Do we need an antivirus on OS X?

[GGJstudios]

Which is a lot better than nothing, with a little independent research you can easily achieve 90% plus detection rates.

If you're happy with 90%, that's fine. I prefer being 100% certain that my Mac is not infected with any OS X malware, because I know that none of the vectors through which infection can occur are present on my system. Because I practice safe computing, not one instance of existing OS X malware in the wild can be introduced to my system, including ones that antivirus apps can detect and including ones that they can't.

 

[Queen6]

If you're happy with 90%, that's fine. I prefer being 100% certain that my Mac is not infected with any OS X malware, because I know that none of the vectors through which infection can occur are present on my system. Because I practice safe computing, not one instance of existing OS X malware in the wild can be introduced to my system, including ones that antivirus apps can detect and including ones that they can't.

You don't get it nor likely never will, AV is a barrier to malicious code, as is safe computing, just because you install AV does not mean you cease to be vigilant, greater the layers of security, less chance of issue.

Q-6

 

[Ethosik]

You don't get it nor likely never will, AV is a barrier to malicious code, as is safe computing, just because you install AV does not mean you cease to be vigilant, greater the layers of security, less chance of issue.

Q-6

Like I said, relying on an AV program to provide you with a efficient barrier is pointless. No AV software has 100% detection rate. Good, your AV software showed a trojan in your downloaded file, but what did it miss? At that point, a format is the only way to be 100% sure you are no longer infected.

Therefore, an AV program is pretty much useless. Once your system is infected, you cannot guarantee 100% that it is clean by running any AV software.

If you practice safe computing, an AV program is no needed. Are you saying that going to this site or the two other sites I visit will give me malware on OS X without doing ANYTHING?

 

[grahamperrin]

Average Mac User Faced Nine Malware Threats Last Year … (news/orientation)

… Time for me to unsubscribe from this topic

I subscribed to discussion of the more recent news article:

Average Mac User Faced Nine Malware Threats Last Year, but OS X Remains Minor Target

 

[Queen6]

I subscribed to discussion of the more recent news article:

Average Mac User Faced Nine Malware Threats Last Year, but OS X Remains Minor Target

Exactly, you can get away with safe computing alone if you use the computer in isolation, don't trade data, don't connect to varying networks, don't have significant email/attachments, don't require third party software and or plugins, browse only known sites, disable some functionality, etc.

In the real world frequently the opposite very much applies, try telling a SysAdmin that your computer is safe to connect to their network, you don't need AV because you practise safe computing the answer is obvious, you wont be granted access.

"Mac users can often be heard to say “I don’t need antivirus software, I have an Apple”. Unfortunately, this is a misguided conclusion. Whilst the dangers are certainly much less than with Windows computers, they do exist nonetheless. If nothing else, the recent spread of Mac Trojans proves this. Mac users who think they do not need to concern themselves have created an illusion."

Malware for OS X is on the rise and will continue to do, as the platform gains further momentum. People with Mac`s without a software security solution in reality have no idea what they are potentially retaining or passing on their unprotected systems be it OS X or Windows orientated malware, equally they will be adamant that their system are 100% clean, yet they have no way to verify, this all this adds up to one thing "assumption".

Best approach to security is a "fluid" one, adapting to the malware environment versus one`s own/families workflow. Ultimately I know some will never change, however others may visit and see it`s not a one-sided discussion and consider their security requirements versus their own workflow`s, and not blindly follow "Mac`s don't need AntiVirus"

Q-6

 

[Queen6]

Like I said, relying on an AV program to provide you with a efficient barrier is pointless. No AV software has 100% detection rate. Good, your AV software showed a trojan in your downloaded file, but what did it miss? At that point, a format is the only way to be 100% sure you are no longer infected.

Therefore, an AV program is pretty much useless. Once your system is infected, you cannot guarantee 100% that it is clean by running any AV software.

If you practice safe computing, an AV program is no needed. Are you saying that going to this site or the two other sites I visit will give me malware on OS X without doing ANYTHING?

Seriously that`s your solution format your system`s every time you believe there is issue, highly practical, surprised it`s not caught on with more people...

The software solution I use presently detects 98% - 100% of known malware, combined with other applications, and how I use my systems I have no concerns. nothing protects agains "zero day" exploits, other than a little common sense and ultimately AV catches up.

Q-6

 

[GGJstudios]

I subscribed to discussion of the more recent news article:

100% of that malware can be avoided by practicing safe computing, without using 3rd party antivirus apps. The report is by a company that is motivated to entice people to use their antivirus product. Completely biased and designed to spread FUD.

Exactly, you can get away with safe computing alone if you use the computer in isolation, don't trade data, don't connect to varying networks, don't have significant email/attachments, don't require third party software and or plugins, browse only known sites, disable some functionality, etc.

Nonsense again. You can do all of those things and still practice safe computing and be malware-free without using 3rd party antivirus apps. How do I know? Because countless millions of Mac users have been doing it for years. Otherwise, you'd hear of rampant exposure and spreading of OS X malware, which isn't the case.

"Mac users can often be heard to say “I don’t need antivirus software, I have an Apple”.

You keep saying this, but no one I know has ever said that. It's not just having a Mac computer. It's running OS X and using your head about the way you use it.

Whilst the dangers are certainly much less than with Windows computers, they do exist nonetheless. If nothing else, the recent spread of Mac Trojans proves this.

Trojan infection is proof that someone did not practice safe computing, as Trojans can be completely avoided by doing so.

Malware for OS X is on the rise and will continue to do, as the platform gains further momentum. People with Mac`s without a software security solution in reality have no idea what they are potentially retaining or passing on their unprotected systems be it OS X or Windows orientated malware, equally they will be adamant that their system are 100% clean, yet they have no way to verify, this all this adds up to one thing "assumption".

Again, completely false. You don't need antivirus software to know if your OS X system is malware-free, as long as you haven't done anything to allow malware onto your system. All.... repeat: ALL OS X malware currently in the wild can be 100% avoided by practicing safe computing alone, and you can still connect to networks, you can still use email attachments, you can still install apps and plugins and you can still browse the web. 3rd party antivirus apps are not entirely accurate or trustworthy, but for as long as OS X has been in existence, practicing safe computing has a flawless track record. No antivirus app can match that.

Best approach to security is a "fluid" one, adapting to the malware environment versus one`s own/families workflow.

I agree that users should be willing and able to adapt to the malware environment. That's why I've said repeatedly that Macs are not immune to malware and that a true OS X virus in the wild is theoretically possible. However, the OS X malware environment has not changed in the past 13 years in the respect that all such malware in the wild can still be successfully, and completely, avoided by prudent user decisions without using 3rd party antivirus software. If a true OS X virus were introduced into the wild, that would change the environment and antivirus software would be a requirement for protection. That has not happened and until it does, the claim that antivirus software is a requirement to be malware-free is absolutely false.

 

[Queen6]

As stated some will never change, without any means to verify your right back to "assumption" If you ever DL data, share data, connect to a network you simply don't know unless you have 100% ownership of all, which in all practicality is highly unlikely...


Q-6

 

[GGJstudios]

As stated some will never change, without any means to verify your right back to "assumption" If you ever DL data, share data, connect to a network you simply don't know unless you have 100% ownership of all, which in all practicality is highly unlikely...

You can't infect OS X simply by downloading or sharing data or by connecting to a network. For infection to occur, you have to install something, which can be avoided by practicing safe computing. No assumption is necessary.

 

[Queen6]

You can't infect OS X simply by downloading or sharing data or by connecting to a network. For infection to occur, you have to install something, which can be avoided by practicing safe computing. No assumption is necessary.

Yet you assume I am only concerned with the security of OS X, preventing the spread of Malware irrespective of platform can never be considered a step in the wrong direction. As stated I and many others work in mixed environments, malicious code can be passed to Windows via OS X with ease, in a professional environment this is simply poor management at best.

Regardless of what you state, without verification it`s not possible to be 100% certain what is harboured on your system OS X or another platform, inactive or active, and that brings us neatly back to assumption...


Q-6

 

[GGJstudios]

Yet you assume I am only concerned with the security of OS X, preventing the spread of Malware irrespective of platform can never be considered a step in the wrong direction.

As I already stated, "If you want to run antivirus on OS X because you continually share files with Windows users and want to make sure you don't pass anything on, by all means, do so." There are two separate issues here: protecting an OS X machine from infection, and protecting other machines. You do NOT need antivirus software to protect an OS X computer from malware infection. You MAY choose to run antivirus to make sure you don't pass anything to another computer, but that is inferior to those computers having their own protection from malware, no matter what the source may be.

 

[Caromsoft]

No, an anti-virus is not needed. I do not use one on Windows either.

An AV does nothing. You cannot guarantee, 100% that the AV caught everything. There is no AV out there that has 100% detection. How do you know something else didn't come through?

If you get infected, format. Simple as that. Keep your data backed up (which you should be doing anyway) and a format is very VERY easy.

Taking blood pressure medicine is not 100% guaranteed to prevent me from having a stroke/heart attack but I take it anyway. If it cuts my risk 50% I would be thrilled.

I have literately cleaned thousands of computers of viruses/malware and never once had to reformat to do it. I love to come in after someone like this has told a client that formatting is the only sure way. Makes me look like a god to them that I saved them hours of time and frustration.

 

[Queen6]

You MAY choose to run antivirus to make sure you don't pass anything to another computer, but that is inferior to those computers having their own protection from malware, no matter what the source may be.

Pity you don't

Q-6

 

[chabig]

Taking blood pressure medicine is not 100% guaranteed to prevent me from having a stroke/heart attack but I take it anyway.

Do you also recommend preemptive chemotherapy to prevent cancers from forming?

 

[Ethosik]

Taking blood pressure medicine is not 100% guaranteed to prevent me from having a stroke/heart attack but I take it anyway. If it cuts my risk 50% I would be thrilled.

I have literately cleaned thousands of computers of viruses/malware and never once had to reformat to do it. I love to come in after someone like this has told a client that formatting is the only sure way. Makes me look like a god to them that I saved them hours of time and frustration.

Are you seriously comparing computer infections to health? Really? The closest thing you could compare it to would be a human virus.

Practicing safe computing is like living alone and never coming into contact with anybody. You are not going to catch viruses from other people because you wont be around them.

How were you able to guarantee 100% that their system was clean? That is not a very good thing to do. What would you do if they came back with their identity stolen because they had an infection that your malware scanners did not pick up since they were not 100% successful? None of them are.

How can you sit there and say to your clients, I scanned with Norton, you are safe to keep banking and doing taxes on this system.

There is NO WAY, 100%, to be sure dozens of AV software catches EVERY LITTLE PIECE of malware out there. A format with a Windows disc is the only way to be sure.

Take a look at that piece of malware that hit Sony Pictures. The only way to detect it is when it is already too late. It uses standard windows commands to execute.

 

[grahamperrin]

Covert remote placement of apps and so on

You can't infect OS X simply by downloading or sharing data or by connecting to a network. For infection to occur, you have to install something, which can be avoided by practicing safe computing. …

And if a person on the network remotely places an app on your Mac, without your knowledge, then what happens?

A safe response to the unexpected app might be disposal of the app, without attempting to open it.

A more casual response might be a double-click to see how it's treated by Gatekeeper …

 

[GGJstudios]

And if a person on the network remotely places an app on your Mac, without your knowledge, then what happens?

And exactly how do you propose someone could do that if you're practicing safe computing?

 

[chabig]

And if a person on the network remotely places an app on your Mac, without your knowledge, then what happens?

That's not possible on a normal Mac, and if it is specifically permitted the person doing the remote install has to be an authorized administrator. There are no exploits that enable remote installation of apps.

 

[grahamperrin]

Safe computing, vulnerabilities and responsible disclosure

That's not possible on a normal Mac, and if it is specifically permitted the person doing the remote install has to be an authorized administrator. There are no exploits that enable remote installation of apps.

When I last checked, a few months ago, there was one.

And exactly how do you propose someone could do that if you're practicing safe computing?

Parallel to safe computing, there's responsible disclosure. It's disclosed privately to Apple, not publicly in the macrumors.com domain.

 

[simonsi]

When I last checked, a few months ago, there was one.

Parallel to safe computing, there's responsible disclosure. It's disclosed privately to Apple, not publicly in the macrumors.com domain.

Just for clarity are you referring to Rootpipe? Shellshock?

Apple have indicated Rootpipe will be fixed in (IIRC) a Jan 2015 timeframe release, it requires admin rights which it can then escalate to root - but it cannot escalate user to admin.

If it is neither of these already in the public domain then TBH even your indication of its existence was irresponsible.

 

[grahamperrin]

Responsible disclosure

… indication of its existence was irresponsible.

I appreciate your concern. It would be truly irresponsible to respond to questions from you (or from anyone) about what the vulnerability is, or is not.

File it under "vulnerabilities exist".

 

[simonsi]

I appreciate your concern. It would be truly irresponsible to respond to questions from you (or from anyone) about what the vulnerability is, or is not.

File it under "vulnerabilities exist".

LOL - so what would have been responsible would be to not add to the public domain information at all, not try to justify your position by quoting some FUD, this isn't a schoolyard.

Of course vulnerabilities exist, that does not mean the sky is falling. But again, against an un-exploited vulnerability, there is only safe computing practice, only when it has been exploited can AV scanners be useful.

You should perhaps read up on stuxnet, that used no less than 4 previously unexploited vulnerabilities....

 

[Caromsoft]

Do you also recommend preemptive chemotherapy to prevent cancers from forming?

I have high blood pressure. I have had it my whole life. So I take blood pressure medicine. Taking blood pressure medicine statistically reduces my chances of having a stroke or heart attack. I have not had cancer, but if I had, I would take whatever measures I could to statistically reduce the odds of me getting it again. If you were at risk of getting skin cancer you wouldn't take the simple precaution of wearing sunscreen? I would.

If someone wants to run their Windows machine without any antivirus protection whatsoever I say more power to them.

 

[Caromsoft]

Are you seriously comparing computer infections to health? Really? The closest thing you could compare it to would be a human virus.

Practicing safe computing is like living alone and never coming into contact with anybody. You are not going to catch viruses from other people because you wont be around them.

How were you able to guarantee 100% that their system was clean? That is not a very good thing to do. What would you do if they came back with their identity stolen because they had an infection that your malware scanners did not pick up since they were not 100% successful? None of them are.

How can you sit there and say to your clients, I scanned with Norton, you are safe to keep banking and doing taxes on this system.

There is NO WAY, 100%, to be sure dozens of AV software catches EVERY LITTLE PIECE of malware out there. A format with a Windows disc is the only way to be sure.

Take a look at that piece of malware that hit Sony Pictures. The only way to detect it is when it is already too late. It uses standard windows commands to execute.

25 years of experience tells me when a computer is clean, and so far I haven't been wrong. And I would never trust a computer to be clean that was scanned with Norton, just an FYI.

You want to format your computer every time you pick something up, go ahead. If as you claim that once infected it is impossible to get rid of any virus with 100% certainty I hope you follow your own protocol and erase all of your data as well.

 

[GGJstudios]

When I last checked, a few months ago, there was one.

You're misinformed. There is no such capability in the wild.

File it under "vulnerabilities exist".

Vulnerabilities does not mean exploits exist in the wild. Every OS has vulnerabilities, most of which are patched long before they are ever exploited.