Anti-virus software and Macs

Yesterday's Washington Post Security Fix disclosed that on November 21st of this year Apple put out a technical note where they recommend the widespread use of anti-virus software for Macs, including specific recommendations for Mac AV utilities.

I've never believed the "Macs cannot get a virus" mantra that some people spread. The reality is that any computer where the user has the ability to write to the hard drive or install applications is subject to a program doing evil deeds without their knowledge.

I've been a Mac user for 10 months now—a relative neophyte—but have learned a couple of things that have carried over from my Windows days. The single most important one is to be very careful about which software I allow to get installed on my Mac. When I install something that comes from the web I get a little confirmation dialog:

In addition when I try to run full installation programs I will often get prompted to enter the administrative password for my Mac:

Some applications, like those based on Adobe AIR's development platform include their own warning dialog:

In all of these cases it's critical to stop and think about what you are doing. This is a virtual knock on your door where you get a chance to either turn someone away or let them in your home. It's critical that you take a moment and think about what you are doing; don't just blindly enter your password or allow software to be installed. If you have gotten into the habit of blowing past these dialogs then you need to stop doing that and think it through.

The other thing is to stay current with Software Update. When that little globe is bouncing on my Dock Bar I generally install the updates that it recommends.

Do you run anti-virus software on your Mac? Though I'm very cautious with my own machines I do worry that my wife and teenage children will not be as diligent.

Comments

Anonymous said…
I have ClamXAV on my Mac. It's free from http://www.clamxav.com/

I don't run the the AV, But every few months (or longer) I run the scanner just in case I'm harboring a Windows nasty. Mostly a "good neigbor" lest I pass it on to a poor suffering Windows using associate. ;)
Anonymous said…
I don't use it on my Macs but - like you - I've wondered if I should as Apple machines become more popular and attractive to attackers. Still, coming from the Windows world (been a Mac user for about 3 years now), I found every anti-virus/security application to be clunky, annoying and slow my machines down. That seems to remain true, too. I still do "tech support" for members of my family that use XP and Vista and the offerings from McAfee and Norton still seem to be very poorly written and cause more problems than they solve or prevent. I've recommended they install the free AVG software for basic anti-virus (free.avg.com) and it seems to work just fine without all the overhead/firewalls. Perhaps AVG technologies will come out with a version for OS X. Until then, I'll be curious to read the responses here to learn what other Mac users have installed (if anything). Great blog, BTW!
Keleko said…
I do not run anti-virus software. It seems the malware available for Macs is all of the "download it and install it yourself" variety, like you've mentioned here. Most of it is in the disguise of a codec you are supposedly missing to view some video. "iShowU HD" in your screenshots looks just like one such download and install malware. It seems all the malware that installs through Flash/Adobe/OS holes target Windows and not OSX.

I've also read plenty recently that anti-virus is not really helpful against this kind of malware. Either the AV doesn't recognize it or the malware is able to figure out how to hide from the AV software itself. Some of the worst malware gets lodged in the MBR of a Windows computer, so it loads before the OS itself does. There's very little chance that you are able to detect that with anti-whatever software. One good point in Vista's favor is that it does protect better against that, and the UAC can actually help indicate something nefarious may be going on. Of course, OSX is immune to that type of malware since XP is the intended target.
Anonymous said…
We have our Mac set up so that software can only be installed by the system administrator. This means that the kids can't install anything unless they get one of the parents to type in the admin password.
We also run ClamXAV once a week or so because we do get a lot of email.
Dean said…
I don't bother with anti-virus software on Mac OS. Until I see evidence there's a real problem and a real solution to combat it, I'll ignore whatever fear-mongering there is about it.

I also am opposed to commercial anti-virus software in principal (I use ClamWin on WIndows). Somehow I just always have that nagging feeling that the vendors dependent on anti-virus subscriptions may perpetuate the problem to keep the business alive.
SD said…
I do not have any antivirus software running in background on my Mac.
But I am firewalled and inspect any package with Pacifist before installing it. Little Snitch prevents programs from calling home.

Once a year, I run a free or cracked antivirus, just to scan and be sure.
I am an intensive web user since 1998(including shareware, P2P and so on), but had never had any virus.
Unknown said…
I have clamXav on my machine, run it every once in a while. Don't have any background scanning, a few times it found anything was mail in my junk folder.
Downloaded mcafee once and it slowed my computer to a crawl. don't really care of any of them.
Anonymous said…
After reading a couple of articles such as yours, David, I just now downloaded this free virus scanner for Mac:

http://www.iantivirus.com

...and ran its Quick Scan - which found nothing. You may also find this blog of interest:

http://mac-security.blogspot.com

Alan.
Josso said…
Hey David…

I have running on OS X in just a month now.
I've not installed any kind of Antivirus – and probably won't.
I didn't on Windows and won't on Mac.

If you think twice before doing something, you shouldn't get any virus.
Unknown said…
Back in the dark ages I used Sophos, which was easy to use and is updated regularly.
Anonymous said…
"Yesterday's Washington Post Security Fix disclosed that on November 21st of this year Apple put out a technical note where they recommend the widespread use of anti-virus software for Macs."

I don't think this is news. This tech note dates back from june 2007 at least.

http://web.archive.org/web/20080113164722/http://docs.info.apple.com/article.html%3Fartnum%3D4454

"Do you run anti-virus software on your Mac?"

Nope.
Anonymous said…
Like others I do not run any anti-virus software and have not for about 15 years.

I do run a firewall and I mostly run behind a router. I am careful about thinking before entering a password. I have yet to see anything that I have had to turn away.

I also watch the news. If something pops up I'm ready to install anti-virus software.
Unknown said…
By all means, no one should take security lightly. I have Clamxav, but have not run it too often.

Having said that Brian Krebs of the Post is not an impartial source. He propogated that whole BlackHat virus scandal a couple years ago, when he said he witnessed a Macbook getting pwned, and made misleading statements on what he did and did not see, and never admitted to making the wrong conclusions.

Apple has always advised getting anti-virus software, and included an app in its .Mac package, which it dropped over a year ago. This note is probably not new, and if one looks, I'm sure one can find older notes from Apple recommending anti-viral software. It's just that people like Krebs don't mind if people think this is somehow new, and that Apple is now worried about some pending attack. Of course, that's not the case, Apple is always worried about security.
Alan said…
'Yesterday's Washington Post Security Fix disclosed that on November 21st of this year Apple put out a technical note where they recommend the widespread use of anti-virus software for Macs, including specific recommendations for Mac AV utilities.'

In point of fact, this is incorrect.

Apple updated an article that has existed since 1992.

I can't say with certainty, but the language, "Apple encourages the widespread use of multiple antivirus utilities..." is most probably boilerplate at this point and all that happened is that Apple updated the list of AV products available. I can tell you for a fact that that language dates from at least January of this year:

http://web.archive.org/web/20080113164722/http://docs.info.apple.com/article.html?artnum=4454

and that the article itself has a number which correlates with articles that Apple produced back in 1992:

http://support.apple.com/kb/TA40388?viewlocale=en_US
Anonymous said…
I don't use, or like, most antivirus software because of how badly they slow down most systems (I'm speaking mostly of PCs here). I don't use it on my Mac either. Question for the group: If I am careful about what I install, isn't it very hard for me to get a virus? I never believed you could get one just from opening an email, etc. Am I correct?
David Orriss Jr said…
I do not run Anti-virus software on any of my macs. The only reason I can see to do this is if you are worried that an MS Office document you would send to a Windows user might be infected with a trojan and you want to make sure to clean it before passing it along.

On the subject of prompts to install software - my wife and children have NO admin rights on either of the household macs. If they are prompted for a password to have admin access they make a note of it and ask me to check it out later.

In almost two years of being a Mac I have had no problems using this approach.
Anonymous said…
"Do you run anti-virus software on your Mac?"

No.
Unknown said…
I have to due to corporate policy. They just started buying Macs for people who wanted them or needed them. So I have NAV on my machine and honestly it runs fine and doesn't take up a lot of resources.

BTW the new Macbook Pros are SWEET!
Jeff said…
David,

Apple has removed the recommendation. It was an old reference.

From Cult of Mac:

One day after a number of media outlets (including this one) made hay out of the fact that an Apple Support knowledgebase stated “Apple encourages the widespread use of multiple antivirus utilities,” the company removed the page from its support website on Tuesday.

“We have removed the KnowledgeBase article because it was old and inaccurate,” said Apple spokesman Bill Evans, according to a report at Macworld. “The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box.”

Hedging his bet ever so slightly, Evans also said, “Since no system can be 100% immune from every threat, running anti-virus software may offer additional protection.”

Several Cult of Mac readers took issue with the proposition that Macs’ growing popularity has made them any more susceptible to viruses or malware than they have ever been. Thanks to reader James for the tip on the Macworld report.


Source:
http://tinyurl.com/5aj4na
David Alison said…
@Jeff: Thanks for the link - interesting development. A friend of mine sent me the link to the Post article yesterday, which got me thinking about it; hence the blog post. A quick scan of my newsreader showed that virtually every Mac or tech related media outlet picked it up as well.
gweeptish said…
I use VirusBarrier
And have used an anti-virus since OS 7.1
Anonymous said…
The virus threat is not only to Macs & PCs... Is your website being targeted by malware? Check here:

http://www.trusteer.com/FIsearch/open%5fsearch.php

Alan.
Anonymous said…
I do not run any kind of anti-virus on my Macbook, and I don't worry about it. People have been parroting the 'Macs don't get viruses because their market share is so low that virus writers don't think it's worth it' mantra for as long as the whole 'this is the year for Linux on the desktop' BS line.

Mac OS X is UNIX. While UNIX (and Linux) machines can get 'rooted' (which one of mine did a few years ago...live and learn) running behind a router is pretty much sufficient to keep one as safe as one can get. Unlike Windows machines which can get infected without any user intervention and thus can self-propagate as I have seen happen at my former employer's network several times.

The first successful self-propagating virus will get quite a lot of attention in the tech circles. Hasn't happened yet, don't foresee it happening any time soon. User idiocy notwithstanding, of course. I have instructed my non-technical wife about being damned careful if anything suddenly asks her for her admin password.

-walkerjs from the Mac Forums
Jim Hamm said…
Hi David...
We, as Mac users, have been fortunate in that we've not experienced serious virus threats in the past. Will that change? I have no idea. Should one run antivirus software on a Mac even when there's no apparent threat right now? That's a personal decision. Do I plan to buy an antivirus program for $50-70 now? No. I'll wait till the threat becomes real, then decide what to do then. Do I plan to try a "free" antivirus program? No. I'm biased towards the idea that one gets what one pays for. I have a hard time understanding why someone—or some company—wants to spend a lot of time or money to provide a good, "free" program.

If you should decide to try an antivirus program, the following link provides a nice summary of some antivirus programs available for the Mac....SlimJim

http://antivirus.about.com/od/antivirussoftwarereviews/tp/aamacvir.htm
David Alison said…
@all: thanks for the comments folks, some useful feedback for others in here.

@Slimjim: Thanks for the link!

I didn't really intend to run AV software unless Apple makes a strong recommendation (which they are not apparently doing now) or an imminent threat appears on the horizon. I will heed David Orriss' recommendation below and simply make my wife and youngest daughter guest users and not administrators on their machines.
Anonymous said…
Antivirus software depends on maintaining a library of all virus definitions against which to scan looking of bad guys. How can a Mac antivirus app do that when there are no known Mac viruses in the wild. You'd be scanning against an empty library. Alternatively, an AV app may scan using heurisitics, looking for code or activity that is characteristic of viruses, but that may not work either.

In the past year the latest generation of viruses have shown the ability to get onto machines as trojans, such as popups that offer malware protection which are malware. Click and you're infected. Then the virus disarms your AV and antispyware apps, your firewall and you app uninstallation programs.

The ultimate solution: maintain at least 2 clones of your drive, in addition to any other backup. Then when you get hit, wipe your drive and restore form your clone.
Anonymous said…
Despite all the hoopla about Mac viruses, the fact remains that, as of this writing, there are *zero* viruses for the Mac. Zero.

Should this situation change, we will all know about it fast enough and we can install scanners.

Until then I will not use a virus scanner. They are rather useless when they have nothing to scan against. They also cannot look for "virus like behavior" because no one really knows what such behavior would look like on Mac OS X.

Trojans are a different matter. Very little can be done if somebody installs a rogue program and gives it the administrative password. This is not a new problem for Macs, nor a problem for computers in general. This problem has been around for a very long time, a three thousand year old problem that even affected the gullible residents of Troy.
Anonymous said…
Off topic???

The iPhone solution to viruses and trojans.

Perhaps a better way to deal with the problem of viruses and trojans is for there to be a different security model in the operating system. The iPhone deals with the issue of malware in several ways.

First, every application is stuck in its own sandbox. Applications get limited access to the underlying system and resources as well as other applications. For example, there is no password that can be given that will allow an application to affect the OS.

Second, all applications are vetted, digitally signed by each developer, and encrypted individually for each iPhone user. An application from one user's iPhone will not work on another user's iPhone without the original user's email address and password.

Third, Apple has stated that it has a way of remotely killing any application. Despite the other issues that such absolute power might bring up, as far as mitigating the possible malware threat is concerned, it is nice to know that Apple has such an option.
David Alison said…
@Paul: Having certified software is a good idea in my opinion. They tried to do that for the Windows world but the certification process was prohibitively expensive for developers. What Apple is doing with the iPhone is close but I don't like the idea of anyone vetting my software for me. What I think is needed is a simple way to provide traceability to the person that produces the software; a way to verify that what they built has not been compromised.
Anonymous said…
@David

I do agree that the political issues are a problem. Apple may have way too much power in all this. All that I was saying was that the solution, on technical grounds, seems to be a good one.

Popular posts from this blog

Finding Davey: A Father's Search for His Son in the Afterlife

Keyboard vs. Mouse

Some cool Firefox add-ons