Do I need an antivirus for my 10.6.8?
Installed the java updates, but I'm unsure and really would like to ensure the security of my computer.
Would appreciate any help or advice on the matter, thanks!
MacBook Pro, Mac OS X (10.6.8)
30 replies
And again with the ignorance.
John Galt wrote:
Many users are under the impression that OS X doesn't already include such protection.
If you mean what is informally known as X-Protect, it is not comprehensive anti-malware protection. For example, it is ineffective against the later variants of Flashback, which is why Apple had to release several security patches weeks after the Java vulnerability was being exploited in the wild to successfully infect Macs running OS X.
Several AV apps prevented these Flashback variants from infecting Macs long before Apple released anything -- in fact, some variants self-destruct if they detect certain AV or other non-Apple apps on the system.
If you mean what is informally known as X-Protect, it is not comprehensive anti-malware protection.
Correct, but the topic of this thread and the post to which I responded concerns OS X viruses, not malware.
Malware for the Mac is nothing new.
As far as the end user is concerned viruses, trojans, malware are all one in the same.
John Galt wrote:
Correct, but the topic of this thread and the post to which I responded concerns OS X viruses, not malware.
The post to which you responded mentioned among other things drive-by exploits like Flashback, which are not viruses.
Besides, it is well known that "antivirus" in product titles does not refer only to viruses but to the general class of malicious software known as malware. "Virus" in this use is just a historic reference to a characteristic of the first type of software released into the wild to do harm. And strictly speaking, not every virus must necessarily be malicious.
Do I need anti-virus for my 10.6.8?
A: Always on, at boot kernel extension file type anti-malware > I'd say no at this time.
B: Run as you need it (free ClamXav) to clean the potential malware off files (mostly from Windows) > I'd say yes
If your getting a lot of emails or files from Windows users, then B
If your downloading files for your Mac and could get hit by the rare Mac PDF trojan then: B
So at this time I would recommend the minimum ClamX av on 10.6.8, this way one can scan the files and their system once in awhile.
You should take these precautions anyway to reduce your exposure potential, it's saved my bacon already.
ds store wrote:
Do I need anti-virus for my 10.6.8?
A: Always on, at boot kernel extension file type anti-malware > I'd say no at this time.
B: Run as you need it (free ClamXav) to clean the potential malware off files (mostly from Windows) > I'd say yes
If your getting a lot of emails or files from Windows users, then B
If your downloading files for your Mac and could get hit by the rare Mac PDF trojan then: B
I'll disagree with your choice of B for the average end-user simply because of the amount of conscious intervention required. I've administered various systems and networks since the 1980s and it's been my experience with Joe Cool and Suzy Creamcheese that the only solutions that are effective over the long term are the set-it-and-forget-it variety. Moreover, they need their mail scanned so that they don't excitedly foreward those infected Windows attachments to family and friends prior to downloading and manually scanning the attachments.
I agree that B is better than nothing. ClamXav Sentry isn't hooked into the kernel, though; it runs in userland and, as such, only has whatever privileges as the user who is logged in. This is both, I think, a blessing and a pain in the butt. As well, understanding how Sentry interacts with mail can be frustrating for new users. So, a perfect solution it isn't.
I admire your long-time and well-intentioned efforts to educate users with good practices. Please don't stop. In the meantime, it's worth remembering that your due diligence and attention to detail is perfectly mirrored by the average users' inexorable tendency to click OK and type passwords whenever prompted without generally thinking why. The contrast is remarkable and is why on-access scanning should be considered to be mandatory for the vast majority of users.
Cheers. 🙂
Message was edited by: Trane Francks
Trane Francks wrote:
...the only solutions that are effective over the long term are the set-it-and-forget-it variety.
Problem with those is they cause problems, slow the machine down, don't update or Apple issues a under the hood change which breaks them. Then they don't catch anything anyway in most cases as the Mac malware is so small and it gets around quite a bit before anyone does find it.
The most problematic are the really locked down anti-malware versions like Norton for instance.
AV developers are really not paying attention to the Mac market, there is no profit in it and OS X market share has been decreasing, most all from iOS cannibalization.
Apple of course changing their operating systems now annual basis also is having it's effects on the third party software market, like many are just refusing to issue Mac software anymore.
The only reason we had Flashback is because Apple refused to provide 10.5 security updates since July 2011 (when 10.7 was released) and also Apple managed Java on Mac's and didn't issue a update fast enough for other OS X versions, as a result is a 600,000 strong Mac botnet.
Apple has now released a fix for 10.5 Intel only, PPC is just out of luck apparently.
Also they will disable Java (if not used) and outdated Flash, made it retro active all the way to 10.5 Intel.
Since 10.6 is still being tweaked on by Apple, especially App Store and things like that, I don't advise a always on anti-malware that is too restrictive in it's approach less Apple throws a wrench into the works.
However it might be soon that one may want to employ a stricter anti-malware on a 10.6.8 system, with the understanding it will have to be removed before any OS X update, then one has to wait for a anti-malware software update or the all clear before reinstalling it.
For a lot of Mac people who don't deal with Windows files, this is a unnecessary as Mac malware is so tiny as not to almost bother, Apple will take care of it eventually and AV developers don't care or can't provide a profitable solution as Apple acts before they can and has the advantage of Software Update.
Running AV software on Windows files by Mac users is only a courtesy really, the AV software on their end should catch it like it does everything else from other sources. IMO Mac users shouldn't have to bother, it's really not their problem.
ds store wrote:
For a lot of Mac people who don't deal with Windows files, this is a unnecessary as Mac malware is so tiny as not to almost bother, Apple will take care of it eventually and AV developers don't care or can't provide a profitable solution as Apple acts before they can and has the advantage of Software Update.
Relying on security through obscurity is no security at all. Let's be clear about this: OS X is based on BSD, which is no more or less secure than any other mainstream UNIX. It's all well and good to point at Windows systems and say that malware and its ilk amounts to somebody else's problem, but that's only true until the moment crackers perceive enough of a payout to warrant giving the platform significant attention. From that point, the exploits will keep a-rollin' in. And as for the deprecation of OS X in favour of iOS, I suspect it's the other way around. With Lion and Mountain Lion more and more resembling iOS, it's clear (to me) that Apple intends to migrate OS X to the iPad and iPhone once they've got the hardware to support it seamlessly. Yippee. Launchpad for all. 😟
As for Apple taking care of it eventually, the grim reality is that Apple has a history of only maintaining the current release and one release back from that. For the most part, that means those of us sitting on Snow Leopard will be out of luck come Mountain Lion's release this summer. I find the tidbit that Apple actually released a patch for Flashback on Leopard to be only minutely comforting. Apple doesn't even bother announcing EOL for products, and so you get people still using Tiger and the like after years of nothing but iTunes and Safari updates rolling down the pipe. Categorically, those are application updates, not security patches.
One other thing: If you try to say that ClamXav siginificantly slows down a system, it just shows that you've never used it or if you have, it's been configured to on-access scan every file on the root mount. Running in userland means that Sentry is configured to run on a per-user basis, which means only on-access scanning a user's home directory tree is best practice. That leaves only occasional full-system scans necessary. I don't bother with those, generally speaking, more than once or twice a year or so. I run Sentry on a 5-year-old notebook without noticeable slowness. 'Nuff said.
Anyway, we're obviously not in agreement and that's fine. It's up to those reading the thread who are undecided to come to their own conclusions and then act accordingly. My stake here isn't to disagree with anybody, only to throw out my opinion as one who has seen all manner of worms, viruses and malware. And lest we forget, the first worm took advantage of vulnerabilities in UNIX. I was already a system admin when the Morris worm made the news. (Boy, talk about dating yourself. 😉)
Cheers. 🙂
ds store wrote:
Problem with those is they cause problems, slow the machine down, don't update or Apple issues a under the hood change which breaks them. Then they don't catch anything anyway in most cases as the Mac malware is so small and it gets around quite a bit before anyone does find it.
None of these things are true in my personal experience. I have run Sophos' free-for-non-commercial use AV software since it was first released. I even ran it on a test system I upgraded from Leopard to Snow Leopard, using Apple's standard upgrade method. Result: no issues whatsoever.
Trane Francks wrote:
And as for the deprecation of OS X in favour of iOS, I suspect it's the other way around.
I don't have the link to the chart anymore, mind you this is outside the "Great Firewall of China"
Before iOS came out, OS X had 10% market share.
Relying on security through obscurity is no security at all.
True, however when Mac malware is found, it's by this AV vendor or that AV vendor and one can only run one AV software at a time on a machine, then the AV folks don't always share the results with one another.
By the time a users AV gets the definitions, Apple has already a fix in place AND removes the malware.
So since malware writes write their code to get past AV software and it takes so much time to get the definitions to go around, the malware has already gained a significant foothold.
Security is best done by having a secure OS and programs, and any that are prone (flash, java, silverlight for example) should be minimalized to reduce the attack exposure surface.
Apple intends to migrate OS X to the iPad and iPhone
Never going to happen, Apple is marching to a closed ecosystem and is extending that to Mac's with Mac App Store and Gatekeeper.
OS X is taking on the features of iOS and it will continue until it is iOS.
As for Apple taking care of it eventually, the grim reality is that Apple has a history of only maintaining the current release and one release back from that.
That was the past behavior under Jobs, Tim Cook is in charge now, with the 600,000 Flashflake botnet Apple did release a security update for 10.5 back a few weeks ago.
Apple does learn from their mistakes, however they are not pre-emptive, Flashflake only exists because of Apple's past lazyness and inattention to 10.5 and Java, they realized their error as all those 600,000 people who find out they were infected and it's Apple's fault will reconsider purchasing Apple again.
Lesson learned, I don't think they will abandon 10.6 users when 10.8 is released, it still will have 50% market share, and will have about 40% this time next year if 10.9 is released as 10.7 only gained 30% market in 1 year.
Cheers. 🙂
Cheers. 🙂
R C-R wrote:
None of these things are true in my personal experience. I have run Sophos' free-for-non-commercial use AV software since it was first released. I even ran it on a test system I upgraded from Leopard to Snow Leopard, using Apple's standard upgrade method. Result: no issues whatsoever.
In order to watch for unexpected malware, the anti-malware will have to run a root process to observe everything going on.
If Apple supplies their normal Software Update, then it can break this anti-malware process with unexpected changes, older OS X versions dont' suffer from this as Apple doesn't tend ot change things on them.
So what you must have with Sopho's is a free always on scanner for viruses, sort of like ClamXav, essentially a waste of CPU cycles as there is no viruses for OS X, only a courtesy clean of Windows bound files. How often does one do that to need a always on anti-virus?
So if your constantly trading files with Windows users or one has a bunch of know nothings, then sure, I can see a case for that. But usually that's a rarity because files on Mac's and PC's have different formattign and fonts, so it's usually worthless to trade files constantly, better to have a PC to work with PC if the files are swapped that much between machines (or a Mac with a Mac).
The problem with a lot of always on AV software is one doesn't know how far the dam thing reaches or will break if OS X gets a update.
ClamXav won't because it's not running all the time so it can't break OS X. cause gray screen and other non boot issues. It just won't run when you try to launch it at best.
The point I'm trying to make is to match the right acting anti-malware for the purpose and need at hand.
If one goes and installs something highly restrictive, then it causes more problems for the little malware Mac's do get.
Still not one AV software caught Flashback or MacDefender. So they are essentially worthless software in my opinion, closing the barn door after the horse has already escaped, but for the quantity of malware on Windows, I can understand even late is better than nothing.
ds store wrote:
By the time a users AV gets the definitions, Apple has already a fix in place AND removes the malware.
Again, not true in my experience. The apps of many AV vendors, Sophos among them, could detect & block recent Flashback variants long before Apple finally released anything. In fact, some of these apps didn't even require an update to do so because they detected similarities to earlier variants.
So since malware writes write their code to get past AV software and it takes so much time to get the definitions to go around, the malware has already gained a significant foothold.
By default, Sophos checks once an hour for new definitions & they generally appear on my Macs no more than 24 to 48 hours after any new variants appear in the wild. Sophos is among the several security companies that operate their own "honeypots" around the world, strategically located to detect malware before it even crosses national boundaries. For obvious reasons, the details of how these honeypots work & their IP addresses are secret, but the bottom line is such things are far more likely to "catch" malware than even enterprise systems whose owners pay big bucks for this kind of zero day protection.
ds store wrote:
If Apple supplies their normal Software Update, then it can break this anti-malware process with unexpected changes...
In my experience, this isn't true for Sophos. I even updated beta versions of Lion with it running & noted absolutely no problems even remotely attributable to it.
The point I'm trying to make is to match the right acting anti-malware for the purpose and need at hand.
So am I. But running any after-the-fact AV software scan is in effect closing the barn door after the horse has bolted.
Do I need an antivirus for my 10.6.8?