Do we need an antivirus on OS X?

[Ethosik]

I have never once seen an email causing an infection just by having it on your inbox list. Can you provide proof on this? Is the subject line or sender line prone to attack?

I do 90% of my email management on my phone. If I get an email from a random person I do not know and it has an attachment, I delete it usually from my phone.

Even if you call me up and say "I am sending you an attachment, it is safe", you still have to pull my hair out to get me to open it. That is how paranoid I am and how far my safe computing habits are.

If I perform a google search and get a weird feeling about one of the website addresses, I use my phone or tablet instead.

I am absolutely paranoid about security, and I still do not run an AV program. Why? Because my safe computing habits are perfectly fine.

Again, as I said. I do not browse the internet anymore. I only visit two or three sites on a regular basis and that is for tech news.

 

[m4v3r1ck]

I am absolutely paranoid about security, and I still do not run an AV program. Why? Because my safe computing habits are perfectly fine.

Any "habit" is a security risk anyway! ;-)

 

[Abba1]

I think this is impossible as stated on a Windows platform, and certainly impossible as of now on a Mac platform. There are also a multitude of mail clients running on Windows and Mac platforms, is the claim that they are ALL open to this attack method??? ( I know its not your claim)

Unless links/documentation/examples are forthcoming this is just internet-rumour of the worst kind.

----------



So you do, or don't have to open the email? If you haven't opened the email what client(s) need to be running to be attacked? Any? Are all of the possible clients compromised?

I can't answer your question about what client(s) need to be opened. But, you can simply view it without actually opening and some attachments open. I only had it happen once and it was enough to scare the living daylights out of me.

 

[simonsi]

I can't answer your question about what client(s) need to be opened. But, you can simply view it without actually opening and some attachments open. I only had it happen once and it was enough to scare the living daylights out of me.

Did you use webmail? Mail.app?

What were the attachments that opened? What "damage" do you think they did?

Or were these just popup ads???

 

[Abba1]

Did you use webmail? Mail.app?

What were the attachments that opened? What "damage" do you think they did?

Or were these just popup ads???[/QUOTEI use Apple's Mail app.

I don't believe it was just a popup add. I can read academic Russian albeit in a limited fashion, but not either the popular or high language. The email itself was in Russian, as was the email address from which it came, as far as I can tell although it resolved into an English name when I checked it. I did not wait for the entire attachment to open, but closed Mac; rebooted in Safe Mode to make sure I could; and then rebooted in Recovery Mode where I verified Disk and repaired permissions. I checked various places in library as well as home folder/library, and found no trace of anything to be worried about. In fact, I checked all the places where it could have left something lurking; and, then I prayed. I ran a virus scan even though I keep my anti-virus, which is a very good one, running at all times. I also made a rule in iCloud mail sending anything from that address to Junk. Happily, I did not have to erase my SSD and do a clean install although I was prepared to do so if necessary.

And, when I said it only happened once, that was on my Mac. The same thing first happened on my iPad (also Russian). On the iPad, I closed down as it was in the process of opening and reset to factory settings. Then I restored. I checked all the places where it could have left something lurking; and, then I prayed.

Additionally, I checked my mail on iCloud rather than on the Mail.App on Mac for about six months after that. I simply didn't want to open it on Mac. Not much I can do on iPad.

As to the damage it did: it was to my psyche! Perhaps that is worse than damage to Mac.

 

[2012Tony2012]

"The Mac is not immune to viruses, Trojans, backdoors, adware, spyware, and other nefarious applications. The main difference between Macs and Windows is that no successful viruses written for OS X have shown up in the wild, that is, outside of a security research organization. That's not to say it's impossible to create a virus that could bring down a Mac; it's just more difficult than with Windows, because of the nature of OS X and its security model. The trap that many Mac users fall into is believing that because there are currently no known viruses targeting the Mac, it's safe from attack. In reality, the Mac OS, its included applications, and third-party applications have and will continue to have security issues that can allow some form of attack; it's just that the attack is not likely to be from a virus. But if something erases your data, or gains access to your personal information, you're not likely to care whether it was a virus or an attack launched through a web site; either way, your information is still gone.

Which brings us back to your original question, about using an anti-virus program on your Mac. The answer is YES, YOU SHOULD. Anti-virus programs don't just provide protection against known viruses; they also include anti-phishing, anti-adware, anti-spyware, and other tools that can keep your Mac from picking up debris as you browse the web.

There's another reason to use an anti-virus application: the recipients of your emails. Even though it's unlikely that a virus will successfully attack your Mac, there's a good chance that you'll unwittingly forward a virus-laden email to Windows-using colleagues, who may not have anti-virus software on their computers. It's better to be prepared for an attack than to try to clean up after one. (It's also wise not to alienate your colleagues.)" - Tom Nelson
Macs Expert.

 

[simonsi]

Did you use webmail? Mail.app?

What were the attachments that opened? What "damage" do you think they did?

Or were these just popup ads???[/QUOTEI use Apple's Mail app.

I don't believe it was just a popup add. I can read academic Russian albeit in a limited fashion, but not either the popular or high language. The email itself was in Russian, as was the email address from which it came, as far as I can tell although it resolved into an English name when I checked it. I did not wait for the entire attachment to open, but closed Mac; rebooted in Safe Mode to make sure I could; and then rebooted in Recovery Mode where I verified Disk and repaired permissions. I checked various places in library as well as home folder/library, and found no trace of anything to be worried about. In fact, I checked all the places where it could have left something lurking; and, then I prayed. I ran a virus scan even though I keep my anti-virus, which is a very good one, running at all times. I also made a rule in iCloud mail sending anything from that address to Junk. Happily, I did not have to erase my SSD and do a clean install although I was prepared to do so if necessary.

And, when I said it only happened once, that was on my Mac. The same thing first happened on my iPad (also Russian). On the iPad, I closed down as it was in the process of opening and reset to factory settings. Then I restored. I checked all the places where it could have left something lurking; and, then I prayed.

Additionally, I checked my mail on iCloud rather than on the Mail.App on Mac for about six months after that. I simply didn't want to open it on Mac. Not much I can do on iPad.

As to the damage it did: it was to my psyche! Perhaps that is worse than damage to Mac.

Thanks for clarifying, now you can safely stop teling the world you had a virus install by viewing an email, multiple attachments etc etc. Patently by your own checking you had nothing of the kind.

I'd suggest you uncheck "open safe attachments" and relax.

 

[GGJstudios]

I can't answer your question about what client(s) need to be opened. But, you can simply view it without actually opening and some attachments open.

You cannot view an email or attachment on any mail client without actually opening them. Even if you use the preview feature, that is, in effect, opening the email. Attachments do not open themselves. The user must actively open them or actively authorize them to be opened by settings in the mail client's preferences, if available.

I did not wait for the entire attachment to open, but closed Mac; rebooted in Safe Mode to make sure I could; and then rebooted in Recovery Mode where I verified Disk and repaired permissions. I checked various places in library as well as home folder/library, and found no trace of anything to be worried about. In fact, I checked all the places where it could have left something lurking; and, then I prayed. I ran a virus scan even though I keep my anti-virus, which is a very good one, running at all times. I also made a rule in iCloud mail sending anything from that address to Junk. Happily, I did not have to erase my SSD and do a clean install although I was prepared to do so if necessary.

By your own admission, nothing happened and you did not have malware in your email or on your Mac. Just because something happened that you may not have expected or understood does not in any way indicate the presence of malware. All of the steps you took were unnecessary.

As to the damage it did: it was to my psyche! Perhaps that is worse than damage to Mac.

The only reason your psyche was damaged is your lack of awareness of OS X malware and how it does and does not affect your computer. If you take some time to learn about malware and OS X, you won't have such "panic attacks" when something happens that you don't expect. It is irresponsible and misleading to make false claims as you did, attempting to spread your own FUD to others.

 

[Abba1]

You cannot view an email or attachment on any mail client without actually opening them. Even if you use the preview feature, that is, in effect, opening the email. Attachments do not open themselves. The user must actively open them or actively authorize them to be opened by settings in the mail client's preferences, if available.

By your own admission, nothing happened and you did not have malware in your email or on your Mac. Just because something happened that you may not have expected or understood does not in any way indicate the presence of malware. All of the steps you took were unnecessary.

The only reason your psyche was damaged is your lack of awareness of OS X malware and how it does and does not affect your computer. If you take some time to learn about malware and OS X, you won't have such "panic attacks" when something happens that you don't expect. It is irresponsible and misleading to make false claims as you did, attempting to spread your own FUD to others.

I have a good understanding of OS X and of malware. When something happens, such as an attachment opening of its own accord, in an email that is clearly not from an honorable source, acting protectively is not part of a panic attack: it is part of an attempt to see that I will not suffer harm. The steps I took were to insure that I was not harmed. And, I neither made misleading nor false claims. My settings do not allow attachments to open without my actively opening them, and I did not actively open them. The attachment opened.

Perhaps it is you that does not fully understand the dangers of malware even to OS X.

----------

Thanks for clarifying, now you can safely stop teling the world you had a virus install by viewing an email, multiple attachments etc etc. Patently by your own checking you had nothing of the kind.

I'd suggest you uncheck "open safe attachments" and relax.

I have never had "open safe attachments" checked. I do not allow anything to open of its own accord. And, I did not say that I had a virus install, but rather I was concerned that something had attempted to install since it did start to open. And, I did not talk about multiple attachments, but only about one on Mac and one on iPad.

----------

"The Mac is not immune to viruses, Trojans, backdoors, adware, spyware, and other nefarious applications. The main difference between Macs and Windows is that no successful viruses written for OS X have shown up in the wild, that is, outside of a security research organization. That's not to say it's impossible to create a virus that could bring down a Mac; it's just more difficult than with Windows, because of the nature of OS X and its security model. The trap that many Mac users fall into is believing that because there are currently no known viruses targeting the Mac, it's safe from attack. In reality, the Mac OS, its included applications, and third-party applications have and will continue to have security issues that can allow some form of attack; it's just that the attack is not likely to be from a virus. But if something erases your data, or gains access to your personal information, you're not likely to care whether it was a virus or an attack launched through a web site; either way, your information is still gone.

Which brings us back to your original question, about using an anti-virus program on your Mac. The answer is YES, YOU SHOULD. Anti-virus programs don't just provide protection against known viruses; they also include anti-phishing, anti-adware, anti-spyware, and other tools that can keep your Mac from picking up debris as you browse the web.

There's another reason to use an anti-virus application: the recipients of your emails. Even though it's unlikely that a virus will successfully attack your Mac, there's a good chance that you'll unwittingly forward a virus-laden email to Windows-using colleagues, who may not have anti-virus software on their computers. It's better to be prepared for an attack than to try to clean up after one. (It's also wise not to alienate your colleagues.)" - Tom Nelson
Macs Expert.

Thank you! And, in addition, a good anti-virus protects against Trojans, several of which have infected Macs.

 

[kolax]

+1 for Sophos. It helps get rid of Mac malware, and scans for Windows viruses so you're not unknowingly passing on dodgy attachments via email etc.

 

[Abba1]

I have never once seen an email causing an infection just by having it on your inbox list. Can you provide proof on this? Is the subject line or sender line prone to attack?

I do 90% of my email management on my phone. If I get an email from a random person I do not know and it has an attachment, I delete it usually from my phone.

Even if you call me up and say "I am sending you an attachment, it is safe", you still have to pull my hair out to get me to open it. That is how paranoid I am and how far my safe computing habits are.

If I perform a google search and get a weird feeling about one of the website addresses, I use my phone or tablet instead.

I am absolutely paranoid about security, and I still do not run an AV program. Why? Because my safe computing habits are perfectly fine.

Again, as I said. I do not browse the internet anymore. I only visit two or three sites on a regular basis and that is for tech news.

Neither the subject nor the sender line. But, the problem is in preview. And, I agree with you about not trusting any attachment to be safe. I don't open them unless I first run my virus scan. And, I never open an attachment from someone I don't know.

 

[Ulenspiegel]

ClamXav installed. Just to be on the safe side. When it finds anything in mail attachements, it is deleted on the spot.

 

[Abba1]

The only reason your psyche was damaged is your lack of awareness of OS X malware and how it does and does not affect your computer. If you take some time to learn about malware and OS X, you won't have such "panic attacks" when something happens that you don't expect. It is irresponsible and misleading to make false claims as you did, attempting to spread your own FUD to others.

In addition to what I said earlier, I want to add another response to this statement. Your response is actually offensive. You assume a lack of knowledge as well as a panic attack, and you also assume that I made false claims when in fact I was simply stating what happened.

In my 40 + years of university teaching, I have occasionally had students who were unwilling to acknowledge that someone might have a different opinion or a different experience than they had. Thankfully, that did not happen too often. I have always considered this attitude as a form of faith, but even faith and religion do and must change to be living entities.

Thankfully, most of my students understood that the world is not frozen in accord with their own beliefs and they were willing to enter into civil dialogue. I never demanded that they agree with me, only that they discuss matters civilly.

It turns out that everything except the inevitability of death changes. Science, Math, Engineering, and even the Social Sciences and Humanities change. What was true at one time need not be true at another.

Do you know, for example, that the Babylonians at about 1650 BC were doing quadratic equations on the base 60, which was far better than the fifth and following centuries Greek usage of the base 10 for the same process, for example. And, although Thomas Friedman The World is Flat: A History of the Twentieth Centurybelieves the Socio-Economic world is flat, nobody believes the physical world is. Heisenberg's uncertainty principle is only a small sample of the nature of particle change. And, you may want to look at some of the processes in Quantum Mechanics, such as that where an electron can go from one place to another, but never be in-between. Nothing is fixed and nothing is absolute except possibly absolute zero.

Because OS X had been immune to viri and trojans at one time, we must not assume that that remains the case. Possibly so, but possibly it may not. It is better to look at the experiences of others (data) and build an hypothesis based on the accumulation of data.

In this time of cybercrime, where major businesses get hacked, where our infrastructure is in danger of being hacked, where various governments have been hacked, it is imperative that individuals protect themselves. It is not sufficient to believe that we are safe now because we have been so in the past. Likewise, it is not wise to assume that hacking and the installation of viri and trojans remain limited to IBM clones operating Microsoft Windows OS and IE, Adobe and other software that run on MS, and that Apple alone is safe.

Another problem presents itself. Many of the people who post on or even read the MacRumors fora, do so for the purpose of learning, solving a problem, or helping others to do so. When personal invective arises, it discourages those who really do seek help from posting their question. Likewise, it discourages those who wish to report a problem so as to help others who might also have experienced it realize that it is not unique to their Mac, iPad, or iPhone. This endangers the process, and makes the fora less useful.

Let us stop this nastiness and simply try to report and solve problems.

 

[Donfor39]

i've been running avast for past and current macbook

t.b.h I think antivirus is more of a gimmick rather than a necessity-(doesn't do any harm I suppose)

 

[simonsi]

In addition to what I said earlier, I want to add another response to this statement. Your response is actually offensive. You assume a lack of knowledge as well as a panic attack, and you also assume that I made false claims when in fact I was simply stating what happened.

In my 40 + years of university teaching, I have occasionally had students who were unwilling to acknowledge that someone might have a different opinion or a different experience than they had. Thankfully, that did not happen too often. I have always considered this attitude as a form of faith, but even faith and religion do and must change to be living entities.

Thankfully, most of my students understood that the world is not frozen in accord with their own beliefs and they were willing to enter into civil dialogue. I never demanded that they agree with me, only that they discuss matters civilly.

It turns out that everything except the inevitability of death changes. Science, Math, Engineering, and even the Social Sciences and Humanities change. What was true at one time need not be true at another.

Do you know, for example, that the Babylonians at about 1650 BC were doing quadratic equations on the base 60, which was far better than the fifth and following centuries Greek usage of the base 10 for the same process, for example. And, although Thomas Friedman The World is Flat: A History of the Twentieth Centurybelieves the Socio-Economic world is flat, nobody believes the physical world is. Heisenberg's uncertainty principle is only a small sample of the nature of particle change. And, you may want to look at some of the processes in Quantum Mechanics, such as that where an electron can go from one place to another, but never be in-between. Nothing is fixed and nothing is absolute except possibly absolute zero.

Because OS X had been immune to viri and trojans at one time, we must not assume that that remains the case. Possibly so, but possibly it may not. It is better to look at the experiences of others (data) and build an hypothesis based on the accumulation of data.

In this time of cybercrime, where major businesses get hacked, where our infrastructure is in danger of being hacked, where various governments have been hacked, it is imperative that individuals protect themselves. It is not sufficient to believe that we are safe now because we have been so in the past. Likewise, it is not wise to assume that hacking and the installation of viri and trojans remain limited to IBM clones operating Microsoft Windows OS and IE, Adobe and other software that run on MS, and that Apple alone is safe.

Another problem presents itself. Many of the people who post on or even read the MacRumors fora, do so for the purpose of learning, solving a problem, or helping others to do so. When personal invective arises, it discourages those who really do seek help from posting their question. Likewise, it discourages those who wish to report a problem so as to help others who might also have experienced it realize that it is not unique to their Mac, iPad, or iPhone. This endangers the process, and makes the fora less useful.

Let us stop this nastiness and simply try to report and solve problems.

You made an extraordinary claim, you should expect to provide some evidence. You havent.

 

[Abba1]

You made an extraordinary claim, you should expect to provide some evidence. You havent.

How could I present what I had deleted immediately so as to keep myself safe. The conundrum is: do you save something so as to post/report it at the same time as you may possibly endanger yourself and others or do you delete it and post/report it. I prefer the latter.

And, my claim is not extraordinary. Those who spread malware more and more seek unique ways of spreading it. If any claim about some sort of attack --be it destructive or simply malicious or both-- is extraordinary, the Anti-Virus companies would be out of business. Some malware is dangerous; some is simply meant to make people uncomfortable without doing real harm to the computer: but, all should be reported and guarded against.

By the way, many years ago I had a Mac under Apple Care that was doing something very strange. I checked logs etc., was not able to fix it and decided I needed additional help. So, I brought it to the "Genius" at the Apple Store. After checking logs, etc., he asked me to leave it there to have a virus scan run. In those days, a virus scan took many hours. Interesting that they were running virus scans in the Apple Store. I don't know if they still do so; but, the fact is they used to.

 

[simonsi]

Page 1 of this thread:

Emails are a great source of Viri and Trojans. Some now start to download just by virtue of being opened. Things can gain access without being granted permissions

From page 7

Regarding email attachments, you no longer have to open them to be infected. Some very bad ones are set up to open as soon as you look at the email:

Then from Page 8

I don't believe it was just a popup add. ...The email itself was in Russian, as was the email address from which it came, as far as I can tell...I did not wait for the entire attachment to open...I checked various places in library as well as home folder/library, and found no trace of anything to be worried about

The first piece of evidence would have been if you claimed to have actually found anything that supported your own statements, but you state you found nothing.

Whatever your area of academia, I suspect it isn't science.

I'm unsubscribing, you have nothing to add to the debate but irrational fear.

 

[Abba1]

Page 1 of this thread:




From page 7



Then from Page 8



The first piece of evidence would have been if you claimed to have actually found anything that supported your own statements, but you state you found nothing.

Whatever your area of academia, I suspect it isn't science.

I'm unsubscribing, you have nothing to add to the debate but irrational fear.

1. I found nothing because I closed down before it could be completed, and I believe that stopped the process.
2. Fear based on fact or even observation is not irrational!

Cheers!

----------

i've been running avast for past and current macbook

t.b.h I think antivirus is more of a gimmick rather than a necessity-(doesn't do any harm I suppose)

Gimmick or necessity, it's better to be protected than not to be. Preemption is always the better course.

 

[GGJstudios]

I have a good understanding of OS X and of malware. When something happens, such as an attachment opening of its own accord

If you had a good understanding of OS X and malware, you would be aware of the fact that email attachments do not open of their own accord without your permission. It simply cannot happen.

And, I neither made misleading nor false claims. My settings do not allow attachments to open without my actively opening them, and I did not actively open them. The attachment opened.

As stated before, that simply cannot and did not happen. You either inadvertently opened the attachment, or you you were mistaken about it opening. There is no technical method by which a mail attachment can open itself without a user's permission.

And, in addition, a good anti-virus protects against Trojans, several of which have infected Macs.

Not always. There have been many instances where antivirus apps did not detect Trojans that users installed. Antivirus apps also have less than perfect detection rates.

You assume a lack of knowledge as well as a panic attack, and you also assume that I made false claims when in fact I was simply stating what happened.

No assumption was necessary, as your posts revealed your lack of understanding. The fact that you did things such as repairing permissions and verifying the disk proves that you don't understand proper methods of protecting against malware, as neither of those actions would have any effect on the detection or removal of malware that could be installed. Your original claim that sparked this discussion is completely false:

Regarding email attachments, you no longer have to open them to be infected. Some very bad ones are set up to open as soon as you look at the email: you don't even have to open the email much less the attachments.

That claim is absolutely false and misleading, as that is not technically possible.

In my 40 + years of university teaching, I have occasionally had students who were unwilling to acknowledge that someone might have a different opinion or a different experience than they had.

This isn't about opinion or experience. It's about facts vs fiction. The problem with making unsubstantiated claims in a forum like this is that some less technically savvy readers may be misled into believing your false claims. There is already enough fear, uncertainty, doubt and misinformation about OS X malware, without you adding to it. If you want to benefit Mac users who read this forum, stick to verifiable facts.

Because OS X had been immune to viri and trojans at one time, we must not assume that that remains the case.

Yet again you reveal your lack of understanding about OS X and malware. OS X has never been immune to malware. There has simply never been a true OS X virus in the wild, but there have been Trojans, which can be avoided by prudent action.

1. I found nothing because I closed down before it could be completed, and I believe that stopped the process.

No, you found nothing because there was nothing to be found. There are countless posts in this forum from users claiming, "My Mac has a virus!" or "My Mac was hacked!" or "OS X wiped my data!" or other such claims. In every one of those cases, as with yours, the truth is that something happened that the user didn't expect or understand and they mis-diagnosed the issue. A more prudent approach would be, "something happened that I don't understand.... help me figure it out", rather than claiming malware or hacking or some other scenario that isn't true.

 

[grahamperrin]

"unable to replicate"

… No …

… A more prudent approach would be, "something happened that I don't understand …" …

Also possible: something was reported that someone else misunderstood, or could not reproduce.

From 2012:

Warning: Driveby Spam Infects PCs When E-Mail Is Opened - ELEVEN – Integrated Message Security

Does spammed out malware attack exploit Mozilla Thunderbird ‘feature’? | Naked Security

… not to say that Eleven and the Daily Mail have got the story wrong, but rather that we have been unable to replicate the behaviour that they are describing. …

– that seems prudent.

 

[GGJstudios]

Also possible: something was reported that someone else misunderstood, or could not reproduce.

Those links relate to Windows, not OS X, which is what this thread is about.

 

[grahamperrin]

Generally

Also possible: something was reported that someone else misunderstood, or could not reproduce. …

That observation is not operating system-specific.

 

[GGJstudios]

That observation is not operating system-specific.

The likelihood that one Mac user observed and reported something that none of the other 75+ million users observed or reported is remote enough to be virtually impossible. A far more plausible explanation - one that occurs countless times daily - is that the user is mistaken about what they think they observed.

 

[grahamperrin]

Never say never

OK … things are likely to go round in circles here, so it's time for me to unsubscribe and circle back to https://forums.macrumors.com/showthread.php?p=20470914#post20470914 as I leave …

 

[Abba1]

The likelihood that one Mac user observed and reported something that none of the other 75+ million users observed or reported is remote enough to be virtually impossible. A far more plausible explanation - one that occurs countless times daily - is that the user is mistaken about what they think they observed.

Because it was not reported here, does not mean that others have not experienced it. I do know what I saw. I don't know how it happened or was able to happen. I'm thankful that I did not get a virus: perhaps because I closed down before it completed opening. And, I did check multiple places in Library as well as my usr library: I did not just do a permissions repair etc., as you suggested earlier.

I assume that the purpose of the forum is for users to share experiences; get or give help when necessary; and, engage in discourse. It is not to disparage those with whom someone disagrees. So, I think that I too will sign off this thread.