[Andrew Stephens]

from the bbc: http://news.bbc.co.uk/1/hi/technology/7760344.stm

"The support note recommends that Mac owners install one or more of three anti-virus products.

"Advice on the site said: "Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult."

Apple are recommending users install either McAfee, Intego or (wtf) Norton Anti virus.

There goes one of the Mac OS's USP's. Since this is primarily a response to malicious code web site rather than actual viruses,t least we'll still be virus free even if most people start to think not.

[brassplayersrock²]

Thanks Andrew for the article, but I have a feeling that this might be moved sooner or later to another forum.

[red rocket]

The BBC’s headline is misleading. If you read the actual Knowledge Base article HT2550, Apple are merely saying that IF you do use antivirus software, you should use more than one product. They are not pushing for Mac users to needlessly fortify their OS X installations with antivirus software, which is what the BBC seem to be suggesting.

[Maflynn]

The BBC's headline is not misleading but dead on and here's the cnet article and it is indeed a shift that apple is recommending that you do use AV software

Here's the KB Article

Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult. Here are some available antivirus utilities

(emphasis mine)

Seems crystal clear that apple is not saying that IF you use AV software use a suite of programs but rather they are encouraging people to use them to protect their computers.

[ghporter]

Originally Posted by brassplayersrock² 

Thanks Andrew for the article, but I have a feeling that this might be moved sooner or later to another forum.

It's about policy and not about the OS. It stays here for now.

Mayflynn, your quote doesn't say anything about individuals. To me it looks like it's addressing the general, Mac-using population, not each individual Mac user.

By the way, I've been using Norton AV for Mac for several years. It's a requirement from my school that every computer that accesses the university network, whatever OS it runs, be protected with some antivirus package. They provide NAV for free. You'll note that I have never mentioned anything about NAV kicking my dog, charging 900 number calls to my home phone, or other horrendous problems. I've never encountered anything wrong with NAV...

[Maflynn]

Originally Posted by ghporter 

Mayflynn, your quote doesn't say anything about individuals. To me it looks like it's addressing the general, Mac-using population, not each individual Mac user.

I agree, but I'm not sure what point your making though. My point was refuting red rocket's assertion that the KB article is not recommending the use of AV software.

I agree, its a policy change and recommending usage for the mac using population in general

btw, its maflynn not mayflynn

[ghporter]

Sorry about the spelling. The coffee hasn't completely kicked in yet...

I agree with you that Apple is advocating the use of AV software. Your quote gets to the heart of the issue very succinctly. I have been advocating for Mac users to use AV software for quite a while. The days of "Macs are invulnerable to malware" have been over for a long time, and the sooner our user population gets that idea the better. Nipping the development of Mac malware in the bud takes diligence and a bit of work, but if we, as a group, make it harder on the virus and trojan writers, maybe they'll give up.

[Big Mac]

Apple's just covering itself legally, and everyone else is predictably sounding the false alarm over it. There have been zero serious malware issues on the platform to this day - seven years after OS X's general release (unless you can people running Windows on their Macs as part of the threat array against the platform, which I don't). There have been a couple of minor trojans. Other than that, nothing. Should people be complete morons about security? No, they shouldn't. But the notion that Mac users suddenly should become similarly paranoid about malware as Wintel users are is false and dangerous. If it makes a person feel better to run an AV utility, fine, but there's no security mandate to do so, nor do I expect there will be far into the future.

[Maflynn]

Originally Posted by ghporter 

Sorry about the spelling. The coffee hasn't completely kicked in yet...

No problem, I figured as much

I agree, what I find surprising is the down right hostility many mac users have with loading AV software.

[dcmacdaddy]

<followed this link from the Lounge>

One thing I don't understand about Apple or Microsoft is why they don't promote running a user account with reduced privileges as a means for minimizing the likelihood of getting infected with malware. You always hear about running anti-virus software but you never hear about a much simpler option which is to run as just a User and not as an Administrator.

That is one thing I have not liked about Apple's implementation of OS X since the freaking OS X beta, the default user account has Administrator privileges. I think the OS should come with an Administrator account built-in and when the initial boot process begins it creates a password for the Administrator account and then creates a separate new user account with only user-level privileges.

Sure this will increase the learning curve for your average Mac user but requiring computer users to know more about how their computers work is a Good Thing™ in my opinion.

[Big Mac]

I agree with that point, but it's a security versus ease of use trade off, and Apple went with the latter. But even then, while not running as admin is a good security practice, it still won't prevent a boneheaded user from downloading and running a trojan that does a wipe of the home directory.

[besson3c]

yeah, who's to say that you can't do a whole lot of damage as a non-admin user? The virus could spam people, run a service owned by that user, create a startup item for that user, delete the user's home directory, data mine... There are still harmful things that can be done.

[Andrew Stephens]

sorry about putting it in the lounge originally. It didn't sem like a troubleshooting issue, more a general Mac/Apple issue wiuth general ramifications or interest, hence the lounge. Still I guess it's OK here too.

AFAIK the actual virus threat to OS X is still essentially zero. Yes there are a few trojans out there, and the infamous DNS rerouter, but these lurk out on "adult" sites.

My take is that this will start to portray the Mac OS as just as virus prone as Windows, the general user will fail to make a distinction between some remote trojan threat and a general virus problem. Expect heavy "ha, told you so" from windows users.

Also, if I was to recommend ANY AV software I certainly wouldn't include Norton in the list. What are apple playing at.

[ghporter]

Any time my Mac asks for my password, I take notice. EVERY user should. It means that something is wanting to use Admin privileges, and that's something to really pay attention to. So even though my "default" type user account with admin privileges makes it easy for me to do admin stuff, it doesn't do those admin things without letting me know first. This is a major difference between OS X and Windows; Windows XP's default is for users to have admin privileges, and to allow ANYTHING done in that account to use those privileges without notice.

[Maflynn]

Agreed and I'm very specific on what I download. I don't blindly download any programs unless I'm sure they're from sources I trust. While that doesn't guarantee I'll be safe, it certainly adds to the security I already employ.

[besson3c]

Do some of you compare checksums of the files you download? This is really the best way to determine whether the file you have is exactly as the author intended. I'm not sure if VersionTracker or MacUpdate provide these, but they ought to.

[Chuckit]

Originally Posted by dcmacdaddy 

One thing I don't understand about Apple or Microsoft is why they don't promote running a user account with reduced privileges as a means for minimizing the likelihood of getting infected with malware. You always hear about running anti-virus software but you never hear about a much simpler option which is to run as just a User and not as an Administrator.

That's an option for defending against viruses like birth control pills are an option for protection against STDs.

[Ted L. Nancy]

My humble thoughts on AV software and Macs at the present time:

Somebody out there will eventually make a really nasty virus for Mac. I don't know when, and I don't know how widespread it will be, but it is bound to happen. For this reason, I use AV software (Intego), but I don't overkill and run two applications (which, by the way, is an expensive proposition by Apple).

If I can draw up an analogy: The U.S. is like Windows in that every eeevil nation/terrorist, for whatever reason you may believe, wants to attack it (at least that is perceived to be the case). Ireland, on the other hand, a neutral country, does not have very many enemies, and is likely not vulnerable to any attack. Nonetheless, both countries have armies- I believe for good reason. Even though attack on Ireland is beyond unlikely, the Irish aren't stupid.

It should be noted, though, that Ireland's army is MUCH smaller than that of the U.S. If I were a Windows user (yeah right.), I would definitely load up on two, if not 3 AV apps. With my Mac, I feel safe with just one. (Especially since I keep two backups of my data: one TM and one SuperDuper.)

Question: Clam is free and so many people praise it, but what's the point if it does not have a real-time scanner running in the background?

[dcmacdaddy]

Originally Posted by Chuckit 

That's an option for defending against viruses like birth control pills are an option for protection against STDs.

I don't think that is quite the best analogy. But I was not suggesting that running as a "user" would preclude all types of malware. But, when running as a "user", if a virus gets downloaded it get only really do damage to a user's home directory and not to the machine as a whole. If a piece of malware tries to change any of the major System Preferences like Sharing or Network or Security, the user account will be prompted for an administrative-level authentication password, a big tip-off that something major is being done to change system settings.

Granted, there are enough idiots out there who download everything without questions and accept whatever prompt is put before them but there is no method to protect a computer against the power of stupidity. There is only the ability to warn users of possibly dangerous activities with the warning serving as notice for the user to pay attention to what is going on.

[Chuckit]

In practical terms, it really doesn't make a difference to most users — I'd much rather have something trash my system than gain access to my personal files. Why would malware need to change your sharing or network preferences when it can just turn your computer into a spam gateway or mail all the files in your "Financial Info" folder to its creator itself?

[ghporter]

Originally Posted by besson3c 

Do some of you compare checksums of the files you download? This is really the best way to determine whether the file you have is exactly as the author intended. I'm not sure if VersionTracker or MacUpdate provide these, but they ought to.

This would be a lot easier to do if there were a built-in MD5 hash app. Or even one that was easy to find and could be just dropped into place. Of course, how would we check ITS hash? Seriously though, this is a good idea that just needs more support on both the supplier end and the Mac end.

[osiris]

My first thought is that Apple is just covering their butts legally and to save face in the event of such a virus attack/worm/trojan etc...

Installing Norton is quite intrusive to the system, and not practical if you're in a graphics/video environment where you're mounting large volumes or moving large files around a lot. Once the features are turned off that make NAV software tolerable, it's not really serving the purpose anymore. So why use it?

I now occasionally use ClamAV for email scanning, and never seem to find anything.

It would be interesting if this was all a set up for an Apple branded AV package. At least it would be done right. In the meantime, common sense seems to work best for me.

[Chuckit]

OS X does include an MD5 implementation. Just type "md5" in the Terminal, drag in a file and you've got your hash.

[besson3c]

Originally Posted by ghporter 

This would be a lot easier to do if there were a built-in MD5 hash app. Or even one that was easy to find and could be just dropped into place. Of course, how would we check ITS hash? Seriously though, this is a good idea that just needs more support on both the supplier end and the Mac end.

There is a built in md5 hash app, it's the "md5" binary. All of the Unix package management tools I know of do checksum comparisons, I don't know why it would be tough for the major download sites serving files to provide a checksum field in their database for tracking these, not permitting downloads when there is a checksum mismatch, and making this available to the public so that they can do their own comparisons.

Of course, what I'd really like is a system wide software update/install mechanism that tracked these checksums - basically a sort of Desktop Versiontracker/Macupdate perhaps designed like the iTunes Store. Apple could charge commercial vendors to use their system, and make it available to shareware/open source vendors for free.

Think about all of the ad hoc software update mechanisms that are built into various pieces of software. Who knows whether they should actually be trusted, but I'm sure we all do anyway. Instead of spending developer time designing your own software update tool, why not consolidate and make this a part of a system wide tool that would let you search for software to download, and would alert you when updates are available?

[besson3c]

Of course, I'm sure Apple would screw it up and require me to reboot my system whenever I update everything and anything.

[osiris]

Originally Posted by Chuckit 

OS X does include an MD5 implementation. Just type "md5" in the Terminal, drag in a file and you've got your hash.

I mean something more along the lines of iVirus, for the masses.

[Railroader]

False alarm, nothing to see here people... move along... keep moving...

From Engadget: http://gizmodo.com/5100996/false-ala...ndation-is-old

The new tech support note, which even shows the reference from the old article, only lists new anti-virus software versions. This is normal in tech notes.

In fact, the old tech note itself is actually nothing new either: Apple offered anti-virus software as part of their .Mac subscription. In fact, the company has been recommending virus software since the pre-Unix years.

In other words: No conspiracy theories, no "quietly published" technical notes. Just the same old recommendation they have been doing forever.

[ghporter]

Originally Posted by Chuckit 

OS X does include an MD5 implementation. Just type "md5" in the Terminal, drag in a file and you've got your hash.

I didn't know that (obviously). Thanks!

[osiris]

Pulse returned to normal.

[adamfishercox]

Typical internet. The whole place flips out before looking at the date on the freakin' article.

[Andrew Stephens]

And now apple have apparently pulled the whole article anyway. Seems we don't need AV protection as "OS X is secure right out of the box".

Yay!

[red rocket]

Told you so.

[Maflynn]

Originally Posted by Andrew Stephens 

And now apple have apparently pulled the whole article anyway. Seems we don't need AV protection as "OS X is secure right out of the box".

Yay!

I disagree with that assessment and pulling the article does not mean apple is advocating any such approach.

malware is still a threat and as the mac increases market share they're increasingly becoming a larger target. While OSX is much much more secure then windows, that doesn't mean it doesn't have any holes that hackers cannot try to exploit.

The day a virus does run rampant through OSX, everyone will be screaming why apple (and users) didn't take the threat more seriously.

[Ted L. Nancy]

Originally Posted by Maflynn 

The day a virus does run rampant through OSX, everyone will be screaming why apple (and users) didn't take the threat more seriously.

Yup.

And on that day Apple will say that they did take it seriously.

BTW, my daily VirusBarrier scan is running right now after a definitions update.

[red rocket]

Waste of cycles.

[Hal Itosis]

Originally Posted by Chuckit 

OS X does include an MD5 implementation. Just type "md5" in the Terminal, drag in a file and you've got your hash.

Originally Posted by ghporter 

I didn't know that (obviously). Thanks!

Somewhat related is that -- for certain special downloads of theirs -- Apple provides an SHA-1 Digest (more secure than MD5).

For example, on the download page for the Mac OS X 10.5.5 Combo Update

SHA-1 Digest:
91ac9b720ba3b4166e5dc1dd518b1651d77c0f46

For explanation of what a SHA-1 digest is, please visit this website:
About SHA 1 digest

[for which we use openssl in Terminal]

[angelmb]

Originally Posted by ghporter 

You'll note that I have never mentioned anything about NAV kicking my dog, charging 900 number calls to my home phone, or other horrendous problems. I've never encountered anything wrong with NAV...

I had heard nasty things about NAV but once I have it running I find it quite good, it does the work (found two Windows viruses on a USB stick right now, I have to blame some random DELL PC) and the UI is clean, I had downloaded a demo of Intego VirusBarrier and man, the interface is incredibly annoying. So I will keep my old Virex 7 which still works under 10.5 and NAV 'just in case'.