MacDailyNews - Where Mac news comes first

I think I'll switch to Vista, the virus makers will quit targeting it since it has such a low market share.

Dec 02, 08 - 09:49 am Comment from: R

As 9to5Mac states, they've been doing this since 2002. This is not news.

where is zunetang? i thought he would jump on this

Dec 02, 08 - 09:53 am Comment from: dermotg

I have used ClamXAV for the past few months and it suits me fine. It doesnt take up many cycles as it only kicks in when a new file arrives into one of the watched folders (I just have it watch Downloads, Mail Downloads and Drop Box).
Only reason I have it is that I have to exchange files with clients and I dont want to pass on any infections from a Windows box.

I love my mac but honestly its just a matter of time. Compromising the Mac may not be via infecting the OS directly but via crappy third party software. An example would be visual basic scripts in MS Office attachments?

Software outside of the control of apple.

@dermotg good on you. The chance of mac users getting a virus might be slimmer that Windows but still there are innocent people out there who don't deserve a virus from mac users regardless of how naive they might be.

I must laugh at how much publicity this article is getting, its like the greatest news story of the year. The article in Cnet goes on to mention the one trojan for mac Mac OS X Trojan reported in the wild

Do we really trust Symantec, et al., to have a better understanding of the operating system than Apple? Anti-virus is not magic; it requires a problem to transpire and then a fix must be crafted. If there's a serious threat, Apple will have the fix out first.

Biologically, we can kill all the viruses or build up our immunity. Since it's really not possible to kill all the viruses, we rely on our immunity. An up-to-date operating system with the latest security patches is our immunity. With that, we don't need anti-virus.

It's only a support page article, it's not as if it's on their front page or anything. Of course it would be best practise to take extra precautions, but they're hardly saying you have to use it or that there are almost certainly going to be problems if you don't.

Dec 02, 08 - 10:27 am Comment from: It's About Time

It will be a cold day in hell before I use anything designed/created by Symantec.

Do we really trust Symantec, et al., to have a better understanding of the operating system than Apple?

Maybe not, but it's Apple recommending the use of AV software in the support article, not Symantec.

Biologically, we can kill all the viruses or build up our immunity. Since it's really not possible to kill all the viruses, we rely on our immunity. An up-to-date operating system with the latest security patches is our immunity. With that, we don't need anti-virus.

We can also take drugs -- antibiotics (for bacterial infections) or any of a multitude of antivirals -- to help fight infection. That's your AV software. Anyone who chooses to rely solely on "building up immunity" to fight off infections is foolish.

Dec 02, 08 - 10:37 am Comment from: Predrag

Being extra cautious... kind of like being extra cautious with your wife of 20 years by using a condom every time, not for birth control, but to protect yourself from STDs, 'cause, you never know...

I think Apple knows that someday viruses will start to get to the Mac, and I think they already have a solution. Certainly, a solution I'm hoping to see by MWSF 09. It's a solution they've already perfected and proven to be a viable business model and a profitable one at that:

The App Store.

For the Mac.

You heard it here first.

Imagine: you could see all the available applications for the Mac in one convenient space: the iTunes store. You could download and install them in no time. They would let you know when updates were available. You wouldn't have to keep track of licences, no more entering your credit card details.

It is odd that Apple, after decades of publicly denouncing the susceptibilities of Windows, would admit that its Unix-based OS also offers weak protection. What inspired this mea culpa? Perhaps, Steve Snobs, fearing eternal damnation is unburdening himself of the lies he has told by now confessing his sins.

I used Norton for awhile but it acted like a virus so I deleted it.

The main threats OS X faces are from *trojans*, not viruses. Unfortunately, a technologically-ignorant tech press doesn't know what the difference is between the two, and the fact that anti-trojan programs are still labeled "antivirus" doesn't help any.

Nowhere does Apple explain precisely how an outside third party can possibly provide better security than the operating system itself. Indeed, it has been shown that these "antivirus" suites can sometimes open more vulnerabilities than they close.

Additionally, the fact that Apple's article exclusively lists *commercial* programs, and excludes mentioning ClamAV (which is quite odd, as ClamAV is included by default with OS X Server), suggests to me that this is more of a business relationship thing, rather than a technologically-based recommendation.

I very occasionally use ClamXAV, the OS X app which uses ClamAV behind the scenes, but unfortunately it's not always kept up-to-date, and the automatic folder scanner likes to crash a lot. Regardless, that's as far as I plan to go in the "antivirus" direction, regardless of Apple's recommendations, unless there's compelling real-world evidence otherwise.

Apple is obligated to publish an article along these lines. It doesn't mean that they necessarily believe that anti-virus protection is necessary. It's simply a means of covering their asses in the event that something DOES occur. It doesn't mean that occurrence is likely. Nothing to see here folks, move along now.

--mAc

There is no point to having an anti-virus app. None of them know what to look for and none of them have any virus templates because there aren't any viruses. If a virus was released tomorrow, no anti-virus app would recognize it.

As has been said, Apple is covering its ass legally.

Furthermore, Symantic should be destroyed.

Wish apple would write their own. They know the system better and do a better job writing software.

Dec 02, 08 - 12:33 pm Comment from: dermotg

Gabriel makes a good point about Apple not mentioning ClamAV even though they bundle it with OS X Server. Unfortunately this underlines the suspicion held by many that AV software is just a money-making racket.
ClamAV is described as "an open source (GPL) anti-virus toolkit for UNIX".
<a href ="http://www.clamxav.com">ClamXav</a> is essentially a GUI frontend app for ClamAV. Its written by a UK based programmer called Mark Allan. Its free but you can donate through paypal if you like.
I have not noticed any performance issues with it - unlike Gabriel - but maybe I've been lucky. Anyway, for me its a no-brainer, as my concern is mostly to avoid spreading Windows-originating malware to my 99% Windows-using clients. At present I only use the Sentry feature to monitor mail attachments, downloads, drop box files and client files I receive on flash drives. I don't currently perform scheduled scans on my hard drive.
Finally, I don't think us mac users should view this kind of software as an affront to our manhood

Speedyg:

That's rich, Apple writes its own anti-malware software. Wasn't that the reason for Unix-based OS X?

The real question is... Does Apple install anti-virus software on its own corporate computers? I rather doubt it. I tend to agree with MDN. This is just Apple Legal covering the corporate ass.

A personal tale: About seven years ago, following an agency reorganization, I began working with our Research group, a number of whose developers still used Macs. They'd struggled to obtain anti-virus software for the Macs. I managed to get it for them. But within a year or so, we all dropped use of AV software on our Macs. Didn't hurt us in the least. We never told HQ.

Yeah! Now Macs will also know what true life means!

To Not Zune Tang at all (alias almux - for this matter!)

I think Apple loves Developpers, developpers, devil hoppers, devell hopers, deve a loper's! And dearly wish to have them all keeping their jobs... even useless anti-virus makers on Mac platform! Ha! Ha!

I have never used anti virus software in the almost 25 years of Mac use and have never suffered any viruses.
That speaks for itself to me.

Some are saying that Apple is recommending using multiple anti-virus programs on a single computer (which as I understand it is bad news). As I read it, Apple is recommending that the Mac community in general use a number of anti-virus programs.

Look, I am the ultimate Apple fanboy (still have a G4 cube at home), but I am concerned about the poor state of apple security products that can defend against trojan horses, keyloggers and a variety of other malicious code.

I have worked in the security industry for over 16 years and if you think you can't fall victim to social engineering attacks, you are nuts. Read any blogs? Play World of Warcraft and read their forums? Click on any links in ANY discussion groups? Use facebook or other social networking sites? If so, then you are at risk. Social engineering is the oldest and most effective way to compromise security measures and the Internet makes this easier and more effective.

Self propagating threats, i.e. worms, are not the problem. The problem is with browsing environment weaknesses coupled with Web 2.0.

Why do you think Apple has been putting out so many updates for security reasons? I wish that Kaspersky made an Apple client because I would use it in a heartbeat. They have outstanding detection of trojan horses, keyloggers and zero day exploits with security software that tracks behaviors, not signatures. In the absence of that software, I will most likely be using one of the AV products included in Apple's recommendations.

Spam distribution, keyloggers for identity theft, rogue web site hosting for porn and phishing sites, trojan horses for remote control of systems, and other threats are big black market businesses that aren't going away and will target Apple users as Mac market share grows. Don't stick your head in the sand.

The Register (http://www.theregister.co.uk) is making a big deal out of this as if it were the first time Apple had issued this advice:

"For the first time, Apple is recommending the use of anti-virus tools to protect Mac systems.

Long something of a phantom menace, strains of malware capable of infecting Mac machines have gradually been increasing in prevalence over recent months. In addition, VXers are making more use of web-based attack and applications specific vulnerabilities to infect PCs whatever their underlying operating system might be.

Windows-specific malware attacks are still orders of magnitude greater than assaults on Mac machines, but the risk to Apple fans is now enough for the Church of Jobs to admit a risk exists."


Tedious!

@ Bryan

Apple continues to "encourage" - not "recommend" - use of anti-virus software, for the reasons given. There is a significant difference.

One of these days a really nasty exploit is going to hit the Mac OS and it's going to hit very hard because of arrogant or ignorant users who run open firewalls and no AV SW.

There are known security holes in Mac OS and there always have been. There will be a day when they are exploited and if you get knocked up with malware it won't be anyone's fault but your own.

Actually, Apple used to post their recommendation for using Anti-virus software on their 'Get a Mac' site as indicated here

But they later removed those references but you can see them at the Internet Archive

Dec 02, 08 - 01:29 pm Comment from: Cubert

I'm working on writing a Durex for OS X.

@Whistling Past The Graveyard

So judgment day is coming and you're looking forward to it. Good fer you. Meanwhile I'll continue in my 20 year tradition of no firewall and no AV crap and no trouble ever... It's been worth the risk and if I get hit tomorrow I'll count myself lucky for the 20 years of trouble free computing.

I bet you're one of those fsckers who drives along at 30MPH , hitting the brakes every time a leaf moves.

Dec 02, 08 - 01:38 pm Comment from: Brau

As MDNs poll shows, around 9% run virus software if only to protect their Windows buddies. Apple even offered AV software on their webstore. As a retailer you simple must give people what they want.
Hence Apple's statement: "Information about products not manufactured by Apple is provided for information purposes only and does not constitute Apple’s recommendation or endorsement."

In order for AV software to work it must have the definition of the virus that is out in the wild.

THERE ARE NO MAC OS X VIRUSES OUT IN THE WILD!!

How can AV software look for something that does not exist?

AV software will not stop an unknown, self replicating virus from attacking a Mac. No one has written one yet.

Mac OS X is not your beloved Windows. Infection is not inevitable on the Mac.

Dec 02, 08 - 02:06 pm Comment from: Brau

@ "@ Whistling Past The Graveyard & OPEN UR EYES"

You're fighting a losing battle. Many people just don't feel alive unless they have something to fear and need a way to control even those irrational fears.

In that vein: someone needs to invent a software program that claims to save the planet merely by running it. History shows many would run it out of fear .... just to be safe.

I'd rather computer 'au naturale' and keep backups than fight with AV software. The last time I used Symantec, I found their software to annoy me as much as any malware might.

Dec 02, 08 - 02:36 pm Comment from: El Guapo

@Peruchito
where is zunetang? i thought he would jump on this

Oh please, don't wake him! It's been nice without him around. Many of his comments were humorous, but they get old after a while.

What happened to our innocents?

Everything changed when Intel had sex with Mac OS X!

You folks are fucking idiots. 91% with no protection at all. I betcha 25% of those are already compromised systems, and you clowns dont even know it. Just unreal.

Infected with Windows malware? We don't get that shit.

There are no Mac OS X viruses out in the wild.

We are too smart to allow a Trojan to install on our Macs.

What could we catch?

Go back to your Windows wonderland and take your paranoia with you.

"THERE ARE NO MAC OS X VIRUSES OUT IN THE WILD!!

And here is a prime example of the Mapple fan base. Stick your fingers in your ears, stomp your feet, and yelling this is not true does not change the fact that we live in a world of nefarious people with inttions bent on getting in your computer.

Really you guys should 'THINK DIFFERENT"

Nah I love it here, you turds make for good fun.

@Crash

Yup no protection at all. Unnecessary.

And our systems are hardly compromised. The only thing I bother with is a firewall and little snitch. So i can track and tell if my system has turned fishy. and it never has.

But to be fair. I actually have clamAV. But I've never used it. It's a reflexive download when I switched to a mac. I might as well delete it, but I forget it's there.

The only thing I do to keep my computer safe is go to websites like MDN. Malware is so few that it's big news. And it's usually a trojan. ho-hum, not falling for that one. Sometimes it's more serious (ARDAgent exploit) but by the time I've heard about it the mac cult has a patch ready (if apple is dragging their heels). I'm still waiting for news that'll make running an AV worth it.

It's possible to have no AV if you're smart and the tool well designed. I also thought it was unreal at first but I got used to it.

Oh and only the real fucking idiots require AV.

Dec 02, 08 - 04:19 pm Comment from: Connor MacBook

PC weenies crow that viruses aren't an issue on Vista - but that's only because MS copied Apple's authentication process (but did it worse, as usual).

So if Vista doesn't get viruses with UAC on, what makes them think it will ever be a problem on OS X?

Dec 02, 08 - 04:21 pm Comment from: ken1w

> And here is a prime example of the Mapple fan base. Stick your fingers in your ears, stomp your feet, and yelling this is not true does not change the fact that we live in a world of nefarious people with inttions bent on getting in your computer.

@ Crash

You are SO wrong. This is a prime example of Mac users using common sense, which is probably why they are using Macs in the first place. Whether there are Mac OS X viruses or not is irrelevant. There is NO evidence of a THREAT in the real world.

It is the exact opposite of "stick[ing] your fingers in your ears." Mac users are LOOKING for real world evidence of a threat from viruses. There is none. Therefore, the common sense course of action is to not worry about it constantly and not pay for a protective software "subscription" that costs money and slows down your Mac. That would be like buying auto insurance when you don't own a car.

There are other forms of malware other than viruses. But you would have to knowingly run a program (Mac OS X will alert when a program downloaded from the Internet is run for the first time) and give authentication (user name and password) to install such malware. By definition, a computer virus does not require direct user action, does not ask for permission, and self-propagates to other systems.

If a Mac user wants to worry about it, it is better to run periodic checks using the free ClamXav.

http://www.clamxav.com/

I did it recently out of curiosity. It found some suspicious code. They were in old junk emails I never deleted (Windows malware) and on my VMware Fusion virtual hard drive image file (again for Windows). I delete those emails and starting running McAfee on the VMware Fusion Windows installation.

I run Vista and XP on my Mac and both of those have anti-virus/malware software installed.

In addition to ClamXav on OS X.

So yes, after these MANY MANY years of not needing to run anti-malware on my Mac's, now I do.

My position is this, keep Vista and XP off the internet, except to update the OS's or the anti-malware, don't put anything in those two OS's unless it has been cleared by ClamXav on OS X beforehand and you should be fine.

Fusion2 has a great ability to revert to a earlier version of any Virtual Machine, so in case malware is found. It's a simple revert at a click of a mouse button.

Dec 02, 08 - 04:53 pm Comment from: Macintosher

I run two antivirus packages, not normally both, but iAntivirus and more rarely ClamXAV. ClamXAV drives me up the wall because it clogs my computer, but iAntivirus is beautiful to use and very background in its operation, and quietly so. It's wise to have backup, something I do manually, but it's also good to follow experts' mostly savvy advice. This means taking every feasible step to make sure you and your computer are safe and happy. I try to take appropriate measures given the proportion of all malware for each OS.

@ Apple fanatic, but concerned & "Steve"

Most of the threats you're listing there sound like browser-based vulnerabilities, which have little or nothing to do with the OS the browser is running on. (Well, unless it's IE on Windows, but that's a different story entirely.)

Definitions to clarify the discussion:

Virus: self-replicating code, requires no user interaction to replicate. Macs don't have these, so by definition "antivirus" software for the Mac is rather useless.

Trojan: program which presents a false front to the user, while stealthily doing other unwanted activity in the background. Requires user interaction to download and launch. On OS X, access to protected system locations (such as to install a keylogger) require the user to further enter an administrator password.

Now, if these "antivirus" vendors offered "anti-trojan" software, I might actually listen. At present, however, they're doing little more than fear-mongering, and exploiting the general public's lack of knowledge about the difference between a virus and a trojan.

And only the technologically ignorant can think that OS X will "inevitably" fall to the same scourge of viruses and malware that Windows has fallen to. Windows is an easy target, not simply because it's more widespread, but because it has the security of a wet paper bag in a downpour. OS X is built in a more secure foundation, which leaves fewer loopholes to exploit. That's not platform evangelism, that's a simple statement of fact.

I'm certainly keeping my eyes and ears open for any indication that a real, credible threat for OS X has been found in the wild, but so far I'm only hearing the same old FUD. That's not "sticking my head in the sand", that's simply being reasonably cautious. I'm not about to rush out in a panic and install airlocks on all the doors to my house, if the air outside isn't contaminated to the point where that would be necessary.

Dec 03, 08 - 12:20 am Comment from: s

Apple removed the support page.

http://news.cnet.com/8301-1009_3-10111958-83.html?part=rss&subj=news&tag=2547-1_3-0-5