Anti-virus/malware for Mac. Do we need it?

In twelve year with Windows, the only time I ever encountered a Virus was from email attachments from friends and on a flash drive. Maybe 4-5 times in 12 years. I am a pretty conservative in my web browsing and downloading habits, and if you send my a FWD: FWD: email I just delete it.

I felt pretty safe running a Mac without any anti-virus software, but as Mac OS becomes more prominent, I get feeling that the risk level is increasing. I was thinking about installing Sophos Anti-Virus for Mac Home Edition. Well it's free and promises not to slow down my computer.

What do you think?

TIA

 

I've never had a problem with Sophos running... and it actually has found a few things for me, though its always been Windows things...

I see no reason to not run it, as I've never noticed any difference in performance with or without it.

 

In my experience, you actually have to install something under OS X in order for anything bad to happen. There are some exceptions to the rule (Mac Defender used to be like this but now it can install itself) but that is the general case. I have yet to visit a site under OS X and have it install anything yet, when I visit the same site in Windows, some type of tracking cookie is installed.

That being said, I still have Sophos on my MBP simply because I often transfer content to and from a Windows machine. I figure that, if anything, Sophos will stop my Mac from spreading malicious Windows content. Those files won't do a damn thing under OS X but they can cause problems for Windows and I want to stop that from happening. Sophos actually caught something that was on one of my thumb drives that I brought from work. Again, it wasn't something that would affect OS X but I still wanted to remove it.

I don't notice any slowdown with Sophos either. It takes me ~25 seconds to cold boot into OS X Lion regardless of Sophos, programs still load at the same speeds, internet browsing hasn't slowed down, etc. It really is a real-time low profile anti-virus programs that I highly recommend especially if you are transferring content to and from Windows machines.

 

Thanks. Yes, loss of performance was a concern. Downloading now

 

If one is experienced with using computers, regardless of platform your odds of getting a virus are slim to none.

I don't use Antivirus on my Windows 7 desktop nor do I use it on my Macbook Pro.

I haven't had a virus in years.

 

that you are aware of...

joking, but serious. making that assessment accurately is actually quite a task.

 

I have never used an antivirus on my Macs, and have never seen a viable reason for doing so.

Redundancy is only required if your Win AV is less capable than the Mac AV you are ostensibly using to protect your Win Systems.

To I keep my Windows systems clean, I use a capable AV for those devices. Putting an AV on a Mac to protect my Windows systems makes less sense than running two AV's on each my Windows systems concurrently.

If your Win AV is competent, then I see no reason to "infect" my Mac system with a redundancy.

 

No system is infallible and that also goes for OS X.

That said, there's no current threat from viruses or worms to my knowledge. There has been a couple of trojans (though mostly from pirated software) and there's also malware like MacDefender, where infection largely depends on social engineering and manual installation by the user. I think that's it though. The built-in protection should handle the latter just fine.

I think it's mostly snakeoil and a false sense of security. Use your CPU cycles for something useful instead.

Practice safe hex and you should be fine:

• Keep on top of any and all security updates for your system and especially keep a very close eye on Flash, Acrobat and Java. These are barndoor-sized infection vectors.
• Don't install something you didn't download yourself. Common sense is your best weapon against infections.
• Don't just volunteer your password if it randomly pops up a box and asks you.
• If you use Safari, turn off the option to open safe files. It's mostly a potential vector and was used by MacDefender.
• Turn on the firewall and don't start any services that you don't use.

 

My Mac still boots in 13 seconds, does not feel slower or anything. Sophos AV seems light on resources. I guess I will keep it for a bit.

Yes, this is the part the makes we think, if I don't need it why not save a few cycles and some juice.

 

The last version of MacDefender that was out auto downloaded and ran... "safe files" didn't need to be checked, and it asked for no password, and still ran... Sophos blocked it though, and Apple finally updated the built in one to stop it.... for now.

 

Are you sure that it'll run without having safe files checked in Safari? Which variant are you talking about specifically? Anyway, it's still not fatal as it requires user interaction to complete the infection. If you don't manually button mash through the install that suddenly appears out of nowhere nothing else will happen.

That's the social engineering aspect I was talking about, which is something neither Sophos nor Apple can protect effectively against.

 

Yes, that was the main problem with Mac Defender. Before people would actually have to enter their password in order to install it and go through a typical installation procedure. Now it will all happen automatically and the user just has to click one or two buttons in order for it to be installed. I am sure the people behind Mac Defender are trying to bypass Apple's latest security efforts while also make a version that installs on its own without any user interaction. The humorous thing is that if you visit their site now, there is actually some Flash/HTML5/whatever guy on the website telling you about all the benefits of installing the software. They really are going out of their way to make things look legit. There are even ads for it on Engadget and many other sites.

So they are taking the social engineering thing to a high level (someone must have paid attention in their IT security awareness training) and this can be something new for a Mac user especially if they have never dealt with it on the Windows end. So I can understand how many people would install it. This is the first time they are ever coming across something like this under Mac OS X so they don't know what to look for when it comes to malicious software.

 

I'll help with the redundancy a little further and say I also run Sophos on mine. No reason not too and plenty of reasons to do so.

 

Perhaps, but so far they have been less than successful. MacDefender shouldn't be ignored, but it currently ain't no Conficker.

Curiously enough that wouldn't be as big a problem if it weren't for the fear driven and user hostile marketing on the Windows side of things. People have been scared into believing that they are horribly exposed unless they run at least four different security programs in the background.

The security industry could learn a lot from how little noise Microsoft Security Essentials makes, but then again I guess they figure that scared users mentally equate a barrage of ominous text with something that's effective.

You could say the same thing about a tiger repellent rock, you know.

 

Right. Especially in a thread specifically about antiviruses...

 

Yes. Why would I discuss what basically amounts to snake oil in a thread that wasn't about anti-virus programs?

Is MacDefender your "plenty of reasons" to install, btw?

 

No reason????????, how about....

1) Useless redundancy (we already covered that).
2) Memory allocation of said redundant program.
3) CPU cycles, running a redundancy.
4) Time to install, backup, maintain, update, load, the list goes on.

Every one of these reasons is a profound negative that if ignored leads to expense. Bottom line is you don't install a program for which a more suitable and capable one exists, and is already running (on your Win systems) for every instance required.

A useless program that only serves to heighten paranoia is one definition of malware. I don't install malware, even if someone feels that there is "no reason not to".

Tell me, Why don't you have a couple more AV's running, in addition to Sophos? Do you run multiple AV's on your Windows systems also?

 

Sure if you always use every last cycle of you CPU, (or RAM) I can see how your points apply. But I do feel the majority of people can spare CPU cycles. You must be quite the heavy user if yours can't spare any really, and that's OK.

But typical users have most of the CPU idle. And as others have stated, they feel no performance issues running Sophos. If you don't want to run it, that is alright. What I would argue is that this particular software causes no harm and does give you some protection. We can go around this point all day long, but the average user can make mistakes, and even the pro-user can be infected under some circumstance. So there are plenty of reasons to use it. Which in my humble opinion are more important than the points you make (which let's be honest, don't amount to maybe even a fraction of a second).

Also, typically I use something like Home ° EICAR - European Expert Group for IT-Security and download the test file. I'm not sure if your computer without anti-virus will detect it, but mine didn't. I downloaded Sophos and it picked it up right away.

 

Sophos uses a lot less resources than some are making it out to be. CPU cycles aren't precious things that need to be saved up especially when an old Core 2 Duo is still more powerful than what the average person needs for their everyday use. Right now, Sophos is consuming a whole 7.8MB of memory and 4 CPU threads whereas Safari is taking up 12 (along with 280MB of memory). It even takes up less resources than Finder. So I am a little confused as to why people are saying it eats computing cycles when it really is such a minor program.

It also took all of 20 seconds to install it and updates are done automatically without me ever having to do anything. Again, I can't think of plenty reasons why virus protection software should be used yet I would not consider wasting computing cycles, install time, or upgrade times to be good reasons not to use it.

 

After using my laptop for a day with Sophos installed, I really do not feel any difference. No reason to remove it.

 

I tested out a slew of antivirus/antimalware solutions when this whole 'macdefender' thing started up. The only one that felt really unobtrusive was ESET CyberSecurity. Stayed out of the way, used little system resources, frequently updated, yet it seemed to give OS X a slight 'lag' when ever doing anything. I bought a license, but I've not had it installed for a few months now. Don't really see the point, since the only time I ever actually used it was when scanning an infected Windows disk that someone had brought to me for help.

 

So as a soon-to-be first time Mac owner should I...

a) install an anti-virus (and is Sophos the only/best one?)

OR...

b) not install an anti-virus

Not installing one kinda goes against all my years of anti-malware experience with Windows...

 

The consensus in this thread seems to be that Sophos is the best, free tiger repellent rock, so I'd go for that.

 

That isn't the consensus. If you are going to paraphrase what has been stated in this thread, at least do it right without trying to insult the people who support the use of anti-virus software under OS X. You can take it further by expressing that the people against anti-virus software have yet to show anything valid as to why one should not install such software.

 

Yes, perhaps Preview's conclusion is a bit loaded, but I don't think anyone will take it as strongly as you worded it, Kornchild. I may be faulted, since I see his point.

But it does seem that the reasoning most proponents have indicated is a "better safe than sorry" reasoning that is countered by many who surf daily without a "bullet-proof vest".

Sure, I also see some anecdotal observation that some feel thy were "saved" from a specific form of malware, yet my experience is just the opposite. I never, have ever been faced with an OS X threat that I was not able to fend off with a semblance of consciousness.

So who is right?

I think those who would want to feel safer, are certainly able to do so. But equally so, there are those through experience who have found that OS X, when combined with personal innate awareness, see this type of AV as nothing more than another kind of innocuous malware giving an apparent sense of security.

Other may find that their Windows AV needs the extra help. So be it.

 

Oh, come on!

Surely the onus of proof is on the people claiming that anti-virus is needed? That is, unless you agree that it's largely a matter of getting a false sense of security provided by the aforementioned rock?

Installing anti-virus on your machine because that's what you do under Windows and because "hey, why not?" are not proper reasons to do so. You could make a case that MacDefender would be reason enough to install something, but I personally won't see it as a threat to me and my machine until it's capable of installing itself without any user intervention.

There was a lot of noise from the media when MacDefender hit, but curiously enough the "See? OS X is just as vulnerable as Windows" blog posts quieted down when the expected OS X virus armageddon didn't materialize.

I think anti-virus software (on any platform) is largely an anachronism that hasn't kept up with the ever changing threats. These days viruses aren't small, highly destructive programs made by bored nerds; they are for the most part fairly advanced, use many infection vectors, are hard to detect and remove and are making heavy use of social engineering. Especially the latter is best combated by the user, not by software.

Most malware is written with some kind of financial gain in mind. Software that relies on daily updates to function will almost by definition have a very hard time keeping up in that arms race.

People wanting to see actual security improvements should spend $30 on Lion.

 

I'm getting a Macbook Air with Lion but why is it a fundamentally more secure OS than its predecessor?

 

OS X has been behind Windows for a while, but finally caught up with Microsoft in Lion. It gets technical fairly quickly, but if you are interested Ars Technica has a good overview of how the sandboxing aspects works. Note that all software sold in the App Store is required to support sandboxing by November.

More tangible security improvements include things like full-disk harddisk encryption with little overhead. It also doesn't ship with Flash.

 

So you are saying that because people disagree with you, they should be the ones to prove their point rather than the other way around. So the burden of proof is on us because you don't use anti-virus software? Nope. The point of this whole thread was to gauge if one needs anti-virus software for Mac OS X. Valid points have been made from both sides and there have also been some pretty bad ones (the whole "wasting cpu cycles" comes to mind). That being said, a pretty modern example was given with the whole MacDefender thing that is going on now.

It is also a prime example of social engineering, phishing, and hoaxing that has affected over 100,000 Mac OS X users who have likely never come across anything like this before outside of the Windows world (where something like this is nothing new). Sophos was picking up on MacDefender from day 1 whereas it took Apple a few days (maybe even a week) before OS X was updated to prevent users from installing it. Then MacDefender updated to step around Apple's measures and again, Sophos was stopping it. So Sophos was actually staying ahead of the curve the whole time while Apple's security team, while acting fast, was still not faster than a free anti-virus utility.

So no one needs to spend $30 on Lion to see "real" security upgrades when a proper anti-virus, paired with OS updates, can stop a large portion of attacks for any platform. The argument to use anti-virus for OS X never revolved around "you did it in Windows so you should do it in OS X." I am not sure where you read that in this thread. If you did, you can lump it in with one of the bad statements right next to "but meh teh cpuz! it wastes meh cycles."

My point was that using anti-virus software for OS X is not the same as buying snake oil from a drifting merchant when it can in fact help protect people and could have helped over 100,000 users not be infected with MacDefender. Is anti-virus absolutely required? Well, if one uses common sense, probably not. There will always be that "what if?" scenario though. Additionally, having anti-virus protection can help those who lack that common sense when it comes to internet browsing. For example, many people fell victim to MacDefender and even more to that fake anti-virus software that installed on Windows. The pop-up looked as if it was scanning My Computer (from Windows XP), another pop-up would arise instructing users what to do, they would download the software, it would integrate itself with Windows, people would lose information, and they would have to pay to get the software uninstalled. Again, another example of where anti-virus software can help those who may not know what they are doing.

So, as I said, at least paraphrase the thoughts expressed in this thread correctly instead of calling anti-virus software snake oil, scoffing at the idea, and moving on.

 

I was kind of sold on this comment.

It does not slow things down so why not? If its useless, its free. If it finds Windows things, cool. I do not want to be the person who forwards to another person a Windows virus. It might not affect my computer, but I certainly don't want to help spread anything around.

 

Sophos is pretty good .... and "free" is the key word cause I don't worry to much about viruses on OSX. It's good to do some scans every now and then.

One thing I can't live without is Little Snitch.

 

Sorry if this is a stupid Q but if you don't worry too much about viruses in OSX then why is Little Snitch so important?

 

Little Snitch is not an Anti-virus/malware, but it can prevent a virus/malware from being loaded on your machine.

Little Snitch is more like a very easy to use firewall that gives you control of what connections to allow/disallow. I recommend it to everyone.

 

For someone who constantly goes on about proper paraphrasing, you sure aren't very good at it yourself. Both your "X because Y" statements misinterpret my argument. Heck, you might even say I'm insulted by your paraphrasing.

Correct. This is why it's wrong to ask for reasons not to use it and why I keep harping on about rocks. The only logical approach is to ask if something is needed instead of looking for reasons not to use something. Whether or not I use anti-virus software has no bearing on this.

Do you have a cite for that number? You're talking about people successfully infected by MacDefender, I take it?

Apple's rather indifferent and uncommunicative approach to security is inexcusable. I'm not sure why they do it that way, but perhaps <del>Jobs</del> the marketing department figures that it's best to keep mum about malware? It's dumb.

Why the scare quotes around the word real? Are you arguing that band-aids like third party anti-virus beats far reaching, vendor created OS changes like sandboxing or working ASLR? Snow Leopard users won't see any of that in updates.

Why are you bringing up Windows XP? Didn't you just say that it was an invalid argument to compare OS X security to the situation on the Windows platform?

It might prevent outgoing control communication to, say, a bot net, but it does absolutely nothing to prevent against infection. Once the malware is installed and operating on your machine, it's practically game over from a security perspective (let's hope you have backups of ~/).

There's no need to spend money on Little Snitch in my opinion. Lion's sandboxing is a far better and robust way to combat rogue outgoing connections, since sandboxing doesn't require the user to make any judgment calls on the validity of outbound connections and mysterious process names, addresses or ports.

If you absolutely need a very powerful stateful packet filter you now have two choices in Lion. Packet Filter ships with every copy of Lion, but needs to be enabled first. It supplements ipfw which is the one you can turn on and manage in the preferences.

 

Since I started this thread, which is turning into a little war, maybe we can agree on the following propostions:

1. Anti-Virus/Malware programs for Mac OSX can be useful in that Mac OSX is not immune from viruses and malware.
2. Anti-Virus/Malware programs for Mac OSX can be useful if you received and transfer filed to and from Windows PC's.
3. The actual threat level in the real world is rather small, so it would not be considered essential to use one.

 

I guess you will have to explain things then.

If it is wrong to ask for reasons why anti-virus software should not be used, why list them? When looking to see if something is required, one must ask: do I need this? They also must ask "why don't I need this?"

Back when MacDefender was still new, the number of people affected was between 60,000-120,000 and it has increased since then.

I do agree with you on that. Apple call center employees/contractors were told not to really discuss MacDefender as an issue until Apple officially addressed the problem. Call center employees were essentially supposed to deny that MacDefender was an issue at all until Cupertino came out with a solution.

I used the "scare" quotes based on your usage of the word "real." You stated that real security updates are seen in Lion meaning that for anyone to actually see those, they must upgrade to Lion. I am not denying that Lion contains a fair amount of security updates but one can also see "real" security updates through proper anti-virus software. As I stated, Sophos was stopping MacDefender long before Apple updated Snow Leopard. So I guess that wasn't any type of "real" security measure then.

To show that something like this happens to other platforms.

I would change option number 3 to say "It would not be considered essential to use anti-virus software if one uses proper browsing skills." People without proper browsing skills, such as Joe Sixpack, would benefit from having proper anti-virus protection simply because they are the ones that would click on a link to "world's funniest dog lol!" and type in their e-mail address to see "the bestest vid ever lol!" I would also say that the threat level to OS X has increased ever since MacDefender came out and now there is another one called MacProtector that is nothing more than a variant of MacDefender. Whether or not that fits within a persons definition of "low threat level" is another debate all together.

 

I'm not really getting too much into the debate itself of whether to use AV software on OS X, but the onus is definitely on yourself and others who claim that the software is necessary. It's far easier to demonstrate that there are tangible reasons and risks if you don't run the AV software.

While the MacDefender example is a good one for Sophos, you're underestimating the value of sandboxing, ASLR, etc. in comparison with AV software. AV software may provide security measures, but the gain you get from moving to Lion greatly overshadows what AV software can accomplish. These are fundamental OS level changes that improve security greatly.

 

Maybe unknowingly passing a virus to your Windows bound friend might be a good reason?

 

Are all Mac AV software designed to capture/quarantine/delete Windows viruses, particularly at a similar or equivalent percentage as actual Windows AV software?

 

Not sure... Sophos has found nothing for me so far, but @doh said:

 

It isn't on me, I never siad that anti-virus software for OS X was absolutely necessary (but I do recommend it and have given reasons why). However, the people who claim that it isn't required also need reasons for making their statements. Both parties should be responsible for backing up their claims, otherwise it becomes a one sided argument with one party always saying "you proved nothing and I don't have to do anything about my claim whether I have proof or not so suck it up and agree with me or get out of here."

So far I have seen some good arguments for and against having anti-virus software for OS X. I have also come across bad ones on both sides as well. There is one aspect that not having anti-virus software will never be able to handle: what if? Anti-virus software is always nice for those "what if" situations where not having anti-virus software will actually cause harm. Whether or not "what if" is enough to push someone to install anti-virus software is another question all together.

 

What he said...lol