thank you, but I think im meaning my question from the product perspective. I discovered a site av-comparatives org http://www.av-comparatives.org/comparativesreviews/mac-security-reviews/165-mac- security-review-oct-2012 and it doesnt have any of the three products listed (first and foremost - maybe they werent submitted for evaluation) but Im still trying to get a handle on what these products actually do for the mac and do for a shared mac/win environment.
I have no idea what most of those products claim to do because I won't install them. That is one of the reasons why I have a Mac. I've run ClamXAV occasionally (once in two years maybe). I don't run Windows and do not open attachments from Windows users (fortunately, I am not in a work environment so I can afford the luxury of (not) doing that). I am also careful what and from which site I download (I choose not to use torrent sites or go to any site that WOT shows a warning for). I've read that the best precaution is to use your head.
FWIW: nothing can protect you from a new threat - the AV software can be updated after the malware/virus has been released, but how could it know in advance?
Hopefully some of our expert AV members will chime in here.
This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed by an attacker who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files. The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders. In most cases, there’s no benefit from any other automated protection against malware.
Starting with OS X 10.7.5, there is another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications that are downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Applications certified in this way haven't actually been tested by Apple (unless they come from the Mac App Store), but you can be sure that they haven't been modified by anyone other than the developer, and his identity is known, so he could be held responsible if he knowingly released malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe. Note, however, that there are some caveats concerning Gatekeeper:For more information about Gatekeeper, see this Apple Support article.
Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
Never install any commercial "anti-virus" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
iAntivirus is a scam.
Sophos is OK but may slow down your Mac.
ClamXav is fine.
There are many forms of ‘Malware’ that can affect a computer system, of which ‘a virus’ is but one type, ‘trojans’ another. Using the strict definition of a computer virus, no viruses that can attack OS X have so far been detected 'in the wild', i.e. in anything other than laboratory conditions. The same is not true of other forms of malware, such as Trojans. Whilst it is a fairly safe bet that your Mac has NOT been infected by a virus, it may have another security-related problem, but more likely a technical problem unrelated to any malware threat.
You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful:
The User Tip (which you are welcome to print out and retain for future reference) seeks to offer guidance on the main security threats and how to avoid them.
More useful information can also be found here:
Personnally at times I get confused on malware, anti-virus and phishing with all the discussions I have seen on the forums as well as when I attempt to read product information at given sites eg: clamxav sophos iantivrus etc.....So please allow me to ask the following question, even though macs really dont get virus's
So assuming I have a mac in a pure mac environment...
(1) Clamxav - does clamxav work as an antivirus does it protect you from malware does it protect you from phising does it protect you from trojans/worms
Now assuming that I have a mac in a windows shared environment, what does... do with the win relationship existing
Since ClamXav uses the cross-platform ClamAV scan engine, it does exactly the same job with respect to windows malware (which includes Trojans and worms) and phishing. I would encourage you to go to the ClamAV web site to learn more and if you have additional questions about it, I'll be happy to attempt to answer them.
I have refrained from making any recommendations here, for reasons that will become obvious later, but I have responded to your questions because I have an intimate knowledge of it. I do have Sophos installed, along with Intego's Virus Barrier X5 and MacScan, but none of them are being used in an active mode, the VB X5 subscription was allowed to expire after the first yeae of use and I hardly ever use any of them except in a test mode. So I hesitate to comment on what Sophos does or does not do and I am unable to use the Symantec version of iAntivirus with my setup.
Full disclosure: I do uncompensated Tech Support on the ClamXav Fourm.
All three of those products will protect you against both Mac and Windows malware, though you should note that iAntivirus is sub-par in that area and I don't recommend it. (More on this in a minute...)
ClamXav is a very low-impact app best used for scanning specific folders. You can set it to automatically scan any new files added to certain folders (like the Downloads folder), or you can use it for manual scans. It absolutely will not destabilize your machine, and it will detect everything in my malware collection at this time.
Sophos is a more sophisticated app that does what is called "on-access scanning." This means that, when a file is interacted with in any way, it is scanned and, if it is deemed to be malware, that interaction is blocked. If you get a malware file of any kind on your machine, you will not be able to open it, move it, rename it, delete it (except through Sophos's quarantine), etc. This is accomplished through kernel extensions, and that is its main source of potential problems. Some people have reported that it causes kernel panics, usually around the time of major system upgrades, though very few have ever reported that to my knowledge and it behaved well in my testing. It had very no noticeable impact on performance. Sophos also detected everything in my malware collection.
The lat time I tested the new iAntivirus, it did indeed catch most of what is in my malware collection. Strangely, though, it reported finding more malware than I actually have in my collection. Even more strangely, it apparently didn’t catch a few that were inside .zip files, so I’m a bit confused as to what it actually found. Worse, the quarantine list only showed one item, so there was no way to find out what it found other than that one file. I’m actually a bit mystified at what it did with most of my malware collection, which simply disappeared after the scan. Good thing I had my collection backed up, and good thing none of the things it found were false positives!
One last consideration: any anti-virus software obtained through the App Store can only do manual scans of specific folders that you select. They cannot scan anything automatically. This is due to sandboxing restrictions applied to apps in the App Store, as a security measure, but it does limit the capabilities of such software. On the other hand, these restrictions also limit the potential for mayhem caused by bad anti-virus software (like iAntivirus). iAntivirus is only available through the App Store. ClamXav is available both in a feature-limited version through the app store and in a more feature-rich version through the ClamXav website. Sophos is only available through the Sophos website.
Gentlmen, first of all, all of you have helped me (apple only gave me two help me stars for points) so doing a top down I was unable to give mad macs points that way. So madmac had to give you the solved and thank you for the disclosure.
As for myself, my goal is keeping my computer safe as possible. I also get lost at times in all of the rhetoric and vendors/suppliers of AV's home/information pages looking for the magical key words of we will protect you from
X Y Z we work with mac and we support win related virusus. I find at times there is X number of mac viruses but I know there are XXXX win viruses. so I get lost in the grey areas (keeping it simple)
I look on various websites for comparatives (product to product) and dependening on the web-site they slam one product and state another is excellant and on another site the opposite is true (which makes it difficult) to ascertain what is true (leaning me to believe there is an affiliation of some type)
madmacs, thank you and I understand more about everything in past posts we have both been in. The same is true about everyone else (meaning that in a positive basis)
Im just trying to find justified reasons to make an informed decision (like all of the other people making posts or asking questions along these lines....what protects me, how does it help me, what about windows stuff, do i really need it.
* thomas, did not see your post until after I posted thank you
A wierd thing I noticed in the av-comparatives org links post was that mackeeper was rated fairly good yet it is consistantly slammed as well as other products on the forum which also confuses me......is it an inherint biass from mac 0s 8 or 9. Is it substantiated, is it a continuation that spun a life of its own.... this also confuses me at times (which brings me back to product line questions)
I know I have used iolo on the win side in the past, which created problems for me because I did not have a complete understanding of the products options and functionality (what they really do - when I click ok) and Im wondering if some of the negativity i see is based on this
granted cnet, pcworld and other areas people go to rate things good - when there posted on there sites for downloads and there not as we discover but it also adds to the confusion as a person trying to determin av or not.
thank you for your insights and disclosure. Have a better insight of the caveats that play into equation
and overall stabilitiy is definantly a critical aspect (i also expereinced the Iantivrus where did it go
disappearence one time)
but speaking as a consumer, its norton it took care of it for me...your point of false positives is definantly
mind opening in conjunction with the where did it go.
I look on various websites for comparatives (product to product) and dependening on the web-site they slam one product and state another is excellant and on another site the opposite is true
You have to be very careful that you're not looking at sponsored reviews. There's a lot of monkey-business going on in this industry, which is very competitive. There's a lot of anti-virus software out there, all competing for the same market, and there's a fair bit that's free. That makes the market very competitive, and increases the chances of advertising half-truths and exaggerations.
A wierd thing I noticed in the av-comparatives org links post was that mackeeper was rated fairly good yet it is consistantly slammed as well as other products on the forum which also confuses me.....
Zeobit (the company behind MacKeeper) is a very unethical advertiser. They have been known to buy domains similar to competition and put deceptive things there. They have also been known to buy positive reviews on sites like VersionTracker and C|Net, by offering free upgrades to customers who post there. They also will throw money at other reviewers... I was offered a consulting job by them out of the blue after writing a negative review of MacKeeper (Beware MacKeeper), and was basically told to "name my fee."
So it's not at all surpising that there should be a disparity between different reviews of a product like MacKeeper. Avoid it, it's trash.
A wierd thing I noticed in the av-comparatives org links post was that mackeeper was rated fairly good yet it is consistantly slammed as well as other products on the forum which also confuses me......is it an inherint biass from mac 0s 8 or 9. Is it substantiated, is it a continuation that spun a life of its own.... this also confuses me at times
I think a lot of this is due to first impressions. Their aggressive, in-your-face all the time advertising behavior was one reason. This is apparently a very successful technique on the Windows side of the house, but they ran into a huge outcry with it with their first introduction. In order to rush their product to market, they used as much of the code they already had with their Windows offering as they could and that was especially true with their A-V module which used Wine to run their PC code. When I was attempting to evaluate the application I was surprised to find that the file only contained a downloader that required Internet access to install the actual application code. That's a technique I had only previously seen with malware, so that raised my suspicions. Visiting their web site I discovered they had another office in the Ukraine and must admit to an immediate prejudice which I hope has not clouded my thinking. I don't believe I've ever said anything here that wasn't based on fact nor recommended against it's use, but have pointed out removal instructions to those who expressed a desire or frustration with doing so. Some MacKeeper supporters were initially disappointed that their life-time free updates were limited to v1.x.x and that in order to get the new 2012 version they would have to pay for it. Bait and switch? Of course when they were offered free updates in exchange for a review, most of them jumped at the chance. Thomas covered most of those issues. There was also the matter of trying to remove it. Initially there was no uninstaller. They would only tell people to call the 800 number where they tried to talk you out of doing so. Then they posted some instructions for manually deleting it, but users quickly found that the list was incomplete. Then they started using the built-in uninstaller that asked for your password and to give them a reason for wanting to delete it. That was also incomplete, which is why Phil Stokes' blog on the subject.
I was marginally involved when they purchased ClamXav.org with a big green download button that gave you MacKeeper, instead. They were very close to having to go to court to explain that one before they had their advertisers back off and add a smaller link to ClamXav, then eventually remove the big green button. I also observed them at Macworld 2012 handing out condoms with their logo on them, in one case to a thirteen year old daughter of an acquaintance of mine.
Even if it wasn't for all of the above, I still would not have recommended it in view of all of it's non-malware functions, which I consider to be not only unnecessary but somewhat dangerous in the hands of the average user. The OS takes care of most all of that by itself and although things like cleaning cache can be useful at times, it's will often slow your Mac down for a period of time and should not be used in a routine manner. Things like stripping languages and codes can cripple some apps that don't like to be touched in that manner. I only made that mistake once with another app many years ago and it took two weeks of re-installation to repair all the damage.
So where are we today. The advertisement has abated to some extent, although we still read about all the pop-ups people can't seem to get rid of. The A-V code has been totally re-written and is probably OK, but the article you pointed out is one of a hand-full that have tried to compare it to other offerings. I can no longer run the current version, so again I won't make any judgments on it's effectiveness and hope to see more labs take that job on, especially as concerns that other half dozen or so formerly Windows only A-V vendors that showed up in the Mac arena last Spring. The built-in uninstaller is now the preferred method of deleting it, but a few users still claim to have problems with it.
Bottom line is that I think they suffer from an initial bad impression in the Mac market, similarly I think Symantec is in a similar situation based on it's ruining of Norton products after it took control of them. I don't think I will ever recommend a generalized "cleaner" app to Mac users. Perhaps Consumer Reports will eventually evaluate Mac malware offerings. To date they have said it's not necessary for Macs. Until then I'm not sure I trust any of the reviews I've read to give me valid results of their tests. There are testing organizations that are paid by the vendor to rate their product, so I don't usually even bother to read their results.