Should Mac Users Run Antivirus Software?

adamengst sends in an article from TidBITS in which Macintosh security expert Rich Mogull explains why he doesn't use antivirus software on the Mac, and why most Mac users shouldn't bother with it either. The article also touches on the question of when an increasing Mac market share might tip it over an inflection point into more active attention from malware writers. (Last month Apple had 14% of PC sales, but 25% of dollar value.)

No

[willyhill]

I don't use AV for Windows, either. At least not in "resident" mode. I have a scanner I use occasionally on stuff I download that I don't fully trust.

15 years of no viruses, no malware, etc. The secret? No secret, just avoid being stupid. AV software is like driving a car with the intention of crashing it all the time, but wearing a seatbelt and thinking everything's OK.

It's called a waste of time and cycles.

[Mactrope]

There's no reason not to build a nuclear bomb shelter either, except that most people don't need it, it won't work and it's a waste of money. Now that I think about it, there are more reasons to build a shelter than there are to run AV on modern *nix derivatives. AV programs are a terrible performance drain on the one system that needs it but is never really protected by it.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Just like Linux

[aitikin]

IMHO Mac users who send out files to people should probably use a virus checker. It's just polite. The fact that something can't cause damage to your machine doesn't mean you shouldn't check it to make sure it won't hurt someone else's I'm kinda being hypocritical here, seeing as in my years running Macs and Linux boxes, I've rarely run virus checkers, but then again, I hardly forward email and almost never deal with attachments.

Just because it won't effect you doesn't mean it won't effect someone you know. Now here's where everyone will start saying, "it's teh windoze uzer's own fault! Dey shouldn't be so dumb!" but seriously people, if you want to show people that Unix is a better choice, show them by helping, not by hurting.

Why does marketshare really matter?

[xjerky]

If there were widespread vulnerabilities in OS X the way Windows does, wouldn't someone want the bragging rights to say that they wrote the first OS X virus?

Re:Then Rich Mogull Ain't No Security Expert

[reidconti]

Mac users really should stop being so blase about anti-virus software on their Macs because they should run it.

snip

Switch to a Mac, and you still have a population of similar-enough machines across which a virus can also propagate and it is very dangerous to assume anything otherwise.

Why? How dangerous? And how is it dangerous to assume otherwise?

Why should I spend my time, money, and CPU cycles on running AV on a system that has an essentially 0 rate of virus infection? I've got a firewall on my network, *and* I've got the host firewall running on my Mac. I read my email in GMail and almost never open documents in Office, except those that come thru my work mail (via Entourage), which is scanned at the corporate level anyway.

I back up my files, so I'm not at (too much) risk for data loss.

Maybe once there are *real* viruses out there for the Mac, I will reevaluate. Maybe I will be unlucky, be one of the first ones to be hit by a Mac virus in the wild and have to spend a few hours reinstalling all my apps and restoring from backups. But so far, if I ran AV, I'd just be investing real time and money into defending against an all-but-nonexistent threat. The cost/benefit just isn't there.

No

[Anonymous Coward]

Macs dont have viruses.

If you go to an APple retail store you can play with the Macs, get on the internet .. browse files, launch whatever apps you feel like. When you go to a PC store or section within a store .. the PCs are always locked down and have a demo running on it. It just seems to me like Apple is rightfully confident malware can't run on the Mac.

Re:Mac is more secure.

[willyhill]

That's because most applications are not written with privilege separation in mind, like they are in *nix. It's an unfortunate legacy from all the Win9x years.

That will hopefully start to change now with Vista, but IMO it should have been forced in the Windows 2000 timeframe. We'd all be better off.

Re:Then Rich Mogull Ain't No Security Expert

[z4ce]

Any computer expert doesn't need anti-virus. As a matter of a fact, anyone remotely computer savvy doesn't need anti-virus. As long as you keep your patches up to date you're basically as secure as you can be from viruses assuming you don't allow the virus in.

If a virus is sophisticated enough to spread without user interaction chances are it spreads faster than definition files (e.g. SQL Slammer).

I have run without anti-virus for about 15 years or so and I have only been infected with two viruses. One from the MS-DOS days by leaving a disk in a computer and another that wasn't strictly a virus but malware from mistyping a domain. Malware that anti-virus wouldn't have detected or prevented anyway.

It seems like there are only two cases both of which anti-virus is pretty much useless for sophisticated users: 1) The virus is old. In which case it would require manual intervention to install into your system since a patch has been released. or 2) The virus is new. In which case the definition files won't catch it anyway. (yeah, I know heuristics.. but come on they never really work beside throwing false positives).

Good idea

[Sycraft-fu]

One thing that worries me is I see a lot of Mac users who have the "Macs can't have bad things happen to them," attitude. This is dangerous in general, but particularly with Macs becoming more popular. In general it is just bad because it leads to lax security policies. For example we got a notice here that a computer was doing bad things. Tracked it down, it was a Mac. We disconnected it and found the owner. Their response? "But Macs can't be hacked!" Ya well turns out they can if you are dumb enough to have a world writable FTP server with the root directory of /, which is what this idiot had done. I don't even know that it was being used for anything other than a public warez FTP, but still, the point is MacOS couldn't defend against extreme stupidity.

So I think it is a good idea for Mac users to run AV scanners, and other security tools, just in case. Even if you've never found anything, better to have a good security policy than to end up being sad later on.

Think of it like having a house in a good neighbourhood: Just because your place has never been broken in to, doesn't mean you should leave the door unlocked. Sure it might not be common where you live, but that doesn't mean it is impossible. Practise good security and it isn't a problem.

I take the same view with computer security. I mean for that matter I've never had a virus on my Windows system, and I don't find it likely that I will. I don't do the sorts of things that are going to get you infected. However, I am going to be safe about it, rather than being sorry that I was arrogant in assuming my knowledge made me invincible.

Re:It's called a "Disk Image"

[Vancorps]

Thats funny, I can say the same things about my DOS and Windows boxes, never had an infection of any of my personal computers, but when you manage for other people the rules change as different people have different priorities and skillsets.

If you're smart, you don't even need it on a PC

[OMNIpotusCOM]

I can't tell you how long it's been since I've had a virus. Just don't open those idiot emails, don't follows links in them, don't follow links in IMs, use FireFox, etc... viruses and spyware go down to nearly nil if you just stop using IE and be smart about your email.

No Mac users should not run anti-virus software

[t-maxx cowboy]

I don't think Mac users, Windows users, or other OS users for that matter should run anti-virus software. As many people have already pointed out your computer takes a performance hit, having to scan for a virus on every file read or write.

People should learn not to open files from e-mail unless they know that the file is coming from a reliable source. I do not use an anti-virus application on my Mac, but then again I didn't run one on my Linux box before that or my Windows box before that. I just plainly did not open attachments or or download files that I could not verify came from a reliable source.

How hard is it really for someone to send an e-mail back to their friend or family member and ask them if they created the file they sent, or know who created the file personally? If they say they did, then you stand a fairly good chance it did not contain a virus. If they say no they received it in an e-mail sent to them by who knows who, then tell them you won't be opening it. This leads me to chain e-mail and e-mail forwarding etiquette in general, but that is another story.

That being said, anyone who does not want to learn common sense, should go ahead and install an anti-virus application, take the performance hit and live with it. Don't call the rest of us when you get infected either, while running your ever up to date anti-virus application, call your anti-virus software developer and complain. I am at the point personally where I won't be doing viruses for much longer, whether that is on Windows, other OS's or Mac. I have cleaned enough viruses from other peoples computers, that if they don't hurry up and smarten up they are on their own.

If I ever feel the need for an anti-virus application, I will be running it on demand, and the darn thing better not install any services that will slow my machine down. The only time my machine should slow down from running an anti-virus is if I tell it to run a scan.

Re:Good idea

[IndustrialComplex]

To add to your comment. I run an AV software to catch the stupid things that I might do.

Re:There are differences between Windows/*nix

[jroysdon]

Yes/no. While you can run as a non-admin user on Windows, many apps won't work this way. At a minimum many require Power User access (I think that is the group). I set up my in-laws to use a non-Admin and they cannot access their Kodak camera unless they switch to Administrator (which they do and tell it to download, and then switch back to their regular user). They rarely install apps, but if they need to, again, they just switch to Administrator (showing them how to "Run As" is harder than just having them switch users). I can't recall the rest of the apps, but a number of customers cannot run as a non-local administrator.

Re:Good idea

[cb8100]

Ya well turns out they can if you are dumb enough to have a world writable FTP server with the root directory of /, which is what this idiot had done. I don't even know that it was being used for anything other than a public warez FTP, but still, the point is MacOS couldn't defend against extreme stupidity.

How on earth would AV catch this?

Re:It's called a "Disk Image"

[clang_jangle]

I am the IT dept at work (only 33 machines), but we are strictly a Mac and Linux shop. Hence, no A/V is required. But, just to be extra safe, I do not allow anyone (including me) to run the work Macs as admin. I do it at home but wouldn't bet my cushy little job on it!

Re:Good idea

[Frosty-B-Bad]

You allow your users to run FTP servers on your network? sounds like it's the admin's extreme stupidity, I mean, your the one paid to know this stuff, an end user might have just started the service (which is kind of easy on a mac) but if you blocked it through proxy or firewall (however your network is setup) it would have been a non-issue, but hey why take the blame when management has no idea it was your fault nor any clue that it could have been!

woot. just woot,

Re:Nay!

[serviscope_minor]

at lest that $300 dell uses desktop parts unlike the $600 mini. And for $600 you can get a dell that is a lot better and it has slots to add video and other cards to it.

Why not just buy a bunch of parts online and have them strewn around the floor? You'll get even more power for your money since you won't need a case, or case fans.

If you value things like size and noise, then the Dell is not better than the mini.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:It's called a "Disk Image"

[Bert64]

Aside from the performance hit and wasted resources...
I've never played with antivirus programs on mac, but all of the ones i've used on windows systems have caused the system to slow down noticeably, and removing them gives you quite a nice speedup.

Aside from the fact that antivirus is a band-aid, and a fundamentally flawed idea... There really is no reason to be running it, especially on a mac.

Re:Good idea

[LaskoVortex]

his point is that the feeling that you are invincible

That was the point he was trying to make. The point he actually did make was that being stupid is a huge security risk. Unfortunately, AV can't cure stupidity, it can only give you the feeling that you are invincible...

Waste of time, waste of money

[mr_lizard13]

Anti virus sotware is a waste of time and money.

I'm using a Mac, and I also use Windows on the same machine via Parallels Desktop.

Personally, I don't run any anti virus software at all. It's installed; I do a scan perhaps every few months, and it's not found any viruses on either the Mac side or the Windows side in over a year. I certainly don't have any 'always on auto protect' crap turned on.

I really do think anti virus software generates the false impression that you're protected, when in fact people need to start taking more responsibility for what they do online. I'm in favour of any software that helps people make decisions about the sort of sites they are accessing. Just look at the Firefox 3 beta for an example.

But anti-virus software? It's resource hungry and expensive. Honestly, don't bother. Just know what you're downloading and take proper precautions. And help others do the same.

People who know how to use their computer...

[SCHecklerX]

...don't need to run antivirus software. Period. In fact, I view AV software as malicious code itself. Look at all the problems it causes, and the cpu and disk cycles it wastes scrawling through its heuristics and signature list on disk and memory access.

AV is an attempt at a technical solution to a user stupidity issue. If you don't do dumb shit, you don't get infected.

I'm not talking about worms (which AV does nothing about). I'm talking viruses, trojans, spyware, and the like.

Re:Good idea

[nine-times]

Ya well turns out they can if you are dumb enough to have a world writable FTP server with the root directory of /, which is what this idiot had done. I don't even know that it was being used for anything other than a public warez FTP, but still, the point is MacOS couldn't defend against extreme stupidity.

So I think it is a good idea for Mac users to run AV scanners, and other security tools, just in case. Even if you've never found anything, better to have a good security policy than to end up being sad later on.

If you're dealing with users setting up poorly configured FTP servers, no AV scanner I've ever seen is going to keep them from doing that.

Re:It's called a "Disk Image"

[Nathan Boley]

Thats a good point. I recently discovered a root kit that I'd had for at least 6 months ( on a Debian box ). But 3 months ago I'd never had a virus...

You're kidding, right?

[Shadow-isoHunt]

Current AVs rely on databases of known definitions. With few definitions for OS X, and no current malware in the wild, there is no point to a database. Heuristics are shit, and easy to fool currently, also subject to false positives(a customer brought in a computer once where Norton was going off on DaggerFall's setup.ini, for example, but riddled with shit like sdbot that should have been caught), making the point moot. Great way to slow down your system and throw away some money, though!

Re:There are differences between Windows/*nix

[Taagehornet]

[...] the damage is largely contained to the data in the user's directory.

True, but the user data _is_ the very thing you want to protect.

Feel free to mess up anything you find below C:\Windows, I'll at most be annoyed, everything in there can be replaced. However, the day you start leaking my personal data...

Re:How much higher do you want?

[Hatta]

Yeah, that fame for creating a Mac virus would be great, until your bragging gets to the feds. I don't think most black hats are in it for the recognition, and if they are they're not in it for long.

Re:Eh, I don't know about that

[mjwx]

You should be modded up.

We have about 60 PC's and 2 Mac's (for graphic designers) which has pretty much been cut down to 1 Mac (the other just sits in the corner as a PC is preferred for web design). We have in our history had a imac failure rate of 50%, that is to say that 2 out of 4 imac's have broken beyond usefulness. The first had a HDD go, warranty repair took 3 working days, the second had the PSU go which took 7 working days for the store to get the part in. Now I can fix a HDD or PSU in 1/2 and hour and that includes going to the store to buy one. I keep spare PSU's on a shelf, HDD's tend to disapear (by those who want more storage) so I don't keep them unless they are for a specific machine (old RAID arrays).

Even under warranty repair Dell Laptops (Latitude series) are fixed within 24 hours of a fault being reported and this is more often than not done on site (granted half the time they send me the part and I install it myself), Desktops that blow a PSU are up again in 1/2 an hour, lose a disk 3 hours (for OS). 3 working days is a joke for enterprise level support. This may be fine for the 1 Mac still in production but I have to deal with over 60 Production machines and the level of support offered by apple would be problematic at best.

I also doubt the claims of superior quality of apple products, they are using the same off the shelf components as other brands (Intel CPU and chipset, NVidia GPU's, Samsung monitors) but charge a premium for them. Apple monitors for example are Samsung's rebadged, the Apple 27" monitor is exactly the same as the Samsung 27" monitor but the Apple monitor costs 30% more in Australia (and Samsung's aren't cheap to begin with). The quality of Samsung monitors is great, but why would I pay 30% more for white one?

Re:Nay!

[vux984]

let's compare shall we

Your link took me to a page featuring the inspiron line, from a A749 to a A1199 pc. Which are you talking about? I assume you've decided to compare to the A1199 because you mention it being only 50 more than the A1148 mini-superdrive.

So, right off the top, you've gone way outside the paremters for the challenge. The mac-superdrive is like the black macbook; it -is- overpriced for what you get relative even to the other macs. But ok, I'll run with it...

lets compare shall we:

bigger HD - check
better cpu - check
ram - check (although Vista needs more than Leopard, so that's a bit of a wash)
3d card - check
lcd incl. - check
dvi out - check (although its not clear the incl. lcd actually supports dvi)
os home premium - check

bluetooth - fail
wifi - fail
firewire - fail
gigabit - fail
optical audio connectors - fail

Hmmm... overall, I'd call that a fail. That's not to say its a bad unit, but it doesn't exactly come close to meeting the dell challenge I issued.

lets look at the base line mini "combodrive". for $50 less dell gives twice the hd space and a 19" monitor

That dell also ships with Vista home basic; there goes your $50 less. And its still 8x times the size. Getting that down is worth 175 (the value of an LCD) to a lot of people.

And the HD space; the value of that is pretty small even if you need it. And not everyone needs it. Its worthless if you don't fill it. I recently upgraded my parents PC, and after 6 years they still had less than 20GB of data (and that was after ripping their CD collection; so they won't keep growing at that pace unless they buy a video camera and start making movies). So for them whether the new unit has 80, 160, or 320 is pretty much a non-issue. They'll benefit from a faster CPU, they'll benefit from wifi... but not a bigger hard drive. And guess what, the mini is targeted at people like my parents. Its not a power-users PC.

so all you are paying for is the wank factor, thank you very much.

You must mean to say "instead of a faster CPU, more ram, bigger hard drive and bundling a cheap as dirt monitor" your dollars are instead being directed towards "faster networking, firewire, wireless network, bluetooth, and a much quieter and smaller form factor", at about the same price.

please stop spouting nonsense about mac's competing with pc's on price.

I would if you'd show me a PC with the -same- specs as a mac mini that's significantly cheaper. Showing me a PC which trades a bunch of the specs away in exchange for a faster CPU and bigger hard drive at the same price point just proves my point.

After you cram all those missing features back into a dell its going to cost quite a bit more. So you can either drop the LCD to bring the price back down, and then you've still got to credit the mac mini some $$$ for the value of beign 1/8th size... so there goes the value of your cpu/hard drive/ram upgrades.

At the end of the day the mac mini is very price competitive. But its true the specs it focusses its value proposition on aren't where dell emphasizes its value.

Re:Nay!

[Mistshadow2k4]

Mac have comparable prices for equivilent quality.

Who modded this nonsense up? I've been building computers for several years and I only use high-quality parts, but the most expensive is not necessarily the best. A PC built of high-quality parts is still about $250 - $300 dollars cheaper than a Mac of equal power. Seriously, go check out a Mac, write down how much it costs and then go compare. (And yes, to find the high-quality parts, you need to research customer ratings at more than one site, which will be a real eye-opener, I'm sure.)

Re:Eh, I don't know about that

[greyhueofdoubt]

Ferraris are a good value for the money if you want speed and looks. The Mac Pro is a good value for the money if you want those features.

Your argument basically boils down to, "Apple doesn't make a be-all, end-all, completely configurable, open-ended, CHEAP system, and I don't like them."
I just don't see the point in arguments like, "I don't like Subaru because I don't need all-wheel drive." Why say you don't like something when it's not even something that's in your market? The Mac Pro and a dell tower are two very different products aimed at very different markets. You wouldn't compare sports cars to SUVs- you would say that one of them suited your needs or not.

You basically just told us that the Mac Pro does not fit your needs. Thank you for that update. I'm sure you'll be interested to know that I don't need a new stereo and therefore I don't like Sony.

I'm not trying to be an asshole here, it's just that I get tired of people saying that they don't like something or that something lacks value just because they aren't in the market for it. I hear it about Linux, windows, apple, electric cars, etc. etc. You get my drift.

Sorry for the rant.

-b

Re:It's called a "Disk Image"

[Zeinfeld]

Why are we wasting time on this? Anti Virus is totally useless. You might as well try garlic and a crucifix for all the good it does. The bad guys can spit out an infinite number of different variations of their malwares and very few of them are ever going to be detected by AV.

Macs and Vista have an essentially similar security model, they make it somewhat harder to screw your system by accident. Not running as root is the best protection you can have, if you have that you will do a lot better than with A/V.

I recently came across a system that was running real slow, after taking off the five crapware installations of A.V from different vendors it worked just fine. The only A.V I would run on Windows is Windows Defender which is 1) free and 2) has no real impact on the running system.

Re:Eh, I don't know about that

[Mr2001]

Now that aside, the other problem I find is that while their prices are often comparable for a system at a given point, they don't actually offer what many want. The towers are a good example.

Notebooks are another good example. If you want a 15" screen, the least expensive Apple model you can get is the low-end MacBook Pro for $2000. Meanwhile, you can get a 15" notebook from a competitor like HP for less than half as much, with the same or better RAM, CPU, optical drives and hard drive -- hell, last I checked, you could even get a built-in camera and remote control while still saving over $1000.

So where does the price difference come from? A slightly better graphics card, a couple of rarely-used ports, a slicker design, a few ounces less weight, and a handful of bells and whistles like the backlit keyboard. Sure, the MBP is a good deal if you need all those (for example, the weight difference might add up if you're bench-pressing entire stacks of laptops)... but most people will do just fine with the competing models.

The wolf is coming...or is it?

[extract]

The doom and gloom crowd has predicted Mac OS X would get overrun by virii and malware for 7 years now, so far very little in that direction has materialized. Status today is that there are no malware for OS X exists today. I just don't bother with anti-virus. Mac OS X is such a serene platform. It's funny to hear that the wolf is coming every 6 month or so. What happens? Nada, nothing whatsoever, zip, zilch! I enjoy the peace and quiet, I can spend time on being productive instead of thinking of malware. As for the Office macrovirii: Most often there is a Windows path in the instruction, such as C:\, no good on Mac.

Re:Good idea

[david_thornley]

However, my Macintosh and my Ubuntu box are inherently more secure than Microsoft Windows for one specific reason.

The Mac and Linux box were sent to me with no active root account. Unless I activate the root account myself, and if I know how to do that I probably know enough to not want to, I'm using a standard user account with restricted privileges. All the software (except the system stuff) is designed to run on standard user accounts. If something wants privilege escalation, it can either try an exploit or put up a dialog box to ask me for my password.

Windows users traditionally run in Administrator mode, and there's a whole host of software that positively requires it, normally for no good reason. Microsoft is trying to get away from this, but there's a lot of history there. Since the main advantage of Windows is that it runs all that Windows-compatible software, Microsoft is limited in what it can do. Further, the normal reaction of Windows system staff, on finding that I need admin rights, is to escalate my account, rather than give me access to another account. And, of course, the way Windows normally asks about privilege escalation is a dialog box that the user is effectively trained to click through on.

It's sort of like module or application design. If you don't get the interfaces right, you may never be able to change them. If you do get the interfaces right, you can fix everything else. I don't know offhand whether Leopard has that cool memory-shuffling thing in Vista, but if it doesn't the next version can. The Windows problems are far harder to fix.

That wasn't my point

[Sycraft-fu]

My point was the over all mentality of "nothing bad can happen to Macs." This is an example of the extreme in stupidity, which is why I like to use it. The point is to not act like your platform is immune, but rather go to the other extreme and act like it is vulnerable. Even if it isn't, you secure against the case that it might be. It is the difference between proactive and reactive security. You can be reactive about things and wait until a problem happens, then cry about it, then fix that specific problem, then rinse and repeat. Or you can be proactive and try to head off security problem initially.

Re:Nay!

[vux984]

You certainly can't compare the combo-drive mac mini. Is it really a CDRW DVD machine? Isn't that completely obsolete?

For my purposes: yes. For people like my parents: No.

They were just about to get on the CD writing bandwagon to make mp3 CDs... but now they have flash mp3 players, and flash drives, so they don't need them. I think they've burned like 2 CD's. Hell, other than making bootable OS CDs **I** don't burn many CDs or DVDs; I prefer flash drives and external hard drives.

That said, yeah I think Apple should refresh the mini specs. The price diff to a dvdrw is what? maybe 3$.

The cheapest Dell doesn't even sell a 1.83GHz Dual core processor.

Au contraire...

http://configure.us.dell.com/dellstore/config.aspx?c=us&cs=19&l=en&oc=DDCWFA1&s=dhs [dell.com]
or
http://configure.us.dell.com/dellstore/config.aspx?c=us&cs=04&kc=6W300&l=en&oc=brcw2cz&s=bsd [dell.com]

Quite correct. The cheapest Dells I can find feature a 1.6Ghz CELERON, with options to UPGRADE to a 1.8 or 2.0 GHz Core 2 Duo.

You need to compare something other than the cheapest mac mini. It's antiquated. You can't find a PC that incapable and slow, regardless of Bluetooth and wifi.

Look again. The Vostro above features:

1.6GHz Celeron
512MB RAM
DVD-ROM - that's right NOT EVEN a combo drive!!
80GB Hard drive

You were saying?

Granted its 299 not 599. But then its 10x the size, half the ram, not even a combo drive, no wifi, no gigabit, no firewire, no bluetooth, ...

Also ditch the Bluetooth and Wifi in a desktop. It's just not needed and can be tossed in with a USB key. It just makes for a stupid comparison. Of course no PC manufacturer offers it in an OEM package. It's pointless.

Really? I won't buy a desktop without wifi anymore. USB dongles are a pain in the ass, and sometimes my PC isn't in a place where a cable is convenient; enable wifi, and boom I'm up and running.

The people buying macs care about style, they care about cable clutter - the fewer the better. wifi also means they can put it anywhere... I know people with a mac mini on their kitchen counter. All they had to do was set up a screen and 2 power cords. Keyboard and mouse (and the mini for that matter) are in a drawer. When they want to use it they pull the kb/mouse out of the drawer. Try doing that with a cheapie Dell with anywhere near the same level of elegance.

Some people care about THAT stuff more than they care about a couple extra GHz or writing DVDs. Hell; I'd buy a mac mini for that purpose or as a 2ndary PC for the house. I don't even need a dvdrw in it; I have other machines that can burn dvds that odd time it comes up.

Re:Eh, I don't know about that

[remmelt]

The aluminium case, the LED backlight, the great keyboard, the expresscard slot. The entire slick package. The oversized trackpad.

The ability to run OSX (legally.)

(Let's ignore aftermarket stuff like the virus scanner, office, etc)

Yes, you may not NEED all of that. If you don't you're welcome to buy the HP at half the price. Just don't say/imply that the MB Pro isn't worth the 2K they're asking. No-one is saying you have to buy Apple. Again: if you can't see the value in the package, you are most likely not the target market.