Previous 1 2 3 4 Next 353 Replies Latest reply: Feb 7, 2015 1:05 PM by thomas_r. Go to original post Branched to a new discussion.
  • Whitecity Level 2 Level 2 (340 points)

    Oh no, not this again. There is no need to run anti-virus programs. The vast majority of 'anit-virus' programs are malware scams.

    If you are supersticious you could use Clam, it won't do any harm.

  • Jeff Kelleher Level 4 Level 4 (3,015 points)

    Well, for the most part, there's not much OS X malware out there. If you're vigilant, you're pretty safe running OS X. I'm responsible for 200 or so Macs. Part of me knows that there's not much going to get them behind an enterprise level firewall device and an enterprise level web filter. I still use sophos on all of them though....I don;t want to explain to my boss that the 1st serious wave of OS X malware killed our netowrk. I'm not saying it's going to happen, but I'm not willing to say it will never happen.

  • John Galt Level 8 Level 8 (38,540 points)

    The OP's question specifically addressed viruses. There are none. Furthermore, the implication is that OS X does not already incorporate robust protection against modification from viruses. It does.

     

    Therefore

    There is no need for additional antivirus software. Most commercial antivirus software is junk and some of it is harmful.

     

    Malware is another story and is nothing new. No one has ever said the Mac is invulnerable from malware, Trojan horses or security flaws.

     

    I suggest you read and comprehend the original question and answers before you draw conclusions from facts not in evidence.

  • MadMacs0 Level 5 Level 5 (4,395 points)

    juwiley wrote:

     

    I personally run Intego, which generally is fast and has a fair number of add on features...but I'm considering switching to Kapersky.

    I would hold off switching for a bit. Kaspersky is one of several successful Windows A-V developers attempting to get in on the publicity caused by the 1% OS X infection rate apparently realized by Flashback. Kaspersky probably causes me the most concern in that the first version of the Flashback Removal Tool they posted was responsible for preventing every person that used it to be locked out of their accounts. Giving them a few months experience with OS X would seem to be prudent.

  • dragon2042 Level 1 Level 1 (0 points)

    avast helps alot

  • MadMacs0 Level 5 Level 5 (4,395 points)

    dragon2042 wrote:

     

    avast helps alot

    How?

  • thomas_r. Level 7 Level 7 (29,380 points)

    I'm sorry John and stevejobs fan, this is terrible advice.  The idea that Mac OS X (or that -any- operating system for that matter) is invulnerable is flat-out wrong.

     

    Their advice was not bad, just incomplete.  As is yours.  Any recommendation to install AV software should be coupled with the warning that there's no AV software on the planet that will protect you against everything.  I have personally seen both Windows and Mac users get infected despite having AV software installed.

     

    Any attempt at defense from malware MUST, first and foremost, include education and awareness.  If you simply install AV software with a "get it and forget it" attitude, you will get infected sooner or later.

     

    Thus, I'll repeat eww's recommendation for my Mac Malware Guide, which will educate you as to what's out there and how to defend against it.  Then, after reading that, it is your choice to use AV software or not, though I wouldn't recommend spending money on anything.  A couple of the free options are excellent.  Try Sophos Anti-Virus for Mac Home Edition or ClamXav.

  • juwiley Level 1 Level 1 (0 points)

    Re Education.  Yes education is great, I agree, the more the better.  Thats why I provided a link to the Forbes article.  But when recommending what average users should do (which I assume the OP is), I think install anti-virus/anti-malware is the next step after reading an article like the one I pointed to from Forbes that says "get antivirus software".

     

    Along the lines of education, this whole issue parellels safe-sex education.  If someone goes to a doctor and says: "I'm dating this nice person with a really great immune system and wholesome values, should I still use protection"...the doctor will still say "yes".  It doesn't matter that protection can fail in some circumstances, it doesnt matter that it costs money, its still the best thing you can do to protect yourself and others.

     

    The same is true of Mac AV, and hair-splitting over technical details doesn't help anybody.  Systems are insecure.  Systems fail.  You should get the best security you can, and some AV from a reputable company is better than no-AV.

     

    Re "The OP's question specifically addressed viruses. There are none."  The OP may have been asking about "anti-virus", but I think they were really asking about malware in general, which Intego and other anti-virus products try to protect against.  Why tell the OP (or anyone who came into the post via a google search, like I did), that they don't need AV because they may only get malware?  Why would you buy/shareware anti-malware and skip the AV?  It should be a comprehensive solution.

     

    There are no high profile actively propogating viruses for the Mac that you or I know about.  But theres a lot we don't know.  How many zero-day exploits are sitting out there waiting?  A decent AV package will do heuristic checking, prevent overriding system files, etc. etc. that can, in some cases prevent new/unknown virus/malware.  And like in the case of Flashback, once a new virus/malware is discovered, the AV automatically gets an update to detect and deal with it, without the average user having to follow Threatpost everyday to learn about the new mac exploit.

     

    Re free anti-virus soft, I guess after 20 years dealing with viruses/malware on Windows, Mac (including the original Mac), and Unix, I've finally come around to just paying for a decent solution.  I ran AVG for many years on my PC, and the constant barrage of "why not upgrade?" simply wasn't worth the hassle for me.  I also like having a business relationship with the group I will need to help me fix my computer if I get a virus, so I have an expectation of support calls etc.  I've never dealt with the Clam AV community, maybe they jump right on issues.

  • thomas_r. Level 7 Level 7 (29,380 points)

    Re Education.  Yes education is great, I agree, the more the better.  Thats why I provided a link to the Forbes article.

     

    That Forbes article would not qualify as "education."  About the only bit of useful information you will find there is that there's some malware for the Mac called Flashback.  What is it?  What does it do?  How do you get it?  How do you avoid it?  All questions left not only unanswered, but not even mentioned.  You need to seek better sources of information than that.

     

    Re "The OP's question specifically addressed viruses. There are none."  The OP may have been asking about "anti-virus", but I think they were really asking about malware in general

     

    That's why I said their answers were incomplete.  I don't like the "there are no Mac viruses" nonsense that goes on in the Mac community, but it is no better to err in the other direction.

     

    A decent AV package will do heuristic checking, prevent overriding system files, etc. etc. that can, in some cases prevent new/unknown virus/malware.  And like in the case of Flashback, once a new virus/malware is discovered, the AV automatically gets an update to detect and deal with it

     

    This is exactly the kind of mistaken belief that causes people to be overconfident in their AV software and leads them to getting infected anyway.  Did you miss the part where I said I have seen people get infected despite having AV software?

     

    I have an old variant of Flashback, which I first found in late September of 2011.  That variant of Flashback is still, as of today, undetected by more than half of the engines used on VirusTotal, despite the fact that I submitted it to a number of AV companies and communities.  Nine months, and still missed by many.  That is only one example.

     

    As another example, back during the MacDefender outbreak last year, frequent name and packaging changes kept MacDefender ahead of the AV companies.  By the time they found a new variant and added it to their definitions, there was already a newer variant that they didn't know about yet.

     

    As to heuristics, most AV software is still dependent on malware signatures and not heuristics.  Heuristics have caused serious problems with false positives, missed serious malware, interfered with legitimate system services and applications, and so on.  Heuristics is not a magic bullet, that's why it still hasn't really caught on.

     

    Re free anti-virus soft, I guess after 20 years dealing with viruses/malware on Windows, Mac (including the original Mac), and Unix, I've finally come around to just paying for a decent solution.

     

    What you know from the Windows AV community has no bearing on the Mac.  The free apps I recommend (Sophos and ClamXav) will not pester you with ads and are updated very fast in response to threats.  There is absolutely no reason to purchase Mac AV software.

     

    I would strongly recommend, again, that you read my Mac Malware Guide.  Most of this is all covered in greater detail there.

  • MadMacs0 Level 5 Level 5 (4,395 points)

    juwiley wrote:

     

    A decent AV package will do heuristic checking, prevent overriding system files, etc. etc. that can, in some cases prevent new/unknown virus/malware.  And like in the case of Flashback, once a new virus/malware is discovered, the AV automatically gets an update to detect and deal with it, without the average user having to follow Threatpost everyday to learn about the new mac exploit.

    In all my years working virus detection, I've never seen Mac A-V software catch any new/unknown virus/malware using "heuristics", unless you count the day that Little Snitch found Flashback K or 39. It took several of us a few hours to realize what was happending and two to three days before the vendors had signatures distributed and blogs posted to tell us all what it did and how to remove it. A-V developers are rightly tight lipped about how their software reacts to zero-day attacks, but there is little or no evidence that it is actually effective in an OS X environment.

    I've never dealt with the Clam AV community, maybe they jump right on issues.

    ClamAV has had a reputation of being slow to get definitions out in the past. For a long time they relied exclusively on users to submit samples to them. It was only after they joined the VirusTotal community that we started seeing timely updates, but there was a reluctance to deal with OS X malware as they had no Mac experts on staff. When no one else came forward, Mark Allan, developer of ClamXav obtained permission to manage them and to train others. Over the past year or two OS X definition processing has been mainstreamed and appear to be handled on an equal footing with those for Windows and Unix platforms.

     

    For ten years, ClamAV was managed by a core team of volunteers who probably all had real jobs on the outside and little or no funding. In 2007 the Sourcefire organization integrated the ClamAV team into their organization and as a result many new resources became available resulting in an improved level of support. This week the original team relinquished responsibility for development and maintenance of their product. It remains to be seen where the new team will take it.

  • Whitecity Level 2 Level 2 (340 points)

    The biggest advantage of Clam is that it can be set not to do anything, so if you have an overly superstitious network manager who requires 'antivirus to be installed', you can comply without ******* things up.

  • graemeteag Level 1 Level 1 (0 points)

    I run a split hard drive with Mac one side and Windows the other using Paralells. If I have a virus on the windows side will Clav remove it from the Mac side or do i need to run a windows anti-virus )hopefully not). I need the windows to run a few programs that aren't mac compatible.

     

    Thanks

    Graeme

  • thomas_r. Level 7 Level 7 (29,380 points)

    If you're running Windows, no matter whether on a PC or on a Mac or in a virtual machine, it needs to have anti-virus software on it.  Or it needs to be completely disconnected from the internet and receive no files from third-parties in any other way.  ClamXav won't detect viruses in your Windows install, and neither will any other Mac anti-virus software.

  • MadMacs0 Level 5 Level 5 (4,395 points)

    Theoretically it will, but some users report issues with permissions involved with their Windows partition. If you run into that try checking the box to ignore permissions on that volume. If that doesn't work you may need to use ClamWin or similar on the Windows side.

  • Jeff Kelleher Level 4 Level 4 (3,015 points)

    You should run an AV product on the Windows side. Why not use Microsoft Security Essentials? It's free.

     

    http://windows.microsoft.com/en-US/windows/products/security-essentials

Previous 1 2 3 4 Next