Should Mac Users Run Antivirus Software?

adamengst sends in an article from TidBITS in which Macintosh security expert Rich Mogull explains why he doesn't use antivirus software on the Mac, and why most Mac users shouldn't bother with it either. The article also touches on the question of when an increasing Mac market share might tip it over an inflection point into more active attention from malware writers. (Last month Apple had 14% of PC sales, but 25% of dollar value.)

Nay!

[ak3ldama (554026)]

Last month Apple had 14% of PC sales, but 25% of dollar value.

Say it isn't so. Everyone knows macs are just as cheap as PCs!

Re:Nay!

[imamac (1083405)]

Mac have comparable prices for equivilent quality. Big difference. I'm glad my Mac isn't as "cheap" as a lot of the PCs I see.

Eh, I don't know about that

[Sycraft-fu (314770)]

Especially when you start talking upgrades they seem to be pricey. Looking at an iMac right now they want $500 to go from 1GB (the default and minimum) to 4GB. Hop over to Dell and going from 512MB (default and minimum) to 4GB is only $170. Now yes, I realise you can buy aftermarket parts, but that defeats part of the point of getting an OEM system and certainly an Apple: support. You get everything from the OEM, they are your one stop for support, particularly with Apple who also makes the OS. You start buying aftermarket, that is no longer the case.

Now that aside, the other problem I find is that while their prices are often comparable for a system at a given point, they don't actually offer what many want. The towers are a good example. Yes, actually, their towers are fairly competitive pricewise when you spec out a similar Dell workstation with dual quad cores, lots of registered ECC RAM capacity, and so on. However the problem is what if I don't want that? What if I want a single quad core (or dual core), non-ECC RAM, and so on? There's plenty of cases where this is a much better option.

Let's say I don't have software that scales up to 8 cores. This is fairly common these days. So let's say I'd like a quad core with 4GB of RAM. If I go the Apple tower route, $2800 is the price for that. That isn't unreasonable, since it is a single Xeon, with support for a second one, and registered, ECC RAM, which is really expensive. However, Gateway (or I suppose MPC now since they bought Gateway's business division) would be happy to sell me a E-6610Q with similar specs (HD, video, etc) for about half that ($1300).

Now the thing is, the sort of system I listed is quite useful. We buy a good number of them here (that's why I know about it) for research. There's a lot of cases where someone wants a system that has a good processor, plenty of RAM (we often get 8GB even, which is still cheap) but just really doesn't have use for a full on workstation class system. This is even more true now that processors have gone multi-core. While 8 cores is great, there are just a lot of things that are hard to write to make use of that many. So if you aren't using more than 4, the second processor, and all the associated cost, isn't useful.

That is the main reason I'd say Apple isn't competitive on price. A mid range tower is something that there is a whole lot of market for, but they just don't sell. If you don't want an all in one, your only option is super high end. If you don't have a need for the extra hardware, that is just money wasted.

Same goes for people at home. For example I like to play games. An all in one wouldn't work for me. Sure, I could get a similar monitor (24" widescreen), CPU (Core 2 Duo) and RAM (4GB) to what I have. However I can't get the graphics card I have, and I can't ever upgrade it. That is a show stopper right there, since the core of the system will last a good deal longer than the video card. It'd be a waste to buy a new system when only one component needs updating. Likewise the monitor will outlast the system, again a waste to upgrade.

That's my objection to the argument that Apple is a good value for equivalent hardware. That is true in a narrow sense sometimes, but given that they don't have a solution for a large number of people, it isn't true over all.

Re:Eh, I don't know about that

[Lally Singh (3427)]

The apple warranty's still good if you get 3rd party RAM. As long as you clearly didn't break the machine from installing it yourself, you're good to go.

I'm speaking from years of experience here.

As for price competition, they are competitive. What you're talking about is selection. They aren't competitive in selection. Often a lack of finding what you want ends up with you either spending money on stuff you don't need or getting less than you wanted. Hence the complaints.

OTOH, there's a lot to be said about less selection -> better OS stability. Microsoft's been complaining about the variety of machines they've had to support for decades now.

The selection's the price you pay for a Mac. The price argument is unfair and inaccurate. But on selection, I doubt any mac user's going to argue with you :-)

Re:Eh, I don't know about that

[Mr2001 (90979)]

Now that aside, the other problem I find is that while their prices are often comparable for a system at a given point, they don't actually offer what many want. The towers are a good example.

Notebooks are another good example. If you want a 15" screen, the least expensive Apple model you can get is the low-end MacBook Pro for $2000. Meanwhile, you can get a 15" notebook from a competitor like HP for less than half as much, with the same or better RAM, CPU, optical drives and hard drive -- hell, last I checked, you could even get a built-in camera and remote control while still saving over $1000.

So where does the price difference come from? A slightly better graphics card, a couple of rarely-used ports, a slicker design, a few ounces less weight, and a handful of bells and whistles like the backlit keyboard. Sure, the MBP is a good deal if you need all those (for example, the weight difference might add up if you're bench-pressing entire stacks of laptops)... but most people will do just fine with the competing models.

Re:Eh, I don't know about that

[remmelt (837671)]

The aluminium case, the LED backlight, the great keyboard, the expresscard slot. The entire slick package. The oversized trackpad.

The ability to run OSX (legally.)

(Let's ignore aftermarket stuff like the virus scanner, office, etc)

Yes, you may not NEED all of that. If you don't you're welcome to buy the HP at half the price. Just don't say/imply that the MB Pro isn't worth the 2K they're asking. No-one is saying you have to buy Apple. Again: if you can't see the value in the package, you are most likely not the target market.

Re:Eh, I don't know about that

[Sycraft-fu (314770)]

It's not a matter of voiding the warranty, it is a matter of who fixes things when it breaks. That's the whole reason why we buy something from one vendor around here (MPC for PCs). Our staff is fully capable of building systems form parts, and fully capable of diagnosing problems. However doing so would get in to a support nightmare. If something goes wrong with one of the PCs and all the hardware is from one company, we just tell them what we need replaced. It is easy to see if it is under warranty and so on. Also, if it is a strange issue that might be more than one part, it isn't a problem to get multiple parts. You don't have the maker of one part blaming the maker of another part.

Now this isn't critical, and I'm certainly not saying we've never bought aftermarket upgrades. However, it is a real consideration since one of the reasons people try to sell you on Macs is support. They say it is easier since the whole deal comes from one vendor. Ok, there's a lot to that, but you start to break that if you add aftermarket hardware. It isn't that you'd invalidate the warranty on the existing Apple hardware, but that if the aftermarket piece breaks, they can't help you.

Not a major issue when you have a single computer, but when you have 500, it can get problematic. Much better to have a single point for support as often as possible. However if you are having to order aftermarket upgrades for every single box due to the cost, well you don't get to have that.

The problem is

[Sycraft-fu (314770)]

That it isn't that I don't like it. There are two big problems:

1) There is a major segment of the market that Macs don't cover. Basically anyone who doesn't want an all-in-one, but doesn't want or can't afford a high end workstation. They have no offerings for that market. If I was the weirdo for wanting that, I'd be ok with it, but that is the major market out there. There's a whole lot of reason to want a computer like that. For example in our instructional labs, we can't afford high end workstations, not when we are getting 50 computers, nor do we have a need for that power. However an all-in-one is a bad idea. Why? Because monitors last a lot longer than computers. One of our labs has undergone two upgrades to the computers but is still using the same monitors. Eventually they'll have to be replaced, but LCDs last a good long time.

This is a real good thing, because generally it is a situation like "You have $50,000 to spend on the lab." Ok, that's $1000 per computer. Well, $150 not spent on a monitor is $150 that can be spent on a faster processor or more memory and so on. No reason to replace a perfectly good monitor just because the computer is out of date. It is a non-trivial part of the budget that would have to be spent on even a fairly small monitor.

2) All the arguments that macs are "good value for the money." No, they aren't for most people. Most people don't want a workstation, if they did, that'd be the big sales from most companies. However there is very little software that can even make use of all that, let alone people who use it. It isn't a good value to most people so the argument is bogus. It is like trying to argue that an BMW R8 is a "good value" for a normal car. No, it's not. It may be a good value for a performance luxury car, however most people aren't after that. While it may well justify it's $100,000+ price tag, that doesn't change the fact that it is $100,000 and more car than most people need or can afford.

That has always been one of Apple's value problems is this bundling of things people don't need. It isn't that nobody needs them, just that most peopel don't need them. However it raises cost a lot and thus makes it not a good deal for the majority of people. I wouldn't call a Precision Workstation a good deal over all either. If you need those features, ok you get a good price for them, but it still is high priced. You pay a big premium for things like 2 processors and more than 8GB of RAM. It isn't a case where 8GB = $X and 16GB = $2*X. It is more like 16GB = $5*X or $8*X. You aren't doubling the cost to get these things, you are more than doubling it. What's more, they don't double performance. 8 cores are not twice as fast as 4 other than very special cases. As I said, there's precious little that can use all that, and even some of the apps that can (like say a good DAW) don't really have a use for it in most situations. Likewise getting more RAM doesn't help performance unless you actually have apps that need it. Just having more sitting there doesn't help.

There are plenty of cases with PCs where I give the advice of "Don't go above this unless you really need it because it incurs a big premium." The problem with Macs is, you just don't have that option. You want a tower? You get a bunch of expensive hardware, need it or not. Thus it really isn't a good value for most people.

Re:Nay!

[vux984 (928602)]

Say it isn't so. Everyone knows macs are just as cheap as PCs!

I know your just being funny, but I figured I'd explain it anyway...

An awful lot of PCs are those $300 dell specials. Apple doesn't make products that crappy, but Dell moves boatloads of them... so Dell picks up a lot of unit sales eroding Apples 'market share by unit', but because the price is so low and Apple hangs onto more of the higher value sales, the erosion effect of these low end units on their 'market share by price' is considerably less.

Lets compare apples and oranges ;)

I sell oranges at $1
I sell apples at $1
As you can see "Apples are no more expensive than oranges."

I also sell rotten oranges at 50 cents.
I don't sell rotten apples.

So if I sell 100 apples, 200 oranges, and 200 rotten oranges:

Apple has 20% of the market but 25% of dollar value.

market = 100/[100+200+200] = 1/5 = 20%,
dollars = 100/[100+200+200*0.50] = 1/4 = 25%

That's essentially whats happening here.

Re:Nay!

[vux984 (928602)]

at lest that $300 dell uses desktop parts unlike the $600 mini.

You'd be assuming that someone who buys a mini would be pleased with a loud bulky cheaply built tower why?

And for $600 you can get a dell that is a lot better and it has slots to add video and other cards to it.

A lot better? Give me a break. I challenge you to put together a Dell for $650 (or $750 including monitor, since with a lot of their budget PCs you can't unbundle it) that matches the mini's specs. I challenge you.

It must have bluetooth, 802.11g wifi, firewire, at least 4 usb ports, gigabit, optical audio in and out, DVI video out, Core2Duo w/ 2MB cache, 1 GB of RAM.

The mac mini only has integrated video so GMA950 is what you need to meet or beat there, and the small slow laptop hard drive should be a nobrainer to beat too.

Since its a PC not a Mac, I'll forgive you leopard, but you'll need at least Home Premium, no Home Basic. And make sure it comes with a restore disk.

And even if you managed to do it, then ask yourself... can you also make it virtually silent and fit into a space about the same as a stack of 5 CD jewel cases?

I'm not saying you can't get a good value for $600 from a dell. And theres no question that $600 spent the right way can result in a PC that's better than a mac mini for, say, games, for example. But spec for spec, Apple is very good value, provided your needs line up with the features they offer.

I agree there are some big gaps in the apple line up... where is the fast core 2 duo tower that I can put expansion pci cards into for around $1200 for example. The imac is good value and the right specs, but the wrong form factor since I can't expand it... that's why I still use a PC tower. My laptop otoh, which I don't require to be expandable, is a mac.

With mac's expandability isn't their market; except at the extreme high end. That tends not to go over well with the 'tech crowd' like the one here, but in practice, joe sixpack never upgrades his PC anyway nor plays FPS shooters, so for them this gap is not much of an issue.

Re:Nay!

[vux984 (928602)]

let's compare shall we

Your link took me to a page featuring the inspiron line, from a A749 to a A1199 pc. Which are you talking about? I assume you've decided to compare to the A1199 because you mention it being only 50 more than the A1148 mini-superdrive.

So, right off the top, you've gone way outside the paremters for the challenge. The mac-superdrive is like the black macbook; it -is- overpriced for what you get relative even to the other macs. But ok, I'll run with it...

lets compare shall we:

bigger HD - check
better cpu - check
ram - check (although Vista needs more than Leopard, so that's a bit of a wash)
3d card - check
lcd incl. - check
dvi out - check (although its not clear the incl. lcd actually supports dvi)
os home premium - check

bluetooth - fail
wifi - fail
firewire - fail
gigabit - fail
optical audio connectors - fail

Hmmm... overall, I'd call that a fail. That's not to say its a bad unit, but it doesn't exactly come close to meeting the dell challenge I issued.

lets look at the base line mini "combodrive". for $50 less dell gives twice the hd space and a 19" monitor

That dell also ships with Vista home basic; there goes your $50 less. And its still 8x times the size. Getting that down is worth 175 (the value of an LCD) to a lot of people.

And the HD space; the value of that is pretty small even if you need it. And not everyone needs it. Its worthless if you don't fill it. I recently upgraded my parents PC, and after 6 years they still had less than 20GB of data (and that was after ripping their CD collection; so they won't keep growing at that pace unless they buy a video camera and start making movies). So for them whether the new unit has 80, 160, or 320 is pretty much a non-issue. They'll benefit from a faster CPU, they'll benefit from wifi... but not a bigger hard drive. And guess what, the mini is targeted at people like my parents. Its not a power-users PC.

so all you are paying for is the wank factor, thank you very much.

You must mean to say "instead of a faster CPU, more ram, bigger hard drive and bundling a cheap as dirt monitor" your dollars are instead being directed towards "faster networking, firewire, wireless network, bluetooth, and a much quieter and smaller form factor", at about the same price.

please stop spouting nonsense about mac's competing with pc's on price.

I would if you'd show me a PC with the -same- specs as a mac mini that's significantly cheaper. Showing me a PC which trades a bunch of the specs away in exchange for a faster CPU and bigger hard drive at the same price point just proves my point.

After you cram all those missing features back into a dell its going to cost quite a bit more. So you can either drop the LCD to bring the price back down, and then you've still got to credit the mac mini some $$$ for the value of beign 1/8th size... so there goes the value of your cpu/hard drive/ram upgrades.

At the end of the day the mac mini is very price competitive. But its true the specs it focusses its value proposition on aren't where dell emphasizes its value.

Re:Nay!

[vux984 (928602)]

You certainly can't compare the combo-drive mac mini. Is it really a CDRW DVD machine? Isn't that completely obsolete?

For my purposes: yes. For people like my parents: No.

They were just about to get on the CD writing bandwagon to make mp3 CDs... but now they have flash mp3 players, and flash drives, so they don't need them. I think they've burned like 2 CD's. Hell, other than making bootable OS CDs **I** don't burn many CDs or DVDs; I prefer flash drives and external hard drives.

That said, yeah I think Apple should refresh the mini specs. The price diff to a dvdrw is what? maybe 3$.

The cheapest Dell doesn't even sell a 1.83GHz Dual core processor.

Au contraire...

http://configure.us.dell.com/dellstore/config.aspx?c=us&cs=19&l=en&oc=DDCWFA1&s=dhs [dell.com]
or
http://configure.us.dell.com/dellstore/config.aspx?c=us&cs=04&kc=6W300&l=en&oc=brcw2cz&s=bsd [dell.com]

Quite correct. The cheapest Dells I can find feature a 1.6Ghz CELERON, with options to UPGRADE to a 1.8 or 2.0 GHz Core 2 Duo.

You need to compare something other than the cheapest mac mini. It's antiquated. You can't find a PC that incapable and slow, regardless of Bluetooth and wifi.

Look again. The Vostro above features:

1.6GHz Celeron
512MB RAM
DVD-ROM - that's right NOT EVEN a combo drive!!
80GB Hard drive

You were saying?

Granted its 299 not 599. But then its 10x the size, half the ram, not even a combo drive, no wifi, no gigabit, no firewire, no bluetooth, ...

Also ditch the Bluetooth and Wifi in a desktop. It's just not needed and can be tossed in with a USB key. It just makes for a stupid comparison. Of course no PC manufacturer offers it in an OEM package. It's pointless.

Really? I won't buy a desktop without wifi anymore. USB dongles are a pain in the ass, and sometimes my PC isn't in a place where a cable is convenient; enable wifi, and boom I'm up and running.

The people buying macs care about style, they care about cable clutter - the fewer the better. wifi also means they can put it anywhere... I know people with a mac mini on their kitchen counter. All they had to do was set up a screen and 2 power cords. Keyboard and mouse (and the mini for that matter) are in a drawer. When they want to use it they pull the kb/mouse out of the drawer. Try doing that with a cheapie Dell with anywhere near the same level of elegance.

Some people care about THAT stuff more than they care about a couple extra GHz or writing DVDs. Hell; I'd buy a mac mini for that purpose or as a 2ndary PC for the house. I don't even need a dvdrw in it; I have other machines that can burn dvds that odd time it comes up.

Re:Nay!

[serviscope_minor (664417)]

if you can afford shit like mini's, you can afford a large enough living area to put a pc. seriously they aren't fucking mobility device.

Are you trying to act stupid or can you really not see the point in having a small PC? A mini comes in a small, neat, quiet package. You think if I can afford a nice large living space, I'm going to fill it with monstrosities just for the hell of it?

Yes

[davidwr (791652)]

Short answer: Yes

Long answer:
If your Mac runs MS-Office software or other cross-platform software that has infectable data files, you are vulnerable to some Macro viruses.
If your Mac can run MS-Windows binaries you may be vulnerable to some Windows viruses.
If your Mac hosts files on a mixed network your Mac should protect itself from hosting infected files.

So, unless you've got an all-Mac/no-Windows network or your Mac doesn't run or host Windows files, AND you do not run any cross-platform files that have infectable data files, you should protect yourself and your network.

I do

[supun (613105)]

I've been running ClamXav, http://www.clamxav.com/ [clamxav.com] , for a long time. I normally don't run full scans, but I do use the Sentry ability on any download directories. So anything I download is scanned. Nothing so far :)

Good idea

[Sycraft-fu (314770)]

One thing that worries me is I see a lot of Mac users who have the "Macs can't have bad things happen to them," attitude. This is dangerous in general, but particularly with Macs becoming more popular. In general it is just bad because it leads to lax security policies. For example we got a notice here that a computer was doing bad things. Tracked it down, it was a Mac. We disconnected it and found the owner. Their response? "But Macs can't be hacked!" Ya well turns out they can if you are dumb enough to have a world writable FTP server with the root directory of /, which is what this idiot had done. I don't even know that it was being used for anything other than a public warez FTP, but still, the point is MacOS couldn't defend against extreme stupidity.

So I think it is a good idea for Mac users to run AV scanners, and other security tools, just in case. Even if you've never found anything, better to have a good security policy than to end up being sad later on.

Think of it like having a house in a good neighbourhood: Just because your place has never been broken in to, doesn't mean you should leave the door unlocked. Sure it might not be common where you live, but that doesn't mean it is impossible. Practise good security and it isn't a problem.

I take the same view with computer security. I mean for that matter I've never had a virus on my Windows system, and I don't find it likely that I will. I don't do the sorts of things that are going to get you infected. However, I am going to be safe about it, rather than being sorry that I was arrogant in assuming my knowledge made me invincible.

Re:Good idea

[IndustrialComplex (975015)]

To add to your comment. I run an AV software to catch the stupid things that I might do.

Re:Good idea

[nine-times (778537)]

Ya well turns out they can if you are dumb enough to have a world writable FTP server with the root directory of /, which is what this idiot had done. I don't even know that it was being used for anything other than a public warez FTP, but still, the point is MacOS couldn't defend against extreme stupidity.

So I think it is a good idea for Mac users to run AV scanners, and other security tools, just in case. Even if you've never found anything, better to have a good security policy than to end up being sad later on.

If you're dealing with users setting up poorly configured FTP servers, no AV scanner I've ever seen is going to keep them from doing that.

Re:Good idea

[LaskoVortex (1153471)]

his point is that the feeling that you are invincible

That was the point he was trying to make. The point he actually did make was that being stupid is a huge security risk. Unfortunately, AV can't cure stupidity, it can only give you the feeling that you are invincible...

No

[willyhill (965620)]

I don't use AV for Windows, either. At least not in "resident" mode. I have a scanner I use occasionally on stuff I download that I don't fully trust.

15 years of no viruses, no malware, etc. The secret? No secret, just avoid being stupid. AV software is like driving a car with the intention of crashing it all the time, but wearing a seatbelt and thinking everything's OK.

Re:No

[serviscope_minor (664417)]

I don't use AV for Windows ... 15 years of no viruses, no malware, etc.

And you presumable know this because you've never had a virus detected. Wait a minute... :-)

I already *don't* run AV on a PC

[Bobb Sledd (307434)]

Ha. I already don't run AV on the PC either.

Well tell me why I really need to? I mean I have it installed, but I certainly don't have that stupid active scanning thing turned on. So when I open a file, my computer really needs to open it twice? Bull.

I get my mail from gmail (so attachments already scanned there). I use FireFox (so little chance of infection there). I do scan things that might possibly contain a virus -- anything from a usenet newsgroup or from P2P (which is only a few executables ever anyway); And I do let it scan the whole thing once a week (and never finds anything I didn't already know about, of course).

And you know what? My old computer running Win2K runs faster than most any new computers out there with AV turned on. To date, I've never been bitten by any viruses.

Then Rich Mogull Ain't No Security Expert

[pandrijeczko (588093)]

Mac users really should stop being so blase about anti-virus software on their Macs because they should run it.

And if Rich Mogull is arrogant enough to believe he doesn't need it, then he shouldn't be calling himself a security expert. The fact is that virused propagate for two reasons:

1. Because an exploited security hole in the OS let's them get in and out, and

2. Because the virus has a similar enough system to propagate to.

Yep, Windows has security holes (but then so has OS X) but the greater issue is that Windows own levels of high compatibility going right from DOS up to Vista means that a well-written virus will probably be able to run on just about any PC.

Switch to a Mac, and you still have a population of similar-enough machines across which a virus can also propagate and it is very dangerous to assume anything otherwise.

Re:Then Rich Mogull Ain't No Security Expert

[reidconti (219106)]

Mac users really should stop being so blase about anti-virus software on their Macs because they should run it.

snip

Switch to a Mac, and you still have a population of similar-enough machines across which a virus can also propagate and it is very dangerous to assume anything otherwise.

Why? How dangerous? And how is it dangerous to assume otherwise?

Why should I spend my time, money, and CPU cycles on running AV on a system that has an essentially 0 rate of virus infection? I've got a firewall on my network, *and* I've got the host firewall running on my Mac. I read my email in GMail and almost never open documents in Office, except those that come thru my work mail (via Entourage), which is scanned at the corporate level anyway.

I back up my files, so I'm not at (too much) risk for data loss.

Maybe once there are *real* viruses out there for the Mac, I will reevaluate. Maybe I will be unlucky, be one of the first ones to be hit by a Mac virus in the wild and have to spend a few hours reinstalling all my apps and restoring from backups. But so far, if I ran AV, I'd just be investing real time and money into defending against an all-but-nonexistent threat. The cost/benefit just isn't there.

Cheap? Not at all.

[Onan (25162)]

Please Google for OS X viruses, they do exist.

By any reasonable definition, no, they don't. There have been a couple of extremely limited proof-of-concept viruses in the past few decades, which have infected approximately no one.

As to why you should deploy AV? Because it's a cheap way of adding another level of security protection to your machine.

But it's not cheap. The cost is, in fact, huge.

Antivirus software is incredibly invasive, mucking about to do secret things in kernelspace, inserting itself into nearly every action performed by a machine. It takes substantial resources to accomplish this dubious goal, and alters the system in unpredictable ways.

The "more security is always better" rationale that you propose is too simplistic. Security measures must always be evaluated by comparing their benefits against their costs. Your estimation wildly exaggerates the (nonexistent) benefits of antivirus software while completely glossing over its substantial costs.

Antivirus software is categorically a foolhardy and dangerous thing to ever run on one's machine at all. The only strange edge case in which it represents an improvement is if one is using software like Windows, which is so wildly hole-ridden that security is expected to come from third parties. But even there, the correct solution is not to add more layers to shore up a quicksand foundation, but to simply replace it with a sane operating system.

Re:Then Rich Mogull Ain't No Security Expert

[DaphneDiane (72889)]

And how is the antivirus going to catch the problem when it first appears? When large scale OS-X viruses start appearing the existing AV software won't recognize them or know how to handle them. The software needs to have either a signature of known viruses or a heuristic that catches likely viruses. Without a large pool of OS X viruses it would be next to impossible for any AV software to protect against future threats. AV software is reactive security, not proactive. The only thing an AV program before then will do is protect against some older Mac OS virus and help avoid passing windows virus, that and decrease performance and increase energy usage. As the article says the best thing to do is be smart about how you use the computer and keep abreast of any changes. Because of their limited numbers any notable Mac viruses will get reported soon after they are found, at which point it may be worthwhile reconsidering the use of AV software. Just because there is not such thing as a secure computer doesn't mean that best way to balance the risks / cost ratio for all systems is the same.

Re:Then Rich Mogull Ain't No Security Expert

[z4ce (67861)]

Any computer expert doesn't need anti-virus. As a matter of a fact, anyone remotely computer savvy doesn't need anti-virus. As long as you keep your patches up to date you're basically as secure as you can be from viruses assuming you don't allow the virus in.

If a virus is sophisticated enough to spread without user interaction chances are it spreads faster than definition files (e.g. SQL Slammer).

I have run without anti-virus for about 15 years or so and I have only been infected with two viruses. One from the MS-DOS days by leaving a disk in a computer and another that wasn't strictly a virus but malware from mistyping a domain. Malware that anti-virus wouldn't have detected or prevented anyway.

It seems like there are only two cases both of which anti-virus is pretty much useless for sophisticated users: 1) The virus is old. In which case it would require manual intervention to install into your system since a patch has been released. or 2) The virus is new. In which case the definition files won't catch it anyway. (yeah, I know heuristics.. but come on they never really work beside throwing false positives).

Re:Then Rich Mogull Ain't No Security Expert

[z4ce (67861)]

You aren't protected from zero day expliots by anti-virus either. The new virus won't have a definition. Even some existing viruses can get past anti-virus using encryption. I saw a computer not long ago infected with a nasty Zlob variant with new definitions. I then tried to use several different vendors to remove it. Guess what, not symantec, mcafee, or nod32 could get rid of it. It took me using hijackthis along with mounting the file system from a linux live CD to get rid of the bugger.

Yes there is a risk of getting a virus on the internet. However, in my opinion, it only helps people who are prone to clicking omgponies.exe.

Re:Then Rich Mogull Ain't No Security Expert

[pandrijeczko (588093)]

Deal with it Macs are very secure compared to PCs.

PS. If you mean "Windows" then say "Windows" rather than "PCs". I'm not getting into a "my brother is bigger than your brother" argument but my Linux PCs are probably far more secure than your Mac. That's because security is my job, I've a decade of Linux experience with an additional 15 years of UNIX experience and I am forever fiddling about with the bloody things to make them as secure as possible. If you do the same with your Mac(s) then good on you.

PPS. And before I get called a zealot, I also run a number of XP PCs with AVG Antivirus on them that also never get viruses because I watch where I surf, never install pirated software and never open an email attachment that I'm not 100% confident about.

Just like Linux

[aitikin (909209)]

IMHO Mac users who send out files to people should probably use a virus checker. It's just polite. The fact that something can't cause damage to your machine doesn't mean you shouldn't check it to make sure it won't hurt someone else's I'm kinda being hypocritical here, seeing as in my years running Macs and Linux boxes, I've rarely run virus checkers, but then again, I hardly forward email and almost never deal with attachments.

Just because it won't effect you doesn't mean it won't effect someone you know. Now here's where everyone will start saying, "it's teh windoze uzer's own fault! Dey shouldn't be so dumb!" but seriously people, if you want to show people that Unix is a better choice, show them by helping, not by hurting.

doesn't hurt

[gEvil (beta) (945888)]

I used to work at a computer lab that was all Macs at a school. For a short while we didn't run any AV software on the machines--until we started getting complaints from other departments that files that were coming from us had viruses. Turns out that Office for Mac is a perfect vector for all those pesky macro viruses that would find their way onto machines. It wasn't incredibly serious, but it was enough to get us to put AV software back on the Macs.

Why does marketshare really matter?

[xjerky (128399)]

If there were widespread vulnerabilities in OS X the way Windows does, wouldn't someone want the bragging rights to say that they wrote the first OS X virus?

Only if you'refrom the US

[jonnyj (1011131)]

Last month Apple had 14% of PC sales, but 25% of dollar value.

This is just a teeny-weeny bit unreal. Close inspection reveals that the cited article refers to US-based PC retail sales.

There is more to the world than the US. And there's more to sales than retail sales. Apple has much lower sales penetration in Europe and Asia, and it has much lower sales in the commercial sector. Apple might be on enjoying a renaissance, but don't be fooled by inappropriate statistics.

Wrong Question

[bhima (46039)]

The right question is "Should Apple take security more seriously?" YES and "Should Apple be more proactive in dealing with security issues?" YES. "Should Apple be closely following the tactics of various malware propagators and bot net operators?" YES.

Bringing the Anti-virus & Registry Cleaner snake oil salesmen to the Mac isn't going to do anyone any good.

Having said all that I used to use clam but never reinstalled it when I move to Leopard...

OS X Server does by default

[BearRanger (945122)]

I note that Leopard Server runs ClamAV by default, and does so without user intervention. Of course the mission for the server release is different from that of the desktop, and there may be an expectation that you'll be interacting with Windows at some point. It's capable of supporting Windows clients, and for that you should have an AV suite. It would be beyond foolish not to have one.

Still, many people interact with Windows from their client Macs too, but not everyone. Windows is not a part of my life, for instance.

Apple obviously felt it necessary to include an AV suite for the server release. They've tailored it for the OS, so why not ship it by default with the client release as well? Perhaps because they feel it isn't necessary, and they're choosing to err on the side of fewer wasted cycles for the majority of their users? I suspect that if a bona fide threat to OS X ever does appear ClamAV will be made available for the client release via Software Update the next day.

For the benefit of the community, you should.

[zerofoo (262795)]

We run Sophos Anti Virus at my company since it runs on Mac OS and Windows. We've actually caught Windows viruses on removable media from home users and alerted them about their infection.

In theory, that user went home and dealt with the problem - maybe preventing an issue for someone else down the road.

We also caught a virus on a BRAND NEW digital picture frame. Again, it was a windows virus, but we may have prevented a windows infection by detecting it on a Mac.

If everyone was diligent about security - including those that "don't need to be concerned", we might have less of this crap floating around.

-ted

Running AV to tick off a checkbox.

[mlts (1038732)]

A lot of companies run antivirus software even on their high end Solaris and AIX machines. Not because there is a likelihood of a RTM worm repeating itself, but because of legal reasons. A lot of corporate clients require their vendors to "have antivirus protection on all computers", a very wide and sweeping statement.

One reason I can see putting AV on a Mac is so people (and companies) can check this box, saying that all their machines that handle customer data have antivirus protection installed, even if the utility is just triggered from a cronjob that does a scan down the filesystem for infected Windows files every so often.

Historically, before OS X, Macs did have some viruses, although relatively few of them were malicious. Before Word macro viruses became common, John Norstead's Disinfectant was one of the more used anti-virus utilities that offered not just scanning, but in memory protection.

Mac A/V needed !!!

[qwertphobia (825473)]

The only reason I require folks to run antivirus software on the Mac is because of Microsoft products. We have had several macro viruses spread across campus through the sharing of Microsoft Office documents.

You're kidding, right?

[Shadow-isoHunt (1014539)]

Current AVs rely on databases of known definitions. With few definitions for OS X, and no current malware in the wild, there is no point to a database. Heuristics are shit, and easy to fool currently, also subject to false positives(a customer brought in a computer once where Norton was going off on DaggerFall's setup.ini, for example, but riddled with shit like sdbot that should have been caught), making the point moot. Great way to slow down your system and throw away some money, though!

It's called a "Disk Image"

[StCredZero (169093)]

It's called a Disk Image. If you have it mounted, then you can scan it with any anti-virus program. There's no reason not to use anti-virus on Macs. ClamAV is free and works quite well.

False Sense of Security Trumps Logic

[eldavojohn (898314)]

There's no reason not to use anti-virus on Macs.

Yet by and large it won't happen. If you do use it, you are an outlier.

What's my explanation for your perfectly good logic? Mac users have a false sense of security (see ensuing posts about Mac security totaling Herculean proportions).

Re:I think slashdot Mac users are more vulnerable

[catwh0re (540371)]

It's because you need a perfect storm of failures to make this work. First the user needs to double click the file, which might be displaying a .app extension if the user has extensions visible.(Meaning they'd realise it wasn't a .doc file.)

Secondly they'd need to not realise that their .doc file isn't opening in Word or a similar program, but rather in a new program that is for some reason asking them to authenticate.

Thirdly they'd then need to enter in a username and their password(if they are even the account holder who knows it/remembers it) to give the software permission to alter critical files on their system - all while not seemingly realising that their file isn't opening in Word/text editor.

This kind of virus is akin to dragging all your files to the trash, emptying it and claiming it was a virus.

Now take the case of windows. "www.porn.com" is a perfectly accepted file name for an executable. It too can have a little icon of something pornographic. Meanwhile, all a Windows person need do is double click it and it's game over. (Or if you're a Vista user, you'd need to choose accept from a dialog window - which the OS has already trained you to click blindly.)

If you're comparing Vista to Mac OS 10.5, then the moment you received this ".doc" file, whether from an email attachment, chat or website, the OS will alert you when you're opening it to where the file has come from, what time you received it, from what program and even what user sent it to you - and most importantly what kind of file it -really- is. This particular attack vector has been addressed extensively. It will as a minimum stall or prevent the creation of a botnet using Mac OS computers.

Re:It's called a "Disk Image"

[datapharmer (1099455)]

At the risk of being modded flamebait, I wanted to point out that when I tried ClamAV on mac it worked piss poor. There was little for it to find that affected me, so basically all it did was protect windows users from viruses passing through my computer to theirs and it did all sorts of screwy stuff with my system including making it so slow it was unusable. I kept it less than a week.

Use a tool like little snitch, up you security settings, don't run as administrator, don't run random programs you find on the net and you'll be fine.

It's called a waste of time and cycles.

[Mactrope (1256892)]

There's no reason not to build a nuclear bomb shelter either, except that most people don't need it, it won't work and it's a waste of money. Now that I think about it, there are more reasons to build a shelter than there are to run AV on modern *nix derivatives. AV programs are a terrible performance drain on the one system that needs it but is never really protected by it.

Re:It's called a "Disk Image"

[clang_jangle (975789)]

My sainted grandmother swears by garlic and a crucifix, you insensitive clod!

Re:It's called a "Disk Image"

[bruce_the_loon (856617)]

My cursed great-great-great-great grandfather still swears at garlic and a crucifix, you insensitive clod!

And at the sun.

Re:It's called a "Disk Image"

[clang_jangle (975789)]

We must introduce them.

Re:Yes

[The End Of Days (1243248)]

But computing feels so much better without antivirus.

Re:There are differences between Windows/*nix

[Taagehornet (984739)]

[...] the damage is largely contained to the data in the user's directory.

True, but the user data _is_ the very thing you want to protect.

Feel free to mess up anything you find below C:\Windows, I'll at most be annoyed, everything in there can be replaced. However, the day you start leaking my personal data...

Re:There are differences between Windows/*nix

[jroysdon (201893)]

Yes/no. While you can run as a non-admin user on Windows, many apps won't work this way. At a minimum many require Power User access (I think that is the group). I set up my in-laws to use a non-Admin and they cannot access their Kodak camera unless they switch to Administrator (which they do and tell it to download, and then switch back to their regular user). They rarely install apps, but if they need to, again, they just switch to Administrator (showing them how to "Run As" is harder than just having them switch users). I can't recall the rest of the apps, but a number of customers cannot run as a non-local administrator.