Q: Does my new Macbook Pro need Antivirus? Best Buy gave me the Webroot...

Linc rarely responds to requests from others, especially older ones such as this and may not even be monitoring it any longer, so I'll give it a try.

Zontania wrote:

 

About Java: I need it to play my favourite game (RuneScape). Are you saying that by granting permission to this page to run, I am exposing myself to threats?

Yes, but depending on what versions of OS X and Java you are using, that threat may be minimized. Oracle and Apple have become much better at keeping on top of these things and will disable older versions when necessary. Just be rigorous about keeping your Mac fully up-to-date.

And what about the Adobe Flash Player that most games are using nowadays? Is this unsafe, too?

The current version is not known to be unsafe, but that last version was and Apple blocks it in Snow Leopard 10.6.8 and above. Again, the latest versions of OS X have the means to better manage and "sandbox" it's use, which goes a long way to keeping any threat under control. Flash is notoriously vulnerable in many ways and will almost certainly never be bug free, so for now keep it up-to-date and hope that more sites eliminate it's use in favor of safer, more powerful technologies.

Thanks again, I m on wifi behind a new Apple router, you have been a big help

I am a Threat Research Analyst for OS X.  Threats are a real occurrence for mac just as they are with PC.  The types of malware are different however there is indeed a need for security on your mac.  Threats like cryptolocker do not currently exist for mac, however that that doesn't mean that there is no need for security.  PUAs, Trojans, and Spyware are very common for OSX.  By telling people that they cant get malware you are opening them up to a terrible user experience.  Also, basing your choice of Antivirus products on how they do on AV test isnt always the best idea either.  AV testing companies do what is called zoo testing, which means they throw a bunch of bad files in a folder on the desktop and run scans with the AV products.  This method doesnt give a real world analysts of what people would encounter.  The OS X system follows a structure for its programs, some AV products might detect files based on where it installs, or by its Info.plist file, or if it creates a directory that is unique. Also, the files without the proper stucture format just become benign files, thus meaning they are useless without the correct resources.  So by placing the binary on the desktop you are giving consumers a false representation of the AV products ability to remove a real threat.

OMG- Now THAT is alot of info right there my friend!

Will have to ensure I have a good hour to read thru this with a fine tooth comb.

Thank you!

Devin_B wrote:

 

I am a Threat Research Analyst for OS X.  Threats are a real occurrence for mac just as they are with PC.  The types of malware are different however there is indeed a need for security on your mac.  Threats like cryptolocker do not currently exist for mac, however that that doesn't mean that there is no need for security.  PUAs, Trojans, and Spyware are very common for OSX.  By telling people that they cant get malware you are opening them up to a terrible user experience.

I also specialize in Malware threats to OS X, and welcome you to this discussion. As such I agree with everything you said, except that I have never informed anybody that they cannot be infected with malware, so where is that coming from?

Also, basing your choice of Antivirus products on how they do on AV test isnt always the best idea either.  AV testing companies do what is called zoo testing

I should let thomas_r. defend his own testing since he is probably still following this, but if you had read his article you would know that the testing he did was the exact opposite of "zoo testing" and he isn't a testing company. That being said, he would be the first to admit that it was't done perfectly and that he has no plans to follow that up.  It's quite time consuming and does, as you say, neglect some aspects of an actual user experience.

MadMacs0 wrote:

I should let thomas_r. defend his own testing since he is probably still following this, but...

Ahh, I'd generally agree with what you said, although the testing was a bit more like "zoo" testing. I'm less and less satisfied with those tests the more I know, and the more I learn about detecting malware. My own AdwareMedic, for example, would fail miserably in "zoo" testing, but is quite successful in the real world.

Im actually a big fan of adware medic myself, I have definitely read the articles on your website as that is what got me interested in Mac malware and stopped researching pic malware. I really wish that the av companies would fight the testing methods that just confuse consumers.