Antivirus on Mac? Do you?

No, but then I don't on any of my computers anyway.
 
ClamXav Sentry to monitor my downloads folder and my email inboxes.
 
Islander said:
They most certainly are.
Click to expand...

Think you missed the word not off there. :)

There has only been one trojan which was attached to an illegal download of iLife (may have been iWork). As far as I am aware that is the only Mac virus known.

To answer the question, no I do not but I am all mac household.
 
antivirus is nothing more than snake oil, I don't think I've ever actually seen an antivirus program stop a modern day threat. No matter what AV is installed we still have to take the machine in, clean it with malwarebytes or whatever, then give it back to the customer.

AV = total waste of money. "Viruses" practically don't even exist anymore, because the way modern operating systems are designed renders them useless. When the flat memory model died a death, so did viruses, pretty much. "Antivirus" companies are just taking your money - wake up!
 
trencheel303 said:
antivirus is nothing more than snake oil, I don't think I've ever actually seen an antivirus program stop a modern day threat. No matter what AV is installed we still have to take the machine in, clean it with malwarebytes or whatever, then give it back to the customer.

AV = total waste of money. "Viruses" practically don't even exist anymore, because the way modern operating systems are designed renders them useless. When the flat memory model died a death, so did viruses, pretty much. "Antivirus" companies are just taking your money - wake up!
Click to expand...

You couldn't be more wrong if you tried I'm afraid. I've seen good AV programs avert potential disasters on many occasions. My work network would have been severely crippled by an unwittingly introduced copy of Conficker if it weren't for the AV we run. Just read the Information Security sites for the stats. Security has to be layered to be properly effective and AV is an important part of that layering.

You don't even have to spend money - there are three excellent free AV programs for PCs and one for the Mac and they don't just protect against viruses which, by the way are still alive and kicking in the wild, they also protect against worms which are also alive and kicking, macro viruses, and some trojans.

Free PC AV programs are Avira, Avast and Comodo - there is also AVG but they seem to have lost the plot of late.

Free Mac AV program is ClamXav.

All are effective. I'm an Information Security professional by the way, I do this stuff for a living.
 
ding76uk said:
Think you missed the word not off there. :)

There has only been one trojan which was attached to an illegal download of iLife (may have been iWork). As far as I am aware that is the only Mac virus known.

To answer the question, no I do not but I am all mac household.
Click to expand...

Ahem.

OSX/Tored-A
OSX/Jahlav-C
OSX/Leap-A
OSX/Oompa-A

A few examples.

Oh and macro viruses.

There will no doubt be others in the pipeline, Macs are not immune - far from it.
 
Islander said:
Just read the Information Security sites for the stats. Security has to be layered to be properly effective and AV is an important part of that layering..
Click to expand...

Personally, I wouldn't call a program that hooks itself into the kernel and often runs several services at system/administrator level "secure". Not all security programs use Kernel hooks but many do. Have a look at this link for a better idea of what I'm talking about, particularly paragraph 3 onwards:

http://arstechnica.com/security/new...move-attack-from-theoretical-to-practical.ars

If a piece of software is hooking into the kernel, it doesn't matter what you do, because the potential for exploitation forfeits any benefit given by whatever AV program is running. I always prefer preventative measures of stopping the bad stuff getting in, and I'm just talking simple stuff like ACLs on sensitive parts of the system, strengthening IE settings, etc. There was a guy on another forum I used to frequent who always said "Security does not come with an installer", and to be honest, I couldn't sum it up better. You can spend all day long gumming up a system with anti this and anti that, but at the end of the day it's just one more application, one more service, one more potential avenue for attack. As a Security professional, I would hope that you can appreciate that.


All are effective. I'm an Information Security professional by the way, I do this stuff for a living.
Click to expand...

I am not a Security professional on paper, but I do work at the front line of tech support and everyday I have to clean up the mess left behind that should be taken care of by AV programs, if they are half as good as what they are cracked up to be. The reality of it is, by and large they aren't worth the paper they're written on - companies pay an absolute fortune for so called "protection", and yet whenever the latest malware strikes, technicians are still running around sorting it. I've been completely antivirus free on all my computers since around 2007 now, and have seen absolutely no problems. Other people I know who aren't quite so Internet savvy, have AV programs installed, and I am still around their house every 6 months sorting it.

Taking all of this into account, I hope you can understand where I am coming from when I say that Antivirus is snake oil, as I personally have never seen evidence to suggest otherwise, in work or at home. Perhaps I should have said, I believe that Antivirus is snake oil... but I'm not going to say that you are "wrong" or that I am "right".
 
trencheel303 said:
Personally, I wouldn't call a program that hooks itself into the kernel and often runs several services at system/administrator level "secure". Not all security programs use Kernel hooks but many do...

...If a piece of software is hooking into the kernel, it doesn't matter what you do, because the potential for exploitation forfeits any benefit given by whatever AV program is running.
Click to expand...

There are plenty of hooks into any OS kernel but to get access to them you have to elevate privilege in turn. AV products are hardened against that and quite effectively so. Very few pieces of malware will have a negative effect on AV systems - the engines are patched as soon as exploits are discovered. It's a very low risk.

trencheel303 said:
I always prefer preventative measures of stopping the bad stuff getting in, and I'm just talking simple stuff like ACLs on sensitive parts of the system, strengthening IE settings, etc. There was a guy on another forum I used to frequent who always said "Security does not come with an installer", and to be honest, I couldn't sum it up better. You can spend all day long gumming up a system with anti this and anti that, but at the end of the day it's just one more application, one more service, one more potential avenue for attack. As a Security professional, I would hope that you can appreciate that.
Click to expand...

Prevention is always better than cure and the statement that security doesn't come with an installer is absolutely correct BUT it doesn't mean that installed software isn't a part of the arsenal. It means that you have to start with policy and culture - a security mindset if you like. After that comes the technical and physical controls each of which is subject to proper and thorough risk analysis.

At the perimeter you have your firewalls performing at proxy, stateful and port level. Within the LAN you apply ACLs to switches, routers and other appliances and use VLANs to segregate traffic as appropriate. You may even have secondary internal firewalls to isolate critical systems. You deactivate unused ports as well. On each host device you have protective measures including least privilege, malware protection (including AV), endpoint control and encryption if necessary. You may even have a local software firewall - advisable on any remote or mobile computing device. All of this is centrally managed and tamper proof. Finally you have a timely patch management policy. There are other bits and pieces but that's the core of it.

Properly managed all of this enhances security without increasing risk and without consuming excessive resources. Security is supposed to add value not impede and proper implementation will achieve this.

trencheel303 said:
I am not a Security professional on paper, but I do work at the front line of tech support and everyday I have to clean up the mess left behind that should be taken care of by AV programs, if they are half as good as what they are cracked up to be. The reality of it is, by and large they aren't worth the paper they're written on - companies pay an absolute fortune for so called "protection", and yet whenever the latest malware strikes, technicians are still running around sorting it. I've been completely antivirus free on all my computers since around 2007 now, and have seen absolutely no problems. Other people I know who aren't quite so Internet savvy, have AV programs installed, and I am still around their house every 6 months sorting it.
Click to expand...

If your corporate AV systems aren't protecting you, then you need to do several things. 1. Embed a security culture with your users. ISO27002 is a good place to start. Educate them and bind them with policy. 2. Examine your system configuration and AV performance. If the systems aren't catching the malware then either they're badly implemented or they aren't
up to the job and you need different ones. They do work if they're competent and correctly configured.

We have around 800 hosts over 60 sites and the only major problem we've had is the conficker one - introduced on a rogue USB device. The systems caught it, alerted us, blocked its spread and cleaned it with very little technician intervention.

trencheel303 said:
Taking all of this into account, I hope you can understand where I am coming from when I say that Antivirus is snake oil, as I personally have never seen evidence to suggest otherwise, in work or at home. Perhaps I should have said, I believe that Antivirus is snake oil... but I'm not going to say that you are "wrong" or that I am "right".
Click to expand...

You may believe it but empirical evidence indicates otherwise. In any event you understand and manage your own risks and that's fine - they're your own risks.

However, to suggest to others who may not have the same level of understanding that they don't need a major security component and to denigrate that component when every area of research and the security standards themselves indicate that they are both effective and an important part of the system defence is irresponsible I'm afraid.

Apologies to the OP for the thread hijack ;)
 
I've had a Macbook for 4 years.

My wife has had her Macbook for 3 years

My daughter has had her Macbook for 2 years

My son has had his Macbook for 2 years

I've never installed any AntiVirus app on any of them

We've never had a virus on any of them, and that's in 11 man/woman Mac years :)

I repeat. Never.
 
Posted: October 26th, 2010
Updated: October 28th, 2010

Boonana Trojan Horse
trojan.osx.boonana.a

Security Risk: Critical

SecureMac has discovered a new trojan horse in the wild that affects Mac OS X, including Snow Leopard (OS X 10.6), the latest version of OS X. The trojan horse, trojan.osx.boonana.a, is spreading through social networking sites, including Facebook, disguised as a video. The trojan is currently appearing as a link in messages on social networking sites with the subject "Is this you in this video?"

The java component of the trojan horse is cross-platform, and includes other files that affect Mac OS X as well as Microsoft Windows.

http://www.securemac.com/boonana-bulletin.php

http://www.maclife.com/article/news...horse_mac_os_x_spread_through_social_networks
 
uh oh, there goes the can of worms again.

trencheel303 said:
antivirus is nothing more than snake oil, I don't think I've ever actually seen an antivirus program stop a modern day threat. No matter what AV is installed we still have to take the machine in, clean it with malwarebytes or whatever, then give it back to the customer.

AV = total waste of money. "Viruses" practically don't even exist anymore, because the way modern operating systems are designed renders them useless. When the flat memory model died a death, so did viruses, pretty much. "Antivirus" companies are just taking your money - wake up!
Click to expand...

youre correct that "viruses" are extremely rare these days. however malware designed to grab money/sensitive information are booming.

as for malware on macs, its bound to increase along with market share rise. if the programers that make the exploits decide that there are enough mac users in the world to grab their money then of course it will rise.

whether you need the software now is a debatable point, the software is certainly there.. but we dont install any on our macs at work. YET.
 
Me neither. Just make sure you have an unchecked box next to "open "safe" files after downloading" in the Safari >preferences >General tab.

I recently bought my Mother in Law a Macbook because she keeps getting viruses/trojans etc on her windows laptop.
No more windows in our house anymore :thumbs:!
Allan
 
allanm said:
No more windows in our house anymore :thumbs:!
Allan
Click to expand...
Must be dark in your house:)

At what point does it get to when you decide that the Mac is running poorly because of a malicious piece of software, virus whatever is on the machine.
When it is too late. I must admit I have very little knowledge of Macs but as they become more prolific so will deviant software. Smart phones etc will be next. Virus creation and usage etc is a multimillion pound business. It will only get worse not better.
 
No antivirus on any of my Macs. There may be no choice in the future though....time will tell.

The only Macs I have installed AV software on in the last 14 years are mail servers.
 
theMusicMan said:
I've had a Macbook for 4 years.

My wife has had her Macbook for 3 years

My daughter has had her Macbook for 2 years

My son has had his Macbook for 2 years

I've never installed any AntiVirus app on any of them

We've never had a virus on any of them, and that's in 11 man/woman Mac years :)

I repeat. Never.
Click to expand...

How do you know you have never had a virus unless you have run an AV program to check your systems?
 
Run Sophos on my work Macbook mainly as we have a site license for both PC/Mac and Sophos on my Virtual PC (VMWare)
 
Ploddles said:
How do you know you have never had a virus unless you have run an AV program to check your systems?
Click to expand...

I guess what he means to say is:

Over those years of never having any AV installed all the macs have ran perfect, there has been no money taken out of his bank accounts and there is no indication that anything has ever caused his mac to slow down etc
 
I run the Intergo software which gives me extra firewall protection, anti-spam, AV backup & for me has paid for itsself after I had a disaster with Aperture 2 when it deleted my HD of images & the backup restored my images. AV may not be a priority but worth it in the suite. Additional they update the AV every few days which means they are out there
 
It may well be that the AV program is being updated with definitions of Windows viruses. Most antivirus software for Mac is there for the purpose of stopping the spread of Windows viruses.

At least, that's how I understand the situation with Mac AV to be at the moment.
 
Yes - I can't help but think that as Mac market share increases, someone will attack them large scale just because they can and the complacency of the fanboys will be their undoing. iAntivirus atm, but looking at possible 'paid for' alternatives so this thread is interesting.
 
Perhaps ensuring that your system/network is patched is primary. I too have extra firewall protection and double natting - but where there is a will there is a way.

I thought that the primary purpose of AV on a mac was to stop the accidental proliferation of Windows malware rather than to protect the mac itself?
 
Don't own a mac, but run several PCs here - and I'm on one of them most of the time. They all have anti-virus running, but I've never found a virus on any of them (but I've had a couple of hacked websites blocked by the AV software). It isn't the computer that gets the virus (particularly behind a NAT'd firewall) but the user clicking on stuff they shouldn't.
 
I use iAntivirus twice a year, but in over ten years of running Macs I've never had a virus.

However, the increase in people buying Mac products does concern me a bit, in five years time when they're even more widespread could see people targeting the Mac platform a lot more.
 
Dman said:
in five years time when they're even more widespread will see people targeting the Mac platform a lot more.
Click to expand...

fixed for you.

stands to reason, the more people use mac the more worth while it is to write malware to target OSX to steal their owners money/details.

unfortunate fact of computing im afraid :(
 
You must log in or register to reply here.
Back
Top