecitation is that they
haven't messed up a good thing.

Randy B. Singer
Co-Author of: The Macintosh Bible (4th, 5th and 6th editions)

Routine OS X Maintenance and Generic Troubleshooting
http://www.macattorney.com/ts.html

On Dec 12, 2005, at 10:37 AM, Randy B. Singer wrote:
> Frans Moquetter said:
>
>> My conclusion: Anti-Virus software on a Mac is not worth the
>> trouble. It
>> slows down the computer and can cause other inexplicable problems
>> without
>> offering additional protection. I would NOT advice anyone to
>> install an
>> Anti-Virus utility on a Mac.
>
> Your experience with Symantec/Norton products shouldn't be
> extrapolated
> to apply to all other anti-virus products for the Macintosh. (Just as
> you shouldn't infer that all hard drive repair utilities are as
> potentially dangerous as Disk Doctor.)

This was about 2-3 years ago, but Disk Doctor did fry an iMac hard
drive (the original DVD model). And when we did run Norton Anti
Virus, it did slow things down on all our Macs.

A question... We've got an old copy of Virtual PC on a Powerbook, so
we run anti-virus software on it. We only use Virtual PC a few times
a year, mostly to proof web designs. Would it still be advisable to
run anti virus software on it ? We do update the software regularly,
esp. since we still get spam with .exe attachments, though we never
open them.

Marilyn

Marilyn Matty said:

>A question... We've got an old copy of Virtual PC on a Powerbook, so
>we run anti-virus software on it. We only use Virtual PC a few times
>a year, mostly to proof web designs. Would it still be advisable to
>run anti virus software on it ? We do update the software regularly,
>esp. since we still get spam with .exe attachments, though we never
>open them.

It depends. If your Virtual PC partition is an island, that is you don't
use it to run an e-mail program or a browser, and you don't exchange
software with other Windows users, it is probably okay to do without
Windows anti-virus software.

Randy B. Singer
Co-Author of: The Macintosh Bible (4th, 5th and 6th editions)

Routine OS X Maintenance and Generic Troubleshooting
http://www.macattorney.com/ts.html

Is there a Mac equivalent of the excellent (and free) AVG anti-virus
software which is available for Windows?

Paul

John C. Welch said:

>You do realize that Symantec is not the end all and be all of AV software on
>the Mac, right?


Indeed, considering how few threats there are currently to the Macintosh,
it is surprising that the number of anti-virus programs for the Macintosh
has been increasing, rather than decreasing. These are the ones that I
know about:

Virex
<http://www.networkassociates.com/us/products/mcafee/antivirus/desktop/vire
x.htm>

Norton Anti-Virus
<http://www.symantec.com/nav/nav_mac/index.html>

Sophos Anti-Virus
<http://www.sophos.com/pressoffice/pressrel/uk/20030714mac.html>
<http://www.sophos.com/products/sav/>

Intego Virus Barrier X
<http://www.intego.com/virusbarrier/>

Authentium ESP Antivirus for Mac OS X
http://www.authentium.com/

ClamXav
http://www.markallan.co.uk/clamXav/index.php

Drive Vaccine
http://www.horizondatasys.com/product_page.html?page_id=1#1

MacShield
http://www.centuriontech.com/products/macshield/

Some users may not consider the last two products to actually be
anti-virus software. But they are marketed as such.


Randy B. Singer
Co-Author of: The Macintosh Bible (4th, 5th and 6th editions)

Routine OS X Maintenance and Generic Troubleshooting
http://www.macattorney.com/ts.html

On 12/12/05 at 7:37 AM, randymacattorney.com (Randy B. Singer)
wrote:

>About a year ago I tested all of the popular anti-virus software
>products for OS X, and I found that Intego's Virus Barrier was by
>far the best. It extracts no noticeable performance penalty, and it
>runs completely in the background, never interupting your work to
>do a virus scan. My Mac is just as stable with it running as
>without.

I am using the current version of Virus Barrier and my experience matches your comments, i.e., no noticeable performance penalty or work interuption.

> So, to answer the question, is antivirus protection necessary? I'd say no, with
> a caveat. That caveat is, keep Software Update running regularly and learn to
> configure your firewall. Just because there are no OS X viruses and worms, and
> there aren't likely to be any in the future, doesn't mean OS X is invulnerable.
>
> (Of course, a few months from now some OS X virus or worm will come out and make
> a liar out of me ;))

I've been told by folks who should be in a position to know that there
are Mac attacks out there. To date they haven't been seen "out in the
wild" but they have been seen and have been attacking some systems.


[Are you sure they're talking about virus-like attacks, and not humans cracking Macs remotely? I've definitely heard of people breaking into Mac OS X machines over the Internet because all it takes is a bad password and a lot of Internet services left on, but that's a very different problem. -Adam]


At some point it someone big will be hit and we'll have to all deal with
it. But in general the Mac OS design has fewer points of attack which
combined with its lesser market share, seems to keep the whiz kids out
of the business.