Antivirus for MAC ?

Kurt,

You raise some good points. I especially like the fact that you correctly say, "Unix allows nothing". What happens to a Unix system if you grant root access? Let's say a password is compromised or if you launch an app and click the "agree" button to let a script run? I didn't realize that Unix had further built-in safeguards against a user not carefully reading a prompt. That's excellent. Good to know.

Since you there are no viruses against OSX then you are probably right. Don't install anti-virus. I wouldn't if I were you.

And the person who wrote that has absolutely nothing to support his position.

Fact 1: There are no, none, zero, viruses for OS X.

Fact 2: many of the AV products available are more dangerous than actual malware; Norton AV can _permanently delete the data on your hard drive_.

Fact 3: the marketshare argument is utterly bogus; there were multiple Mac malware types, including very dangerous ones, when the Mac OS's marketshare was less than half what it is today. There are malware available for other platforms which do not have the marketshare of OS X.

If you, or anyone else, can provide _actual evidence_ refuting any of those three facts, by all means trot it out. Fact-free, speculative articles on the Internet are not evidence. Evidence would include, but would not be limited to, the names of actual malware threats and examples of what they did, and perhaps some support for the marketshare argument, something which somehow manages to explain why when OS 8 and OS 9 had a fraction of the market share that OS X does, they had vastly more malware types. In particular, the marketshare argument should explain how it is that OS X not only has a larger share of the current market, but as the overall current market is considerably larger than it was in the 1990s, has vastly more actual absolute numbers of machine in use... and yet still doesn't have significant malware vectors. Numbers would be nice.

The current malware threat for the Mac OS is minimal. Yes, this could change... but there is absolutely nothing which suggests that existing AV products would defend against any new threat. Indeed, given the behavior of certain AV vendors (Norton. McAfee. Intego.) I would suspect that current pay AV vendors wouldn't have a clue.

Look, man, I've been a Mac user since 1984. I had AV on my Mac when it was necessary. I was a member of the beta test group for, among other things, Virex (now McAfee for Mac) and I know exactly how pitiful their offerings are. If you must use Mac AV, use Clam or Sophos, 'cause at least they don't screw up your system and they don't cost anything. But even they are not necessary. They just aren't. And saying they, or any other AV software, are necessary will not make it so... not unless you can support your position with actual evidence. Which you can't, because you don't have any. It's just that simple.

DrSagacity wrote:
Barney,

I am glad that in your infinite wisdom you can judge my knowledge by a single short post. Fantastic. It's nice to be on a forum with such exceptional talent.

You'd get a lot further if you'd skip the sarcasm.

However, while you expressed your superior knowledge of the NT file system, you may have taken a closer look at my post. I was referencing NT 4.0, which was the name of the server product Microsoft used to sell around the same time as the desktop produce Windows XP.

Actually... no. NT 4 dates from 1996. WinXP is NT 5.1. The server version of XP was Server 2003. See further <http://en.wikipedia.org/wiki/Windows_NT>

I am very aware of how spoofing works, but I certainly thank you for all of your guidance.

Sigh.

Hey, thanks for refuting anything i said with so many specific facts. Oh, wait, that wasn't you.

Charles,

Thank you. Now that post makes sense. We are in 100% agreement on everything you wrote. That's exactly why I am trying to get the information from my father-in-law. I want to know what he used to scan and what results it provided.

As for the article, he was referencing the trend micro stuff, right? This was not a random Internet opinion article. You may disagree with the logic behind their security assessment, but it is certainly based on facts, is it not? Here is a little directly from Trend:

OS: The riskiest OS used was Apple’s Mac OS X. In November, Apple sent users a massive maintenance release that weighed in at at least 644.48MB. The weighty upgrade included fixes for multiple security vulnerabilities since the previous update released in mid-June. Apple’s penchant for secrecy and longer patch cycles also increased the risk for users.

A risk is merely a risk until it is exploited. Despite all the wailing and gnashing of teeth over Apple's slow patch cycle, none of the risks have ever been exploited. If the probability of a risk being exploited is so low that it can generally be ignored, there is no point in jumping through hoops to patch the thing.
They recently patched one of the underlying unix routines that had a know vulnerability for something like a year. Yet, nobody exploited it.
The premise of that article rests on a false assumption. The mere fact that something is vulnerable doesn't make it inherently insecure.

Based on a cursory review, I would bet this is the virus he had:
http://www.maclife.com/article/news/securemacreleases_new_information_about_boonana_trojanvirus

It was sending email to contacts using the social websites. This particular variant was specific to Mac.

That trojan doesn't send out email. If it actually could enable its payload to function, it would contact a list of malware servers, but most of those don't exist anymore.

Actually, it has several parts, here is from one of the PDF's outlining the different exploits:
------------------
can also send messages to the inbox of a user’s social network friend.
Figure 5. Sample MySpace spammed message in a user’s inbox
Clicking the link will redirect the user to a website designed to mimic YouTube (but is actually named YuoTube), which asks the user to install an executable (.EXE) file to be able to watch the video.
------------------


Again, the point here is that this kind of thing happens. When it happens, how will you respond? Clearly in this case, most people on this forum were unaware the risk was even there. This happened just a few months ago.

We (or at least, I) knew. We merely evaluated it as insignificant. NAV, to name one prominent AV app, has done more damage than that item has. Where a major AV app is more dangerous than malware it's prudent to not use AV. Or at least to be very careful about using it. And certainly to not pay for it.

there has not been a significant malware threat for the Mac OS since the autostart worm of 1998. Sophos and Clam are free and have not (as yet, anyway) destroyed any hard drives.

Barney-15E wrote:
That trojan doesn't send out email.

Yep.

If it actually could enable its payload to function, it would contact a list of malware servers, but most of those don't exist anymore.

And again yep. It's not a significant threat now, and it never was.

Just get Sophos Anti-virus and give it a rest, it's free...but with every anti-virus you will notice your computer will be a bit slower....

Well, it looks like all of the Mac experts here are saying you don't need anti-virus software. I disagree.

And there's certainly nothing wrong with that. What we're arguing about is that you seem to believe any kind of OS X virus already exists, and therefore needs to be protected against. There are none.

Here's a recent article which discusses an analysis of the different operating systems.

Utterly useless. Someone's opinion about what they think might happen. And I predict the sun will explode within the next week. Now was that opinion any more valid? Supported by anything as silly as facts? Not only that, the heading is stated as a question; Is OS X Dangerous For Users?, not a fact. Further making the entire page nothing more than speculative garbage.

They're basing that supposed "danger" on the fact that most Mac users don't use AV software, and would then be trounced by a true virus, were one to appear. But that's all FUD. It's already been noted in this thread, but since you obviously prefer to ignore it, here it is again. When a virus does someday appear that works in OS X, no AV software will be of any use since it won't recognize it until the virus definitions have been updated. And don't tell me heuristics could catch it. Heuristics rely on recognizing a possible new threat by comparing its structure to known viruses. Since there's nothing to compare against, it will be equally useless.

Clearly, as you see on the responses to this article, you will see similar responses on this forum.

Clearly, you're not reading the responses to the same article I am. Almost all of the ones I read in the first two pages defended the fact that UNIX is underneath OS X. Is it perfect? No, of course not. But it is a thousand times harder to break than Windows.

It may not cost you any money to install the anti-virus software, but it will cost you some time to investigate the best choice.

Cost what? Perhaps you could be a bit less vague.

I apologize to you for getting the others so sidetracked to your question.

I didn't have a question. I'm rebutting your points.

What happens to a Unix system if you grant root access?

Then you'd be running Windows. A wide open system with virtually no protection. That's why it's disabled by default in OS X. There is no good reason for almost anyone to enable it.

Let's say a password is compromised or if you launch an app and click the "agree" button to let a script run? I didn't realize that Unix had further built-in safeguards against a user not carefully reading a prompt. That's excellent. Good to know.

And you think a snide comment is an effective argument? Any OS is defenseless against clueless users with direct access to any given computer. If you type your password into any admin box that pops up without thinking about it, then you're not very bright. eWeek noted in one article a while back that users drive IT crazy. No matter how many emails, memos or notes they send out telling them NOT to click on any ol' attachment that comes to their mail box, they do it anyway. This is Windows of course, since clicking on any Windows malware in OS X does nothing. They all require the presence of the Windows OS to function.

Since you there are no viruses against OSX then you are probably right. Don't install anti-virus.

I haven't, and at this time, I won't. I haven't used any type of AV software in over twelve years of using the Mac OS. There are no viruses to protect against.