antivirus
I used windows, then linux from 2005- now. I have a macbook air. should i be using antivirus?
MacBook Air (11-INCH, MID 2011), OS X Mountain Lion (10.8.2)
I used windows, then linux from 2005- now. I have a macbook air. should i be using antivirus?
MacBook Air (11-INCH, MID 2011), OS X Mountain Lion (10.8.2)
Mac OS X's built-in defenses and common sense are enough unless you're running Windows on the computer; ClamXav and/or Sophos may be useful but aren't needed.
(82180)
Niel,
Thanks for the response. So why does norton, mcaffee, etc make products? Am I really safe without it? I felt very safe on linux I am hessitant on Mac. I suppose Apple tends to be more active in software updates than MS is - is that why its not needed?
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is presumably effective against known attacks, but maybe not against unknown attacks. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. Beyond XProtect, Gatekeeper, and MRT, there’s no evidence of any benefit from other automated protection against malware. The first and best line of defense is always your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
That means, in practice, that you never use software that comes from an untrustworthy source, or that does something inherently untrustworthy. How do you know what is trustworthy?
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
8. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
wcrowder wrote:
So why does norton, mcaffee, etc make products?
I suppose the long-time A-V developers have a large enough installed base to make it worthwhile to continue. Most of the new ones have only recently branched off from the Windows community to try and take advantage of the publicity a year or so ago when Flashback reportedly infected 600,000 OS X users. It remains to be seen whether sales will support their continued presence in the market or not. Almost all rely on hype and advertisement to scare users into buying their products with promises to guard against tomorrows threat. I'm still waiting for the first of them to prove they were able to stop even one of the so called "zero-day" infections from occurring. All the ones I have checked on were not able to get protection out for one to three days after discovery.
I felt very safe on linux I am hessitant on Mac.
I'm not sure why that is since with OS X they have much in common. Most of the vulnerabilities have been due to third party problems. Oracle's Java, Adobe's Flash, Microsoft Word and now IBM Notes all keep poping up in the news with a variety of un-patched vulnerabilities being exploited. Updates to OS X security involve far fewer updates by comparison.
I suppose Apple tends to be more active in software updates than MS is - is that why its not needed?
I'd say it's more the built-in functions of the Quarantine, XProtect and GateKeeper capabilities which both remind a user of possible dangers represented by newly installed files and can prevent the execution of un-trusted processes, if the user chooses to adopt this approach. I haven't experienced the MS software update experience for a few years now, but when I was there were plenty of security updates on a frequent basis and a lot of them covered some very old issues. The XProtect system is capable of pushing updates out every 24 hours at this time and it's been exercised a couple of times when the malware developers were able to update things on their end in a rapid manner. I don't know whether MS has that capability with their Security Essentials software or not, but I would hope so.
So why does norton, mcaffee, etc make products? Am I really safe without it?
They make products because there is malware out there, and that means that there's a market for their products.
You're definitely safer with anti-virus software installed, but how much safer is a good question. If you take certain precautions, you're pretty safe already, even with no anti-virus software installed at all. So the gains would be very marginal, and you would trade a certain amount of performance and stability to get them (depending on what anti-virus software you use).
See my Mac Malware Guide for more information about how to protect yourself and what role anti-virus plays. Be aware that many viewpoints in forums like this one can be highly biased against anti-virus software. There are some good reasons for that, but those reasons are generalities that are often treated as absolutes.
You should listen to Thomas! His opinions are balanced, colorful, many-sided, and unbiased. Also, his arrogance knows some bounds. My opinions are unbalanced, black-and-white, one-sided, and biased, and my arrogance knows no bounds.
I like!😎
antivirus