Where do you stand on Security for OS X?

[76ShovelHead]

People have been saying for years that the lack of marketshare equates to virtually no threats to the mac community. While I believe it is partially true, I still think OS X is more secure than Windows. I have never once infected OS X. I'm a literate computer user as I assume you guys are too, and I didn't get the flash back trojan or any other malware. I know there are currently no viruses for OS X, just a little malware like the flash back trojan. But what are the chances of someone coming up with a virus for OS X? Is it even possible? And how do you feel about Apple's response to these security threats with Gatekeeper?

I installed that free Norton iAntivirus from MAS and just recently Avast. However I feel that it might be overkill having these programs on my computer and a waste of performance/RAM. Have any of you felt the need to seek out additional security?

 

[miles01110]

Smart computing habits will protect any computer better than software will, regardless of platform or operating system.

 

[C64]

Never used anti-virus on my Macs. As far as I know most (or all?) of these malware apps are things you need to install using a administrator password, and I'm pretty sure I never install stuff I don't know. Over the years I've only seen a few sites that tried to download and install some .exe file on my Mac, which, obviously, won't work.

I did enable the Lion firewall, since it's very low maintenance and hardly ever get bugged with questions from it, contrary to Windows firewall apps that, by default, bug you all day long with popups of incoming traffic, requests, etc. Other than that I don't use any security, except from using common sense when using a computer and the internet.

I have no idea how easy it would be for people to create viruses for Macs, but the whole "there aren't that many Mac users, so no-one bothers" argument seems strange to me. For one, this hasn't been true for many years now; the amount of people using Macs might be very small compared to PC users, but the average Mac user just wants things to work and isn't a power user. So I'd say that there are plenty of opportunities for virus/malware creators to take advantage of that. Second, if it's about how hard it is to create Mac viruses, we already have our answer. Since there aren't any, it should be very hard. If it were very simple, I can't image that nobody is pushing out viruses by the dozen all day long.

Gatekeeper is great. The whole iOS idea of being able to just install something without having to think about the app not working or not being safe is awesome. People don't want to think about these things, and even power users have better things to do than to worry about apps, even though they might know exactly how to do this. Gatekeeper allows people to do the same with OS X: don't worry about this stuff, and just install and use apps. The way they implemented it is pretty good as well: allowing App Store and signed apps by default gives non-App Store apps the same advantage. Power users can turn of the whole feature, and tell their less tech-savvy parents to give them a call whenever the OS tells them it might not be safe.

The only problem with this whole thing is that Apple only allows developers to use certain functionality like iCloud integration and notifications (I believe) when the apps are sold in the App Store. Many apps simply can't function they way they're intended ánd comply with the App Store rules though, so many apps need to either be sold outside of the App Store, missing useful features, or be stripped of useful features to gain things like iCloud support. Time will tell how this will be handled by developers, although many have already decided to leave the App Store because of this.

TL;DR: Not worried.

 

[GGJstudios]

People have been saying for years that the lack of marketshare equates to virtually no threats to the mac community.

The marketshare myth has been debunked many times. There were viruses and much more malware that affected Mac OS 9 and earlier, when the Mac market share and installed base were much smaller. Now that market share has grown significantly, the number of viruses has declined... to zero. The number of trojans has declined, as well.

But what are the chances of someone coming up with a virus for OS X? Is it even possible?

Of course, it's possible. No OS is immune to malware or viruses.

Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.

Mac Virus/Malware FAQ​

1. Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall
   
   
2. Uncheck "Open "safe" files after downloading" in Safari > Preferences > General
   
   
3. Disable Java in your browser (Safari, Chrome, Firefox). This will protect you from malware that exploits Java in your browser, including the recent Flashback trojan. Leave Java disabled until you visit a trusted site that requires it, then re-enable only for the duration of your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)
   
   
4. Change your DNS servers to OpenDNS servers by reading this.
   
   
5. Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.
   
   
6. Never let someone else have access to install anything on your Mac.
   
   
7. Don't open files that you receive from unknown or untrusted sources.
   
   
8. For added security, make sure all network, email, financial and other important passwords are long and complex, including upper and lower case letters, numbers and special characters.
   
   
9. Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.

That's all you need to do to keep your Mac completely free of any Mac OS X malware that has ever been released into the wild. While you may elect to use it, 3rd party antivirus software is not required to keep your Mac malware-free.

 

[nuckinfutz]

Kernel ASLR for the win!

 

[76ShovelHead]

The marketshare myth has been debunked many times. There were viruses and much more malware that affected Mac OS 9 and earlier, when the Mac market share and installed base were much smaller. Now that market share has grown significantly, the number of viruses has declined... to zero. The number of trojans has declined, as well.

Of course, it's possible. No OS is immune to malware or viruses.

Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 10 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). Also, Mac OS X Snow Leopard and Lion have anti-malware protection built in, further reducing the need for 3rd party antivirus apps.

Mac Virus/Malware FAQ​

1. Make sure your built-in Mac firewall is enabled in System Preferences > Security > Firewall
   
   
2. Uncheck "Open "safe" files after downloading" in Safari > Preferences > General
   
   
3. Disable Java in your browser (Safari, Chrome, Firefox). This will protect you from malware that exploits Java in your browser, including the recent Flashback trojan. Leave Java disabled until you visit a trusted site that requires it, then re-enable only for the duration of your visit to that site. (This is not to be confused with JavaScript, which you should leave enabled.)
   
   
4. Change your DNS servers to OpenDNS servers by reading this.
   
   
5. Be careful to only install software from trusted, reputable sites. Never install pirated software. If you're not sure about an app, ask in this forum before installing.
   
   
6. Never let someone else have access to install anything on your Mac.
   
   
7. Don't open files that you receive from unknown or untrusted sources.
   
   
8. For added security, make sure all network, email, financial and other important passwords are long and complex, including upper and lower case letters, numbers and special characters.
   
   
9. Always keep your Mac and application software updated. Use Software Update for your Mac software. For other software, it's safer to get updates from the developer's site or from the menu item "Check for updates", rather than installing from any notification window that pops up while you're surfing the web.

That's all you need to do to keep your Mac completely free of any Mac OS X malware that has ever been released into the wild. While you may elect to use it, 3rd party antivirus software is not required to keep your Mac malware-free.

I appreciate your thoroughness, you provided some great tips as well.

I thought perhaps viruses couldn't be written for OS X theoretically because of its design (requiring user password for anything administrative). But I suppose anything is possible.

For me, I definitely feel safer using OS X, and can't believe Kaspersky Labs guy said it was years behind Windows (Who got UAC only one release ago, a feature that's pretty much been on OS X since I can remember).

 

[iVikD]

While it's true OSX is practically impervious to malware, we can still get Windows malware and viruses in our pretty little macs. We will be unaffected, of course, but the moment you share a file with a Windows user, they might get infected.
I agree with the previous posters, good computing habits should keep most malware at bay. I've been a Windows user for over 5 years and never felt the need to have an active antivirus, although a thorough scan every once in a while is always good.
I'd like to see more mac users scan their computers for all kinds of malware, as I've run across a couple of macs INFESTED with all kinds of Windows malware. With today's connectivity through the internet and whatnot, everyone could afford to be a bit more cautious with their devices.

 

[GGJstudios]

While it's true OSX is practically impervious to malware...

It's not impervious at all. It's just that all Mac OS X malware in the wild can be avoided successfully by practicing safe computing. If a user is careless or foolish, it is quite simple to invite malware into Mac OS X.