Does the Mac need anti-virus software?
I have been told the Mac does not need anti-virus software. I have Kapersky on my Mac now and was told to take it off. I was told Apple updates the protection software daily. Any thoughts?
iMac, iOS 6.1.4
I have been told the Mac does not need anti-virus software. I have Kapersky on my Mac now and was told to take it off. I was told Apple updates the protection software daily. Any thoughts?
iMac, iOS 6.1.4
take it off
take it off
If you find this comment too long or too technical, read only sections 5, 6, and 10.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
For the reasons given above, App Store products, and other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. OS X security is based on user input. Never click through any request for authorization without thinking.
4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is presumably effective against known attacks, but maybe not against unknown attacks. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
5. XProtect, Gatekeeper, and MRT reduce the risk of malware attack, but they're not absolute protection. The first and best line of defense is always your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
That means, in practice, that you never use software that comes from an untrustworthy source, or that does something inherently untrustworthy. How do you know what is trustworthy?
Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
7. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. Any database of known threats is always going to be out of date. Most of the danger is from unknown threats. If you need to be able to detect Windows malware in your files, use one of the free anti-virus products in the Mac App Store — nothing else.
8. An anti-malware product from the App Store, such as "ClamXav," doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
Anti-virus software may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use the software unless a network administrator requires you to do it.
The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have the disadvantages mentioned in section 7.
I've had my iMac since 2009 and i have never had any anti-virus software. I have never had a single virus at all and i've not quite been visiting safe sites...
I have been told the Mac does not need anti-virus software. I have Kapersky on my Mac now and was told to take it off. I was told Apple updates the protection software daily. Any thoughts?
You can find a lot of information that will help you choose whether or not you want to run anti-virus software in my Mac Malware Guide. I personally do not use it, and don't think it's necessary at this time, but not everyone is as skeptical of running unknown apps as me and things do have a way of changing suddenly, so you need to make up your own mind.
Two comments specific to your situation... First, I don't really know that I trust Kaspersky that much yet. My testing earlier this year showed that it was just okay, not stellar, at detecting Mac malware, and it wasn't that long ago that a Kaspersky malware removal tool borked people's user accounts, making it impossible for them to log in. So I would probably recommend uninstalling it, using the uninstaller found on the original disk image that you downloaded to install it, even if you decide you want anti-virus software.
Second, Apple doesn't actually update the protection built into Mac OS X daily (there'd be no point, as new Mac malware appears more like once every few months or more), but they do tend to update it very quickly when there is a new threat. Don't think of it, or any other anti-malware software, as bulletproof, though. It is not.
Harry Glidden wrote:
I was told Apple updates the protection software daily.
Probably more accurate to say that OS X 10.6.8 and above checks for updates to it's malware definition database every twenty-four hours (or when awakened if asleep at the 24 hour point) when it's connected to the Internet. It may be several months between actual updates as there aren't that many new infections discovered in-the-wild. I believe the last time a new definition was added was back in April of this year.
The same update is also used to block dangerous versions of Flash Player and Java. The last change there was on Thursday of last week. I think the one before that was in May.
thomas,
thank you, for mentioning kaspersky and the issue people had with it.... appreciated
Does the Mac need anti-virus software?