do i need antivirus
i am new to macs and i was wondering if i need to buy antivirus?
i am new to macs and i was wondering if i need to buy antivirus?
No, there are no known viruses for Mac OS X systems. Definitely do not buy anything like Norton or McAfee as they cause serious damage to the system.
Sophos free for home use is available
http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-ed ition.aspx
I use sophos
Also ClamXAV is available also free from App store
Many people will say you dont need antivirus but do read this article
and this thread
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is presumably effective against known attacks, but maybe not against unknown attacks. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. Beyond XProtect, Gatekeeper, and MRT, there’s no evidence of any benefit from other automated protection against malware. The first and best line of defense is always your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
8. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
The use of anti-virus software is a contraversial topic here, and there are few balanced opinions on the matter. Although it can be easy to stay safe without anti-virus software, and anti-virus software does have the potential to have a negative effect on your machine, the use of anti-virus software is a choice you must make, based on your needs and behaviors.
See my Mac Malware Guide for help making that decision, and to learn how to keep yourself safe, with or without anti-virus software.
I'm going to need popcorn for this one. lol
As per my opinion I think you must have one. As precaution is always better than cure .Computers and laptops are something where we spend most of our time for many important work related to office, business, and other documents. So it is very important to secure such device that could do a big loss if it gets attacked by any virus.
Seems wierd how the general advice in in this community refers solely to AV and firewall. Commercial AV software have higher detection rates than XProtect. Relying on hardware based firewalls as your sole defense seems like terrible advice. Having multiple layers of protection is generally better when implemented correctly. Keep your firewall turned on. If you're going to only use hardware based firewalls, make sure you know how to actually set it up correctly.
Harden your browser. Use some sort of script blocking extension such as NoScript. Use Adblock or Ad block plus (ads are a common attack vector.)
ASLR is overated and fails vs brute force attacks.
Disable the root account, create a "normal user" and use that account solely for day to day tasks.
If you're up to it, try out "Little Snitch" (Intego's firewall is somewhat similiar) which acts as an host firewall but uses application based rules as opposed to port based.
Back up the system regularily, time machine seems fairly good.
Just because you probably don't need multiple layers of security, doesn't mean you shouldn't use it.
Commercial AV software have higher detection rates than XProtect.
Comparing those two things is like comparing apples to oranges. XProtect does not contain definitions for everything, because some things are protected against in other ways. For example, malware like Flashback is protected against by blocking vulnerable versions of Java and/or Flash and use of a malware removal tool that functions as an update.
Keep your firewall turned on.
A traditional firewall does literally nothing to protect you against malware. It has a different purpose.
Harden your browser. Use some sort of script blocking extension such as NoScript.
JavaScript cannot infect you. Further, if you're using NoScript so that you can visit sketchy sites without getting infected, you're doing it wrong. It's not JavaScript you need to be blocking, and you shouldn't be visiting those sketchy sites in the first place.
You may argue, legit sites can be hacked to contain malicious JavaScript... but then, of course, NoScript won't help because you've probably chosen to allow JavaScript on that legit site.
ASLR is overated and fails vs brute force attacks.
Not sure what you're talking about there, or how it relates.
Disable the root account
The root account is disabled by default.
create a "normal user" and use that account solely for day to day tasks.
Illusions of security... Much of the recent Mac malware I've seen requires no admin access. It infects user space, and it steals your data just as easily that way as it could if it could gain admin access. Using a non-admin user really isn't much safer.
If you're up to it, try out "Little Snitch"
Little Snitch can be useful, but don't treat it as a magic bullet. Once you open a malicious executable, it could easily disable Little Snitch. This has been seen before. Of course, some malware also refuses to install or run in the presence of Little Snitch, or ignores it completely and then gets caught trying to phone home... thus the benefits. Just don't assume Little Snitch = guarantee of safety.
Just because you probably don't need multiple layers of security, doesn't mean you shouldn't use it.
There's more to this choice than that. You could make your house far more secure with the addition layer of security of motion-sensitive automated turret-mounted machine guns. Why not do that, then? Because there are other considerations, such as expense, reliability, consequences of false positives (That was a Girl Scout, not a burglar!!!!), etc.
Fact is, many Mac anti-virus apps have problems. They cause stability issues. They cause performance problems. One I know of repeatedly identifies parts of the system as malicious, and has for years. And a significant number of them really aren't much good at detecting Mac malware anyway. (See the results of my Mac anti-virus testing 2014.)
Plus, anti-virus software tends to make people over-confident. I've personally seen people get infected with malware despite having anti-virus software installed, simply because they made the assumption that they were safe and thus did not exercise the caution they would have otherwise.
Bottom line, this isn't an easy issue. If you choose to use anti-virus software, it should be done in an educated way, and with knowledge of exactly what role it will play and what the limitations are. Anyone saying that you must run anti-virus software is just as guilty of spreading propaganda as those saying you must not.
No script does MUCH more than just allow you to handle javascript. I in no way state these measures are full proof, but you can atleast make yourself a harder targer. I took a look at the site you referenced for AV testing. If I was going to trust AV test results there are other sources I would trust much more.
Standard user accounts actually do limit risk, do some research.
As browsers are the number one source of infection for home users, I don't see how hardening a browser is bad advice.
Talking about overconfidence in users when they have AV software seems somewhat of a logic fallacy. A user is not going to click a "sketch" link or popup just because they have AV software.
Most commercial products are not simply AV scanners these days. Many include heauristic based detection, HIPS/HIDS, domain blocking, mail scanning, etc. Yes, it does increase your attack surface somewhat, but for the average user, it would be hard to argue that it wouldnt be an improvement.
As far as stabiliity issuse, each company does have a support forum 🙂.
To summarize: No.
Use commonsense and don't download software or files from an unknown web source.
thomas_r. wrote:
Keep your firewall turned on.
A traditional firewall does literally nothing to protect you against malware. It has a different purpose.
As far as your "firewall's don't do anything it appears you read Why you don't need a firewall on Infoworld. You are right, if you don't actively maintain a firewall or take the time to properly set it up, it will do nothing to help you. However, if used correctly it undoubtedly helps against todays threat landscape.
See https://isc.sans.edu/forums/diary/Do+Firewalls+make+sense+/13240 for further discussion.
If you still think I am worng and think that actively telling users they don't need it is correct, I doubt you would feel comfortable posting your WAN address here and letting everyone known your firewall is down.
It seems that ignoring you isn't making you go away.
it appears you read Why you don't need a firewall on Infoworld.
Actually, no, I have never read that. However, I did write Do I need a firewall? almost a full year before that article's appearance. And I still stand by it, as nothing has really changed in that area.
If you still think I am worng and think that actively telling users they don't need it is correct, I doubt you would feel comfortable posting your WAN address here and letting everyone known your firewall is down.
I would gladly post my IP address here. It would do nobody any good, since I have a router that would catch all traffic and that is secured against remote access. The reason I will not, however, is because my IP address could be used to determine at least a somewhat approximate location of where I live, and I have no interest in revealing that information.
As for some of your other statements:
If I was going to trust AV test results there are other sources I would trust much more.
Okay. Then name some that back up your position. Be sure they publish a full list of checksums of all malware samples tested and the full methods used for testing, otherwise they are not a reliable source of information.
Standard user accounts actually do limit risk, do some research.
Do your own research, if you wish to refute my point. You cannot put the burden on me to prove that your claims are wrong. I've given my reasons for saying what I did... reasons that are backed up by experimentation with many different pieces of malware. Refute them or don't, but don't expect me to do the work for you.
As far as stabiliity issuse, each company does have a support forum
I'm sure a support forum will be of great comfort to someone who has lost a full day of work troubleshooting crashes or rebuilding a damaged system.
do i need antivirus