Why does Apple not provide a proper AV for OSX?

Interesting post. OS X has got its own security systems (have you read something about XProtect and Gatekeeper?), so you don't need any additional antivirus. Read > http://www.thesafemac.com/mmg

If you want an antivirus, install ClamXav, but then don't say that you have problems with your computer

There is also the Xprotect framework which has been quite effective at plugging various security holes in Java and Flash.

The fact is, the aggressive AV software causes more problems than it solves on OS X, as you and countless others have seen.

sebastian brabetz wrote:

Update:

I dont mean Apple is doing nothing about OS Security. Sandboxing, ASLR and other mechanismens are something obviously. However Application/Fileformat exploits will always find exploitable bugs and Signature and Heuristic based AV are a viable option to adress those issues.

Message was edited by: sebastian brabetz

That will happen regrdless of whether AV detection software is installed.

Got a call from a friend yesterday. His computer was down for three days. He had a virus. He used a company to disinfect remotely. He spent 9 hours on the phone and $189 with the service. Once finished he had to do a lengthy online customer satisfaction survey before he could access his PC.

He called to ask what I use for AV.

A Mac 😉

And dont tell me MAC does not need AV. Read the news 😉

OS X already includes everything it needs to protect itself from viruses and malware. You already paid for it and you need nothing else. Keep it up to date with software updates from Apple.

Third party products that claim the unique ability to protect your Mac better than the engineers who design and maintain it are attempting to capitalize on ignorance from a generation of Windows users inured to such a need. "The news" is an entertainment product that simultaneously capitalizes upon and promotes prurient interests, fear, and ignorance. This is an abundant and lucrative market and you are an ideal customer.

Gatekeeper is not a firewall and is entirely unrelated to one. Unfortunately you are correct in that it does not prevent you from installing third party anti-virus software, which is responsible for more problems with Macs than anything else.

OS X About Gatekeeper

sebastian brabetz wrote:

Which is the point of the initial post: Apple should provide a properly integrated AV software that is not too aggressive. Maybe Xprotect is exactly that but then it lacks transperency imho...

Please send your opinion to Apple. Feedback

Java is not an Apple product, and "jailbreaking" turns an Apple product into a non-Apple product. No one can prevent you from installing junk on a Mac or iOS device or modifying their operating systems if you so choose. No anti-virus product in the world will ever be able to prevent you from doing so.

... But not observing reality and telling everyone OSX is perfect and does not need any security or does not need to keep up with the security world ...

Not only did I not state that, I stated the opposite.

Apparently you do not read, so continued discussion is pointless. I suggest you express your concern to Apple, who I am certain will give it all the consideration it is due: Feedback

sebastian brabetz wrote:

Okay Gatekeeper is not a Firewall that was wrong.

But if OS X already includes _everything_ to protect itself how come there was a flashback and flashfake? How come Java exploits can compromise the entire OS?

How can it be that evry IOS Version gets Jailbroken over time? Sometimes it was as easy as pointing safari to a webpage (PDF interpeter exploit)....

"The news" might be entertainment. But not observing reality and telling everyone OSX is perfect and does not need any security or does not need to keep up with the security world sound to me like a tale told by generation of MAC users that lived in times when OSX was a niche product...

Install whatever crap you choose on your Mac, it is your right to do so. When your Mac fails to work correctly because of it you will face a choice of what to do next. It will not be Apple that put you there.

sebastian brabetz

Just observe the Metasploit Exploit Database that is slowly beginning to integrate more and more OSX exploits.

I visited the site very briefly. It is new to me. I wanted to read some of the "more and more OSX exploits" you have found there.

http://www.metasploit.com/modules/

I looked for "Macintosh" in each of the five search fields - one at a time. I found nothing. Please enlighten me. Am I doing something wrong? I do want to know more about these exploits.

Susan Howard wrote:

Got a call from a friend yesterday. His computer was down for three days. He had a virus. He used a company to disinfect remotely. He spent 9 hours on the phone and $189 with the service. Once finished he had to do a lengthy online customer satisfaction survey before he could access his PC.

He called to ask what I use for AV.

A Mac 😉

Hi Susan. What was the virus and who were the Company?

Thanks

Pete

sebastian brabetz wrote:

Gatekeeper is meerly a Firewall which wont protect you from drive by fileformat exploits.

It is nothing like a Firewall in any way. It would definitely protect you from any drive-by application that was unsigned, assuming you have it configured properly.

Application/Fileformat exploits will always find exploitable bugs and Signature and Heuristic based AV are a viable option to adress those issues.

Signature base detection is no longer as effective as it originally was because the malware developers are getting much better at defeating it. XProtect already provides a signature based system of detecting original downloads to hopefully prevent any malware from being installed. I can only guess that their Malware Removal Tool is also a signature based system to remove the most common forms of installed malware. Despite all the bells and whistles that are being built into modern A-V commercial software, they are still most effective at detecting and sometimes removing already installed infections. Their heuristic routines, no matter how complex, still seem to always fail in the detection zero-day exploits. They may well be better on the PC side of the house, but I have never read of even one success on the OS X side. It normally takes them a day or three to update their databases with a signature. Intego has promised an article on that subject, but I'm still waiting.

sebastian brabetz wrote:

But if OS X already includes _everything_ to protect itself how come there was a flashback and flashfake? How come Java exploits can compromise the entire OS?

Obviously at the time it did not have everything and tomorrow we might be saying the same thing, but today we can be comfortable saying there are no currently known threats to a fully up-to-date OS X 10.6.8 and above. If another Java vulnerability is exploited by malware, the only thing that would probably catch is is a properly configured Java/GateKeeper combination. I don't believe for one minute that any third party A-V software on the market today will do any better.

How can it be that evry IOS Version gets Jailbroken over time? Sometimes it was as easy as pointing safari to a webpage (PDF interpeter exploit)....

That has nothing to do with this discussion. Different OS and it's the users choice to jailbreak it.

There is a parallel, of course. Back when Java was disabled by Apple, many users were providing instructions for shutting XProtect down completely in so users could play their favorite games again.

telling everyone OSX is perfect and does not need any security or does not need to keep up with the security world sound to me like a tale told by generation of MAC users that lived in times when OSX was a niche product...

I rarely read anything close to that here in the forum. I know I always try to make it clear that I am referring only to the way things are at the moment. I have, at time, been equally critical of Apple when they have not shown what I consider to be appropriate reaction to a threat, but I must say they have listened and their approach to security is far better than it was even a year ago. Not perfect, of course, and unlike commercial A-V companies, they do have other development efforts that must be resourced. But IMHO, they are doing a lot better at this than either Adobe or Oracle seem to be doing at the moment in this area.