Skip navigation

do i need antivirus

857 Views 13 Replies Latest reply: Feb 16, 2014 3:36 PM by thomas_r. RSS
hamilspe Calculating status...
Currently Being Moderated
Apr 3, 2013 5:26 PM

i am new to macs and i was wondering if i need to buy antivirus?

  • Ralph Landry1 Level 7 Level 7 (28,815 points)
    Currently Being Moderated
    Apr 3, 2013 5:30 PM (in response to hamilspe)

    No, there are no known viruses for Mac OS X systems.  Definitely do not buy anything like Norton or McAfee as they cause serious damage to the system.

  • pennbank Level 4 Level 4 (1,555 points)
    Currently Being Moderated
    Apr 3, 2013 5:34 PM (in response to hamilspe)

    Sophos free for home use is available

    http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-ed ition.aspx

     

    I use sophos

     

     

    Also ClamXAV is available also free from App store

     

    Many people will say you dont need antivirus but do read this article

    http://www.usatoday.com/story/tech/columnist/komando/2013/02/14/tech-myths-mac-s oftware-megapixels-camera/1910521/

     

    and this thread

    https://discussions.apple.com/docs/DOC-4952

  • Linc Davis Level 10 Level 10 (107,860 points)
    Currently Being Moderated
    Apr 3, 2013 7:43 PM (in response to hamilspe)

    1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
      
    OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.

    2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
       
    The following caveats apply to XProtect:
    • It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
    • It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
    3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
        
    Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
    • It can easily be disabled or overridden by the user.
    • A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.         
    4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is presumably effective against known attacks, but maybe not against unknown attacks. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
     
    5. Beyond XProtect, Gatekeeper, and MRT, there’s no evidence of any benefit from other automated protection against malware. The first and best line of defense is always your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
        
    That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
    • Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
    • A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
    • Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
    • Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
    • Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
    6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style "virus" affecting OS X. Merely loading a page with malicious Java content could be harmful. Fortunately, Java on the Web is mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
       
    Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers. In Safari, this is done by unchecking the box marked Enable Java in the Security tab of the preferences dialog.
       
    Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a specific task, enable Java only when needed for the task and disable it immediately when done. Close all other browser windows and tabs, and don't visit any other sites while Java is active. Never enable Java on a public web page that carries third-party advertising. Use it, when necessary, only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.

    Follow the above guidelines, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself from malware.

    7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
      
    Why shouldn't you use commercial "anti-virus" products?
    • Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
    • In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
    • By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
    8. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
        
    ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
        
    A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
      
    ♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
       
    ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
        
    9. The greatest harm done by security software, in my opinion, is in its effect on human behavior. It does little or nothing to protect people from emerging threats, but they get a false sense of security from it, and then they may behave in ways that expose them to higher risk. Nothing can lessen the need for safe computing practices.
      
    10. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.

  • thomas_r. Level 7 Level 7 (26,960 points)
    Currently Being Moderated
    Apr 4, 2013 8:08 AM (in response to hamilspe)

    The use of anti-virus software is a contraversial topic here, and there are few balanced opinions on the matter. Although it can be easy to stay safe without anti-virus software, and anti-virus software does have the potential to have a negative effect on your machine, the use of anti-virus software is a choice you must make, based on your needs and behaviors.

     

    See my Mac Malware Guide for help making that decision, and to learn how to keep yourself safe, with or without anti-virus software.

  • SwankPeRFection Level 4 Level 4 (1,435 points)
    Currently Being Moderated
    Apr 4, 2013 9:19 AM (in response to hamilspe)

    I'm going to need popcorn for this one. lol

  • nailin123 Calculating status...
    Currently Being Moderated
    Sep 12, 2013 12:00 AM (in response to hamilspe)

    As per my opinion I think you must have one. As precaution is always better than cure .Computers and laptops are something where we spend most of our time for many important work related to office, business, and other documents. So it is very important to secure such device that could do a big loss if it gets attacked by any virus.

  • DietCoke04K Calculating status...
    Currently Being Moderated
    Feb 15, 2014 8:09 PM (in response to Linc Davis)

    Seems wierd how the general advice in in this community refers solely to AV and firewall. Commercial AV software have higher detection rates than XProtect. Relying on hardware based firewalls as your sole defense seems like terrible advice. Having multiple layers of protection is generally better when implemented correctly. Keep your firewall turned on. If you're going to only use hardware based firewalls, make sure you know how to actually set it up correctly.

     

    Harden your browser. Use some sort of script blocking extension such as NoScript. Use Adblock or Ad block plus (ads are a common attack vector.)

     

    ASLR is overated and fails vs brute force attacks.

     

    Disable the root account, create a "normal user" and use that account solely for day to day tasks.

     

    If you're up to it, try out "Little Snitch" (Intego's firewall is somewhat similiar) which acts as an host firewall but uses application based rules as opposed to port based.

     

    Back up the system regularily, time machine seems fairly good.

     

    Just because you probably don't need multiple layers of security, doesn't mean you shouldn't use it.

  • thomas_r. Level 7 Level 7 (26,960 points)
    Currently Being Moderated
    Feb 16, 2014 3:37 AM (in response to DietCoke04K)

    Commercial AV software have higher detection rates than XProtect.

     

    Comparing those two things is like comparing apples to oranges. XProtect does not contain definitions for everything, because some things are protected against in other ways. For example, malware like Flashback is protected against by blocking vulnerable versions of Java and/or Flash and use of a malware removal tool that functions as an update.

     

    Keep your firewall turned on.

     

    A traditional firewall does literally nothing to protect you against malware. It has a different purpose.

     

    Harden your browser. Use some sort of script blocking extension such as NoScript.

     

    JavaScript cannot infect you. Further, if you're using NoScript so that you can visit sketchy sites without getting infected, you're doing it wrong. It's not JavaScript you need to be blocking, and you shouldn't be visiting those sketchy sites in the first place.

     

    You may argue, legit sites can be hacked to contain malicious JavaScript... but then, of course, NoScript won't help because you've probably chosen to allow JavaScript on that legit site.

     

    ASLR is overated and fails vs brute force attacks.

     

    Not sure what you're talking about there, or how it relates.

     

    Disable the root account

     

    The root account is disabled by default.

     

    create a "normal user" and use that account solely for day to day tasks.

     

    Illusions of security... Much of the recent Mac malware I've seen requires no admin access. It infects user space, and it steals your data just as easily that way as it could if it could gain admin access. Using a non-admin user really isn't much safer.

     

    If you're up to it, try out "Little Snitch"

     

    Little Snitch can be useful, but don't treat it as a magic bullet. Once you open a malicious executable, it could easily disable Little Snitch. This has been seen before. Of course, some malware also refuses to install or run in the presence of Little Snitch, or ignores it completely and then gets caught trying to phone home... thus the benefits. Just don't assume Little Snitch = guarantee of safety.

     

    Just because you probably don't need multiple layers of security, doesn't mean you shouldn't use it.

     

    There's more to this choice than that. You could make your house far more secure with the addition layer of security of motion-sensitive automated turret-mounted machine guns. Why not do that, then? Because there are other considerations, such as expense, reliability, consequences of false positives (That was a Girl Scout, not a burglar!!!!), etc.

     

    Fact is, many Mac anti-virus apps have problems. They cause stability issues. They cause performance problems. One I know of repeatedly identifies parts of the system as malicious, and has for years. And a significant number of them really aren't much good at detecting Mac malware anyway. (See the results of my Mac anti-virus testing 2014.)

     

    Plus, anti-virus software tends to make people over-confident. I've personally seen people get infected with malware despite having anti-virus software installed, simply because they made the assumption that they were safe and thus did not exercise the caution they would have otherwise.

     

    Bottom line, this isn't an easy issue. If you choose to use anti-virus software, it should be done in an educated way, and with knowledge of exactly what role it will play and what the limitations are. Anyone saying that you must run anti-virus software is just as guilty of spreading propaganda as those saying you must not.

  • DietCoke04K Level 1 Level 1 (0 points)
    Currently Being Moderated
    Feb 16, 2014 10:00 AM (in response to thomas_r.)

    No script does MUCH more than just allow you to handle javascript. I in no way state these measures are full proof, but you can atleast make yourself a harder targer. I took a look at the site you referenced for AV testing. If I was going to trust AV test results there are other sources I would trust much more.

     

    Standard user accounts actually do limit risk, do some research.

     

    As browsers are the number one source of infection for home users, I don't see how hardening a browser is bad advice.

     

    Talking about overconfidence in users when they have AV software seems somewhat of a logic fallacy. A user is not going to click a "sketch" link or popup just because they have AV software.

     

    Most commercial products are not simply AV scanners these days. Many include heauristic based detection, HIPS/HIDS, domain blocking, mail scanning, etc. Yes, it does increase your attack surface somewhat, but for the average user, it would be hard to argue that it wouldnt be an improvement.

     

    As far as stabiliity issuse, each company does have a support forum .

  • CT Level 6 Level 6 (15,005 points)
    Currently Being Moderated
    Feb 16, 2014 10:05 AM (in response to hamilspe)

    To summarize:  No.

  • Smokerz Level 6 Level 6 (9,180 points)
    Currently Being Moderated
    Feb 16, 2014 10:15 AM (in response to hamilspe)

    Use commonsense and don't download software or files from an unknown web source.

  • DietCoke04K Level 1 Level 1 (0 points)
    Currently Being Moderated
    Feb 16, 2014 3:22 PM (in response to thomas_r.)

    thomas_r. wrote:

     

    Keep your firewall turned on.

     

    A traditional firewall does literally nothing to protect you against malware. It has a different purpose.

     

    As far as your "firewall's don't do anything it appears you read Why you don't need a firewall on Infoworld. You are right, if you don't actively maintain a firewall or take the time to properly set it up, it will do nothing to help you. However, if used correctly it undoubtedly helps against todays threat landscape.

     

    See  https://isc.sans.edu/forums/diary/Do+Firewalls+make+sense+/13240 for further discussion.

     

    If you still think I am worng and think that actively telling users they don't need it is correct, I doubt you would feel comfortable posting your WAN address here and letting everyone known your firewall is down.

  • thomas_r. Level 7 Level 7 (26,960 points)
    Currently Being Moderated
    Feb 16, 2014 3:36 PM (in response to DietCoke04K)

    It seems that ignoring you isn't making you go away.

     

    it appears you read Why you don't need a firewall on Infoworld.

     

    Actually, no, I have never read that. However, I did write Do I need a firewall? almost a full year before that article's appearance. And I still stand by it, as nothing has really changed in that area.

     

    If you still think I am worng and think that actively telling users they don't need it is correct, I doubt you would feel comfortable posting your WAN address here and letting everyone known your firewall is down.

     

    I would gladly post my IP address here. It would do nobody any good, since I have a router that would catch all traffic and that is secured against remote access. The reason I will not, however, is because my IP address could be used to determine at least a somewhat approximate location of where I live, and I have no interest in revealing that information.

     

    As for some of your other statements:

     

    If I was going to trust AV test results there are other sources I would trust much more.

     

    Okay. Then name some that back up your position. Be sure they publish a full list of checksums of all malware samples tested and the full methods used for testing, otherwise they are not a reliable source of information.

     

    Standard user accounts actually do limit risk, do some research.

     

    Do your own research, if you wish to refute my point. You cannot put the burden on me to prove that your claims are wrong. I've given my reasons for saying what I did... reasons that are backed up by experimentation with many different pieces of malware. Refute them or don't, but don't expect me to do the work for you.

     

    As far as stabiliity issuse, each company does have a support forum

     

    I'm sure a support forum will be of great comfort to someone who has lost a full day of work troubleshooting crashes or rebuilding a damaged system.

Actions

More Like This

  • Retrieving data ...

Bookmarked By (1)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.