Apple Quietly Recommends Antivirus Software For Macs 484
Barence writes "After years of boasting about the Mac's near invincibility, Apple is now advising its customers to install security software on their computers. Apple — which has continually played on Windows' vulnerability to viruses in its advertising campaigns — issued the advice in a low-key message on its support forums. 'Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult.' It goes on to recommend a handful of products." Reader wild_berry points out the BBC's story on the unexpected recommendation.
Old document (Score:5, Informative)
This story is just wrong. That document is several years old. Apple advises to install security software since years. They just added new names for recommended software products and therefore updated the issue date on the document.
Re:Does a Mac AV program really do anything? (Score:5, Informative)
That is what I always thought, in fact looking at clamXav it appears to only scan for windows viruses.
Re:Multiple antivirus products? (Score:5, Informative)
Having multiple products deployed mean that the virus programmers have different applications to circumvent. But that's multiple products on different machines-- you wouldn't expect one user to run all of the anti virus products on one machine.
Makes sense in heterogenous networks (Score:5, Informative)
Although your Mac may be safe from the vast majority of malware stuff circulating right now, it can still spread them around and infect for example the other Windows machines on the network (those Microsoft Office macrovirus infections are a good example).
Also, with all the nice virtualisation programs available on the Mac and BootCamp, it makes sense as a Mac user to be more aware of potential malware problems , although then the antivirus solution should be inside that environment, I think. Also those antivirus programs open up a whole other can of worms, because those antivirus companies are splendid examples of honesty and efficient programming, as we all well know
Comment removed (Score:5, Informative)
Re:a way to make money (Score:5, Informative)
Macs definitely are susceptible to malware, as the recent DNS trojan has demonstrated. Any app that asks for and gets your admin password is going to play with your computer, that's pretty hard to beat.
Viruses, and worms in particular, do covert, automated spreading. Worms are able to exploit on-by-default network services remotely in the background. (we just had a new one announced yesterday! affects xp AND vista, good lord you'd think they'd learn by now!) Viruses require the ability to circumvent LOCAL security, and get their hooks in the system and replicate locally without user interaction/permission. OS X (and unix in general) are designed from the ground up with this in mind, and have always been far less vulnerable to these two issues.
I don't see this changing anytime soon, just due to the differing design philosophies inside the two systems. From the start of OS X, apps didn't just have free access to do as they pleased, they were restricted by a security model, and learned to develop in OS X under these restrictions, being forced to learn good coding practice. Windows started in the wide open, and their devs got used to it, before they realize the scope of their mistake and tried to close the doors. The devs refused to stop writing apps that just "oh lets just assume we have full write access to the entire hard drive" etc. and so MS has had to go very slowly to avoid completely destroying their established software market. That's hard to overcome.
Even today I can count on one hand all the mac apps I've ran into that either (1) have to be installed while logged in as an admin, or (2) will only run properly (or completely) when logged in as an admin. And I count those developers as idiots for not knowing what they're doing and just assuming they have privs. Until Windows software approaches these numbers, I don't think we can call the Windows security model "fixed".
There are two things that most interest me here. First, Norton has been considered anything from "bad" to "poison" to OS X from the get-go. It's been known to create a wide variety of system problems, and in most cases, when OS X is misbehaving, and they admit they are running norton, the first advice they get is to remove it. (and "good luck removing it" to boot) Symantec has been of little help there, their first "removal tool" was 300+ lines of terminal commands, and still didn't completely uproot it. Their current removal tools are more effective and user-friendly though. So to see Apple RECOMMEND norton is something of a shock. I don't know of a single person in any of the mac support forums that recommends anything for Norton besides uninstalling it.
Second, I thought AV products don't "stack" well? Our PC tech here is constantly having problems with computers that come in and are running 2-4 AV software, and they're fighting like cats and dogs and crippling the system to where only a fresh install will fix it. From what I read on that Apple post, it sounds like Apple is encouraging you to install multiple AV software. And OS X already runs ClamAV doesn't it? Although I have yet to see such a thing get pushed out, I assume Clam can get updates via SoftwareUpdate? I seriously question where they're going by recommending you install additional (or possibly multiple) AV software.
Re:a way to make money (Score:5, Informative)
UNIX on the other hand was designed from day one to be networked multi-user OS, and security and separation of concerns was there from beginning.
Oh, this just makes me laugh. Operating system the first Internet worm ran on? UNIX. It wasn't until the mid '90s that people started saying 'UNIX Security' without laughing.
Re:Herd Immunity (Score:3, Informative)
I think that's a bit of faulty reasoning. For though Macs are a small percentage of the computers, they still represent millions of consumers. If that reasoning was correct, since Macs and Linux represent X% of users, they should be getting X% of viruses. By their nature they don't get viruses mainly due to the nature of their OS that programs can't autorun without permission. As demographics go, they also represent more affluent consumers. So more likely Macs will be the targets of malware as opposed to viruses.
Re:a way to make money (Score:5, Informative)
I don't see this changing anytime soon, just due to the differing design philosophies inside the two systems. From the start of OS X, apps didn't just have free access to do as they pleased, they were restricted by a security model, and learned to develop in OS X under these restrictions, being forced to learn good coding practice.
There is another common stupidity that many Mac developers seem to have that still persists from the Classic days. Many OS X devs still act as though the user installing the app is the only one on the system. A good example is Adobe Reader. EVERY user that runs Reader for the first time will be pestered to enter an administrator password the first time the software is run. The only workaround is to copy some preference files into every home directory on the system and if there is an update to Reader then that has to be done again. Yeah, yeah, I know just use Preview but things like that happening are common. It isn't OS X' fault. There is provision for system wide app settings; it's just that OS X devs tend not to use them the way Windows devs assume everyone is an administrator.
Re:a way to make money (Score:4, Informative)
At a previous job I had the task of making the installer for our consumer level OS X product. I had to fight with management to get them to let me spend the time to get it installed both as a drag install and to do it without requiring admin accesses. (Our product installed an item in System Preferences so this wasn't a no-brainer.)
I eventually prevailed and coded it "correctly" and was quite gratified to read in reviews how good the installation process was. It can be done but the non-Mac managers mindset just often doesn't see the need for doing it the "Mac" way.
Re:a way to make money (Score:2, Informative)
I don't think they're suggesting that each machine run multiple AV systems, just that there are multiple AV systems in use among all machines, thus decreasing the chances that a virus can exploit a weakness in a particular scanner and remain undetected.
Also, OS X Server comes with ClamAV, but standard OS X does not. However, ClamXAV [clamxav.com] is available (completely free of course) for OS X and provides a simple way to install ClamAV and a GUI for management. I'm a bit surprised Apple doesn't list it on the recommendation page.
Re:a way to make money (Score:3, Informative)
It's Ctrl-Cmd-D. It will define the word under the cursor.
Re:a way to make money (Score:5, Informative)
All viruses require a reasonable level of market share to operate, because one of the principles they rely upon is a network effect, and you just plain cannot get a network effect without a decent market share. So marketshare is, very much, a pre-requisite for a successful virus. It's not the only one, but when people say "Mac OS X hasn't been attacked yet because it doesn't have enough marketshare", they're right. That's one fundamental reason. And unless you can show that any other reasons apply, it's likely to be the only reason.
Fair point. However, Mac OS X has far more market share than something like Aros. We're talking somewhere above 8% of the market right now. That's an appreciable install base and certainly worth targeting. By comparison, the Witty worm [schneier.com] targeted (and infected) an install base of only 12,000 systems. So sure - install base might be a factor. But it is hardly the only one.
There's little reason to believe that Mac OS X is protected from viruses by anything other than its low market share at this point. There's not a large enough group of users for network effects to take over. It is not an inherently secure operating system. The default user is generally set up with administration privileges, and it just takes a buffer overflow or other ordinary vulnerability in a client application like a web browser plug-in for a virus or worm to have complete access to the user's files, and enough access to be able to modify many of the applications the user is likely to run.
Fundamentally, Mac OS X has the same problem as Windows, and the same problem the "run-everything-as-root" Unixes did in the eighties and early nineties: too much functionality available to the default user. To fix this, you need to change the model somewhat. The very least Apple could do is set Mac OS X up so that the installer actively discourages setting up the default user as an administrator.
Wait a minute here. Correct me if I'm wrong, but my impression is that the "administrator" setting of an account allowed sudo access. That's a little different than running as root. Is there something else going on in the Mac userland?
It should also be noted that we've heard these warnings [linuxinsider.com] before. The doomsday scenario has yet to come to pass. And while I agree that some of the perception of imperviousness is misplaced, I am also inclined to believe there's a bit more at work here than some critics want to believe.
Re:a way to make money (Score:4, Informative)
AFAIK this has always been Apple's policy. All they did was update the posting slightly to show the latest leading commercial AV software. Here's the previous update from a year and a half ago. I assume it was just an update of the one previous to it. (I think you will find that it looks very familiar!)
http://web.archive.org/web/20080113164722/http://docs.info.apple.com/article.html%3Fartnum%3D4454 [archive.org]
"Mac OS: Antivirus Utilities
Last Modified on: June 08, 2007
Article: 4454
This article describes the antivirus utilities that are available for the Mac OS.
Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one program to circumvent, thus making the whole virus writing process more difficult. Here are some of the available antivirus utilities:
Intego VirusBarrier X4
Publisher: Intego
License: commercial
Norton Anti-Virus for Macintosh (formerly SAM)
Publisher: Symantec
License: commercial
Virex
Publisher: McAfee
License: commercial
This article provides information about a non-Apple product. Apple, Inc. is not responsible for its content. Please contact the vendor for additional information.
Article 17159: "Locating Vendor Information" can help you search for a particular vendor's address and phone number. Keywords: ktech kmosx"
I've got to call cough! *bullshit* cough! (Score:5, Informative)
Apple has NEVER not recommended users install AntiVirus software. One of the first benefits of subscribing to Apple's DotMac web service, a service that is roughly as old as the first Gold Master release of OSX itself, was a complimentary copy of AntiVirus software (McAfee Virex 7.0, released September 2001).
The offer only applies to v7x; which no longer compatible with the latest OSX version, which probably goes a much longer way to explain why Apple is now recommending users install their own choice of a competitive application.
The most recent ad campaign, which does mention vulnerabilities to various malware on Windows machines, comes after more than two decades of people clamoring for Apple to do just that in it's marketing and sales literature. Rather than all of a sudden "quietly" recommending AV software, Apple has always (quietly) recommended it.
The (very lightweight) BBC article comes across as written by someone who only recently started paying attention to Apple, perhaps after her dad bought her an iPod in Journalism school.
Re:a way to make money (Score:2, Informative)
To play devils advocate, the same may be said for Fista, but Fista asks permission for EVERYTHING!! The user is so often annoyed by the stupid mother%$#@%%^# UAC bull%$#% that they no longer pay attention to whats going on requiring a priv elevation and just click (I agree)(I agree)(I agree)(I agree)WTF!?(I agree)(I agree)Leamme alone willya(I agree)(I agree)STFU i keel you(I agree)(I agree)(I agree)AGGGGGHHHHHHH THE %$#@!?(I agree)[DOOMSDAY] %&^%% NO CARRIER
That implementation is a recipe for disaster. I actually ship all Fista installs with UAC Off because it does no good anyway, plus, most remote control implementations don't work for %$%# under it.
Now, anything prior to Winders Fista, it's practically a hard REQUIREMENT to run as admin. Even something as harmless as Acrobat Reader will not run well without God privileges.
There's no story here. (Score:1, Informative)
Apple merely updated their standard antivirus recommendation page to increment the version of one of their recommended antivirus products from v4 to v5.
The page obviously popped to the top of the watchlists of some hysterical tech "journalists" who didn't know any better, and they immediately started screeching "Macs get viruses too! Yay!"
Still, it got a few more pageviews and no doubt some ad clickthrus for the sites in question, so I guess it met or exceeded the only journalism standards that really apply these days.