Q: Does OS X Mountain Lion requires antivirus
-
Dec 25, 2012 9:48 AMby Topher Kessler,HelpfulThe "requirement" is a subjective measure, but malware infections are so rare that it is not really a "requirement" in my opinion. However, if you are uncertain then a basic malware scanner tool won't hurt. I've recommended people use iAntivirus, Sophos Home edition, or ClamXav as free and lightweight options that you can use to scan files on your system. Overall the Mac environment is not rampant with malware and is relatively quite safe, but it is out there and there are software-based scams that people have tired on OS X systems.
-
Dec 25, 2012 11:24 AMby Linc Davis,1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files. This feature is transparent to the user, but internally Apple calls it "XProtect." The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders. In most cases, there’s no benefit from any other automated protection against malware.The following caveats apply to XProtect:- It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
- It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
Gatekeeper has, however, the same limitations as XProtect, and in addition the following:- It can easily be disabled or overridden by the user.
- A malware attacker could conceivably get control of a code-signing certificate under false pretenses (though there's no evidence this has happened yet.) The certificate would eventually be revoked, but probably not before some damage was done.
4. Considering all the above, the best defense against malware is your own intelligence. All known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. If you're smarter than the malware attacker thinks you are, you won't be duped. That means, primarily, that you never install software from an untrustworthy source. How do you know whether a source is trustworthy?- Any website that prompts you to install a “codec,” “plug-in,” or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
- A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn users who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
- “Cracked” copies of commercial software downloaded from a bittorrent are likely to be infected.
- Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.
Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
6. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.Why shouldn't you use commercial "anti-virus" products?- Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
- In order to meet that nonexistent threat, the software duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability and poor performance.
- By modifying the system, the software itself may create weaknesses that could be exploited by malware attackers.
7. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so can corrupt the Mail database. The messages should be deleted from within the Mail application.ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. If you don't need to do that, avoid it. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.8. The greatest danger posed by anti-virus software, in my opinion, is its effect on human behavior. When people install such software, which does little or nothing to protect them from emerging threats, they get a false sense of security from it, and then they may do things that make them more vulnerable. Nothing can lessen the need for safe computing practices.9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use. -
Dec 25, 2012 2:17 PMby Topher Kessler,I've installed and used McAfee and have not had a problem with it.
I have likewise used iAntivirus and Sophos Home edition regularly, which is free and a standalone program (ie, it does not install items to multiple locations in the system and run in the background). As such it is quite minimalistic and offers absolutely no negative impact on the system.
The recommendation for ClamXav over others has no basis other than a general (and rather unfounded) concensus in the community; however, it has had its own problems in the past. Csound1's recommendation to avoid iAntivirus at all costs is completely wrong.
From my experiences with these programs most will work just fine and not have a notable (if any) impact on your system, especially if they are standalone packages that do not use kernel extensions (usually for included firewalls). Additionally, most can be quite cleanly uninstalled if there are any conflicts with your setup.
Whether or not they are needed is another argument altogether and is entirely situational to your work. McAfee is offered for free by your university so it is a valid option to use, but you can also use Sophos Home Edition or iAntivirus just fine.
-
Dec 25, 2012 2:23 PMby Csound1,Topher Kessler wrote:
I've installed and used McAfee and have not had a problem with it.
I have likewise used iAntivirus and Sophos Home edition regularly, which is free and a standalone program
I'm happy for you but my recomendation is unchanged, " if you must have a security blanket use ClamXav "
Not that it will do anything useful but it is less obtrusive.
-
by Linc Davis,Dec 25, 2012 2:58 PM
Linc Davis
Dec 25, 2012 2:58 PM
in response to Topher Kessler
Level 10
(208,044 points)
ApplicationsSophos Home edition... does not install items to multiple locations in the system...
That's incorrect. It installs three root daemons and a kernel extension, among many other components. The kernel extension has caused panics and application crashes reported on this site.
The following is a partial list of files that the Sophos Home Edition installer package installs outside the Applications folder:
/Library/Contextual Menu Items/Sophos Anti-Virus.plugin
/Library/Frameworks/SAVI.framework
/Library/Frameworks/SUMScanKit.framework
/Library/LaunchDaemons/com.sophos.autoupdate.plist
/Library/LaunchDaemons/com.sophos.intercheck.plist
/Library/LaunchDaemons/com.sophos.notification.plist
/Library/Sophos Anti-Virus/IDE
/Library/Sophos Anti-Virus/InterCheck.app
/Library/Sophos Anti-Virus/Libraries/libcrypto.dylib
/Library/Sophos Anti-Virus/Libraries/libssl.dylib
/Library/Sophos Anti-Virus/Libraries/libSULObjC.dylib
/Library/Sophos Anti-Virus/ps_rootca.crt
/Library/Sophos Anti-Virus/ps.crl
/Library/Sophos Anti-Virus/sau.plist
/Library/Sophos Anti-Virus/SophosAntiVirus.app
/Library/Sophos Anti-Virus/SophosAutoUpdate.app
/Library/Sophos Anti-Virus/SophosUIServer.app
/Library/Sophos Anti-Virus/VDL
/usr/bin/SophosUpdate
/usr/bin/sweep
/usr/share/man/man1/sweep.1
You would know this already if you had researched the matter before offering an opinion.
-
Dec 25, 2012 3:07 PMby Topher Kessler,That's my error here. I edited my post and added "Sophos" to include it with regards to having used both programs, but had originally written the post with regard to iAntivirus only. Sophos does install to multiple locations, but iAntivirus does not.
As for your statement of my "research" as a clear attempts to put me down, it's unneeded here.
-
Dec 26, 2012 1:30 AMby Shirley Morris,I have iMac with 10.8.2 mountain lion I have used CNET techtracker to up date my software, tracker offered me a update to INTEGO 2013 when I downloaded this it looks like it is infected it has denied access to files making my computer unusable. What is my best course of action. I have back ups on iCloud and timemachine
