Any opinions? I've been using ClamXav for a long time and it never seemed to do anything. Avast has flagged emails and found a virus in my Parallels Win 7 file that my Windows AV software eventually cleaned. Avast seems good, any downsides?
Mark
MacBook Pro with Retina display, OS X Mountain Lion (10.8.4), 15" 2.7GHz, 16GB, 512GB
neither
If you really think you need something that causes more problems than it can possibly solve, take a look at Thomas Reed's Anti-Virus testing: http://reedcorner.net/news-favorites/.
"Avast" is perhaps the worst of the whole wretched lot of commercial "security" products for the Mac. It's worse than the imaginary "viruses" you were worried about when you installed it. Not only does it fail to protect you, it throws false warnings, destabilizes and slows down your computer, and sometimes or always corrupts the network settings and the permissions of files in your home folder. Removing it may not repair all the damage, and neither will Disk Utility or even reinstalling OS X.
Back up all data, then remove "Avast" according to the developer's instructions. Reboot.
If you tried to remove Avast by dragging an application to the Trash, you'll have to reinstall it and follow the instructions linked above.
"ClamXav" is not routinely needed and should not be relied upon to detect OS X malware. It may be useful for detecting Windows malware in a mixed Mac-Windows network environment, or when a misguided network administrator requires you to run an "anti-virus" application.
I haven't used Avast, but recently Thomas Reed tested Avast among many others, and it came out as one of the best for detecting known malware samples (though results may likely vary for different situations). On the other hand, ClamXav did not fare as well.
However, keep in mind that Avast is one of the AV utilities that installs a number of additional tools, including browser extensions and preference panes, along with some kernel extensions, and this more extensive installation footprint may result in some incompatibilities and problems.
I usually recommend a lighter-weight AV package that is less intrusive, such as Sophos home edition which has a relatively small footprint on the system. While iAntivirus from the Mac App Store is free and the most self-contained solution (ie, it does not install launch daemons, updaters, and other helper tools), it does not have a built-in updating routine (part of the Mac App Store restrictions, which require updates through the store only), so its definitions may be significantly out of date.
I've had Avast installed for about two months with no ill effects, with the possible exception of the file system shield slowing disk to disk file transfers. I'm still testing this and it's looking like may have been a bug in the prior version. My Mac has to coexist with Windows machines (even itself running Parallels) so I prefer it be malware free.
I read that article as well as one on Ars Technica and that's why I chose Avast. I'll have to look into Sophos and see if it would work for me. I need one that will flag dangerous emails. A smaller footprint would be nice. I wound up with iAntivirus on my Mac but I have no idea how it got there. I used it for a little while but the lack of definition updates made me think it was orphanware so I removed it. I used ClamXav for years but it never struck me as a good solution.
To do this you will need one that actively scans incoming e-mail (ie, with some sort of Mail plugin), or which you run on a regular basis with a scan directed at your e-mail client's message database (ie, /Users/username/Library/Mail for OS X's built-in Mail client). I'm not sure of the features of each that will do this, but overall you can configure most to accommodate this need in some way, if it is one you truly need for your setup.
If you find this comment too long or too technical, read only sections 5, 6, and 10.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
For the reasons given above, App Store products, and other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. OS X security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is presumably effective against known attacks, but maybe not against unknown attacks. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. XProtect, Gatekeeper, and MRT reduce the risk of malware attack, but they're not absolute protection. The first and best line of defense is always your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
That means, in practice, that you never use software that comes from an untrustworthy source, or that does something inherently untrustworthy. How do you know what is trustworthy?
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
8. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
Avast does this by default, that's why I zeroed in on it in particular.
Good article. I've been an Apple user for almost 30 years and never had a virus but I (begrudgingly) run Windows on the Mac as well as having a number of friends who also use Windows so an AV program on the Mac is the first line of defense. As long as it works and remains unobtrusive I have no problem running it. As far as safe computing practices, after all these years I better know what I'm doing or I deserve what happens. 🙂
Mark Piaskiewicz1 wrote:
My Mac has to coexist with Windows machines (even itself running Parallels) so I prefer it be malware free.
You should not rely on any Mac A-V software to protect your Parallels processes. Most will do an adequate job of finding Windows malware on the Mac side, but you should run a separate A-V product on the Windows side to cover all your bases there.
The ClamAV® scan engine was originally an e-mail scanner and Apple still distributes it with their OS X Server software for that purpose. You do have to be cautious not to allow any A-V software to move or delete e-mail as it will certainly corrupt the mailbox index, which can result in several mail issues down the line.
When I read this earlier today, I thought I should respond when I had time, but Topher said almost everything I would have said (no surprise) so I'll limit my remarks on Avast! to one entry in the Comment section of Thomas Reeds test article when responding to a question of why Avast! wasn't a "no-brainer" choice:
Although avast! certainly has a high detection rate on its side, keep in mind that there are any other factors that should determine which anti-virus software you use. Do not rely solely on testing like this to make the choice. Evaluate the features that you feel you need that each program offers, and make sure that you educate yourself as to what the risks actually are before installing anything.
As far a ClamXav is concerned, the unfortunate thing about it is that it must rely entirely on a scan engine provided by others. Don't get me wrong, it's a very good scanner and improvements are being frequently rolled out by Sourcefire/ClamAV®, but in the end it is the signature database that matters. Signature writers are working much harder these days to keep up, but they are totally reliant on samples being submitted to their site or to VirusTotal. They don't have a 24-hour watch center looking for new outbreaks or a lab to do detailed analysis of what the malware does and how it does it. It's mostly up to users and the other subscribers to VirusTotal to share what they find. I've been through more than one epidemic here in the forum and the last thing most users want to be bothered with is providing a sample of what infected them. They will stop at nothing to make it disappear forever and have no idea where it came from.
That being said, there are several of us available to work around the clock here to obtain samples of any new Mac malware and get it to any and all A-V vendors capable of putting a stop to it, but as I said it takes some user cooperation to do that. It doesn't happen very often, but ClamAV did have at least one new variant in it's database before Apple or any other A-V software we tried. But that is very much the exception. Commercial software can easily afford to commit the resources necessary to stay on their game, where a not-for-profit organization has no chance of keeping up.
An excellent article !. 🙂
Many years ago I used Avast on my windows machines and it was fine.
A few months ago I was fooled by all the reviews about it and I installed it on my Mac. Until today:
Today I found out that despite everything working fine, (could connect to two separate networks), all the settings were good, etc. I couldn't open any website on either of Safari, Chrome, or Firefox. I reset everything and I finally called AppleCare. During the call, I thought maybe it was caused by Avast. I uninstalled it and my troubles went away... for some time, then came back. I had to install Avast again, and uninstall it again, and manually remove all the extensions it had added to my browsers to be able to connect to the internet.
Avast is now officially on my list of "Anti viruses which cause more pain than actual viruses".
I wish I had read Linc Davis's comment here before I installed Avast.
Any opinions re Avast vs ClamXav?
