Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Should Mac Users Run Antivirus Software?

kdawson posted more than 6 years ago | from the whistling-past-the-malware dept.

Security 450

adamengst sends in an article from TidBITS in which Macintosh security expert Rich Mogull explains why he doesn't use antivirus software on the Mac, and why most Mac users shouldn't bother with it either. The article also touches on the question of when an increasing Mac market share might tip it over an inflection point into more active attention from malware writers. (Last month Apple had 14% of PC sales, but 25% of dollar value.)

Sorry! There are no comments related to the filter you selected.

No. (0, Offtopic)

corychristison (951993) | more than 6 years ago | (#22787960)

We've been over this already today: http://it.slashdot.org/article.pl?sid=08/03/18/1724245 [slashdot.org]

Most Mac programs come packaged in a .dmg file... which is, you guessed it! An archive format. :-)

It's called a "Disk Image" (4, Informative)

StCredZero (169093) | more than 6 years ago | (#22787984)

It's called a Disk Image. If you have it mounted, then you can scan it with any anti-virus program. There's no reason not to use anti-virus on Macs. ClamAV is free and works quite well.

Re:It's called a "Disk Image" (1, Funny)

speroni (1258316) | more than 6 years ago | (#22788026)

Macs: Can't even get negative attention.

False Sense of Security Trumps Logic (3, Interesting)

eldavojohn (898314) | more than 6 years ago | (#22788078)

There's no reason not to use anti-virus on Macs.
Yet by and large it won't happen. If you do use it, you are an outlier.

What's my explanation for your perfectly good logic? Mac users have a false sense of security (see ensuing posts about Mac security totaling Herculean proportions).

Re:False Sense of Security Trumps Logic (2, Funny)

Brian Gordon (987471) | more than 6 years ago | (#22788462)

Of course nobody on slashdot needs any antivirus at all. We generally stay well-patched and aren't idiotic enough to run untrusted code.. thus your machine is impervious to viruses. Doesn't protect you from hacking attempts, but that's nothing that AV would fix anyway.

Re:It's called a "Disk Image" (4, Informative)

datapharmer (1099455) | more than 6 years ago | (#22788092)

At the risk of being modded flamebait, I wanted to point out that when I tried ClamAV on mac it worked piss poor. There was little for it to find that affected me, so basically all it did was protect windows users from viruses passing through my computer to theirs and it did all sorts of screwy stuff with my system including making it so slow it was unusable. I kept it less than a week.

Use a tool like little snitch, up you security settings, don't run as administrator, don't run random programs you find on the net and you'll be fine.

Re:It's called a "Disk Image" (1)

clang_jangle (975789) | more than 6 years ago | (#22788272)

don't run as administrator


Yes, one should not run as admin. But the Mac OS is the only one I always do run as admin, since 1987 in fact, and never once have I had any malware or been hacked. That's twenty-one years without a breach in security!

This whole A/V on Macs idea comes straight from marketing,not from reason.

Re:It's called a "Disk Image" (2, Insightful)

Vancorps (746090) | more than 6 years ago | (#22788372)

Thats funny, I can say the same things about my DOS and Windows boxes, never had an infection of any of my personal computers, but when you manage for other people the rules change as different people have different priorities and skillsets.

It's called a waste of time and cycles. (5, Insightful)

Mactrope (1256892) | more than 6 years ago | (#22788096)

There's no reason not to build a nuclear bomb shelter either, except that most people don't need it, it won't work and it's a waste of money. Now that I think about it, there are more reasons to build a shelter than there are to run AV on modern *nix derivatives. AV programs are a terrible performance drain on the one system that needs it but is never really protected by it.

Re:It's called a "Disk Image" (2, Informative)

clang_jangle (975789) | more than 6 years ago | (#22788176)

There's no reason not to use anti-virus on Macs


Leave out the word "not", and you have a more accurate statement. The only time one should run AV on a Mac is when the Mac is serving files to windows machines, and even then it's just a kludge to accommodate the never-fixed flaws of windows.

Re:It's called a "Disk Image" (2, Informative)

corychristison (951993) | more than 6 years ago | (#22788216)

I know what a "Disk Image" is. I own a Mac (not that I use OSX on it, though)

The point was that its still an Archive Format. It's a file that contains a virtual file system & files within.

I don't know about you, but every A/V I've used in the past has a daemon process that will scan a file the moment it saves to the hard disk. All it would take is one single download (and Safari saves 'Disk Images' to the desktop by default -- no confirm. You click, and it downloads) to kill the A/V, possibly even hijack the process (which is usually with elevated privileges). Voila! Instant botnet. (well, not really -- but is still scary).

Manually invoked A/V is still a risk, but not quite as bad... Unless you run as root.

Nay! (5, Funny)

ak3ldama (554026) | more than 6 years ago | (#22787968)

Last month Apple had 14% of PC sales, but 25% of dollar value.

Say it isn't so. Everyone knows macs are just as cheap as PCs!

Re:Nay! (4, Informative)

imamac (1083405) | more than 6 years ago | (#22788032)

Mac have comparable prices for equivilent quality. Big difference. I'm glad my Mac isn't as "cheap" as a lot of the PCs I see.

Re:Nay! (0, Redundant)

internetcommie (945194) | more than 6 years ago | (#22788470)

PCs are cheap. Macs are inexpensive.
Subtle, but important difference.

Re:Nay! (1)

mini me (132455) | more than 6 years ago | (#22788568)

The hardware is priced accordingly. But the pre-installed version of OS X costs more than an OEM copy of Windows.

Re:Nay! (5, Informative)

vux984 (928602) | more than 6 years ago | (#22788642)

Say it isn't so. Everyone knows macs are just as cheap as PCs!

I know your just being funny, but I figured I'd explain it anyway...

An awful lot of PCs are those $300 dell specials. Apple doesn't make products that crappy, but Dell moves boatloads of them... so Dell picks up a lot of unit sales eroding Apples 'market share by unit', but because the price is so low and Apple hangs onto more of the higher value sales, the erosion effect of these low end units on their 'market share by price' is considerably less.

Lets compare apples and oranges ;)

I sell oranges at $1
I sell apples at $1
As you can see "Apples are no more expensive than oranges."

I also sell rotten oranges at 50 cents.
I don't sell rotten apples.

So if I sell 100 apples, 200 oranges, and 200 rotten oranges:

Apple has 20% of the market but 25% of dollar value.

market = 100/[100+200+200] = 1/5 = 20%,
dollars = 100/[100+200+200*0.50] = 1/4 = 25%

That's essentially whats happening here.

Mac is more secure. (1)

Erris (531066) | more than 6 years ago | (#22788006)

What kind of security expert would say this:

It's not that Mac OS X is inherently more secure against viruses than current versions of Windows (although it was clearly more secure than Windows prior to XP SP2);

What, did I miss privilege separation being introduced to Windows or does the above make as much sense as the popularity myth he tries to push? Properly designed multiuser OS ARE more secure than any version of Windows ever will be.

Re:Mac is more secure. (1)

willyhill (965620) | more than 6 years ago | (#22788088)

What, did I miss privilege separation being introduced to Windows

Yes, by about ten years.

Re:Mac is more secure. (1)

Jeff DeMaagd (2015) | more than 6 years ago | (#22788194)

The problem with privilege separation in Windows is that it's often not adequate. Too much stuff demands being run as a power user or administrator. I tried to do it with my parent's computers and there's always a hangup with one program or another. So you can use a plain user account, you're not going to be doing as much with it.

Re:Mac is more secure. (2, Insightful)

willyhill (965620) | more than 6 years ago | (#22788290)

That's because most applications are not written with privilege separation in mind, like they are in *nix. It's an unfortunate legacy from all the Win9x years.

That will hopefully start to change now with Vista, but IMO it should have been forced in the Windows 2000 timeframe. We'd all be better off.

Re:Mac is more secure. (1)

VGPowerlord (621254) | more than 6 years ago | (#22788354)

It is unfortunate that developers make silly assumptions, such as assuming ones application directory is writable (hint: application settings should be a per-user setting and stored in the user's home directory somewhere... in the case of Windows, in the %APPDATA% directory structure.)

Why Not ? Norton SlowMo2008 ? (0, Flamebait)

burni (930725) | more than 6 years ago | (#22788020)

The Macs are to fast, they need av software to slow them down so the PC gets a chance.

Molasses for Mac (1)

davidwr (791652) | more than 6 years ago | (#22788074)

Molasses [jagshouse.com] let your mid-1980s vintage Macs run at 0.25, 0.5, 0.75, or 1.0 x normal speed.

At 0.25 speed you could actually see the windows redraw.

It was a great April Fools joke.

Re:Molasses for Mac (1)

vought (160908) | more than 6 years ago | (#22788486)

It was a great April Fools joke.
Not as good as writing a simple AppleScript:

tell Finder
Shut Down
end tell
and saving it into a user's OS 8 or 9 "Startup Items" folder.

I pulled that on a friend once, and watched with chagrin as he pulled his machine apart and replaced the power supply in a Performa 6300 with a spare from another machine.

Yes!!! (0)

Anonymous Coward | more than 6 years ago | (#22788024)

And it should be MY software package.

It also includes a firewall and spam eliminator.

Only $89.99 per year, two year discount of 25%.

Yes (4, Informative)

davidwr (791652) | more than 6 years ago | (#22788030)

Short answer: Yes

Long answer:
If your Mac runs MS-Office software or other cross-platform software that has infectable data files, you are vulnerable to some Macro viruses.
If your Mac can run MS-Windows binaries you may be vulnerable to some Windows viruses.
If your Mac hosts files on a mixed network your Mac should protect itself from hosting infected files.

So, unless you've got an all-Mac/no-Windows network or your Mac doesn't run or host Windows files, AND you do not run any cross-platform files that have infectable data files, you should protect yourself and your network.

Re:Yes (0)

Anonymous Coward | more than 6 years ago | (#22788222)

"Hmmmmmm. Lisa, I want to buy your rock..."

Re:Yes (2)

BeeBeard (999187) | more than 6 years ago | (#22788336)

If your Mac can run MS-Windows binaries you may be vulnerable to some Windows viruses.
Could you (or somebody of equal knowledge/proficiency) please elaborate on what is meant by this? Do you mean WINE, do you mean Parallels...do you mean both? I was under the impression that most viruses failed under WINE for lack of superuser rights. Have I been living a horrible lie?

Re:Yes (1)

vertinox (846076) | more than 6 years ago | (#22788612)

If your Mac runs MS-Office software or other cross-platform software that has infectable data files, you are vulnerable to some Macro viruses.

To be fair, Office 2004 VBA is stuck in limbo around Visual Basic 4 so some of the newer commands won't work ;)

Granted, I run AVG everyday in Bootcamp and I look at the process view in OS X since I'm paranoid.

I do (4, Informative)

supun (613105) | more than 6 years ago | (#22788034)

I've been running ClamXav, http://www.clamxav.com/ [clamxav.com] , for a long time. I normally don't run full scans, but I do use the Sentry ability on any download directories. So anything I download is scanned. Nothing so far :)

Good idea (5, Insightful)

Sycraft-fu (314770) | more than 6 years ago | (#22788350)

One thing that worries me is I see a lot of Mac users who have the "Macs can't have bad things happen to them," attitude. This is dangerous in general, but particularly with Macs becoming more popular. In general it is just bad because it leads to lax security policies. For example we got a notice here that a computer was doing bad things. Tracked it down, it was a Mac. We disconnected it and found the owner. Their response? "But Macs can't be hacked!" Ya well turns out they can if you are dumb enough to have a world writable FTP server with the root directory of /, which is what this idiot had done. I don't even know that it was being used for anything other than a public warez FTP, but still, the point is MacOS couldn't defend against extreme stupidity.

So I think it is a good idea for Mac users to run AV scanners, and other security tools, just in case. Even if you've never found anything, better to have a good security policy than to end up being sad later on.

Think of it like having a house in a good neighbourhood: Just because your place has never been broken in to, doesn't mean you should leave the door unlocked. Sure it might not be common where you live, but that doesn't mean it is impossible. Practise good security and it isn't a problem.

I take the same view with computer security. I mean for that matter I've never had a virus on my Windows system, and I don't find it likely that I will. I don't do the sorts of things that are going to get you infected. However, I am going to be safe about it, rather than being sorry that I was arrogant in assuming my knowledge made me invincible.

Re:Good idea (3, Insightful)

IndustrialComplex (975015) | more than 6 years ago | (#22788572)

To add to your comment. I run an AV software to catch the stupid things that I might do.

Re:Good idea (3, Insightful)

cb8100 (682693) | more than 6 years ago | (#22788636)

Ya well turns out they can if you are dumb enough to have a world writable FTP server with the root directory of /, which is what this idiot had done. I don't even know that it was being used for anything other than a public warez FTP, but still, the point is MacOS couldn't defend against extreme stupidity.

How on earth would AV catch this?

ClamXav only checks, it doesn't disinfect. (0)

Anonymous Coward | more than 6 years ago | (#22788564)

ClamXav only checks, it doesn't disinfect. If you want to clean files you'll need something else. The least obtrusive antivirus software that I've come across is Sophos [sophos.com] . It has a very small memory footprint and and a no-frills interface just or scanning. You wouldn't even know it was running if it weren't for the little blue shield at the top of the menu bar. Just how I like it.

No (5, Insightful)

willyhill (965620) | more than 6 years ago | (#22788046)

I don't use AV for Windows, either. At least not in "resident" mode. I have a scanner I use occasionally on stuff I download that I don't fully trust.

15 years of no viruses, no malware, etc. The secret? No secret, just avoid being stupid. AV software is like driving a car with the intention of crashing it all the time, but wearing a seatbelt and thinking everything's OK.

Bad analogy (1)

davidwr (791652) | more than 6 years ago | (#22788294)

AV software on an Internet-connected computer is like driving on a highway where every 100th car has been taken over by a suicidal maniac bent on destroying everything in its path, but using armor-plating thinking that will improve the odds of surviving the day in one piece.

Re:Bad analogy (1)

LWATCDR (28044) | more than 6 years ago | (#22788482)

Antivirus software will not protect you from exploits. That is what a firewall is for.
Antivirus software is usually for scanning files that you download for viruses and such.
I run it on my windows machine but I have never gotten a warning on my home machine. I use it on my work machine and I have not heard any warnings for a good long while.

Re:No (1)

moderatorrater (1095745) | more than 6 years ago | (#22788322)

AV software is like driving a car with the intention of crashing it all the time, but wearing a seatbelt and thinking everything's OK.
I have no intention of crashing my car and I still wear a seatbelt. This is because sometimes the security of my car isn't entirely in my hands.

Re:No (1)

heffrey (229704) | more than 6 years ago | (#22788494)

Even if the security of your car is entirely in your hands you should wear a belt, unless you are the first infallible human being in history.

Re:No (1)

willyhill (965620) | more than 6 years ago | (#22788498)

I meant AV software used the way most people use it. They think they can do all sorts of dumb things because the AV will protect them, they check their brains out and download that SUPER FUNNY SCREENSAVER recommended by werioijij@uiiijij.net.

I take responsibility for the integrity of my own computers. It's the vendor's responsibility to provide me with the tools to do that.

Re:No (1)

Niten (201835) | more than 6 years ago | (#22788580)

But the analogy fails (as computer-car analogies often do), because while a seatbelt actually tends to work, anti-virus software is horribly inept at detecting modern mutating computer viruses and other malware, even with the best-of-breed "heuristic" scanning software. And anti-virus software generally does not protect against attacks on existing software, either (e.g., a buffer overflow attack against QuickTime).

Re:No (1)

Idbar (1034346) | more than 6 years ago | (#22788570)

Perhaps a better analogy would be approaching this guy [strangecosmos.com] and trust him.

I just visit trusted sites and open files from trusted people (and when we're talking about computers, that doesn't necessarily includes my mom).

Since I bought my last laptop, with vista, I never installed an AV because I didn't mind what happened to it, I had no valuable information. I had one AV free for the company I work for, installed it, and turned out no virus.

So my conclusion is, you need an AV directly proportional to your knowledge about computers and the knowledge of your close "online" friends. I've seen intruders running DoS attacks from unprotected "user" accounts on Mac OS.

Re:No (1)

scubamage (727538) | more than 6 years ago | (#22788668)

I hate to tell you but the recent headlines about 500,000+ servers being placed in botnets means that you're safer using AV software, especially in a networked environment. I mean, 500,000 servers compromised... and you tell me that all of those are being run by idiots? Doubtful. Even pros get tripped up. So what if you don't cruise anything bad, if you have an open fileshare, or an open port your computer is compromisable. A dumb user puts a file on there, and boom, you're no longer safe. Someone exploits their way into your system, runs arbitrary code, and suddenly you've got a trojan and your IP is posted all over the net for the world to see. Its extremely easy to get infected, and you're being illogical - simply because you haven't gotten a virus so far doesn't mean you won't. I've seen bottom and middle tier 'pros' going on vehemently about how they don't need virus scanners, and then the top tier experts just sigh and shake their heads when the pro suddenly has a virus because Betty in accounting loves opening word files, and gets infected with a 3 year old macro virus that any virus scanner on earth would have caught. If your computer was isolated and never to be connected to a network I still wouldn't be 100% confident about its security. If you put it on the net, you're psychotic not to use one.

Obvious troll... (0)

Jangchub (1139089) | more than 6 years ago | (#22788070)

...is obvious

Viruses on a Mac? (1)

jaavaaguru (261551) | more than 6 years ago | (#22788082)

I primarily use a Mac, and I have ClamXav installed. Mostly out of curiosity. I run it occasionally, but it has never found any viruses. I won't hold my breath.

Anytown, USA (1)

Woundweavr (37873) | more than 6 years ago | (#22788086)

While the the door locking answer isn't completely straightforward, it's also not all that difficult.

The reality is that today the suburban household is relatively safe. There are hundreds of thousands of burglars and other criminals floating around the city, but many less are known to target the suburbs, and many of those are aimed at apartments with no picket fence to climb (and thus have no effect on a middle class homeowner).

It's not that the suburban house is inherently more secure against thieves than urban apartments; the numerous crimes reported in recent years are just as dangerous as their Windows equivalents. But most security experts agree that criminals these days are driven by financial incentives, and it's far more profitable to target the least protected and most accessible domiciles. ... ..
.

The article's facts are reasonable but not a very well reasoned argument on why to not run anti-viral software. If the suites were so intrusive/resource consuming as to truly hinder normal use, it would at least start a debate. However, just because you live in a quiet neighborhood doesn't mean you leave your keys in your car when you go into the corner store.

Re:Anytown, USA (1)

jaavaaguru (261551) | more than 6 years ago | (#22788126)

and it's far more profitable to target the least protected and most accessible domiciles


WIndows may be the most accessible, but I doubt that it's the least protected. Surely a higher percentage of Windows users have antivirus running than users of other operating systems?

Re:Anytown, USA (1)

Xiph1980 (944189) | more than 6 years ago | (#22788396)

You'd be surprised...

I already *don't* run AV on a PC (4, Interesting)

Bobb Sledd (307434) | more than 6 years ago | (#22788104)

Ha. I already don't run AV on the PC either.

Well tell me why I really need to? I mean I have it installed, but I certainly don't have that stupid active scanning thing turned on. So when I open a file, my computer really needs to open it twice? Bull.

I get my mail from gmail (so attachments already scanned there). I use FireFox (so little chance of infection there). I do scan things that might possibly contain a virus -- anything from a usenet newsgroup or from P2P (which is only a few executables ever anyway); And I do let it scan the whole thing once a week (and never finds anything I didn't already know about, of course).

And you know what? My old computer running Win2K runs faster than most any new computers out there with AV turned on. To date, I've never been bitten by any viruses.

Re:I already *don't* run AV on a PC (3, Funny)

street struttin' (1249972) | more than 6 years ago | (#22788310)

To date, I've never been bitten by any viruses.

Don't taunt the IT gods. Their wrath is mighty and swift...

Re:I already *don't* run AV on a PC (1)

rucs_hack (784150) | more than 6 years ago | (#22788346)

To date, I've never been bitten by any viruses

That you know of...

Anti-virus software does get on my nerves though. After all, it does it's job largely without requiring user interaction, so why do so many have pointless 'scanning your pc' dialogs. I'm using avg, because I got fed up with the symantec experience, and that insists on interrupting me whenever it does an update. I mean, why? Just do it, don't show it to me. I'm on the lookout for a replacement, but finances are tight, and I don't want an 'everything plus the kitchen sink' security suite, which most AV sellers seem to offer.

Whole systems scans should not need to be performed more than once, on install. After that, every vector to infection should be checked by the AV as something comes in. I get rather irritated that all AV products insist on doing a full scan so often. It kind of says' we don't know what we're doing' to me. It shouldn't be needed. Indeed, I don't recall ever finding a virus on one of these routine scans (although I have found some on full scans I initiated on some machines, once the AV was updated). All they do is slow my pc down.

The only product in this class that didn't annoy me was prevx, and that because it saved my ass once when my machine was used to access sites I wouldn't usually go near by a bloody warez are k00l moron, and got trojen'd. It was the only one that sorted the problem. I'm not sure if I can just use that instead of proper AV though.

Re:I already *don't* run AV on a PC (1)

ashridah (72567) | more than 6 years ago | (#22788546)

That's one thing I like about the corporate edition of e-trust I'm using atm. I've never seen it visually bug me when updating. *it just does it, and gets on with its job*. Really appreciate that after using AVG and having it bitch at me every single damned day, sometimes even twice a day

Re:I already *don't* run AV on a PC (1)

cb8100 (682693) | more than 6 years ago | (#22788684)

Whole systems scans should not need to be performed more than once, on install.

Whole system scans should also be run every time the definitions are updated. AV software tends not to know about a particular virus signature until that virus has already been released in the wild. If you don't re-scan after updating your AV, you could have a previously unknown -- but now known -- virus that will continue to go undetected.

Re:I already *don't* run AV on a PC (1)

abigor (540274) | more than 6 years ago | (#22788402)

I have an old Win2K laptop that runs great and I do exactly the same thing. Oh, and always run it behind a router too. Webmail, secure browser, router, examine suspicious downloads - yes, that about covers it. No need for a constant antivirus process sucking up cpu.

Re:I already *don't* run AV on a PC (0)

Anonymous Coward | more than 6 years ago | (#22788438)

Amen to that. I haven't run AV software on my PC since around 2000 or so. In that time I've only once had a problem and that case was due to my own negligence (one of those "I knew better than that" moments). People complain about slow computers and bloated software when a lot of their wasted time is actually spent on AV execution. Use the right software apps, follow simple guidelines when you download software, and disable your AV software and you'll be amazed at how much faster your PC seems.

Then Rich Mogull Ain't No Security Expert (3, Insightful)

pandrijeczko (588093) | more than 6 years ago | (#22788110)

Mac users really should stop being so blase about anti-virus software on their Macs because they should run it.

And if Rich Mogull is arrogant enough to believe he doesn't need it, then he shouldn't be calling himself a security expert. The fact is that virused propagate for two reasons:

1. Because an exploited security hole in the OS let's them get in and out, and

2. Because the virus has a similar enough system to propagate to.

Yep, Windows has security holes (but then so has OS X) but the greater issue is that Windows own levels of high compatibility going right from DOS up to Vista means that a well-written virus will probably be able to run on just about any PC.

Switch to a Mac, and you still have a population of similar-enough machines across which a virus can also propagate and it is very dangerous to assume anything otherwise.

Re:Then Rich Mogull Ain't No Security Expert (4, Insightful)

reidconti (219106) | more than 6 years ago | (#22788270)

Mac users really should stop being so blase about anti-virus software on their Macs because they should run it.
snip

Switch to a Mac, and you still have a population of similar-enough machines across which a virus can also propagate and it is very dangerous to assume anything otherwise.
Why? How dangerous? And how is it dangerous to assume otherwise?

Why should I spend my time, money, and CPU cycles on running AV on a system that has an essentially 0 rate of virus infection? I've got a firewall on my network, *and* I've got the host firewall running on my Mac. I read my email in GMail and almost never open documents in Office, except those that come thru my work mail (via Entourage), which is scanned at the corporate level anyway.

I back up my files, so I'm not at (too much) risk for data loss.

Maybe once there are *real* viruses out there for the Mac, I will reevaluate. Maybe I will be unlucky, be one of the first ones to be hit by a Mac virus in the wild and have to spend a few hours reinstalling all my apps and restoring from backups. But so far, if I ran AV, I'd just be investing real time and money into defending against an all-but-nonexistent threat. The cost/benefit just isn't there.

Re:Then Rich Mogull Ain't No Security Expert (4, Interesting)

DaphneDiane (72889) | more than 6 years ago | (#22788304)

And how is the antivirus going to catch the problem when it first appears? When large scale OS-X viruses start appearing the existing AV software won't recognize them or know how to handle them. The software needs to have either a signature of known viruses or a heuristic that catches likely viruses. Without a large pool of OS X viruses it would be next to impossible for any AV software to protect against future threats. AV software is reactive security, not proactive. The only thing an AV program before then will do is protect against some older Mac OS virus and help avoid passing windows virus, that and decrease performance and increase energy usage. As the article says the best thing to do is be smart about how you use the computer and keep abreast of any changes. Because of their limited numbers any notable Mac viruses will get reported soon after they are found, at which point it may be worthwhile reconsidering the use of AV software. Just because there is not such thing as a secure computer doesn't mean that best way to balance the risks / cost ratio for all systems is the same.

Re:Then Rich Mogull Ain't No Security Expert (4, Insightful)

z4ce (67861) | more than 6 years ago | (#22788340)

Any computer expert doesn't need anti-virus. As a matter of a fact, anyone remotely computer savvy doesn't need anti-virus. As long as you keep your patches up to date you're basically as secure as you can be from viruses assuming you don't allow the virus in.

If a virus is sophisticated enough to spread without user interaction chances are it spreads faster than definition files (e.g. SQL Slammer).

I have run without anti-virus for about 15 years or so and I have only been infected with two viruses. One from the MS-DOS days by leaving a disk in a computer and another that wasn't strictly a virus but malware from mistyping a domain. Malware that anti-virus wouldn't have detected or prevented anyway.

It seems like there are only two cases both of which anti-virus is pretty much useless for sophisticated users: 1) The virus is old. In which case it would require manual intervention to install into your system since a patch has been released. or 2) The virus is new. In which case the definition files won't catch it anyway. (yeah, I know heuristics.. but come on they never really work beside throwing false positives).

Re:Then Rich Mogull Ain't No Security Expert (1)

0racle (667029) | more than 6 years ago | (#22788364)

Switch to a Mac, and you still have a population of similar-enough machines across which a virus can also propagate and it is very dangerous to assume anything otherwise.
Well, you would need a OS X virus first. Then you would have to wait for AV software to be updated to scan for it.

Mac AV software scans for Windows infections so unless you're running Server or using a desktop Mac as a file server, it really isn't worth it.

Re:Then Rich Mogull Ain't No Security Expert (1)

Mox-Dragon (87528) | more than 6 years ago | (#22788504)

And if Rich Mogull is arrogant enough to believe he doesn't need it, then he shouldn't be calling himself a security expert

I've never used antivirus on windows; nor have I ever gotten a virus on windows, so I feel like I'm justified in arriving at the conclusion that I don't need it. Antivirus software seems (anecdotally, anyway) only necessary if your computer engages in risky and promiscuous, uh, behavior. Or if you buy digital picture frames.

Yep, Windows has security holes (but then so has OS X) but the greater issue is that Windows own levels of high compatibility going right from DOS up to Vista means that a well-written virus will probably be able to run on just about any PC.

I have always been under the impression that OSX uses a fundamentally different (unix-style) security model that is inherently more secure, and that this will have more of an impact than any sort of after-the-fact antivirus software or defender programs.

Re:Then Rich Mogull Ain't No Security Expert (1)

pandrijeczko (588093) | more than 6 years ago | (#22788694)

I've never used antivirus on windows; nor have I ever gotten a virus on windows, so I feel like I'm justified in arriving at the conclusion that I don't need it.

I fully accept that argument on the basis that you're very careful on not going to dodgy web sites, never open any suspicious email attachments and probably don't use IE or Outlook for browsing and email respectively. But most normal users, including Mac ones, are not as careful as you or I.

have always been under the impression that OSX uses a fundamentally different (unix-style) security model that is inherently more secure, and that this will have more of an impact than any sort of after-the-fact antivirus software or defender programs.

Essentially there's two ways a computer can be compromised - either a self-propagating virus that get's in through a security hole in a piece of software running with high-level privileges or a directed attack trying to buffer overflow ("crash") a particular service to drop it to a shell prompt. The former are common Windows exploits, the latter are common UNIX exploits.

The reason why UNIX is considered "more secure" is that it takes a lot more work to compromise a UNIX system than it does a Windows one. Someone or some bot that is attacking a UNIX daemon ("service") usually has to know what version of the daemon is running on the system to know whether or not the exploit is open or closed. Bearing in mind the number of different flavours and architectures of UNIX (bearing in mind that a program that runs on a Sun Server with Solaris more than likely won't run on a Linux PC), the population of similar machines running the same exploitable software is quite small - not to mention the fact that, by their very nature, experienced UNIX people are a bit more hot on installing updates than an average home Windows user would be.

So yes, any OS can be susceptible to a virus or buffer overflow attack but how widespread that attack is depends on having a number of similar machines to be able to propagate that attack across - for Windows, that's a high number, for Linux (bearing in mind the differences between the various Linux distros out there), it's a much smaller number.

Because Macs essentially all run some version of OS X, from a risk perspective they would sit somewhere between Windows and UNIX.

Re:Then Rich Mogull Ain't No Security Expert (1)

edwardpickman (965122) | more than 6 years ago | (#22788686)

I've had nothing but grief with anti virus software on my PCs. I've run my Mac for nearly 2 years without a single problem including Adware/Malware. I've got five PCs and one Mac and thus far the Mac is the only one problem free. "Well ya never know" isn't a practical reason when I face hassles and performance issues using anti virus on a machine that has near zero risk of infection. I keep getting this feeling the PC community wants Macs to get infected so they'll feel better about their PCs. There are hundreds of millions of PC viruses in the wild. Even if Macs start getting infected they'll have a long way to be a 1/100th the problem it is with PCs. Low market share is also a pointless excuse. What was the most virus prone computer ever made? An Amiga, and they never had a large market share. Why so many viruses? It was easy to write and spread them on an Amiga. People don't write viruses for PCs instead of Macs because PCs are more popular it's because it's easier. Nearly 15% market share is a huge number and still no major in the wild virus hits? Deal with it Macs are very secure compared to PCs.

Presidential Memo To Slashdot (0)

Anonymous Coward | more than 6 years ago | (#22788118)

President-VICE Richard B. Cheney always runs anti-virus software on his Mac.

You never know when those NSA intercepts of financial market orders in anticipation of the subprime mortgage collapse statements might occur.

Criminally Forever,
George W. Bush [lifeaftertheoilcrash.net]

Depends on user (2, Interesting)

warrior_s (881715) | more than 6 years ago | (#22788132)

I think it depends what kind of user are you talking about.

If a user is careful about not downloading programs from random sites and installing those, as well as careful in opening email attachments.. i think one should be good to go without antivirus on most of the OS's not only OS-X

OTOH, if one just open every email attachment (s)he gets.. then even antivirus can not help sometimes (e.g. against some new vulnerability)

How much higher do you want? (1)

MMC Monster (602931) | more than 6 years ago | (#22788146)

Isn't 5 percent of computers enough to be worth infecting? How about the fame of creating the first Mac OS X Leopard worm?

You'll hear about it. (1)

The Ancients (626689) | more than 6 years ago | (#22788150)

I have ClamXav installed, and run it every now and then, and it never finds anything (apart from warnings about oversize archives - i.e. large zip files). It almost goes without saying that when a genuine malware threat hits the OS X platform, it will be all over the news - or at least the news I read, anyway.

sudo or equivalent (1)

Gothmolly (148874) | more than 6 years ago | (#22788166)

I run ubuntu on my desktop, and dont run random executables. Why would I need AV ?

Just like Linux (4, Insightful)

aitikin (909209) | more than 6 years ago | (#22788182)

IMHO Mac users who send out files to people should probably use a virus checker. It's just polite. The fact that something can't cause damage to your machine doesn't mean you shouldn't check it to make sure it won't hurt someone else's I'm kinda being hypocritical here, seeing as in my years running Macs and Linux boxes, I've rarely run virus checkers, but then again, I hardly forward email and almost never deal with attachments.

Just because it won't effect you doesn't mean it won't effect someone you know. Now here's where everyone will start saying, "it's teh windoze uzer's own fault! Dey shouldn't be so dumb!" but seriously people, if you want to show people that Unix is a better choice, show them by helping, not by hurting.

Re:Just like Linux (1)

maxume (22995) | more than 6 years ago | (#22788518)

Also, virus writers should make sure that any email with their payload contains some nice text explaining that it has been scanned and is free of viruses.

Users aren't generally going to go through the process of authenticating a message in a rigorous manner. Text in the message body is worthless.

Yes (1)

dunezone (899268) | more than 6 years ago | (#22788186)

My major concern would be with swapping USB flash drives between machines from home and work and such. Might as well have the defense up if it doesn't interfere with what you do.

I wrote this but first, I don't know what I was thinking.

"Why wouldn't you? Cause the risk is low? Thats like having sex with a girl and not wearing a condom cause the risk is low of catching something. You might as well put the extra layer of protection just as some sort of defense just to be on the safe side."

Re:Yes (5, Funny)

The End Of Days (1243248) | more than 6 years ago | (#22788258)

But computing feels so much better without antivirus.

I do (0)

Anonymous Coward | more than 6 years ago | (#22788190)

I use clamxav... if for no other reason than not to pass infected files back and forth to Windows using friends/family.

doesn't hurt (4, Interesting)

gEvil (beta) (945888) | more than 6 years ago | (#22788208)

I used to work at a computer lab that was all Macs at a school. For a short while we didn't run any AV software on the machines--until we started getting complaints from other departments that files that were coming from us had viruses. Turns out that Office for Mac is a perfect vector for all those pesky macro viruses that would find their way onto machines. It wasn't incredibly serious, but it was enough to get us to put AV software back on the Macs.

Re:doesn't hurt (1)

Creepy Crawler (680178) | more than 6 years ago | (#22788484)

I'd be pointing my finger at the admin, in that case.

There's no reason why mac networks should NOT be firewalled to Windows networks. They both are chatty in their own right, but on different protocols. Just because a machine can get on the net at large (without a NAT), doesnt mean there shouldn't be a firewall stopping stupid sutff, even internally.

Re:doesn't hurt (1)

vought (160908) | more than 6 years ago | (#22788566)

They both are chatty in their own right, but on different protocols.
Not necessarily. You can turn off AppleTalk over IP and just go with SMB on the Mac if you really want to.

Not that you'd really want to.

There are differences between Windows/*nix (1, Interesting)

joeflies (529536) | more than 6 years ago | (#22788218)

the primary difference is the elevation of privleges. Malware and viruses on Windows have no problem taking over the whole machine, because regardless of what user is running the malware, the whole box can be taken over because the user has full admin privleges.

For a *nix environment, even if malware got in through the user's browser, it still needs an escalation of privleges to do real bad harm. Without it, the damage is largely contained to the data in the user's directory.

Re:There are differences between Windows/*nix (1)

Anguirel (58085) | more than 6 years ago | (#22788366)

Just because you're foolish enough to run your Windows as an admin doesn't mean it is necessary to do so. Windows can be locked up in exactly the same way that other OSes can be, with heavy access restrictions on various directories, inability to install or access protected files, and so on. You can also run *nix as root at the time. It's just most people using those systems know better.

Macs in my experience are for certain types of professionals (generally artists of various sorts) who should know better, and people who know less about computers and software than your average Windows user. That latter class would be incredibly vulnerable, and might well be running in a privileged mode that could compromise the entire system, or enough of it that it makes little difference that some tiny bit is locked off.

The security differences between *nix and Windows are largely in the user base, and in the total number of users than can propogate an issue, not in the code itself.

Re:There are differences between Windows/*nix (4, Insightful)

jroysdon (201893) | more than 6 years ago | (#22788576)

Yes/no. While you can run as a non-admin user on Windows, many apps won't work this way. At a minimum many require Power User access (I think that is the group). I set up my in-laws to use a non-Admin and they cannot access their Kodak camera unless they switch to Administrator (which they do and tell it to download, and then switch back to their regular user). They rarely install apps, but if they need to, again, they just switch to Administrator (showing them how to "Run As" is harder than just having them switch users). I can't recall the rest of the apps, but a number of customers cannot run as a non-local administrator.

Why does marketshare really matter? (3, Insightful)

xjerky (128399) | more than 6 years ago | (#22788268)

If there were widespread vulnerabilities in OS X the way Windows does, wouldn't someone want the bragging rights to say that they wrote the first OS X virus?

Re:Why does marketshare really matter? (1)

dfghjk (711126) | more than 6 years ago | (#22788472)

Yes they would, but they wouldn't want it nearly as much as comparable bragging rights on a dramatically larger installed base. That's why marketshare matters.

Of course, last month's marketshare doesn't matter at all, but that's the one that's quoted because it makes Apple look a lot better. That should tell you the author's slant.

Yes, but... (1)

ZeroExistenZ (721849) | more than 6 years ago | (#22788284)

.. they wouldn't know how.

No (2, Insightful)

Anonymous Coward | more than 6 years ago | (#22788288)

Macs dont have viruses.

If you go to an APple retail store you can play with the Macs, get on the internet .. browse files, launch whatever apps you feel like. When you go to a PC store or section within a store .. the PCs are always locked down and have a demo running on it. It just seems to me like Apple is rightfully confident malware can't run on the Mac.

Re:No (1)

Drakin020 (980931) | more than 6 years ago | (#22788500)

Wow....that's just pure dumb right there.

I wish you Apple kids would get off your high horse and stop this "Mac doesn't have viruses" nonsense.

Re:No (1)

brunascle (994197) | more than 6 years ago | (#22788650)

the PCs are always locked down and have a demo running on it
no, they're not. i've seen a couple like that, but it's rare.

not commenting on pc/mac security, just pointing out your argument is blatantly false.

Only if you'refrom the US (5, Informative)

jonnyj (1011131) | more than 6 years ago | (#22788334)

Last month Apple had 14% of PC sales, but 25% of dollar value.

This is just a teeny-weeny bit unreal. Close inspection reveals that the cited article refers to US-based PC retail sales.

There is more to the world than the US. And there's more to sales than retail sales. Apple has much lower sales penetration in Europe and Asia, and it has much lower sales in the commercial sector. Apple might be on enjoying a renaissance, but don't be fooled by inappropriate statistics.

No because... (1)

DigitalisAkujin (846133) | more than 6 years ago | (#22788382)

Anti-virus software is only as good as it's detection methods are. Since detection methods are usually only helpful for known viruses the likely hood of anti-virus software actually being helpful is minimal. Chances are that an update will fix the exploit in line with an update to your anti-virus software but alas, by then, it's too late. Then again Apple doesn't have a very good track record on issuing fast updates to combat known exploits.

The issue is no different on OSX, Linux, or Windows. They all have holes. You just need to give someone enough incentive to go stealing pieces of the pie. Windows just happens to have more of it.

In other words (0)

Anonymous Coward | more than 6 years ago | (#22788394)

It costs you $2.40 to run a Mac for every $1.50 you would spend on a PC.

Don't be silly. (1)

v(*_*)vvvv (233078) | more than 6 years ago | (#22788398)

Macs are secure dummy. Look whose sneezing [youtube.com] . Get a Mac!

Here's what I tell my Mac user friends (0)

Anonymous Coward | more than 6 years ago | (#22788410)

Right now, antivirus protection on the Mac is mainly aimed at protecting Windows machines. If you regularly share files with a Windows machine, and you want to make sure you don't pass anything on to that computer that could infect it, run antivirus software on your Mac. (You can even choose to scan just the files that you're passing on.)

Otherwise, there's really no need at this time. Since most antivirus software is signature-based, and there aren't really any viruses for the Mac right now that don't helpfully ask for your Administrator password in order to install them, it's much more productive to simply focus on practicing safer computing procedures*.

*As in, make sure you know where that program or that update comes from before you install it, be sane and a little skeptical, and install critical Software Updates regularly. These things help protect non-Mac computers as well; it's just a little easier on the Mac because when a Mac user gets those ads saying "You need to clean your registry now," it's even more obvious that it's a scam.

If you're smart, you don't even need it on a PC (1, Insightful)

OMNIpotusCOM (1230884) | more than 6 years ago | (#22788436)

I can't tell you how long it's been since I've had a virus. Just don't open those idiot emails, don't follows links in them, don't follow links in IMs, use FireFox, etc... viruses and spyware go down to nearly nil if you just stop using IE and be smart about your email.

I'd worry about viruses on my Mac... (1)

lpangelrob (714473) | more than 6 years ago | (#22788442)

I'd worry about viruses on my Mac, but I'm spending more of my worrying time making sure that someone looking like Chase isn't trying to steal my account information through a phishing attempt that got past Gmail.

And seeing how good Gmail has gotten about that lately, I'm not spending that much worrying time on phishing at all.

Wrong Question (4, Interesting)

bhima (46039) | more than 6 years ago | (#22788460)

The right question is "Should Apple take security more seriously?" YES and "Should Apple be more proactive in dealing with security issues?" YES. "Should Apple be closely following the tactics of various malware propagators and bot net operators?" YES.

Bringing the Anti-virus & Registry Cleaner snake oil salesmen to the Mac isn't going to do anyone any good.

Having said all that I used to use clam but never reinstalled it when I move to Leopard...

Even on Windows... (0)

Anonymous Coward | more than 6 years ago | (#22788468)

I don't run any virus protection on Windows XP. I've been using it since it came out. I didn't run virus protection on Win2K either.

I have never had a virus infection on my internet-connected computer.

No Mac users should not run anti-virus software (1, Insightful)

t-maxx cowboy (449313) | more than 6 years ago | (#22788510)

I don't think Mac users, Windows users, or other OS users for that matter should run anti-virus software. As many people have already pointed out your computer takes a performance hit, having to scan for a virus on every file read or write.

People should learn not to open files from e-mail unless they know that the file is coming from a reliable source. I do not use an anti-virus application on my Mac, but then again I didn't run one on my Linux box before that or my Windows box before that. I just plainly did not open attachments or or download files that I could not verify came from a reliable source.

How hard is it really for someone to send an e-mail back to their friend or family member and ask them if they created the file they sent, or know who created the file personally? If they say they did, then you stand a fairly good chance it did not contain a virus. If they say no they received it in an e-mail sent to them by who knows who, then tell them you won't be opening it. This leads me to chain e-mail and e-mail forwarding etiquette in general, but that is another story.

That being said, anyone who does not want to learn common sense, should go ahead and install an anti-virus application, take the performance hit and live with it. Don't call the rest of us when you get infected either, while running your ever up to date anti-virus application, call your anti-virus software developer and complain. I am at the point personally where I won't be doing viruses for much longer, whether that is on Windows, other OS's or Mac. I have cleaned enough viruses from other peoples computers, that if they don't hurry up and smarten up they are on their own.

If I ever feel the need for an anti-virus application, I will be running it on demand, and the darn thing better not install any services that will slow my machine down. The only time my machine should slow down from running an anti-virus is if I tell it to run a scan.

OS X Server does by default (4, Interesting)

BearRanger (945122) | more than 6 years ago | (#22788544)

I note that Leopard Server runs ClamAV by default, and does so without user intervention. Of course the mission for the server release is different from that of the desktop, and there may be an expectation that you'll be interacting with Windows at some point. It's capable of supporting Windows clients, and for that you should have an AV suite. It would be beyond foolish not to have one.

Still, many people interact with Windows from their client Macs too, but not everyone. Windows is not a part of my life, for instance.

Apple obviously felt it necessary to include an AV suite for the server release. They've tailored it for the OS, so why not ship it by default with the client release as well? Perhaps because they feel it isn't necessary, and they're choosing to err on the side of fewer wasted cycles for the majority of their users? I suspect that if a bona fide threat to OS X ever does appear ClamAV will be made available for the client release via Software Update the next day.

Parrallels (1)

Bryansix (761547) | more than 6 years ago | (#22788556)

I can't spell that word. Anyways, if you run that program remember that you need to patch the Windows installation and run an Anti-Virus on it just like if it was it's own computer.

AV madness (1)

digitalhermit (113459) | more than 6 years ago | (#22788610)

The whole signature based approach to AV seems so bizarre. Imagine trying to get into a nightclub.. The bouncer has a list. If you want to get in, he checks the list. If you're *not* on the list, then you can get in. The club owner is concerned because he keeps his wine and beer in the club and doesn't want it to disappear overnight.

Of course the problem with analogies is that they can fail. No one wants the Microsoft solution where applications need to be certified to run. This might be equivalent to the bouncer calling the club owner to see if someone is allowed in. Or having a list where only people on the list are allowed in...

Then you have to hire a couple bouncers because every minute you're checking if someone is allowed in. The club owner gets called all the time because he has to OK every single app. So he makes a declaration that anyone wearing acceptable clothing is allowed in. This works for a while, until some people you don't want in start wearing some acceptable clothing.

So maybe the club owner decides to change how he operates. Instead of keeping the wine and beer freely accessible to anyone who enters the club, he puts it behind a bar. People can come in, have fun, but they'll never be able to get the beer and wine unless they can show some ID. The club owner also starts putting all the important papers in a locked room away from the bar.

So strained analogies aside, whether or not you use an AV scanner can be irrelevant. If you can sandbox your web and email then you'd not have to worry about a whole class of vulnerabilities.

I can't get into trendy clubs anyway, so take it how you will.

This Can't Be True! (0)

Anonymous Coward | more than 6 years ago | (#22788658)

Everyone knows that Apple is on it's last legs, going under, doomed,blah blah blah.

anti virus software is snake oil (1)

sentientbrendan (316150) | more than 6 years ago | (#22788662)

anti virus software is designed to make you feel safer without actually doing that much. Typically, all of the anti virus vendors out there combined can't remove more than a third of the viruses that will end up on your computer if it gets exposed while unpatched to the virus stew out on networks like comcast.

The truth is that running behind a hardware firewall and a NAT, having unnecessary services turned off, not running software from untrusted sources, and running everything you can as an unprivileged user are the best methods for preventing infection. If you actually do get infected, you're pretty much screwed. It's very unlikely that AV software will be able to remove all of the viruses on your machine. You pretty much have to reinstall.

For all of these reasons, I actually advise that even windows users do *not* run AV software, as it often provides a false sense of security. In addition to that, AV software often bogs down your computer and screws with your network traffic. A number of AV packages will actually listen in on your network traffic to see if virus traffic is being transmitted. Since everything has to be scanned before it is sent out, this will greatly increase your latency, decrease your throughput, and cause unnecessary CPU activity for network IO.

Cheap routers for home use largely make AV software obsolete on the home front, where it was most used. The places where you have to worry are large businesses and dorms. At dorms I advise that you throw a cheap router in between your windows box and the network connection. In businesses, the IT department will track what viruses are on the network you should just be careful to stay patched and not *introduce* any new viruses by running untrusted software.

As far as macs go, I've never even met anyone who's gotten a virus for his mac, and I used macs for well over 10 years. As long as there aren't too many macs on a given network, it is impossible for viruses to spread. Windows viruses can spread because there are many viruses written for them, and because there are networks with thousands of windows machines attached.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?