Virus and malware protection

Stormrydr,

Detecting and avoiding malware and spyware, by Dr. Smoke has a good summary of threats, and protection.

;~)

Blah, blah, blah. I have heard this before.

No viruses for Mac OS. Not fewer than Windows - NONE. Not a single documented virus has ever been released in the wild for Mac OS X. Zero.

Use common sense when broswing, do not open unsolicited attachments, do not use P2P software, don't browse adult websites or product activation "crack" sites and you are about as safe as can be.

Number of times I have reformmated and reinstalled everything on my Mac for any reason at all in the past 2+ years - NONE.

Number of times I have reformatted and reinstalled everything because my wife and kids can't not click on a "yes" box in a popup that unleashes a flurry of spyware that I cannot get rid of - 3 (and that is with up-to-date spyware/anti-virus/firewall software).

Call it a more secure OS or call it "security by obscurity" (which I do not buy), but the Mac OS is the most secure OS commercially available for the home user. Bar none.

If you want to run spyware tools, you can (they won't find much of anything). If you want to scan docs before you forward them to your Windows using friends - you can, but don't pay for it. Use ClamXav instead.

Do not have your main account set up as a root user and always look at what app is requesting your password before blindly typing it in. Download the Word macro-virus patch from Microsoft to close that hole.

Use a Mac and common sense and you can eliminate 90% of the threats.

SStormrydr,

The built-in firewall is industrial strength, when it's configured correctly.

 Apple recommends using antivirus as part of regular maintenance (Item 6).

Apple bundles clamav with OS X Server.

I recommend clamXav because it uses the same antivirus engine (clamav) that Apple bundles with OS X Server: the price is right (donation-requested-ware), it isn't demanding of system resources, it gives some protection against trojans and phishing, and clamav tends to update definitions faster than commercial antivirus programs.

Oh, and in spite of the loud denials that inevitably come, somebody has already released an OS X virus into the wild.

Spyware is a different matter, since your behavior (and browser and mail settings) is the determining factor.

-Wayne

I have used various versions of Norton or Symantec AntiVirus since way back with my Performa 430.

I currently run Norton AntiVirus 10.1.1 on a three-week old Intel iMac.

I've read all the horror stories about this program.

I have never experienced any problem related to a virus or the antivirus program.

Intel iMac20 Mac OS X (10.4.6)

Doug,

What criteria were used for the evaluation? Under what test conditions and using what metrics? (No product names need be named.)

Oh, and cookies aren't executable. What exactly, did the kids at the Universy computer lab claim?

-Wayne

PS My post was written while the forum was acting up (and during your edit). Mine should be the second reply.

Doug,

Security is a moving target, not an end: Choose an appropriate level of paranoia and budget and act accordingly.

The simplest solution is to never store or transmit personal information by computer. If that's not practical, you have some choices for OS X.

A word of caution: I have not personally vetted or tested any of the following software:

One semi-Open Source solution is Vaultlet Suite. EPIC refers to it - your mileage may vary.

A Mac-centric solution (again unvetted or tested by me) is info_xhead.

Here's a page devoted to secure Mac storage, although I don't see product reviews.

Here's Indiana University's computer security advice. (It looks to be a fairly generic guide for academia.)

-Wayne

Stormryder, I am not saying that you should fly naked out there, I am saying that there is no need for panic.

computer virus (n.) a self-replicating computer program that spreads by inserting copies of itself into other executable code or documents.

Strictly speaking, the three examples you give fail to meet this definition. Leap-A is a trojan which does not replicate. It also requires user interaction. Inqtana-A is a worm that again, needs interaction to open and spread. Zaptastic is a security hole in OS X, specifically Dashboard. None of them meet the requirements for being a virus.

Semantics aside, why would you download images from someone you do not know without scanning them first? That's how Leap-A spreads. Why would you not update your Bluetooth or your widgets with the security fixes that Apple publishes and recommends? Those close both the Inqtana-A and Zaptastic holes.

Anyone who does not use their brains when surfing and does not apply security updates the second they are available from Apple is leaving themselves open to breeches. No anti-virus software in the world will overcome user stupidity and laziness.

Sorry to sounds so harsh, but when there is a true virus for the Mac OS, we will hear about it instantly and repeatedly for weeks on end. Windows fanboys will flaunt it in our faces. Until then, I know I am safe. Experience has told me that.

There is a huge difference between a virus and a security vulnerability.

"But what is inarguable is that your premise that there are no viruses or malware that can infect the Mac is clearly in error. The danger is that probably millions of Mac users feel just like you do."

I never said that there was no malware. I said there was very little. This is what I said -

"If you want to run spyware tools, you can (they won't find much of anything)."

Big difference.

Mac users feel like I do because they are intelligent enough to know when a magazine and software publisher are trying to sell copies of their software and magazines instead of publishing useful facts. No software will expose the exploits or close those security holes that are out there. So using commercial software to make yourself feel more secure does just that - makes you feel more secure.

"Because of that attitude, not any gross vulnerability of the Mac, the potential exists that more Macs are infected than PCs"

Not a single Mac running OS X has a virus that will effect the Mac itself on it anywhere in the world. Fact.

I have myself behind a router, with the OS X firewall enabled. I also download the security patches that pop up in software update as soon as I am advised to do so. Sometimes I hear about it before SU does and I run it to grab that patch right away. I also do not have myself logged in as a root user. When an installer asks for my password, I double check to see that it is the program that I am actually installing. I regularly check Microsoft for Office updates that close the inevitable holes in their software.

I am vigilant, but I am not paranoid. I - along with many Mac users - do not run AV software and have never been infected or breeched because we use common sense.

No software can protect a user from themselves.

On a scale of 1 to 10, Norton is about a 2 (not difficult). You install it. You adjust a few settings. It updates itself every day or every week or whatever you want. After a year you decide whether you want to spend another $15 for the automatic updates (you can continue to update manually for free). That's it.

Intel iMac20 Mac OS X (10.4.6)

Leap-A had limited distribution, and is gone now, as Apple's patched the hole it came in through.

Inqtana-A never got into "the wild" - it was shown as a demonstration only - and is dead anyway, because it, too, relied on a patched hole.

Zaptastic was a demonstration as well - all it did was display a message on screen when you clicked a link in a web page - and it's gone as well.

Seeing a pattern?