Do we need an antivirus on OS X?

[Queen6]

If you can't trust Apple's engineers to keep your Mac safe, why would you trust an arbitrary third-party? You should probably run Kaspersky on top of Sophos to keep Sophos safe, and then run something to monitor Kaspersky, and so on...

Apple only covers a fraction of the available malware in the wild...

"Mac users can often be heard to say “I don’t need antivirus software, I have an Apple”. Unfortunately, this is a misguided conclusion. Whilst the dangers are certainly much less than with Windows computers, they do exist nonetheless. If nothing else, the recent spread of Mac Trojans proves this. Mac users who think they do not need to concern themselves have created an illusion. The claim that Apple users are less threatened than Windows users is currently still correct, but could change rapidly.

It was the low market share of Macs that limited the attentions of online criminals; now that Macs are becoming more popular, this state of affairs is changing. Something that many people forget is that phishing works equally well on any device with an integrated browser, regardless of whether this is Windows, Mac, Apple TV, Android, Symbian or Internet TV; phishing affects everyone equally.

The largest single case was the Flashback-Botnet, which affected over half a million Macs at the beginning of 2012. This may not sound like much, and indeed is not very much compared to the world of Windows computers, but only shows the tip of the iceberg. Macs are being attacked more and more by cybercriminals, who take advantage of the complacency towards malware threats amongst Mac users. Unlike Windows users, most Mac users do not have any additional protection against viruses on their computers.

As in the world of Windows, effective free antivirus programs are available for the Mac."

Like I say install, don't install it`s down to you. If you feel your system is secure enough for your use, it`s fine by me...

 

[chabig]

Apple only covers a fraction of the available malware in the wild...

As do third-party "protection" packages.

Security by obscurity was always a myth. It was never something Mac users hung their hats on. OS X is more secure than Windows by design.

 

[GGJstudios]

"Mac users can often be heard to say “I don’t need antivirus software, I have an Apple”. Unfortunately, this is a misguided conclusion.

I absolutely agree with this. Macs are not immune to malware. It is, however, accurate to say "I don't need antivirus software, because I have a Mac AND I practice safe computing." This is not misguided, as all OS X malware in the wild can be successfully avoided by practicing safe computing, without using 3rd party antivirus apps.

Macs are being attacked more and more by cybercriminals, who take advantage of the complacency towards malware threats amongst Mac users. Unlike Windows users, most Mac users do not have any additional protection against viruses on their computers.

This is also true. Running a Mac without antivirus software isn't being complacent or foolish, if the user is smart about how they use their computer. If they're careless, no antivirus app will protect them.

A classic example of this was the MacDefender malware. Not one antivirus app initially identified this as a threat, yet those practicing the safe computing tips I posted earlier were completely unaffected, proving that safe computing alone protects better than antivirus apps alone.

 

[Queen6]

As do third-party "protection" packages.

Security by obscurity was always a myth. It was never something Mac users hung their hats on. OS X is more secure than Windows by design.

Apparently many still believe...

Q-6

 

[Queen6]

I absolutely agree with this. Macs are not immune to malware. It is, however, accurate to say "I don't need antivirus software, because I have a Mac AND I practice safe computing." This is not misguided, as all OS X malware in the wild can be successfully avoided by practicing safe computing, without using 3rd party antivirus apps.

No, equally it`s naive and underestimates modern-day coders...

This is also true. Running a Mac without antivirus software isn't being complacent or foolish, if the user is smart about how they use their computer. If they're careless, no antivirus app will protect them.

Same applies, it`s just code, all code can be broken...

A classic example of this was the MacDefender malware. Not one antivirus app initially identified this as a threat, yet those practicing the safe computing tips I posted earlier were completely unaffected, proving that safe computing alone protects better than antivirus apps alone.

People are spoofed at the front door let alone on the web. Practising safe computing, with the addition of a reputable security application is a stronger solution than the singular, no?

Common sense applies...

 

[Abba1]

No, equally it`s naive and underestimates modern-day coders...



Same applies, it`s just code, all code can be broken...



People are spoofed at the front door let alone on the web. Practising safe computing, with the addition of a reputable security application is a stronger solution than the singular, no?

Common sense applies...

Agreed! It's not an "either or" matter, but can a combination of an anti-virus and safe computing. One problem with safe computing is that emails that seem to be legitimate are sometimes not. Another is that Google "Safe Browsing" is often off for days at a time. I believe I need all the protection I can get. Even safe neighborhoods, be they physical or virtual, are no longer safe. Common sense really does apply and self-protection is common sense.

I've been using Intego's VirusBarrier for years now and I try very hard to practice safe computing at the same time. I also use Intego's firewall over and above Mac's firewall. It automatically senses a change in location and changes protective settings accordingly. I firmly believe that the total is greater than the sum of its parts.

 

[GGJstudios]

No, equally it`s naive and underestimates modern-day coders...

Nonsense. Until you can name one instance of OS X malware in the wild that can't be avoided by practicing safe computing, but can be avoided by the use of an antivirus app, your argument for antivirus apps doesn't hold water. There have been instances of safe computing protecting OS X users when antivirus apps did not. The reverse has never happened. Until that scenario changes, your claim that practicing safe computing alone is naive is false.

Agreed! It's not an "either or" matter, but can a combination of an anti-virus and safe computing.

If people want to run antivirus apps, that's certainly their choice, but there has never been a situation where an antivirus app provided any additional protection against OS X malware than practicing safe computing alone.

 

[Queen6]

Nonsense. Until you can name one instance of OS X malware in the wild that can't be avoided by practicing safe computing, but can be avoided by the use of an antivirus app, your argument for antivirus apps doesn't hold water. There have been instances of safe computing protecting OS X users when antivirus apps did not. The reverse has never happened. Until that scenario changes, your claim that practicing safe computing alone is naive is false.

If people want to run antivirus apps, that's certainly their choice, but there has never been a situation where an antivirus app provided any additional protection against OS X malware than practicing safe computing alone.

As I say naive; It`s not about what hasn't occurred, it`s about what is going to happen, just a matter of time for OS X, as for Windows in reality you have no idea what you may or may not be passing on as you have no way of identifying malicious code.

"Mac users can often be heard to say “I don’t need antivirus software, I have an Apple”. Unfortunately, this is a misguided conclusion. Whilst the dangers are certainly much less than with Windows computers, they do exist nonetheless. If nothing else, the recent spread of Mac Trojans proves this. Mac users who think they do not need to concern themselves have created an illusion."

Everyone`s workflow differs, arbitrarily stating antivirus and or malware detection is not required is flawed, many do require a third party solution, and for good reason...

As ever here; same question, same rhetoric...

 

[Queen6]

Agreed! It's not an "either or" matter, but can a combination of an anti-virus and safe computing. One problem with safe computing is that emails that seem to be legitimate are sometimes not. Another is that Google "Safe Browsing" is often off for days at a time. I believe I need all the protection I can get. Even safe neighborhoods, be they physical or virtual, are no longer safe. Common sense really does apply and self-protection is common sense.

I've been using Intego's VirusBarrier for years now and I try very hard to practice safe computing at the same time. I also use Intego's firewall over and above Mac's firewall. It automatically senses a change in location and changes protective settings accordingly. I firmly believe that the total is greater than the sum of its parts.

It`s smart to play safe, three of my colleagues systems were compromised recently, one was lucky as when passing data the AV package on my MBP identified the "Trojan" and we we able to purge his system. The other two not to lucky as both had funds withdrawn illegally.

Likely the malicious code was injected over a hotel network during a business meeting as this was the common denominator, and so it happens to many. Same as the real world some places are safer than others, and it`s prudent to take the necessary steps to protect oneself...

 

[simonsi]

Likely the malicious code was injected over a hotel network during a business meeting as this was the common denominator

Far more likely that they were connected to a spoof WiFi hotspot posing as the hotel WiFi - this can make the target's traffic insecure and expose login details etc etc, the scammers then use those details they trap in a variety of ways to see if the user has used common logon details across a range of services...

Much easier than injecting code in anything and no AV package can protect against it - the only secure option for public WiFi is to always use a vpn to a known/trusted endpoint. (if needs be on your own home network).

 

[Queen6]

Far more likely that they were connected to a spoof WiFi hotspot posing as the hotel WiFi - this can make the target's traffic insecure and expose login details etc etc, the scammers then use those details they trap in a variety of ways to see if the user has used common logon details across a range of services...

Much easier than injecting code in anything and no AV package can protect against it - the only secure option for public WiFi is to always use a vpn to a known/trusted endpoint. (if needs be on your own home network).

Very possibly, equally the Trojan was present and designed to capture financial data. Personally I run a VPN 100% of the time and avoid public networks as much as possible by using a MiFi router with hardware Firewall. AV is just an element of security, that and a bit of common sense

Q-6

 

[simonsi]

Very possibly, equally the Trojan was present and designed to capture financial data.

Nasty! Quite a sophisticated combo attack possibly then...but the hotel common linkmakes it look like a spoof WiFi, possibly then delivering the Trojan, were these friends/colleagues using Win or OSX?

 

[Queen6]

Nasty! Quite a sophisticated combo attack possibly then...but the hotel common linkmakes it look like a spoof WiFi, possibly then delivering the Trojan, were these friends/colleagues using Win or OSX?

Windows with decent security, equally they got under it, as my system is on VPN and OS X so far harder to deal with. As with all thief's, they look for the softest option. I know the hotel very well, they recently upgraded the entire network with a new provider, personally I suspect this as the point of entry. Syphoning off small sums from multiple victims would likely fare for a good living.

One of the guy`s was using a new card and this was first and sole use, applying for a visa (travel) online, he was hit almost instantly, definitely premeditated. All My Mac`s run L2TP VPN`s the service startup is automated by an Apple Script so I never need to worry about forgetting, in the case of the VPN dropping, the script will automatically restart the service within 60 seconds.

As always the best security is a multilayered approach, I try to mind that frequently the weakest link is generally sat in the chair

Q-6

 

[GGJstudios]

It`s not about what hasn't occurred, it`s about what is going to happen, just a matter of time for OS X

Again, safe computing trumps antivirus software in this scenario. Antivirus software can't protect you from a zero day exploit because they don't know what to look for. The MacDefender malware was a classic example of that. Yet those practicing safe computing, which includes keeping abreast of changes in the malware environment and news of new threats, were completely protected against that threat, and have a better likelihood of being protected against future threats. Doing this is the opposite of naive, which would be running antivirus software and thinking you're protected, especially against future yet-unknown threats.

 

[Abba1]

Nonsense. Until you can name one instance of OS X malware in the wild that can't be avoided by practicing safe computing, but can be avoided by the use of an antivirus app, your argument for antivirus apps doesn't hold water. There have been instances of safe computing protecting OS X users when antivirus apps did not. The reverse has never happened. Until that scenario changes, your claim that practicing safe computing alone is naive is false.

If people want to run antivirus apps, that's certainly their choice, but there has never been a situation where an antivirus app provided any additional protection against OS X malware than practicing safe computing alone.

History is filled with the anguish of people who felt themselves safe because they took good care without accepting the fact that what had been a safe environment has in fact changed into a hostile one. Although we generally think of the big things, such as the take over of a nation or state, in terms of safety, the "little" events such as a computer virus or trojan matter as well. (Remember, the term trojan derives from the Trojan Horse, by means of which circa 1250 BC the Mycenaean Greeks were able to get into the locked gates of Troy and then destroy both the people and the cities!)

So, it does not really matter if you are talking about individual, socio-political, or something as simple as your Mac's safety: they only differ in scale and the amount of damages.

An individual or small business owner whose savings are stolen, who finds s(he) has a new mortgage s(he) did not take out or who has suffered identity theft because his/her Mac has been hacked my suffer for the rest of his/her life. During both the Roman Republic and Empire, thievery was considered murder since it deprived the individual of the years he or she worked to obtain what was stolen.

The least we can do is protect our Macs as if we were protecting our lives. To do otherwise is to invite trouble.

 

[chabig]

The least we can do is protect our Macs as if we were protecting our lives. To do otherwise is to invite trouble.

Agreed. I protect my Mac by running the latest, fully patched version of OS X. I don't need third-party "security" on top of that.

 

[Queen6]

Again, safe computing trumps antivirus software in this scenario. Antivirus software can't protect you from a zero day exploit because they don't know what to look for. The MacDefender malware was a classic example of that. Yet those practicing safe computing, which includes keeping abreast of changes in the malware environment and news of new threats, were completely protected against that threat, and have a better likelihood of being protected against future threats. Doing this is the opposite of naive, which would be running antivirus software and thinking you're protected, especially against future yet-unknown threats.

No one has ever suggested giving up "safe computing" in any post. Safe computing and antivirus/malware package is clearly a stronger solution, as is the addition of a hardware Firewall, VPN etc.

The more layers of security, the less chance of intrusion by "zero day" or known malicious code, something you continuously dismiss, or just don't get, bottom line is you are locked into a single point of view.

Those that drive viruses, malware etc. are smart and continuously adapt, equally so should the community. Open undefended systems are exactly what they want, same as a thief they strike at the softest targets first, a point with thinking about for those with open minds.

Q-6

 

[Ethosik]

No, an anti-virus is not needed. I do not use one on Windows either.

An AV does nothing. You cannot guarantee, 100% that the AV caught everything. There is no AV out there that has 100% detection. How do you know something else didn't come through?

If you get infected, format. Simple as that. Keep your data backed up (which you should be doing anyway) and a format is very VERY easy.

I have had files from 10 years ago. I recently decided to scan them with various software (various computers and additional scanners) and there were no infections.

You cannot just get infected for no reason. Make your email security as high as possible. Do not get flash. If you absolutely need flash, get Chrome which has it sandboxed and built in / auto updating with the browser. Do not get Java. if you need Java for Minecraft or other applications, disable it from the browser.

Do not download random software. Get it from legit sources and you wont need to scan every time you install something. Do I really need to scan after installing Microsoft Office? No.

 

[GGJstudios]

The more layers of security, the less chance of intrusion by "zero day" or known malicious code, something you continuously dismiss, or just don't get, bottom line is you are locked into a single point of view.

Those that drive viruses, malware etc. are smart and continuously adapt, equally so should the community.

No, I haven't dismissed zero day threats, and directly referenced them in my last post. You're right about the fact that those who develop malware are smart and adapt. I don't claim to be as smart as they are, and yet if I were to write malware code, the very first thing I would do is run tests with all the available antivirus apps on the market, to make sure my code was undetectable by any of them. It's been proven that running antivirus on OS X provides ZERO additional protection against malware over the protection provided by practicing safe computing, and would provide ZERO additional protection in the event of a previously unknown threat.

If you want to run antivirus on OS X because you continually share files with Windows users and want to make sure you don't pass anything on, by all means, do so.

If you want to run antivirus on OS X for a user that isn't computer literate enough or disciplined enough to always practice safe computing, as a means of hopefully catching some (not all) of the malware they might introduce through unwise activity, do so.

If, however, you want to run antivirus on OS X because you think that practicing safe computing isn't enough and you think an antivirus app will provide extra protection against current or future threats beyond that available through safe computing alone, you are misinformed or naive.

If you want to run antivirus on OS X and think you don't have to practice safe computing because the antivirus app will catch anything you might encounter, you are foolish.

 

[grahamperrin]

Circles

… It`s not about what hasn't occurred, it`s about what is going to happen …

+1

https://discussions.apple.com/message/12599206#12599206

As ever here; same question, same rhetoric...

Pretty much, yeah. And the going round in circles about malware and about vulnerabilities is not limited to MacRumors. Time for me to unsubscribe from this topic

 

[Queen6]

No, I haven't dismissed zero day threats, and directly referenced them in my last post. You're right about the fact that those who develop malware are smart and adapt. I don't claim to be as smart as they are, and yet if I were to write malware code, the very first thing I would do is run tests with all the available antivirus apps on the market, to make sure my code was undetectable by any of them. It's been proven that running antivirus on OS X provides ZERO additional protection against malware over the protection provided by practicing safe computing, and would provide ZERO additional protection in the event of a previously unknown threat.

If you want to run antivirus on OS X because you continually share files with Windows users and want to make sure you don't pass anything on, by all means, do so.

If you want to run antivirus on OS X for a user that isn't computer literate enough or disciplined enough to always practice safe computing, as a means of hopefully catching some (not all) of the malware they might introduce through unwise activity, do so.

If, however, you want to run antivirus on OS X because you think that practicing safe computing isn't enough and you think an antivirus app will provide extra protection against current or future threats beyond that available through safe computing alone, you are misinformed or naive.

If you want to run antivirus on OS X and think you don't have to practice safe computing because the antivirus app will catch anything you might encounter, you are foolish.

like I said "locked in" everything changes, if you don't care to run security applications as an individual it up to you, equally advocating the same for all is another story. Good AV does provide a layer or protection, malicious code can be passed at any time inadvertently, without any security SW you have no idea what resides on your systems and thats a fact...


Q-6

 

[GGJstudios]

if you don't care to run security applications as an individual it up to you, equally advocating the same for all is another story.

If you care to run security applications as an individual it's up to you, equally advocating the same for all is another story.

I'm not suggesting that no one should run antivirus apps. I'm challenging the suggestion that everyone needs to, including those who practice safe computing.

Good AV does provide a layer or protection, malicious code can be passed at any time inadvertently, without any security SW you have no idea what resides on your systems and thats a fact...

With less than complete detection rates, even with an antivirus app, you have no idea what resides on your systems. You only know what an imperfect antivirus app tells you.

 

[ABC5S]

No, an anti-virus is not needed. I do not use one on Windows either.

An AV does nothing. You cannot guarantee, 100% that the AV caught everything. There is no AV out there that has 100% detection. How do you know something else didn't come through?

.

Agree that you are not SURE 100% that the anti virus will get everything...BUT, I'm 100% sure your NO anti virus attitude nor program will get you absolutely NO, none, zippo protection at all.

AV does nothing remark...Really, nothing ?

 

[chabig]

Agree that you are not SURE 100% that the anti virus will get everything...BUT, I'm 100% sure your NO anti virus attitude nor program will get you absolutely NO, none, zippo protection at all.

That's not accurate. The operating system already protects us. Not running anti-virus software only forgoes additional protection of questionable value, and the extra software can add insecurities of its own, which we avoid by not running it.

 

[Queen6]

With less than complete detection rates, even with an antivirus app, you have no idea what resides on your systems. You only know what an imperfect antivirus app tells you.

Which is a lot better than nothing, with a little independent research you can easily achieve 90% plus detection rates.

Q-6