Q: Does OS X Mountain Lion requires antivirus

Welcome to ASC, Krrish7!

I've used macs for nearly 10 years and never yet found a reason to tie up my system resources with a AV scanner. I know this can seem weird if you're coming from a Windows environment but there's some good reasons for it.

1. Up till now, there's been very little attention paid by malware makers to the Mac platform. It's just not been big enough to be worth their attention. This, of course, is likely to change if OS X increases market share considerably.

2. Apple continues to implement various methods in the OS to keep out malware. Some are behind the scenes like the Xprotect.plist

(Topher explains more about how this works here) and others are in the UI that can be overriden by the user.

If you're on OS 10.8 the latest method they've devised is 'GateKeeper.' You can turn this on - if it's not on already - in

General - System Preferences - Security & Privacy

You can find out more about it here. You might also consider installing a free Ad blocker, too.

3. As far as unknown threats are concerned, AV scanners are fairly useless. Yes, its possible someone could re-use some code in a new threat that will be detected by an AV scanner, but since there's so little of that 'out there' for the mac for them to re-use its highly unlikely.

4. I always keep a couple of backups, with at least one never connected the same time as others so if I did get infected, it's simpler for me to reinstall the entire system from backup than it is to get involved with constantly running AV software or cleaning and disinfecting things. You should do something similar. I recommend using a clone as well as Time Machine.

Finally, you'll find some very knowledgeable people on this site from whom you can learn a lot if you keep coming back (both Topher and Linc would fall into that category). Just try to ignore the willy-waving about who's got the most points and the handbags-at-dawn about who knows "best". 

Did the techtracker program do this, or did the update to Intego's software do this when you next ran the Intego software?

I have used CNET techtracker

Before using that product, or downloading anything else from the CNET site, I suggest you read the page linked below. It's on the website of "fyodor," the developer of a highly respected open-source tool for network analysis and a true security expert. Here are some excerpts from his article:

CNET Download.com was caught adding spyware, adware, and other malware to thousands of software packages that they distribute, including our Nmap Security Scanner. They do this even though it clearly violates their own anti-adware policy (update: they have now removed the anti-adware/spyware promise from the page).

After widespread criticism of the practice, Download.com removed their rogue installer from Nmap and some other software, but they still use it widely and have announced plans to expand it.

For these reasons, we suggest avoiding CNET Download.com entirely. It is safer to download apps from their official sites or more ethical aggregators such as FileHippo, NiNite, or Softpedia.

Shirley, you should start a new thread as this one is rapidly deterioating from answering the OPs question (which is not the same as yours) to a battle between certain posters, at least one of whom has an ulterior motive of making a point at the other's expense rather than genuinely helping you to solve your problem.

There was a bad decision to bundled a toolbar and download manager with a few Windows-based downloads, which had them flagged as malware. This was a very poor decision by CNET, but was quickly addressed (see here: http://download.cnet.com/8301-2007_4-57338809-12/a-note-from-sean-regarding-the- download.com-installer/), so despite the problem there is another component to the story. The decision did not affect Mac users, and users can now avoid download managers through the download.com site. I don't recommend people one way or the other on CNET's download.com service (the safest option is always to go to a developer's site only and avoid all middlemen), but the issue here which is not unlike those experienced by others, even in the App store (see here: http://reviews.cnet.com/8301-13727_7-57478793-263/windows-malware-slips-into-app les-ios-app-store/).

Not sure if tech tracker supplied an infected program. This a bad malware I have SOPHOS as well as INTEGO giving continuos protection no malware detected. This malware has removed my preferences + gatekeeper . It prevents me inserting a disk, I have mountain lion on a USB so will be able to start from scratch . My time machine backs have been damaged using SOPHOS to check them at present. I have got caught inspite of my care and protection. Just want the be very careful message to others.

It's tough to tell by your description as to what has happened. What do you mean it removed both your preferences and gatekeeper from your system? When you try to insert a disk, what specifically appens? It may be quite possible your system is simply suffering from a couple of odd but common problems such as faulty permissiosn settings and filesystem corruption.

Shirley/Topher sub-string

For points of understanding whats going on

(1) a mac computer is being used

(2)  to run osx the individual is starting their mac normally or are they using a start up drive booting into a partition or are they using a usb or external hard drive to get into osx

(3) the individual is signed on as an admin or guest or standard user

(4)  both sophos and intego are both running

(5)  my preferences and gatekeeper are gone from account

thinking out loud here

I would take sophos and intergo off  (remove them completely)

I would then repair permissions and disk (wondering what start up will say) and make the appropriate fixes

but im thinking more info is needed from the perspective of once I turn on my computer, this is what I do, this is what is happening - but I would remove the av's and then start this process.

just a thought

Thanks for this info, I had accepted CNET guarantees that all their updates and software was checked and malware free.

Very disappointed. My main reason airing the problem was to prevent others being caught. I have contacted SOPHOS and INTEGO and via this forum apple. Also published on twitter.

Shirley Morris wrote:

 

Not sure if tech tracker supplied an infected program. This a bad malware I have SOPHOS as well as INTEGO giving continuos protection no malware detected. This malware has removed my preferences + gatekeeper . It prevents me inserting a disk, I have mountain lion on a USB so will be able to start from scratch . My time machine backs have been damaged using SOPHOS to check them at present. I have got caught inspite of my care and protection. Just want the be very careful message to others.

Never download anything from CNET, go to the manufacturers site if you must. Never install Antivirus software for Macs, none work.

1) the disk won't go in feels a rigid block.

2) no permissions show in library

3) gatekeeper no longer shows in library

4) FaceTime that I don't use was activated

5 system preferences are available so maybe I'm confused.

I'm failing to understand the claim that gatekeeper is gone from a user's account. Gatekeeper is a systemwide service that is available in the system preferences, and which affects the system globally regardless of the user account status. The Gatekeeper settings in the system preferences require authentication and then update a central database in the system that affects applications running under any user.

I agree, however, that if there are problems being experienced then one option is to strip the system down a bit and run maintenance routines to see if that results in any difference.

The difficulty here also revolves around the claim that the problems are from malware. While perhaps "possible" without further (and proper) investigation this claim has little backing.

CNET's download.com, MacUpdate, the Mac App Store, and several other file distribution services are fine resources to use. Each have had PR issues and problems (even if only trivial ones), but overall each have benefits that at the very least show the availablilty of new software.

As for antivirus software, it will not hurt your system as has been claimed or at least suggested by a select few people who are on this forum, or at least would do no more so than any other utility or program you install on your system.

As for their benefit, if you are concerned about malware then AV scanners are absolutely a good resource to use for checking your system for known malware. Those who claim otherwise might have technical expertise and knowledge of how to keep their systems quite safe, but this does not reflect the vast majority of Mac users, so at least for the sake of peace of mind if you are one of these many Mac users then an Antivirus tool is a quite acceptable option to consider.

Antivirus tools that have little impact on the system and its functions include iAntivirus, Sophos Home Edition, and ClamXav, all of which are perfectly fine solutions for an average home user who has concerns. While some can be set to actively scan everything, all can be configured to run minimally (which most do out of the box) and on-demand, so the only impact is the few megabytes of storage space they use on the system.

Once again we can disagree on some matters, why use a 3rd party download site (with a checkered history) when the manufacturer/developers site is available?

Csound1 wrote:

 

Once again we can disagree on some matters, why use a 3rd party download site (with a checkered history) when the manufacturer/developers site is available?

I dont think we disagree entirely on that matter, but these sites to have their uses. For one they have been good resources to check for new versions of programs as they are released, or explore other similar software packages without having to ask around about options to use. Some also have notification options for when a product is updated, which can be useful if the program does not have its own update checking routines.

The reviews included at these sites (both official and user-based comments and ratings) can also useful to assess the quality of a particular program or a version update.

If you know what you want or are discussing a particular program then linking through these middlemen sites is unnecessary; however, they do have these features that people may benefit from.

A company, developer, or organization making a mistake or two is no reason to dismiss them forever and label them as a fraudulant or malicious organization. That is an extreme position that is essentially useless advice since it includes practically every company and individual out there. Mistakes and bad decisions happen, but we learn and move on from them.

My position is if there is benefit that people may get from a site or service, then even if I dont find much use in it myself it is still an option they might find useful and wish to consider, so i advocate they explore them. I dont blindly steer them away unless there is a clear and ongoing problem, such as a known bug in an OS update that is causing crashes with some system.