Forgot your password?
typodupeerror
Security Businesses Apple

Should Mac Users Run Antivirus Software? 450

Posted by kdawson
from the whistling-past-the-malware dept.
adamengst sends in an article from TidBITS in which Macintosh security expert Rich Mogull explains why he doesn't use antivirus software on the Mac, and why most Mac users shouldn't bother with it either. The article also touches on the question of when an increasing Mac market share might tip it over an inflection point into more active attention from malware writers. (Last month Apple had 14% of PC sales, but 25% of dollar value.)
This discussion has been archived. No new comments can be posted.

Should Mac Users Run Antivirus Software?

Comments Filter:
  • Nay! (Score:5, Funny)

    by ak3ldama (554026) <james_akeldamaNO@SPAMyahoo.com> on Tuesday March 18, 2008 @05:02PM (#22787968) Homepage Journal

    Last month Apple had 14% of PC sales, but 25% of dollar value.

    Say it isn't so. Everyone knows macs are just as cheap as PCs!

    • Re:Nay! (Score:4, Informative)

      by imamac (1083405) on Tuesday March 18, 2008 @05:07PM (#22788032)
      Mac have comparable prices for equivilent quality. Big difference. I'm glad my Mac isn't as "cheap" as a lot of the PCs I see.
      • by Sycraft-fu (314770) on Tuesday March 18, 2008 @06:05PM (#22788738)
        Especially when you start talking upgrades they seem to be pricey. Looking at an iMac right now they want $500 to go from 1GB (the default and minimum) to 4GB. Hop over to Dell and going from 512MB (default and minimum) to 4GB is only $170. Now yes, I realise you can buy aftermarket parts, but that defeats part of the point of getting an OEM system and certainly an Apple: support. You get everything from the OEM, they are your one stop for support, particularly with Apple who also makes the OS. You start buying aftermarket, that is no longer the case.

        Now that aside, the other problem I find is that while their prices are often comparable for a system at a given point, they don't actually offer what many want. The towers are a good example. Yes, actually, their towers are fairly competitive pricewise when you spec out a similar Dell workstation with dual quad cores, lots of registered ECC RAM capacity, and so on. However the problem is what if I don't want that? What if I want a single quad core (or dual core), non-ECC RAM, and so on? There's plenty of cases where this is a much better option.

        Let's say I don't have software that scales up to 8 cores. This is fairly common these days. So let's say I'd like a quad core with 4GB of RAM. If I go the Apple tower route, $2800 is the price for that. That isn't unreasonable, since it is a single Xeon, with support for a second one, and registered, ECC RAM, which is really expensive. However, Gateway (or I suppose MPC now since they bought Gateway's business division) would be happy to sell me a E-6610Q with similar specs (HD, video, etc) for about half that ($1300).

        Now the thing is, the sort of system I listed is quite useful. We buy a good number of them here (that's why I know about it) for research. There's a lot of cases where someone wants a system that has a good processor, plenty of RAM (we often get 8GB even, which is still cheap) but just really doesn't have use for a full on workstation class system. This is even more true now that processors have gone multi-core. While 8 cores is great, there are just a lot of things that are hard to write to make use of that many. So if you aren't using more than 4, the second processor, and all the associated cost, isn't useful.

        That is the main reason I'd say Apple isn't competitive on price. A mid range tower is something that there is a whole lot of market for, but they just don't sell. If you don't want an all in one, your only option is super high end. If you don't have a need for the extra hardware, that is just money wasted.

        Same goes for people at home. For example I like to play games. An all in one wouldn't work for me. Sure, I could get a similar monitor (24" widescreen), CPU (Core 2 Duo) and RAM (4GB) to what I have. However I can't get the graphics card I have, and I can't ever upgrade it. That is a show stopper right there, since the core of the system will last a good deal longer than the video card. It'd be a waste to buy a new system when only one component needs updating. Likewise the monitor will outlast the system, again a waste to upgrade.

        That's my objection to the argument that Apple is a good value for equivalent hardware. That is true in a narrow sense sometimes, but given that they don't have a solution for a large number of people, it isn't true over all.
        • by Lally Singh (3427) on Tuesday March 18, 2008 @08:00PM (#22790094) Journal
          The apple warranty's still good if you get 3rd party RAM. As long as you clearly didn't break the machine from installing it yourself, you're good to go.

          I'm speaking from years of experience here.

          As for price competition, they are competitive. What you're talking about is selection. They aren't competitive in selection. Often a lack of finding what you want ends up with you either spending money on stuff you don't need or getting less than you wanted. Hence the complaints.

          OTOH, there's a lot to be said about less selection -> better OS stability. Microsoft's been complaining about the variety of machines they've had to support for decades now.

          The selection's the price you pay for a Mac. The price argument is unfair and inaccurate. But on selection, I doubt any mac user's going to argue with you :-)
        • Re: (Score:3, Insightful)

          Ferraris are a good value for the money if you want speed and looks. The Mac Pro is a good value for the money if you want those features.

          Your argument basically boils down to, "Apple doesn't make a be-all, end-all, completely configurable, open-ended, CHEAP system, and I don't like them."
          I just don't see the point in arguments like, "I don't like Subaru because I don't need all-wheel drive." Why say you don't like something when it's not even something that's in your market? The Mac Pro and a dell tower ar
          • The problem is (Score:5, Interesting)

            by Sycraft-fu (314770) on Wednesday March 19, 2008 @01:35AM (#22792316)
            That it isn't that I don't like it. There are two big problems:

            1) There is a major segment of the market that Macs don't cover. Basically anyone who doesn't want an all-in-one, but doesn't want or can't afford a high end workstation. They have no offerings for that market. If I was the weirdo for wanting that, I'd be ok with it, but that is the major market out there. There's a whole lot of reason to want a computer like that. For example in our instructional labs, we can't afford high end workstations, not when we are getting 50 computers, nor do we have a need for that power. However an all-in-one is a bad idea. Why? Because monitors last a lot longer than computers. One of our labs has undergone two upgrades to the computers but is still using the same monitors. Eventually they'll have to be replaced, but LCDs last a good long time.

            This is a real good thing, because generally it is a situation like "You have $50,000 to spend on the lab." Ok, that's $1000 per computer. Well, $150 not spent on a monitor is $150 that can be spent on a faster processor or more memory and so on. No reason to replace a perfectly good monitor just because the computer is out of date. It is a non-trivial part of the budget that would have to be spent on even a fairly small monitor.

            2) All the arguments that macs are "good value for the money." No, they aren't for most people. Most people don't want a workstation, if they did, that'd be the big sales from most companies. However there is very little software that can even make use of all that, let alone people who use it. It isn't a good value to most people so the argument is bogus. It is like trying to argue that an BMW R8 is a "good value" for a normal car. No, it's not. It may be a good value for a performance luxury car, however most people aren't after that. While it may well justify it's $100,000+ price tag, that doesn't change the fact that it is $100,000 and more car than most people need or can afford.

            That has always been one of Apple's value problems is this bundling of things people don't need. It isn't that nobody needs them, just that most peopel don't need them. However it raises cost a lot and thus makes it not a good deal for the majority of people. I wouldn't call a Precision Workstation a good deal over all either. If you need those features, ok you get a good price for them, but it still is high priced. You pay a big premium for things like 2 processors and more than 8GB of RAM. It isn't a case where 8GB = $X and 16GB = $2*X. It is more like 16GB = $5*X or $8*X. You aren't doubling the cost to get these things, you are more than doubling it. What's more, they don't double performance. 8 cores are not twice as fast as 4 other than very special cases. As I said, there's precious little that can use all that, and even some of the apps that can (like say a good DAW) don't really have a use for it in most situations. Likewise getting more RAM doesn't help performance unless you actually have apps that need it. Just having more sitting there doesn't help.

            There are plenty of cases with PCs where I give the advice of "Don't go above this unless you really need it because it incurs a big premium." The problem with Macs is, you just don't have that option. You want a tower? You get a bunch of expensive hardware, need it or not. Thus it really isn't a good value for most people.
        • by Mr2001 (90979) on Tuesday March 18, 2008 @09:06PM (#22790624) Homepage Journal

          Now that aside, the other problem I find is that while their prices are often comparable for a system at a given point, they don't actually offer what many want. The towers are a good example.
          Notebooks are another good example. If you want a 15" screen, the least expensive Apple model you can get is the low-end MacBook Pro for $2000. Meanwhile, you can get a 15" notebook from a competitor like HP for less than half as much, with the same or better RAM, CPU, optical drives and hard drive -- hell, last I checked, you could even get a built-in camera and remote control while still saving over $1000.

          So where does the price difference come from? A slightly better graphics card, a couple of rarely-used ports, a slicker design, a few ounces less weight, and a handful of bells and whistles like the backlit keyboard. Sure, the MBP is a good deal if you need all those (for example, the weight difference might add up if you're bench-pressing entire stacks of laptops)... but most people will do just fine with the competing models.
          • by remmelt (837671) on Wednesday March 19, 2008 @07:43AM (#22793804) Homepage
            The aluminium case, the LED backlight, the great keyboard, the expresscard slot. The entire slick package. The oversized trackpad.

            The ability to run OSX (legally.)

            (Let's ignore aftermarket stuff like the virus scanner, office, etc)

            Yes, you may not NEED all of that. If you don't you're welcome to buy the HP at half the price. Just don't say/imply that the MB Pro isn't worth the 2K they're asking. No-one is saying you have to buy Apple. Again: if you can't see the value in the package, you are most likely not the target market.
      • Re: (Score:3, Insightful)

        by Mistshadow2k4 (748958)

        Mac have comparable prices for equivilent quality.

        Who modded this nonsense up? I've been building computers for several years and I only use high-quality parts, but the most expensive is not necessarily the best. A PC built of high-quality parts is still about $250 - $300 dollars cheaper than a Mac of equal power. Seriously, go check out a Mac, write down how much it costs and then go compare. (And yes, to find the high-quality parts, you need to research customer ratings at more than one site, which will

    • Re:Nay! (Score:5, Informative)

      by vux984 (928602) on Tuesday March 18, 2008 @05:53PM (#22788642)
      Say it isn't so. Everyone knows macs are just as cheap as PCs!

      I know your just being funny, but I figured I'd explain it anyway...

      An awful lot of PCs are those $300 dell specials. Apple doesn't make products that crappy, but Dell moves boatloads of them... so Dell picks up a lot of unit sales eroding Apples 'market share by unit', but because the price is so low and Apple hangs onto more of the higher value sales, the erosion effect of these low end units on their 'market share by price' is considerably less.

      Lets compare apples and oranges ;)

      I sell oranges at $1
      I sell apples at $1
      As you can see "Apples are no more expensive than oranges."

      I also sell rotten oranges at 50 cents.
      I don't sell rotten apples.

      So if I sell 100 apples, 200 oranges, and 200 rotten oranges:

      Apple has 20% of the market but 25% of dollar value.

      market = 100/[100+200+200] = 1/5 = 20%,
      dollars = 100/[100+200+200*0.50] = 1/4 = 25%

      That's essentially whats happening here.
  • Yes (Score:4, Informative)

    by davidwr (791652) on Tuesday March 18, 2008 @05:07PM (#22788030) Homepage Journal
    Short answer: Yes

    Long answer:
    If your Mac runs MS-Office software or other cross-platform software that has infectable data files, you are vulnerable to some Macro viruses.
    If your Mac can run MS-Windows binaries you may be vulnerable to some Windows viruses.
    If your Mac hosts files on a mixed network your Mac should protect itself from hosting infected files.

    So, unless you've got an all-Mac/no-Windows network or your Mac doesn't run or host Windows files, AND you do not run any cross-platform files that have infectable data files, you should protect yourself and your network.
    • by BeeBeard (999187)

      If your Mac can run MS-Windows binaries you may be vulnerable to some Windows viruses.
      Could you (or somebody of equal knowledge/proficiency) please elaborate on what is meant by this? Do you mean WINE, do you mean Parallels...do you mean both? I was under the impression that most viruses failed under WINE for lack of superuser rights. Have I been living a horrible lie?
    • Re: (Score:3, Funny)

      If your Mac runs MS-Office software or other cross-platform software that has infectable data files, you are vulnerable to some Macro viruses.
      HA! Shows what you know! Thanks to the benevolence of Microsoft, I don't have to worry about macro viruses any more - Office 2008 doesn't come with Visual Basic!

      Thanks, Microsoft, you're always looking after the little guy!!

  • I do (Score:5, Informative)

    by supun (613105) on Tuesday March 18, 2008 @05:08PM (#22788034)
    I've been running ClamXav, http://www.clamxav.com/ [clamxav.com] , for a long time. I normally don't run full scans, but I do use the Sentry ability on any download directories. So anything I download is scanned. Nothing so far :)
    • Good idea (Score:5, Insightful)

      by Sycraft-fu (314770) on Tuesday March 18, 2008 @05:32PM (#22788350)
      One thing that worries me is I see a lot of Mac users who have the "Macs can't have bad things happen to them," attitude. This is dangerous in general, but particularly with Macs becoming more popular. In general it is just bad because it leads to lax security policies. For example we got a notice here that a computer was doing bad things. Tracked it down, it was a Mac. We disconnected it and found the owner. Their response? "But Macs can't be hacked!" Ya well turns out they can if you are dumb enough to have a world writable FTP server with the root directory of /, which is what this idiot had done. I don't even know that it was being used for anything other than a public warez FTP, but still, the point is MacOS couldn't defend against extreme stupidity.

      So I think it is a good idea for Mac users to run AV scanners, and other security tools, just in case. Even if you've never found anything, better to have a good security policy than to end up being sad later on.

      Think of it like having a house in a good neighbourhood: Just because your place has never been broken in to, doesn't mean you should leave the door unlocked. Sure it might not be common where you live, but that doesn't mean it is impossible. Practise good security and it isn't a problem.

      I take the same view with computer security. I mean for that matter I've never had a virus on my Windows system, and I don't find it likely that I will. I don't do the sorts of things that are going to get you infected. However, I am going to be safe about it, rather than being sorry that I was arrogant in assuming my knowledge made me invincible.
      • Re:Good idea (Score:4, Insightful)

        by IndustrialComplex (975015) on Tuesday March 18, 2008 @05:47PM (#22788572)
        To add to your comment. I run an AV software to catch the stupid things that I might do.
      • Re: (Score:3, Insightful)

        by cb8100 (682693)

        Ya well turns out they can if you are dumb enough to have a world writable FTP server with the root directory of /, which is what this idiot had done. I don't even know that it was being used for anything other than a public warez FTP, but still, the point is MacOS couldn't defend against extreme stupidity.

        How on earth would AV catch this?

      • Re: (Score:3, Interesting)

        by 605dave (722736)
        There's a reason I have a "bad things can't happen to me" attitude. I've been using the Mac for twenty years, and have never had a virus. Or adware. Or malware. Or any of that other stuff everyone else apparently has to worry about. I've been online constantly since the early 90s, I even surfed bareback in Mac OS 9. Nothing.

        Recently I converted a friend to the Mac. She was at her brother's house, and wanted to download pictures off his camera. He offered to get the CD for drivers, and she said s
      • Re:Good idea (Score:5, Insightful)

        by nine-times (778537) <nine.times@gmail.com> on Tuesday March 18, 2008 @07:50PM (#22790006) Homepage

        Ya well turns out they can if you are dumb enough to have a world writable FTP server with the root directory of /, which is what this idiot had done. I don't even know that it was being used for anything other than a public warez FTP, but still, the point is MacOS couldn't defend against extreme stupidity.

        So I think it is a good idea for Mac users to run AV scanners, and other security tools, just in case. Even if you've never found anything, better to have a good security policy than to end up being sad later on.

        If you're dealing with users setting up poorly configured FTP servers, no AV scanner I've ever seen is going to keep them from doing that.

        • by Sycraft-fu (314770)
          My point was the over all mentality of "nothing bad can happen to Macs." This is an example of the extreme in stupidity, which is why I like to use it. The point is to not act like your platform is immune, but rather go to the other extreme and act like it is vulnerable. Even if it isn't, you secure against the case that it might be. It is the difference between proactive and reactive security. You can be reactive about things and wait until a problem happens, then cry about it, then fix that specific probl
      • Re: (Score:3, Insightful)

        However, my Macintosh and my Ubuntu box are inherently more secure than Microsoft Windows for one specific reason.

        The Mac and Linux box were sent to me with no active root account. Unless I activate the root account myself, and if I know how to do that I probably know enough to not want to, I'm using a standard user account with restricted privileges. All the software (except the system stuff) is designed to run on standard user accounts. If something wants privilege escalation, it can either try an e

  • No (Score:5, Insightful)

    by willyhill (965620) <<pr8wak> <at> <gmail.com>> on Tuesday March 18, 2008 @05:08PM (#22788046) Homepage Journal
    I don't use AV for Windows, either. At least not in "resident" mode. I have a scanner I use occasionally on stuff I download that I don't fully trust.

    15 years of no viruses, no malware, etc. The secret? No secret, just avoid being stupid. AV software is like driving a car with the intention of crashing it all the time, but wearing a seatbelt and thinking everything's OK.

  • I primarily use a Mac, and I have ClamXav installed. Mostly out of curiosity. I run it occasionally, but it has never found any viruses. I won't hold my breath.
  • by Bobb Sledd (307434) on Tuesday March 18, 2008 @05:13PM (#22788104) Homepage
    Ha. I already don't run AV on the PC either.

    Well tell me why I really need to? I mean I have it installed, but I certainly don't have that stupid active scanning thing turned on. So when I open a file, my computer really needs to open it twice? Bull.

    I get my mail from gmail (so attachments already scanned there). I use FireFox (so little chance of infection there). I do scan things that might possibly contain a virus -- anything from a usenet newsgroup or from P2P (which is only a few executables ever anyway); And I do let it scan the whole thing once a week (and never finds anything I didn't already know about, of course).

    And you know what? My old computer running Win2K runs faster than most any new computers out there with AV turned on. To date, I've never been bitten by any viruses.
  • by pandrijeczko (588093) on Tuesday March 18, 2008 @05:13PM (#22788110)
    Mac users really should stop being so blase about anti-virus software on their Macs because they should run it.

    And if Rich Mogull is arrogant enough to believe he doesn't need it, then he shouldn't be calling himself a security expert. The fact is that virused propagate for two reasons:

    1. Because an exploited security hole in the OS let's them get in and out, and

    2. Because the virus has a similar enough system to propagate to.

    Yep, Windows has security holes (but then so has OS X) but the greater issue is that Windows own levels of high compatibility going right from DOS up to Vista means that a well-written virus will probably be able to run on just about any PC.

    Switch to a Mac, and you still have a population of similar-enough machines across which a virus can also propagate and it is very dangerous to assume anything otherwise.

    • by reidconti (219106) on Tuesday March 18, 2008 @05:24PM (#22788270)

      Mac users really should stop being so blase about anti-virus software on their Macs because they should run it.
      snip

      Switch to a Mac, and you still have a population of similar-enough machines across which a virus can also propagate and it is very dangerous to assume anything otherwise.
      Why? How dangerous? And how is it dangerous to assume otherwise?

      Why should I spend my time, money, and CPU cycles on running AV on a system that has an essentially 0 rate of virus infection? I've got a firewall on my network, *and* I've got the host firewall running on my Mac. I read my email in GMail and almost never open documents in Office, except those that come thru my work mail (via Entourage), which is scanned at the corporate level anyway.

      I back up my files, so I'm not at (too much) risk for data loss.

      Maybe once there are *real* viruses out there for the Mac, I will reevaluate. Maybe I will be unlucky, be one of the first ones to be hit by a Mac virus in the wild and have to spend a few hours reinstalling all my apps and restoring from backups. But so far, if I ran AV, I'd just be investing real time and money into defending against an all-but-nonexistent threat. The cost/benefit just isn't there.
    • by DaphneDiane (72889) * <tg6xin001@sneakemail.com> on Tuesday March 18, 2008 @05:28PM (#22788304)
      And how is the antivirus going to catch the problem when it first appears? When large scale OS-X viruses start appearing the existing AV software won't recognize them or know how to handle them. The software needs to have either a signature of known viruses or a heuristic that catches likely viruses. Without a large pool of OS X viruses it would be next to impossible for any AV software to protect against future threats. AV software is reactive security, not proactive. The only thing an AV program before then will do is protect against some older Mac OS virus and help avoid passing windows virus, that and decrease performance and increase energy usage. As the article says the best thing to do is be smart about how you use the computer and keep abreast of any changes. Because of their limited numbers any notable Mac viruses will get reported soon after they are found, at which point it may be worthwhile reconsidering the use of AV software. Just because there is not such thing as a secure computer doesn't mean that best way to balance the risks / cost ratio for all systems is the same.
      • Re: (Score:3, Interesting)

        by prockcore (543967)

        When large scale OS-X viruses start appearing the existing AV software won't recognize them or know how to handle them.

        So true. People don't seem to understand how antivirus software works.

        A while ago, we were one of the first to be hit by those trojaned flash banner ads that have started popping up everywhere. Our users were posting comments like "don't you run antivirus?" Like there is a single AV product in the world that can identify a flash banner that was maliciously constructed.

        I ended up writing m

    • by z4ce (67861) on Tuesday March 18, 2008 @05:31PM (#22788340)
      Any computer expert doesn't need anti-virus. As a matter of a fact, anyone remotely computer savvy doesn't need anti-virus. As long as you keep your patches up to date you're basically as secure as you can be from viruses assuming you don't allow the virus in.

      If a virus is sophisticated enough to spread without user interaction chances are it spreads faster than definition files (e.g. SQL Slammer).

      I have run without anti-virus for about 15 years or so and I have only been infected with two viruses. One from the MS-DOS days by leaving a disk in a computer and another that wasn't strictly a virus but malware from mistyping a domain. Malware that anti-virus wouldn't have detected or prevented anyway.

      It seems like there are only two cases both of which anti-virus is pretty much useless for sophisticated users: 1) The virus is old. In which case it would require manual intervention to install into your system since a patch has been released. or 2) The virus is new. In which case the definition files won't catch it anyway. (yeah, I know heuristics.. but come on they never really work beside throwing false positives).
  • Depends on user (Score:3, Interesting)

    by warrior_s (881715) * <kindle3@NOSPam.gmail.com> on Tuesday March 18, 2008 @05:15PM (#22788132) Homepage Journal
    I think it depends what kind of user are you talking about.

    If a user is careful about not downloading programs from random sites and installing those, as well as careful in opening email attachments.. i think one should be good to go without antivirus on most of the OS's not only OS-X

    OTOH, if one just open every email attachment (s)he gets.. then even antivirus can not help sometimes (e.g. against some new vulnerability)
  • Isn't 5 percent of computers enough to be worth infecting? How about the fame of creating the first Mac OS X Leopard worm?
    • Re: (Score:3, Insightful)

      by Hatta (162192)
      Yeah, that fame for creating a Mac virus would be great, until your bragging gets to the feds. I don't think most black hats are in it for the recognition, and if they are they're not in it for long.
  • I have ClamXav installed, and run it every now and then, and it never finds anything (apart from warnings about oversize archives - i.e. large zip files). It almost goes without saying that when a genuine malware threat hits the OS X platform, it will be all over the news - or at least the news I read, anyway.

  • Just like Linux (Score:5, Insightful)

    by aitikin (909209) on Tuesday March 18, 2008 @05:18PM (#22788182)
    IMHO Mac users who send out files to people should probably use a virus checker. It's just polite. The fact that something can't cause damage to your machine doesn't mean you shouldn't check it to make sure it won't hurt someone else's I'm kinda being hypocritical here, seeing as in my years running Macs and Linux boxes, I've rarely run virus checkers, but then again, I hardly forward email and almost never deal with attachments.

    Just because it won't effect you doesn't mean it won't effect someone you know. Now here's where everyone will start saying, "it's teh windoze uzer's own fault! Dey shouldn't be so dumb!" but seriously people, if you want to show people that Unix is a better choice, show them by helping, not by hurting.
  • by dunezone (899268)
    My major concern would be with swapping USB flash drives between machines from home and work and such. Might as well have the defense up if it doesn't interfere with what you do.

    I wrote this but first, I don't know what I was thinking.

    "Why wouldn't you? Cause the risk is low? Thats like having sex with a girl and not wearing a condom cause the risk is low of catching something. You might as well put the extra layer of protection just as some sort of defense just to be on the safe side."
  • doesn't hurt (Score:5, Interesting)

    by gEvil (beta) (945888) on Tuesday March 18, 2008 @05:20PM (#22788208)
    I used to work at a computer lab that was all Macs at a school. For a short while we didn't run any AV software on the machines--until we started getting complaints from other departments that files that were coming from us had viruses. Turns out that Office for Mac is a perfect vector for all those pesky macro viruses that would find their way onto machines. It wasn't incredibly serious, but it was enough to get us to put AV software back on the Macs.
  • by xjerky (128399) on Tuesday March 18, 2008 @05:24PM (#22788268)
    If there were widespread vulnerabilities in OS X the way Windows does, wouldn't someone want the bragging rights to say that they wrote the first OS X virus?
  • by jonnyj (1011131) on Tuesday March 18, 2008 @05:30PM (#22788334)

    Last month Apple had 14% of PC sales, but 25% of dollar value.

    This is just a teeny-weeny bit unreal. Close inspection reveals that the cited article refers to US-based PC retail sales.

    There is more to the world than the US. And there's more to sales than retail sales. Apple has much lower sales penetration in Europe and Asia, and it has much lower sales in the commercial sector. Apple might be on enjoying a renaissance, but don't be fooled by inappropriate statistics.

  • Wrong Question (Score:5, Interesting)

    by bhima (46039) * <Bhima.Pandava@gT ... m minus caffeine> on Tuesday March 18, 2008 @05:39PM (#22788460) Journal
    The right question is "Should Apple take security more seriously?" YES and "Should Apple be more proactive in dealing with security issues?" YES. "Should Apple be closely following the tactics of various malware propagators and bot net operators?" YES.

    Bringing the Anti-virus & Registry Cleaner snake oil salesmen to the Mac isn't going to do anyone any good.

    Having said all that I used to use clam but never reinstalled it when I move to Leopard...
  • by BearRanger (945122) on Tuesday March 18, 2008 @05:45PM (#22788544)
    I note that Leopard Server runs ClamAV by default, and does so without user intervention. Of course the mission for the server release is different from that of the desktop, and there may be an expectation that you'll be interacting with Windows at some point. It's capable of supporting Windows clients, and for that you should have an AV suite. It would be beyond foolish not to have one.

    Still, many people interact with Windows from their client Macs too, but not everyone. Windows is not a part of my life, for instance.

    Apple obviously felt it necessary to include an AV suite for the server release. They've tailored it for the OS, so why not ship it by default with the client release as well? Perhaps because they feel it isn't necessary, and they're choosing to err on the side of fewer wasted cycles for the majority of their users? I suspect that if a bona fide threat to OS X ever does appear ClamAV will be made available for the client release via Software Update the next day.
    • Re: (Score:3, Informative)

      by singularity (2031) *
      Why does Slashdot not have a "-1; Factually Incorrect" mod when you need one?

      You, sir, are incorrect. ClamAV is indeed *included* with OS X Server, but it is most certainly not "running by default". It is used as part of the mail server. It is an option you can turn on in the mail server settings, and it automatically checks email for viruses (SpamAssassin is also included) if activated.

      This is because people use OS X Server to serve non-Macintosh clients, including Windows machines.

      It does not check every
      • Re: (Score:3, Informative)

        by BearRanger (945122)
        Thank you for the clarification. You are of course correct, and I could have been more specific. The point remains, if you start mail services (which are enabled by simply clicking a check box) ClamAv starts without the administrator explicitly asking for it. The scanning rules are predefined and no user interaction is explicitly required. Extending it to check other files could still be enabled via Software Update.

        My bad for not being as clear as I should have been. I trust folks with mod points will
  • by zerofoo (262795) on Tuesday March 18, 2008 @06:14PM (#22788844)
    We run Sophos Anti Virus at my company since it runs on Mac OS and Windows. We've actually caught Windows viruses on removable media from home users and alerted them about their infection.

    In theory, that user went home and dealt with the problem - maybe preventing an issue for someone else down the road.

    We also caught a virus on a BRAND NEW digital picture frame. Again, it was a windows virus, but we may have prevented a windows infection by detecting it on a Mac.

    If everyone was diligent about security - including those that "don't need to be concerned", we might have less of this crap floating around.

    -ted
  • by mlts (1038732) * on Tuesday March 18, 2008 @06:20PM (#22788910)
    A lot of companies run antivirus software even on their high end Solaris and AIX machines. Not because there is a likelihood of a RTM worm repeating itself, but because of legal reasons. A lot of corporate clients require their vendors to "have antivirus protection on all computers", a very wide and sweeping statement.

    One reason I can see putting AV on a Mac is so people (and companies) can check this box, saying that all their machines that handle customer data have antivirus protection installed, even if the utility is just triggered from a cronjob that does a scan down the filesystem for infected Windows files every so often.

    Historically, before OS X, Macs did have some viruses, although relatively few of them were malicious. Before Word macro viruses became common, John Norstead's Disinfectant was one of the more used anti-virus utilities that offered not just scanning, but in memory protection.
    • Re: (Score:3, Interesting)

      by ceoyoyo (59147)
      Yup. Hospital IT requires everybody to have antivirus software. So it's officially installed, and if you're a smart user you turn it off as the first thing you do when you get your new computer.

      Virus scanners really are awfully invasive. If there's ever a virus signature for it to match then you can turn it back on.
  • Mac A/V needed !!! (Score:4, Informative)

    by qwertphobia (825473) on Tuesday March 18, 2008 @06:23PM (#22788940)
    The only reason I require folks to run antivirus software on the Mac is because of Microsoft products. We have had several macro viruses spread across campus through the sharing of Microsoft Office documents.
  • ...don't need to run antivirus software. Period. In fact, I view AV software as malicious code itself. Look at all the problems it causes, and the cpu and disk cycles it wastes scrawling through its heuristics and signature list on disk and memory access.

    AV is an attempt at a technical solution to a user stupidity issue. If you don't do dumb shit, you don't get infected.

    I'm not talking about worms (which AV does nothing about). I'm talking viruses, trojans, spyware, and the like.
  • by Shadow-isoHunt (1014539) on Tuesday March 18, 2008 @08:06PM (#22790156) Homepage
    Current AVs rely on databases of known definitions. With few definitions for OS X, and no current malware in the wild, there is no point to a database. Heuristics are shit, and easy to fool currently, also subject to false positives(a customer brought in a computer once where Norton was going off on DaggerFall's setup.ini, for example, but riddled with shit like sdbot that should have been caught), making the point moot. Great way to slow down your system and throw away some money, though!
  • pshaw (Score:3, Funny)

    by nuzak (959558) on Tuesday March 18, 2008 @08:54PM (#22790530) Journal
    I don't even run AV software on my PC, and I've yet [stop-debt-now.com] to encounter any problems [cheap-viagra.com]. I really don't see what [online-poker.com] the fuss is about.
  • And? (Score:3, Informative)

    by ledow (319597) on Wednesday March 19, 2008 @05:13AM (#22793164) Homepage
    This isn't news, and especially isn't news for nerds... Windows, Linux, MacOS, it doesn't matter...

    Don't run programs of which you don't know the origin (commercial games from big store - yes, hacked games from random illegal Internet site, no)
    Don't let programs run automatically ever (autorun, activex in browser without prompts, email attachments etc.)
    Don't run programs just because something in an email, on a webpage, on a game, tells you to - double check first.
    Use only trusted, well known mediums to obtain the things you want, whether that's a game magazine or a download site.

    You DO NOT NEED something running 24/7 and taking up CPU all the time, intercepting every disk access to stop you getting a virus. You just need to follow some simple rules. My girlfriend manages them with little to no training - never had a virus. If in doubt, you ask someone in the know. They will tell you if something is safe and should be able to do so over the phone or IM it's that easy. They don't even need to SEE the file itself or its contents, they can tell from your description of where it came from.

    You only need antivirus if you run a network where the users deliberately "forget" their training. Unfortunately, that's most corporate networks. Therefore most corporations do "need" it. That's their own problem for running systems that allow execution of arbitrary programs for normal users. It shouldn't be required EVER in a corporate environment unless they are on the development team. Bring back the good old days of "Press 1 for receipts, 2 for stock control, 3 for staff databases"... by restricting the interface, you restrict the possibilities.

    Number of viruses I've had - zero. Number of viruses witnessed first-hand - hundreds of thousands. Number of machines cleaned for other people - hundreds. Number of antivirus programs installed on those computers - hundreds. Number of effective antivirus programs when used on novice user's computers? Zero. Number of antivirus programs installed on any OS on my own personal machines - zero.

    What do I do when I need to check someone's computer? Free virus checkers RUN FROM KNOWN-GOOD, CHECKSUM-VERIFIED executables stored on READ-ONLY media of my own. See. The rules apply even then. Amazing, isn't it?

    I have seriously removed more antivirus programs than the number of computers I've fixed. They are an absolute waste of time as they are only "after-the-event" - they hardly detect any "real" viruses, if they do detect them, they can't clean them or remove them effectively. And, besides, it's too late by the time an antivirus program spots something - it's already running. Most AV are easy for viruses to disable or fool anyway, so they are just false psychological reinforcement for novice users. Once users are SHOWN that the AV did absolutely nothing to stop the virus they just got, I ask them if they want to renew it next year (so that they remember come the time). I have dozens of people who ask me to remove it there and then and put something "that works" on. I tell them it doesn't work like that, but I can install a free antivirus and at least save them some money, if not save them completely from viruses.

    It's amazing the amount of people I've dealt with who are shocked that:

    1) The expensive antivirus that they've been paying every year for has never really worked properly and they've had viruses all along. Or hasn't updated in five years. Or says it's updating and isn't. Or says it's running and isn't.

    2) The same expensive antivirus is useless at detecting some stuff and useless at removing anything (the amount of times I've run "clean" only to have the same message pop up again on another file, repeated ad inifitum). Cleaning from within an infected operating system is very difficult (I've done it successfully many times but never with an automated antivirus tool) and is only really any good if you absolutely CANNOT get the virus off any other way without losing data.

    3) The same

One small step for man, one giant stumble for mankind.

Working...