[Rumor]

Coming from a PC to a Mac, one of my first thoughts was to get an Antivirus program for it. After reading some things around here though, it seems that Macs don't have a problem with Viri. Would it be a waste to get one?

[ghporter]

No. Eventually there will be some sort of malware for the Mac platform and being prepared is a Good Thing™. Further, there are plenty of bad things that you could easily pass on to unsuspecting (and trusting) Windows users through shared files and email. So having a good antivirus program is not a waste of money. Of course it's much better if you can get it for free, say from your school or employer... And you often get better, more capable versions of the products from a corporate account than an individual can purchase on his own.

Now about a dozen people will jump on this thread and say I'm full of BS. And in some things they'd be right. But not this one. Someday it WILL happen, and having a good AV program that is updated regularly is good insurance against how bad that day is for you.

[allblue]

Although there are no known Mac virii it doesn't hurt to keep an eye out. I run clamXav, which is freeware, and you can get it here:
http://www.versiontracker.com/dyn/moreinfo/macosx/24449
I ran it recently after a long gap and it found 151 Trojans on my HD! As they were all PC spy/adware they weren't doing any harm - the moral being congratulations on making the switch!

[mduell]

I think Apple used to include Virex in .Mac, but they've since dropped it.

I don't bother with antivirus on Windows, so I wouldn't on Mac, but some people like the warm fuzzy feeling and don't mind the performance hit.

[TETENAL]

Originally Posted by ghporter

No. Eventually there will be some sort of malware for the Mac platform and being prepared is a Good Thing™.

Being prepared is a "Good Thing™", but buying antivirus software for Mac now is a waste of time and money. You can do that when a virus becomes available.

[TimmyDee51]

Whatever you do, I would recommend avoiding Norton AV for the Mac. I find it to be a piece of junk that just sucks your system's resources for no reason. There's no point in having a live-check of your Mac (at this point), so if you're worried, I would recommend getting something where you can turn off this sort of function and just scan periodically.

Personally, I don't have AV nor will I install it until I see a real need. I figure I read the Mac news sites often enough (sometimes every hour), so if a virus comes out, I'll find out about it early and can take preventative measures.

[ghporter]

Originally Posted by TETENAL

Being prepared is a "Good Thing™", but buying antivirus software for Mac now is a waste of time and money. You can do that when a virus becomes available.

Good AV products (like Symantec Client Security) use heuristics to monitor "virus-like activity" and warn the user of such activity. This does not obviate the need for virus signatures, but does help prevent unwanted activity before such signatures are available. This sort of process has helped many Windows users in "day zero" attacks. Of course the user must notice the warning and know what to do about it-which is not easy for most Windows users. It is however quite easy for a Mac user; you almost never have to provide your admin password, and when you do you have personally initiated some sort of activity, so getting a warning that a process is trying to access an admin function (whether you've gotten a password window or not) is a dead giveaway.

mduell, most unprotected Windows boxes are attacked within 20 minutes of going online. How do you remain secure without even a token antivirus effort?

[mduell]

Originally Posted by ghporter

mduell, most unprotected Windows boxes are attacked within 20 minutes of going online. How do you remain secure without even a token antivirus effort?

Most (All?) of those hype pieces you see about "Windows boxen pwned within 17 minutes!1!!1!11oneone!!1!!" are for a fresh install from a circa 2001 disk.

I keep up to date with updates.
I use the included firewall with a default of deny all inbound.
I use IE sparingly for known-ok sites.
I don't click suspicious looking links in IM clients.

It's really not hard, and I'm not missing out on any functionality or features.

[Hi I'm Ben]

If norton was smart they'd pay people to start trying to develop a nasty virus for mac.

Then charge all us suckers to get rid of it.

At least that's what i'd do. Or should currently do.

[moonmonkey]

Originally Posted by Hi I'm Ben

If norton was smart they'd pay people to start trying to develop a nasty virus for mac.

Then charge all us suckers to get rid of it.

At least that's what i'd do. Or should currently do.

Looks like someone may have: http://forums.macnn.com/showthread.p...=1#post2881588

[TheoCryst]

My college offers free copies of Sophos AV to all students on both Windows and OS X. Has anyone here used it? I'm a bit hesitant to install it, for fear of it hogging my limited resources (iBook 1.33, 768 megs of RAM). Though I'm thinking it might be a good idea, seeing as they've found what may be the first virus/trojan for OS X...

[TimmyDee51]

Even though there's a Trojan out there, Mac OS X has a few defenses in place even without AV. First and foremost is the password. If you're opening a JPEG and it requires a password, think twice. My advice is to be aware and skip the AV.

[Rumor]

From the sounds of it, if you are logged in as an admin, then that can be bypassed?

[CatOne]

Originally Posted by TimmyDee51

Even though there's a Trojan out there, Mac OS X has a few defenses in place even without AV. First and foremost is the password. If you're opening a JPEG and it requires a password, think twice. My advice is to be aware and skip the AV.

Actually, I don't believe this one requires a password. It installs things in /Library. /Library is group writable by administrators. So if you are logged in as an admin (which the first user on a system always is), then it can corrupt the system without a password.

/System requires a password to modify, as it's only root writable by default.

Better advice would be to never open ANY file sent over iChat if you don't know what it is, or aren't expecting it.

[robby818]

1. a hardware firewall is a necessity

2. Don't bother with AV software. Rarely does it work well, and it often causes other problems. It definitely hurts system performance. Once you're infected, you're done..

3. being careful about attachments and general usage can save you from a lot of stuff but even the most savvy computer user can still make a mistake and click OK when he shouldn't.

3. partition that drive. keep your personal data (pics, music, etc) on a separate partition. you can restore your os and programs from a drive image and not lose your personal data- the most imp. stuff.

4. learn how to use drive imaging software like SuperDuper. I use it to create a drive image of my "Macintosh HD A" drive which contains my OS and programs. If i am ever infected I can restore that entire drive from the disk image and the virus will be gone--no remnants whatsoever. its also handy if i install software or hardware that i want to remove and make sure that i get everythign that was installed. it even came in handy once when i did an update to tiger and my mac would not boot. i make new drive images every 3 months or so and keep them on Macintosh HD B so that i can restore very quickly.

[ghporter]

Originally Posted by robby818

1. a hardware firewall is a necessity

2. Don't bother with AV software. Rarely does it work well, and it often causes other problems. It definitely hurts system performance. Once you're infected, you're done..

3. being careful about attachments and general usage can save you from a lot of stuff but even the most savvy computer user can still make a mistake and click OK when he shouldn't.

3. partition that drive. keep your personal data (pics, music, etc) on a separate partition. you can restore your os and programs from a drive image and not lose your personal data- the most imp. stuff.

4. learn how to use drive imaging software like SuperDuper. I use it to create a drive image of my "Macintosh HD A" drive which contains my OS and programs. If i am ever infected I can restore that entire drive from the disk image and the virus will be gone--no remnants whatsoever. its also handy if i install software or hardware that i want to remove and make sure that i get everythign that was installed. it even came in handy once when i did an update to tiger and my mac would not boot. i make new drive images every 3 months or so and keep them on Macintosh HD B so that i can restore very quickly.

I agree with everything you say except #2 and the second #3. A GOOD AV program does none of the bad things you suggest (we've been using Symantec Client Security on our G4 iBook for a very long time and its performance has certainly NOT been impacted (except during updates, and then you know what's going on). Further, the "once you're infected you're done" statement is completely false. The Leap-A trojan/virus is fairly simple to get rid of; just follow the steps posted on Symantec's, McAfee's and Sophos' sites.

Partitioning the drive is not terribly helpful. You can selectively back up your personal folders and your applications folder very easily without having them on separate partitions. While this is useful on Windows machines, it's not that useful on a Mac because of how backkup and imaging programs work. Sure, it's easier to image a whole partition with SuperDuper, but it doesn't take that much extra to select just the stuff that changes regularly and back that up. Of course having an image of your OS folders is very helpful for a quick recovery, but that doesn't require partitioning either.

[TETENAL]

Originally Posted by ghporter

Good AV products (like Symantec Client Security) use heuristics to monitor "virus-like activity" and warn the user of such activity.

Symantec Client Security is not available for the Mac. So that's no help for you. And CalmXav requires a signature before it can detect viruses. It also only scans on demand, so installing it will do nothing at all unless you run it all the time.

[Stradlater]

In other words: at the moment, AV programs are a waste of money on the Mac platform. There is absolutely no reason, now, to constantly scan for something that doesn't exist.

Keep a back up on the unfortunate possibility that a virus crops up in the future and does any damage before you're able to scan.

[JKT]

Originally Posted by TETENAL

Symantec Client Security is not available for the Mac. So that's no help for you. And CalmXav requires a signature before it can detect viruses. It also only scans on demand, so installing it will do nothing at all unless you run it all the time.

Half right/half wrong - ClamXav can be set to monitor e.g. your download folder(s) (or any folders you want) and scan them whenever a new file is detected. It doesn't use heuristics, this is true, but given that it does what it does do very well, it is still highly worth installing it. System resource usage is minimal (around 0.1% to 0.2% CPU when idle) if you use the Sentry.

[ghporter]

TETENAL, you're right; Symantec Client Security is an enterprise solution and not available for the Mac. Part of that is because it includes a lot of stuff that's not applicable to Macs, like a firewall that's only somewhat more capable than what comes with OS X. We got Norton AV for Mac WITH Symantec Client Security (through an institutional program), so I've been mixing the two together in my head. My bad, and sorry for the confusion.

Now here's the confusing part (at least for me): a lot of people have said that NAV screws up their computers, but it's never done more than been noticable when updating itself for us. So I have to wonder how it's screwed up other people's machines...and what we've been doing right that others haven't.

By the way, NAV DOES use heuristics...

[shiff]

I, personally, have not had any issues with Symantec installed on any of my machines. I am a consultant and having it is basically a necessity. Sure, OSX, is virtually virus free now, but you can still pass them on to others which would not look very good if you use the machine for business.

[tthmaz]

If you think it's a wast of money, go for free antivirus instead.

AVG has a free personal edition which is highly recommended nowadays.