Anti-virus software and Macs
Yesterday's Washington Post Security Fix disclosed that on November 21st of this year Apple put out a technical note where they recommend the widespread use of anti-virus software for Macs, including specific recommendations for Mac AV utilities.
I've never believed the "Macs cannot get a virus" mantra that some people spread. The reality is that any computer where the user has the ability to write to the hard drive or install applications is subject to a program doing evil deeds without their knowledge.
I've been a Mac user for 10 months now—a relative neophyte—but have learned a couple of things that have carried over from my Windows days. The single most important one is to be very careful about which software I allow to get installed on my Mac. When I install something that comes from the web I get a little confirmation dialog:

In addition when I try to run full installation programs I will often get prompted to enter the administrative password for my Mac:

Some applications, like those based on Adobe AIR's development platform include their own warning dialog:

In all of these cases it's critical to stop and think about what you are doing. This is a virtual knock on your door where you get a chance to either turn someone away or let them in your home. It's critical that you take a moment and think about what you are doing; don't just blindly enter your password or allow software to be installed. If you have gotten into the habit of blowing past these dialogs then you need to stop doing that and think it through.
The other thing is to stay current with Software Update. When that little globe is bouncing on my Dock Bar I generally install the updates that it recommends.
Do you run anti-virus software on your Mac? Though I'm very cautious with my own machines I do worry that my wife and teenage children will not be as diligent.
I've never believed the "Macs cannot get a virus" mantra that some people spread. The reality is that any computer where the user has the ability to write to the hard drive or install applications is subject to a program doing evil deeds without their knowledge.
I've been a Mac user for 10 months now—a relative neophyte—but have learned a couple of things that have carried over from my Windows days. The single most important one is to be very careful about which software I allow to get installed on my Mac. When I install something that comes from the web I get a little confirmation dialog:

In addition when I try to run full installation programs I will often get prompted to enter the administrative password for my Mac:

Some applications, like those based on Adobe AIR's development platform include their own warning dialog:

In all of these cases it's critical to stop and think about what you are doing. This is a virtual knock on your door where you get a chance to either turn someone away or let them in your home. It's critical that you take a moment and think about what you are doing; don't just blindly enter your password or allow software to be installed. If you have gotten into the habit of blowing past these dialogs then you need to stop doing that and think it through.
The other thing is to stay current with Software Update. When that little globe is bouncing on my Dock Bar I generally install the updates that it recommends.
Do you run anti-virus software on your Mac? Though I'm very cautious with my own machines I do worry that my wife and teenage children will not be as diligent.
Comments
I don't run the the AV, But every few months (or longer) I run the scanner just in case I'm harboring a Windows nasty. Mostly a "good neigbor" lest I pass it on to a poor suffering Windows using associate. ;)
I've also read plenty recently that anti-virus is not really helpful against this kind of malware. Either the AV doesn't recognize it or the malware is able to figure out how to hide from the AV software itself. Some of the worst malware gets lodged in the MBR of a Windows computer, so it loads before the OS itself does. There's very little chance that you are able to detect that with anti-whatever software. One good point in Vista's favor is that it does protect better against that, and the UAC can actually help indicate something nefarious may be going on. Of course, OSX is immune to that type of malware since XP is the intended target.
We also run ClamXAV once a week or so because we do get a lot of email.
I also am opposed to commercial anti-virus software in principal (I use ClamWin on WIndows). Somehow I just always have that nagging feeling that the vendors dependent on anti-virus subscriptions may perpetuate the problem to keep the business alive.
But I am firewalled and inspect any package with Pacifist before installing it. Little Snitch prevents programs from calling home.
Once a year, I run a free or cracked antivirus, just to scan and be sure.
I am an intensive web user since 1998(including shareware, P2P and so on), but had never had any virus.
Downloaded mcafee once and it slowed my computer to a crawl. don't really care of any of them.
http://www.iantivirus.com
...and ran its Quick Scan - which found nothing. You may also find this blog of interest:
http://mac-security.blogspot.com
Alan.
I have running on OS X in just a month now.
I've not installed any kind of Antivirus – and probably won't.
I didn't on Windows and won't on Mac.
If you think twice before doing something, you shouldn't get any virus.
I don't think this is news. This tech note dates back from june 2007 at least.
http://web.archive.org/web/20080113164722/http://docs.info.apple.com/article.html%3Fartnum%3D4454
"Do you run anti-virus software on your Mac?"
Nope.
I do run a firewall and I mostly run behind a router. I am careful about thinking before entering a password. I have yet to see anything that I have had to turn away.
I also watch the news. If something pops up I'm ready to install anti-virus software.
Having said that Brian Krebs of the Post is not an impartial source. He propogated that whole BlackHat virus scandal a couple years ago, when he said he witnessed a Macbook getting pwned, and made misleading statements on what he did and did not see, and never admitted to making the wrong conclusions.
Apple has always advised getting anti-virus software, and included an app in its .Mac package, which it dropped over a year ago. This note is probably not new, and if one looks, I'm sure one can find older notes from Apple recommending anti-viral software. It's just that people like Krebs don't mind if people think this is somehow new, and that Apple is now worried about some pending attack. Of course, that's not the case, Apple is always worried about security.
In point of fact, this is incorrect.
Apple updated an article that has existed since 1992.
I can't say with certainty, but the language, "Apple encourages the widespread use of multiple antivirus utilities..." is most probably boilerplate at this point and all that happened is that Apple updated the list of AV products available. I can tell you for a fact that that language dates from at least January of this year:
http://web.archive.org/web/20080113164722/http://docs.info.apple.com/article.html?artnum=4454
and that the article itself has a number which correlates with articles that Apple produced back in 1992:
http://support.apple.com/kb/TA40388?viewlocale=en_US
On the subject of prompts to install software - my wife and children have NO admin rights on either of the household macs. If they are prompted for a password to have admin access they make a note of it and ask me to check it out later.
In almost two years of being a Mac I have had no problems using this approach.
No.
BTW the new Macbook Pros are SWEET!
Apple has removed the recommendation. It was an old reference.
From Cult of Mac:
One day after a number of media outlets (including this one) made hay out of the fact that an Apple Support knowledgebase stated “Apple encourages the widespread use of multiple antivirus utilities,” the company removed the page from its support website on Tuesday.
“We have removed the KnowledgeBase article because it was old and inaccurate,” said Apple spokesman Bill Evans, according to a report at Macworld. “The Mac is designed with built-in technologies that provide protection against malicious software and security threats right out of the box.”
Hedging his bet ever so slightly, Evans also said, “Since no system can be 100% immune from every threat, running anti-virus software may offer additional protection.”
Several Cult of Mac readers took issue with the proposition that Macs’ growing popularity has made them any more susceptible to viruses or malware than they have ever been. Thanks to reader James for the tip on the Macworld report.
Source:
http://tinyurl.com/5aj4na
And have used an anti-virus since OS 7.1
http://www.trusteer.com/FIsearch/open%5fsearch.php
Alan.
Mac OS X is UNIX. While UNIX (and Linux) machines can get 'rooted' (which one of mine did a few years ago...live and learn) running behind a router is pretty much sufficient to keep one as safe as one can get. Unlike Windows machines which can get infected without any user intervention and thus can self-propagate as I have seen happen at my former employer's network several times.
The first successful self-propagating virus will get quite a lot of attention in the tech circles. Hasn't happened yet, don't foresee it happening any time soon. User idiocy notwithstanding, of course. I have instructed my non-technical wife about being damned careful if anything suddenly asks her for her admin password.
-walkerjs from the Mac Forums
We, as Mac users, have been fortunate in that we've not experienced serious virus threats in the past. Will that change? I have no idea. Should one run antivirus software on a Mac even when there's no apparent threat right now? That's a personal decision. Do I plan to buy an antivirus program for $50-70 now? No. I'll wait till the threat becomes real, then decide what to do then. Do I plan to try a "free" antivirus program? No. I'm biased towards the idea that one gets what one pays for. I have a hard time understanding why someone—or some company—wants to spend a lot of time or money to provide a good, "free" program.
If you should decide to try an antivirus program, the following link provides a nice summary of some antivirus programs available for the Mac....SlimJim
http://antivirus.about.com/od/antivirussoftwarereviews/tp/aamacvir.htm
@Slimjim: Thanks for the link!
I didn't really intend to run AV software unless Apple makes a strong recommendation (which they are not apparently doing now) or an imminent threat appears on the horizon. I will heed David Orriss' recommendation below and simply make my wife and youngest daughter guest users and not administrators on their machines.
In the past year the latest generation of viruses have shown the ability to get onto machines as trojans, such as popups that offer malware protection which are malware. Click and you're infected. Then the virus disarms your AV and antispyware apps, your firewall and you app uninstallation programs.
The ultimate solution: maintain at least 2 clones of your drive, in addition to any other backup. Then when you get hit, wipe your drive and restore form your clone.
Should this situation change, we will all know about it fast enough and we can install scanners.
Until then I will not use a virus scanner. They are rather useless when they have nothing to scan against. They also cannot look for "virus like behavior" because no one really knows what such behavior would look like on Mac OS X.
Trojans are a different matter. Very little can be done if somebody installs a rogue program and gives it the administrative password. This is not a new problem for Macs, nor a problem for computers in general. This problem has been around for a very long time, a three thousand year old problem that even affected the gullible residents of Troy.
The iPhone solution to viruses and trojans.
Perhaps a better way to deal with the problem of viruses and trojans is for there to be a different security model in the operating system. The iPhone deals with the issue of malware in several ways.
First, every application is stuck in its own sandbox. Applications get limited access to the underlying system and resources as well as other applications. For example, there is no password that can be given that will allow an application to affect the OS.
Second, all applications are vetted, digitally signed by each developer, and encrypted individually for each iPhone user. An application from one user's iPhone will not work on another user's iPhone without the original user's email address and password.
Third, Apple has stated that it has a way of remotely killing any application. Despite the other issues that such absolute power might bring up, as far as mitigating the possible malware threat is concerned, it is nice to know that Apple has such an option.
I do agree that the political issues are a problem. Apple may have way too much power in all this. All that I was saying was that the solution, on technical grounds, seems to be a good one.