Do we need an antivirus on OS X?

[GGJstudios]

With that said, I think GGJstudios's contention that by always following safe computing practices will result in a 100% malware-free system, or to fixate on one particular type of malware (virus) to the degree you are doing without talking seriously about others, while ignoring the very real known vulnerabilities that exist in OS X, is irresponsible.

If you have read my posts, you would know that I don't "fixate" on viruses, but clearly address the OS X malware that does exist in the wild, all of which can successfully be avoided through safe computing. As for vulnerabilities, every OS has them, but unless exploits exist in the wild, they pose no threat. Also, no antivirus app will protect against unexploited vulnerabilities.

If you disagree with my contention, you can refute it by posting evidence of a single in-the-wild OS X infection that safe computing could not avoid.

 

[Artimus12]

The two links (previously posted) are lacking in substance, and are nothing more than an advertisement for a specific software. In other words, you aren't missing anything.

ahh, thanks for that - I feel better for knowing I'm not missing out.

I think the OP's question is kind of a moot point as OS X already has antimalware built in, i.e. XProtect. I agree that using safe computing practices is the best thing one can do to protect oneself. But let's be realistic in that every instance, we cannot expect everyone to follow best practices when it comes to using a computer. Installing AV software is one way of compensating for this shortcoming.

I think it's also worth pointing out that Apple could do a better job of making OS X hardened better against threats out of the box. For example, they're first use wizard could walk users through creating non-administrative accounts for daily use, and the built-in GUI firewall could be enabled by default (and the GUI firewall could include more sophisticated configuration options as well).

With that said, I think GGJstudios's contention that by always following safe computing practices will result in a 100% malware-free system, or to fixate on one particular type of malware (virus) to the degree you are doing without talking seriously about others, while ignoring the very real known vulnerabilities that exist in OS X, is irresponsible. Despite all the security-related press that Apple have received in recent years, it is unconscionable that Apple still includes vulnerable versions of software in currently-supported versions of OS X (Apache comes to mind). Things like Apache, bash, ntpd, etc. are all components that are ripe for exploitation under the right circumstances and the more technically-inclined folks around here need to keep that in mind.



This is not true. The ntpd vulnerability is a recent example of how one can execute arbitrary code remotely on a Mac with root privileges. Note: it is not necessary to run ntpd as root, but Apple does it anyway. This is bad practice!

Current internet protocols and standards do not allow for the 100% secure OS - even with the safe computing practices that GGJ and his followers allude to. It's just not possible to have a secure computer in an insecure environment.

Whilst Apple could do more to help in the fight against infection, they can't completely eliminate the threat because of the very standards used for connecting to the outside world. There will always be a certain amount of risk, but those that rely only on safe computing practices may not be notified that they have been infected for sometime after those with scanners have had a pop-up warning of a possible infection because the blinkered 100% belief leaves no room for any other possibility.

 

[Artimus12]

...

If you disagree with my contention, you can refute it by posting evidence of a single in-the-wild OS X infection that safe computing could not avoid.

Please post evidence - without the use of any third party malware scanner - that your OS isn't currently infected.

 

[GGJstudios]

Please post evidence - without the use of any third party malware scanner - that your OS isn't currently infected.

Please post evidence, with or without a malware scanner, that it is. You can't, because all any anti-malware scanner can prove is that it didn't detect anything, and since no anti-malware app has a 100% rate, that doesn't mean much. I do, however know all the infection methods used by all OS X malware that has ever existed in the wild. None of these methods have been possible on my system, because such methods have been blocked by safe computing practices.

 

[aquajet]

If you have read my posts, you would know that I don't "fixate" on viruses, but clearly address the OS X malware that does exist in the wild, all of which can successfully be avoided through safe computing. As for vulnerabilities, every OS has them, but unless exploits exist in the wild, they pose no threat. Also, no antivirus app will protect against unexploited vulnerabilities.

If you disagree with my contention, you can refute it by posting evidence of a single in-the-wild OS X infection that safe computing could not avoid.

I think you're missing the point here, which is that we cannot pretend to parade around as safe computing crusaders and expect everything to be hunky dory. Yes it's important, but it's also important to have security in layers, and AV is one of those layers. An example -- my employer spends a not trivial amount of money on training programs for employees using technology in a safe manner, but unfortunately we still see compromises due to unsafe behavior of various sorts. Without getting into too many details, sometimes these "unsafe behaviors" are unavoidable from a business perspective. AV can and does occasionally help in this regard, as does the other systems we have in place (such as intrusion detection systems at our network border) which provide tools to help keep our environment secure, alert us when there is a problem, and minimize the impact when a problem does occur.

Flashback comes to mind here as a specific example of OS X malware that turned out to be quite pervasive. Sure, with the initial version compromise could have been avoided by using "safe computing practices", but with infection numbers that numbered in the hundreds of thousands, only highlights my point above. AV software ultimately turned out to be an important tool in mitigating the threat.

 

[Artimus12]

Please post evidence, with or without a malware scanner, that it is. You can't, because all any anti-malware scanner can prove is that it didn't detect anything, and since no anti-malware app has a 100% rate, that doesn't mean much. I do, however know all the infection methods used by all OS X malware that has ever existed in the wild. None of these methods have been possible on my system, because such methods have been blocked by safe computing practices.

You regular line of defence is to ask for evidence and I've seen you ask for claims to be removed because of a lack of evidence - so in practicing what you preach you'd be doing so much to validate your claims regarding safe computing! Yet I fear you can't link to the evidence asked for because you have no way - other than third party scanners - of proving your system is actually free from contagion! Furthermore, even if you did use a third party scanner, that itself - to use your own estimate - would only suffice to prove up to 90% of your claim! leaving 10% of your claim unproven.

I'm not arguing with you, I'm just requesting you prove your claim - which seems appropriate, topical and reasonable.

Thanks in advance.

 

[OneAnswer]

but with infection numbers that numbered in the hundreds of thousands, only highlights my point above.

It highlights, that one percent of Mac users does not employ safe security steps.

I have run Sophos for some months some years ago, I visited every "dark" website I could think of several times, it only detected Windows malware.
The same goes for ClamXAV, though it did not detect any kind of malware in the last months I used it on my older computer.

My new computer is up to date, configured in a safely manner and for the time being AV software free. Why? Because I trust myself to employ those simple steps.

 

[GGJstudios]

... but unfortunately we still see compromises due to unsafe behavior of various sorts. Without getting into too many details, sometimes these "unsafe behaviors" are unavoidable from a business perspective. AV can and does occasionally help in this regard

In other words, AV can provide some protection in those cases when there is a lapse in safe computing practices.

Flashback comes to mind here as a specific example of OS X malware that turned out to be quite pervasive. ...

AV software ultimately turned out to be an important tool in mitigating the threat.

In the same way, MacDefender was rather pervasive and was initially not detected as malware by any antivirus app, while those practicing safe computing were completely protected.

As I've stated before, I am not against the idea of using antivirus software, as long as the user understands that such software does not provide any protection beyond that provided by safe computing, such software does not have 100% detection rates, and that such software is not a substitute for safe computing practices.

 

[aquajet]

Fair enough. I'm not sure we disagree all that much ;-)

 

[GGJstudios]

You regular line of defence is to ask for evidence and I've seen you ask for claims to be removed because of a lack of evidence - so in practicing what you preach you'd be doing so much to validate your claims regarding safe computing!

I've already provided that evidence. There are only certain ways for a Mac to be infected by OS X malware in the wild. If those attack vectors do not exist on a system, infection is not possible.

 

[Artimus12]

I've already provided that evidence. There are only certain ways for a Mac to be infected by OS X malware in the wild. If those attack vectors do not exist on a system, infection is not possible.

can you provide the link?

 

[GGJstudios]

can you provide the link?

Sure. Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.

Then name one instance of OS X malware in the wild that cannot be avoided by following those recommendations.

 

[Artimus12]

Sure. Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.

Then name one instance of OS X malware in the wild that cannot be avoided by following those recommendations.

But you haven't provided the evidence that your system isn't currently infected with any form of malware, new or old - which is what I asked for.

You can't prove your claim, so by your own default, it can't be valid.

Good night Sir.

 

[GGJstudios]

But you haven't provided the evidence that your system isn't currently infected with any form of malware, new or old - which is what I asked for.

You can't prove your claim, so by your own default, it can't be valid.

Yes, I can prove it, and have. If you can't read and understand the proof, that's your responsibility.

 

[Artimus12]

Yes, I can prove it, and have. If you can't read and understand the proof, that's your responsibility.

This isn't the first time you've attempted to belittle those that ask pertinent questions, and I've told you before, That won't deter me from asking what needs to be asked. Posting links to best practises and claiming you follow them, so you're 100% clean! doesn't prove your system doesn't have any malware on it. So far we only have your word - and a promise is a comfort to a fool.

Can you link us to the log file that proves your system is currently malware free, &\or just post it here? or you can't prove your claim. Which is it?

Thanks.

 

[GGJstudios]

This isn't the first time you've attempted to belittle those that ask pertinent questions,

I haven't attempted to belittle anyone. I simply stated that your comprehension of the facts presented is your responsibility, not mine.

Can you link us to the log file that proves your system is currently malware free, &\or just post it here?

No log is required. Because I have always practiced the safe computing steps I've posted for as long as I've run OS X, I'll re-quote my original statement, which proves the absence of the possibility of infection on my systems.

I prefer being 100% certain that my Mac is not infected with any OS X malware, because I know that none of the vectors through which infection can occur are present on my system. Because I practice safe computing, not one instance of existing OS X malware in the wild can be introduced to my system, including ones that antivirus apps can detect and including ones that they can't.

 

[Artimus12]

I haven't attempted to belittle anyone. I simply stated that your comprehension of the facts presented is your responsibility, not mine.

No log is required. Because I have always practiced the safe computing steps I've posted for as long as I've run OS X, I'll re-quote my original statement, which proves the absence of the possibility of infection on my systems.

so the answer is no and your claims are invalid.

Okay, thought as much.!I'll be sure to inform every future poster that asks a similar question.

Thanks again for the confirmation.

 

[GGJstudios]

so the answer is no and your claims are invalid.

The answer is yes, and my claims are quite valid. Because the proof doesn't conform to your idea of what the proof should look like does not in any way invalidate the truth. You're looking for proof in the form of a log or report from some software which is admittedly not completely accurate. What you ask for wouldn't prove anything.

Anyone who understands the simplest of logic can see the proof.

If condition A is required for B to occur, and condition A does not exist, then B cannot occur. It doesn't get any simpler than that.

For example, in order for a Mac to be infected by the Flashback Trojan, Java must be enabled in the browser. If Java was never enabled, that infection could not occur. No report is needed to prove that.

 

[Artimus12]

but what about condition C?

 

[USF813]

It certainly is a personal decision, which is why those claiming you need to run antivirus software are in the wrong. You may run it, if you wish, but it's not necessary to keep OS X malware-free if you practice safe computing. If you do elect to run antivirus software, you should still practice safe computing, since no antivirus app will detect 100% of OS X malware, but safe computing will avoid 100% of OS X malware in the wild.

LOL! Understanding the steps in safe computing is not thousands of pages. If you had taken the time to actually click the links and read the safe computing tips, you would see that there are less than a dozen, most of which are simple common sense that any OS X user should easily understand.

Quite frankly I find the tone in your posts condescending and somewhat judgemental. How about knocking off telling people what YOU feel they don't need. It's none of your business for Gods sake!

My idea of safe computing is installing an anti-virus. I don't spend my life wondering if every webpage or email I open is going to infect my computer! And to be perfectly honest, the link you provide in every single post is like the boy crying wolf. At some point no one is going to care anymore. I know I don't.

 

[GGJstudios]

but what about condition C?

If condition A is required, other conditions are irrelevant.

Quite frankly I find the tone in your posts condescending and somewhat judgemental. How about knocking off telling people what YOU feel they don't need. It's none of your business for Gods sake!

My idea of safe computing is installing an anti-virus. I don't spend my life wondering if every webpage or email I open is going to infect my computer!

It's not a matter of what I feel or think. It's a matter of facts. If someone practices safe computing, antivirus is not needed to protect against OS X malware in the wild. That is a fact.

If you or anyone wants to install antivirus, that's your choice. I'm not telling anyone what to do. I'm stating facts. Installing antivirus software is not the same as practicing safe computing and if you do the former without the latter, you are not protected against all OS X malware in the wild. That is a fact.

And to be perfectly honest, the link you provide in every single post is like the boy crying wolf. At some point no one is going to care anymore. I know I don't.

If you don't care, that's up to you. There are plenty of new and existing Mac users who benefit from knowing the facts about OS X malware. My posts are for their benefit, not for those who want to argue for the sake of arguing. My purpose is to counter the misinformation that many have posted about antivirus apps. Enough have benefitted from that purpose that I don't worry about the small minority who challenge the facts.

 

[m4v3r1ck]

Is this one of those threads, yes it is! Peoples that never get to terms with the fact that the other one has a different point of view, turning the corner left or right is a choise made! This thread has become driving into a dead-end street. Quit boring and not contributing to the forums at all! Never saw so much repeated judgements and statements in one thread. Quiet a pitty that you guys use your great knowledge in this way.... Make your statement and move on?

 

[Ulenspiegel]

The two links (previously posted) are lacking in substance, and are nothing more than an advertisement for a specific software. In other words, you aren't missing anything.

If enumerating Mac threats (Malware) from 2004 to 2014 in this thread is lacking substance then I have nothing to do here.

 

[Apple_Robert]

If enumerating Mac threats (Malware) from 2004 to 2014 in this thread is lacking substance then I have nothing to do here.

Stating there have been past Malware has not been in dispute in the thread. That is all the poorly written article did was point out the different Malware and then at the end gave a link to the company's product. It did not go into detail about how to try and prevent such other than promote the company product. It was akin to a Montel Williams infomerical.

 

[Ulenspiegel]

Stating there have been past Malware has not been in dispute in the thread. That is all the poorly written article did was point out the different Malware and then at the end gave a link to the company's product. It did not go into detail about how to try and prevent such other than promote the company product. It was akin to a Montel Williams infomerical.

1. That is the site you debunked:

"We Live Security comes from the brains at ESET – experienced researchers with in-depth knowledge of the latest threats and security trends. It’s an editorial outlet for internet security news, views and insight, covering the latest, breaking security news, alongside video tutorials, in-depth features, and podcasts. The site aims to cater for all skill levels, from battle-hardened coders to people just looking for advice on how to secure their data effectively.

ESET is home to some of the finest security researchers in the world and here you can read their thoughts and findings as they identify and analyze new security threats on a daily basis.

We Live Security is a truly international proposition, with research-teams in Slovakia, the USA, Canada, Germany and Argentina, our teams work around the globe (and around the clock) to bring you the latest security news and cutting edge research as it is released..."

http://www.welivesecurity.com/about-us/


2. That is the author you debunked:

Graham Cluley

INDEPENDENT SECURITY ANALYST
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon’s. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

In 2011 he was inducted into the InfoSecurity Europe Hall of Fame.

http://www.welivesecurity.com/our-experts/#more