Do Macs need an AV?

[Berryracer]

I know this question has been asked many times before but maybe that was in the past times.. I think I heard some news 5 months ago or so that Macs started getting viruses.

so what is the consensus?

Does one need an AV on a Mac or not?

and if he does, are there any good free options like there are for Windows or only paid solutions are the option?

 

[TheStu]

If you are regularly receiving and then sending files to Windows users, then it would behoove you to have an AV installed that would check your mail attachments.

The amount of malware that's out there for OS X is an anthill next to the mountain that is Windows' share. However, a Mac could be an unwitting 'carrier' if you will.

I have no recommendations, as I never ran any on any of my Macs.

 

[Berryracer]

If you are regularly receiving and then sending files to Windows users, then it would behoove you to have an AV installed that would check your mail attachments.

The amount of malware that's out there for OS X is an anthill next to the mountain that is Windows' share. However, a Mac could be an unwitting 'carrier' if you will.

I have no recommendations, as I never ran any on any of my Macs.

so I take it you don't receive files from Windows users and are you certain that you have not been or are not infected? :whiste:

 

[Kaido]

so I take it you don't receive files from Windows users and are you certain that you have not been or are not infected? :whiste:

Really the only thing you need to do is disable the auto-open for downloaded programs in the browser in Safari (or just use Chrome). One of the ways one of the Mac "viruses" was spreading was by auto-launching via automatic browser download. Also, keep it patched with the latest updates (in particular Java, which comes through Apple software updates) and obviously don't type in your password to install programs that you didn't download (about 2 zillion people installed the virus anyway).

And yeah, if you send & receive files from Windows users a lot, it's good to use an antivirus as a good neighbor. I personally don't. The most I've done security-wise is using Little Snitch to regulate what has access to the Internet...it's similar to ZoneAlarm on Windows where you can control & monitor all of the apps that have Internet access on your Mac. Traditionally, people use it to block phone-home apps in hacked software, but it's actually a pretty great security tool. If you do want to try some antivirus, ClamXav is supposed to be pretty good:

http://www.clamxav.com/

So in summary:

1. Disable the auto-open downloaded files setting in Safari, or use Chrome
2. Make sure automatic system updates are enabled
3. (optional) Disable Java from running, unless you specifically need it for something
4. Don't install programs you didn't specifically download, and especially don't type in your administrative password to install those programs
5. Make sure the Firewall is enabled, or if you really want to monitor what's access the Internet, buy Little Snitch and get fine-grained about access settings

I've been on Macs for a good 7 years now and haven't had any major issues. It's basically just Linux with a pretty GUI, so the core system is pretty tough out of the box security-wise. That's not to say nothing will ever happen, but at the present time things are pretty good. The biggest security failing has been due to Java, which used a software trick (auto-downloaded & auto-opened due to default Safari settings) and then a social engineering trick (your Mac is infected! type in your password to install this software and fix it! and we need your credit card to purchase the full version of this spyware/virus removal software!), although I believe the newer versions bypassed the password-to-install prompt. I think MacDefender was the biggest spyware/virus attack in Apple's history, if you want to do some reading online about it.

Apple has already stopped packaging Flash by default in new Macs, so I wonder how long Java has left to live...unfortunately it's used in a lot of applications (such as LogMeIn), so it's hard to get rid of, so either you have to manually disable it in your browser or make sure your system always has the latest system/Java updates if you want to stay 100% protected.

 

[TheStu]

so I take it you don't receive files from Windows users and are you certain that you have not been or are not infected? :whistle:

I basically never get sent files. I also haven't used a Mac as my primary machine in at least 6 or 7 months, I lent it to my friend.

And yes, I am as certain as I can be that in years past when I did use a Mac as my primary that I was never infected.

 

[vbuggy]

You're far more likely to get drive-by'd by a Java/etc vulnerability than thru malware if you take basic precautions - and even then, again if you're a competent user who knows the signs of a dodgy website, the chances of you being caught out are fairly remote.

The same advice applies to anyone be it a Windows user or an OS X user - the more oblivious or incapable you are of using the computer, the more it might be a better idea to have an AV.

By that token, I'd say a bigger percentage of Mac owners should be using AV

 

[TheStu]

You're far more likely to get drive-by'd by a Java/etc vulnerability than thru malware if you take basic precautions - and even then, again if you're a competent user who knows the signs of a dodgy website, the chances of you being caught out are fairly remote.

The same advice applies to anyone be it a Windows user or an OS X user - the more oblivious or incapable you are of using the computer, the more it might be a better idea to have an AV.

By that token, I'd say a bigger percentage of Mac owners should be using AV

*Whew, thank goodness you got your daily dose of Mac user bashing in! I was worried that you were actually going to post something useful without any commentary about the level of disdain in which you hold Mac users!

OP, what he said in his first 2 paragraphs is correct, if you know what to look out for, and keep your wits about you, you should be ok.

 

[vbuggy]

I forgot: One of the simplest ways to prevent yourself from screwing up the system - and this applies again to any OS - is not to make your regular-use user an administrator (and yes that applies even if you're the only user). It may be impractical if you're developer, etc but for most regular users this shouldn't be a seriously onerous limitation.

This way, any undue changes you try and make, a dialog will pop up into which you have to type in your admin user ID and password to make any changes. This largely prevents 'oops, I shouldn't have done that' syndrome. It won't make you immune but it's good user discipline.

[Insert obligatory Mac bashing here]

 

[Eug]

Just run Sophos. It's free.

P.S. I have both Windows and Mac OS X machines, and commonly share between them. I have never had a Mac virus, but Sophos has caught a Windows virus before.

 

[Kaido]

You're far more likely to get drive-by'd by a Java/etc vulnerability than thru malware if you take basic precautions - and even then, again if you're a competent user who knows the signs of a dodgy website, the chances of you being caught out are fairly remote.

The same advice applies to anyone be it a Windows user or an OS X user - the more oblivious or incapable you are of using the computer, the more it might be a better idea to have an AV.

By that token, I'd say a bigger percentage of Mac owners should be using AV

Sadly, I wouldn't disagree with that. A lot of people blindly click on whatever. I think the Mac Defender estimate was over 100,000 infections.

imo most people should either have Chromebooks for home use or iPads, things where you don't have to run the risk of getting infected or doing any maintenance. Chromebooks are even better because they run Flash and auto-update themselves, and they have Chromeboxes for desktop use now.

 

[Kaido]

Just run Sophos. It's free.

P.S. I have both Windows and Mac OS X machines, and commonly share between them. I have never had a Mac virus, but Sophos has caught a Windows virus before.

I setup the Mac Defender virus stuff on one of my Mac test rigs to check it out. It was so overblown by the media it wasn't even funny. The installation procedure for the initial release went like this:

1. Visit an infected website
2. App auto-downloads in Safari
3. App auto-opens in Safari ("run after opening")
4. Prompts user for password to begin installation USER ENTERS PASSWORD
5. Installs into system and asks for credit card number to pay for antivirus USER ENTERS CC #

So it's more of a default settings exploit with a fair share of end-user stupidity. Sure, type in your password into a program you didn't download (apparently happened 100k+ times). Then type in your credit card number to something you didn't specifically go out and download.

Problem is, it works. It preys on people who are naive, dumb, or just not very well versed in computer trickery. And I hesitate to say dumb because there are a lot of like grandmas out there who really don't know any better, but then there are also young people who just type in their admin password and apparently type in their credit card numbers and away they go!

And I say it works because they just nabbed the group behind the fake FBI virus - they were pulling in over $1 million a year!

http://nakedsecurity.sophos.com/2013/02/14/reveton-ransomware-gang-arrested-by-spanish-police/

 

[CA19100]

It's basically just Linux with a pretty GUI...

UNIX, not Linux, but otherwise your post is spot-on.

The biggest threat to a computer these days isn't as much backdoor infections as social engineering. Be conscious of what you're clicking on and you'll be fine. I've run an OS X machine regularly since 2002, and have never had a malware issue. I don't run antivirus on it. Software can't install without an administrator authorization, and you'll get a first-run warning (and option to cancel) the first time any software runs for the first time after installation.

I do run Avast Free on my Windows 7 machines, as there are more behind-the-scenes transmission vectors.

I forgot: One of the simplest ways to prevent yourself from screwing up the system - and this applies again to any OS - is not to make your regular-use user an administrator...

Excellent advice, and I do the same. Regular user accounts aren't even authorized to add anything to the Applications folder without an admin authentication; admin users can.

 

[Eug]

I setup the Mac Defender virus stuff on one of my Mac test rigs to check it out. It was so overblown by the media it wasn't even funny. The installation procedure for the initial release went like this:

1. Visit an infected website
2. App auto-downloads in Safari
3. App auto-opens in Safari ("run after opening")
4. Prompts user for password to begin installation USER ENTERS PASSWORD
5. Installs into system and asks for credit card number to pay for antivirus USER ENTERS CC #

So it's more of a default settings exploit with a fair share of end-user stupidity. Sure, type in your password into a program you didn't download (apparently happened 100k+ times). Then type in your credit card number to something you didn't specifically go out and download.

Problem is, it works. It preys on people who are naive, dumb, or just not very well versed in computer trickery. And I hesitate to say dumb because there are a lot of like grandmas out there who really don't know any better, but then there are also young people who just type in their admin password and apparently type in their credit card numbers and away they go!

And I say it works because they just nabbed the group behind the fake FBI virus - they were pulling in over $1 million a year!

http://nakedsecurity.sophos.com/2013/02/14/reveton-ransomware-gang-arrested-by-spanish-police/

Yeah, Mac viruses are rare, and the ones that get Mac users are due to stupidity most of the time. That said, my main goal to running Sophos AV is to catch Windows viruses.

I sometimes must share files with other people, I never know what they've been up to on their computers. Furthermore, I share between Mac OS X and Windows, and it's very easy for these files to be transmitted to the Windows machine if I don't have some AV stuff running. I figure protecting both computers is safer than protecting just the one.

BTW, I run only Microsoft Security Essentials on my Windows machines, and it seems to do the trick, without slowing the machine down unnecessarily like some of the anti-virus packages seem to do.

I don't run Sophos on my G4s though because those are isolated guest machines, and Sophos does have enough overhead to slow a G4 machine noticeably.

I also run AV on my NASes, but I must admit that I've done so only intermittently.

 

[vbuggy]

On the Windows side, MSE is really just a gauze curtain across your front porch. The difference between it and many other solutions on the platform is that relatively speaking, you're not paying a significant CPU cycle penalty for running it (and I guess 300K or so is not a giant memory footprint) but it's lightness should be an indicator of how useful it will be when you actually have a proper piece of malware to deal with.

If the user is incompetent/oblivious as mentioned before then you need the heavyweight all-aspect protection offered by other suites since most of the things that the users will inexplicably click on before they say "the computer did it" will sail straight past MSE.

The same again goes for the Mac - the users with systems common sense don't need AV, or at worst maybe a scheduled scan. The difference I guess is that when you are dealing with oblivious users, most of the Mac AV's are either subpar or relatively undeveloped because they aren't being challenged as often - they're where PC antiviruses were ten years ago. Security through obscurity is for the morons, but whatever.

 

[effowe]

I run Avast Free on OSX just as a safety precaution.

 

[dagamer34]

An inexperienced user with AV will get malware far before an educated user without AV will. OS vulnerabilities aren't really that big anymore, it's far more about Flash and Java exploits from people who don't have the latest versions installed. And please don't run randomly put your CC# into a program that says it will clean up your system!

 

[ViRGE]

I forgot: One of the simplest ways to prevent yourself from screwing up the system - and this applies again to any OS - is not to make your regular-use user an administrator (and yes that applies even if you're the only user). It may be impractical if you're developer, etc but for most regular users this shouldn't be a seriously onerous limitation.

This way, any undue changes you try and make, a dialog will pop up into which you have to type in your admin user ID and password to make any changes. This largely prevents 'oops, I shouldn't have done that' syndrome. It won't make you immune but it's good user discipline.

What you've described is how Mac OS X (and Windows) already does things. You can't actually make any administrative changes without first authenticating, even as an admin user. Being admin just gives you the right to authenticate. See: sudo.

 

[vbuggy]

What you've described is how Mac OS X (and Windows) already does things. You can't actually make any administrative changes without first authenticating, even as an admin user. Being admin just gives you the right to authenticate. See: sudo.

Actually no, there's more to it than that - the single step authentication (via password - in certain cases - or button) gets to be a habit. Having to type in the user and password for major changes makes it less habit forming and makes you look closer at what you're actually doing.

 

[vailr]

Bitdefender offers a free "on demand" type of virus scanner for OSX:
http://mac.majorgeeks.com/files/details/bitdefender_virus_scanner.html
They also offer a free "memory resident" AV for Windows:
http://www.majorgeeks.com/files/details/bitdefender_free_edition.html
The free version for OSX won't auto-detect viruses, but the "paid" OSX & free Windows version will.

 

[Berryracer]

thanks a lot for all the informative posts guys. I'm a mac n00bie and this information is awesome for someone like meh

cheeers

 

[Kaido]

UNIX, not Linux, but otherwise your post is spot-on.

Linux used for reference, since no one really uses "UNIX".

And technically, BSD

 

[CA19100]

Linux used for reference, since no one really uses "UNIX".

And technically, BSD

Touché!

 

[tim Paul]

[FONT=Times New Roman, serif]Macs are immune to virus attacks, but not too like Windows. Your Mac will get affected by virus attack, if you send mails or any files to window users. In this case you will need AV software for your Mac. 'iAntivirus' software is free software for your Mac. :biggrin:
[/FONT]