Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Antivirus on Windows home network/domain

As the title suggests, I have a relatively new Mac on a primarily Windows home network (some Linux also). I have file servers, domain controllers, etc. I did have Norton Security installed for about 2 mos., which didn't cause any immediate issues, save a possible GUI bug (progress bar under Downloads stack wouldn't go away if downloading after switching graphics). I say possible, because I did a clean install and did not reinstall NS, so I cannot prove it was the issue. I have read many other threads ad infinitum about not needing anything on the mac as far as internet security goes--and I'm fine with that. What I am concerned about, however, is passing things along to Windows machines, or worse, servers. Does anyone else have macs without AV in this kind of environment, either at home or in the enterprise? The mac is mine and only mine, fwiw, and I never even got anything on my Windows machines, short of cookies. Nobody else will be using it in this situation, so actual threat environment is pretty minimal. I do use the servers for video, music, backup and secure document storage, among other things--but not business-dependent and more for convenience and structure at home. All other machines have AV. Linux machines have only passive scanning (no real-time) or, for Linux file servers, scan on write. Any advice or experience in this situation is greatly appreciated.


My colleagues at work thought I was crazy to even consider going without any AV, but our infrastructure at work is very large, convoluted, and extraordinarily business-dependent and ultra-high availability. I do not bring my mac there, because Symantec Endpoint is required, as are certain levels of permissions granted to admins and desktop support -- none of which I want having access 🙂

MacBook Pro (Retina, 15-inch, Mid 2015), OS X Yosemite (10.10.4), Discrete graphics

Posted on Jul 27, 2015 5:05 PM

Reply
Question marked as Best reply

Posted on Jul 27, 2015 6:06 PM

A free "anti-virus" (AV) product from the Mac App Store is harmless as long you don't let it delete or move any files. Ignore any warnings it may give you about "heuristics" or "phishing." Those warnings, if they're not merely false positives, refer to the text of email messages or cached web pages, not to malware.

An AV app is not needed, and can't be relied upon, for protection against OS X malware. It's useful, if at all, only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware.

Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. A malicious attachment in email is usually easy to recognize by the name alone. An actual example:

London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe

You don't need software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's no reason to use recognition software unless an organizational policy requires it. Windows malware is so widespread that you should assume it's in every email attachment until proven otherwise. Nevertheless, a free AV product from the App Store may serve a purpose if it satisfies an ill-informed network administrator who says you must have some kind of AV application.

7 replies
Question marked as Best reply

Jul 27, 2015 6:06 PM in response to amrobx

A free "anti-virus" (AV) product from the Mac App Store is harmless as long you don't let it delete or move any files. Ignore any warnings it may give you about "heuristics" or "phishing." Those warnings, if they're not merely false positives, refer to the text of email messages or cached web pages, not to malware.

An AV app is not needed, and can't be relied upon, for protection against OS X malware. It's useful, if at all, only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware.

Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. A malicious attachment in email is usually easy to recognize by the name alone. An actual example:

London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe

You don't need software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's no reason to use recognition software unless an organizational policy requires it. Windows malware is so widespread that you should assume it's in every email attachment until proven otherwise. Nevertheless, a free AV product from the App Store may serve a purpose if it satisfies an ill-informed network administrator who says you must have some kind of AV application.

Jul 28, 2015 3:21 PM in response to Linc Davis

Thanks. I did download the free Bitdefender scanner from the app store and set it with the minimal permissions. As long as it can tell me if and where a piece of Windows malware is hiding, I am very comfortable with removing it manually via finder. I think that this, given what you've also said, is a reasonable compromise. Scanning every now and then with minimal risk of mucking the system suits me just fine. I'm not really worried about the Mac itself, just it harboring something around my servers. Granted, I have never had a virus, malware or adware on Windows (that I was ever aware of or saw the effects of), anyway, so I doubt it will be put to much use except for the very occasional scan if I think about it.

Jul 28, 2015 5:26 PM in response to amrobx

Hello amrobx,

I am unaware of any completely harmless Mac anti-virus software. They are all made by Windows software developers who know nothing about Macs. At best, they will slow your machine down and could easily corrupt important file and/or databases. Even if the app comes form the Mac App Store, it still isn't safe. In order to give a Mac App Store the ability to scan for viruses, you also give it the ability to modify every files on your system. You may never get the chance to decide for yourself whether or not to delete or move a file. These apps could easily corrupt critical files and never ask you. I have had this happen to me not even using anti-virus. It was just software made by Windows developers who didn't know Macs.


Now, just to be fair, my advice may not always be true. Mac users have really been suffering from an epidemic of adware and tech support scammers. Those are the two biggest threats these days. Viruses and even trojans for the most part are still no-shows on the Mac. I have seen many EtreCheck reports that include both adware and actively running Mac antivirus software. There is an effective anti-adware tool for the Mac called AdwareMedic. It doesn't work like Windows antivirus. You only run it after you get infected to clean up the adware. It was recently purchased by a Windows antivirus company called Malwarebytes. They could wreck a great product. Or they could turn it into the first decent Mac antivirus product. At this point, it is too soon to tell which path they will take.

Jul 28, 2015 6:00 PM in response to amrobx

The only tools that anyone needs to detect and remove adware are the Finder and a web browser, both of which you already have. Anyone who has enough computer skill to install adware can just as well remove it without using anything else.

Apple doesn't endorse any third-party "anti-virus" or "anti-malware" product. Here and here are its general statements about malware protection, and here are its instructions for removing the most common types of ad-injection malware. None of those support pages mentions anti-malware products. An Apple employee who recommends such a product is speaking only for himself or herself, not for the company. See this thread for an example of what the results can be.

You become infected with malware by downloading unknown software without doing research to determine whether it's safe. If you keep making that mistake, the same, and worse, will keep happening, and no anti-malware will rescue you. Your own intelligence and caution are the only reliable defense.

As a Mac user, I'm concerned about attempts by the Windows/Android anti-malware industry to move in on our platform. The truth is that relying on anti-malware makes us less safe from malware attack, not more, because it can't possibly defend against every threat, and if we have a false sense of security, we may take risks from which it doesn't protect us.

The Windows/Android anti-malware industry had more than $75 billion in sales in 2014 [source: Gartner, Inc.]. Its marketing strategy is to make people feel that they're defenseless against malware attack unless they use its products. But with all that anti-malware, the Windows and Android platforms are still infested with malware—most of it far more dangerous than mere adware. The same thing can be expected to happen to the Mac platform if its users depend on the same industry to protect them, instead of protecting themselves.

These are generalities. Regarding the "malwarebytes" product in particular, you may be told that there are no reports that is has caused damage. In fact, there is such a report by ASC user LizardMBP in this thread. Draw your own conclusions from that report.

You can also search this site for thousands of other comments on all kinds of anti-malware by ASC members other than myself. Below are a few examples, all quoted from different discussions.

Under no circumstances should you ever allow anti-virus software to delete something for you!
NEVER allow anti-virus software to remove files from your computer...
Anti-virus software is almost universally bad on the Mac, and isn't necessary. It won't protect you well against adware, either.
So, what is this anti-virus software protecting you from? Not a lot these days. In exchange for the very real possibility - though certainly not promise - of having trouble as a result.
Most commercial antivirus software is junk and some of it is harmful.
There will always be threats to your information security associated with using any Internet - connected communications tool... Assuming that any product will protect you from those threats is a hazardous attitude...
Antivirus software does more damage to Macs that the malware does.
We spend far more time here on the support forums cleaning up problems with antivirus software than we do cleaning up problems with viruses.
The only malicious software is the anti-virus or "clean up" software itself.

If you'd like to see links to the quoted discussions, ask.

Jul 28, 2015 7:18 PM in response to etresoft

Thanks for the heads-up. I will certainly look out for potential issues. Luckily, I have multiple redundant daily (and hourly, with TM) backups, not including off-site backups and archived media. If this app messing up my mac is simply an eventuality, I at least have the means to undo what has been done. This is partially what my server infrastructure is for--it's just that Windows and Linux machines also rely on it for the same purposes. I will monitor everything for odd behavior and perform backups before any sort of scan, which I would do anyway. I will also keep track of trends and further info for the app--and will continue/discontinue use accordingly.


Edit: Any reports of this specific Bitdefender scanner causing issues? I haven't read of any, but I don't see the same quantity of topics/discussions nor do I have the same working knowledge you guys do. So, in light of that, please alert me if something less than favorable has been attributed to it.


For what it is worth, I have the app to scan only very select folders, basically my user folders, including ~/Library. I have not authorized system folders yet and the scan is user-initiated with no background processes/real-time component. I am admittedly new to the Mac side of things, so I'm doing my best to find reasonable ways to do things with the least compromises on all sides. It's not easy, but I am taking all of it seriously, the above advice from you and Linc definitely included.

Jul 29, 2015 7:55 AM in response to Linc Davis

Linc Davis wrote:


Regarding the "malwarebytes" product in particular, you may be told that there are no reports that is has caused damage. In fact, there is such a report by ASC user LizardMBP in this thread. Draw your own conclusions from that report.


It should be noted that the discussion that LizardMBP started, at your request on that thread, was filled with demonstrably false claims, and has since been removed by the moderators. Draw your own conclusions from that.


You can also search this site for thousands of other comments on all kinds of anti-malware by ASC members other than myself. Below are a few examples, all quoted from different discussions.


Some of those quotes are my own words, taken completely out of context in an attempt to make them say what you want them to say. Further, you are completely aware of the fact that these quotes are not representative of my full viewpoint, as we have had disagreements in the past when I have recommended specific third-party anti-virus solutions. I'm disappointed that you would choose such dishonest strategies to force your viewpoint on others. If there is any merit to your opinions, they should be able to stand on their own without resorting to such trickery.

Antivirus on Windows home network/domain

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.