[Dazed]

Hi,

Can anyone recommend good anti virus software ?

I know most people seem to say its not needed but coming from a windows environment im used to having it, and would feel safer having something since it seems more viruses are making there way onto macs.

Im using a demo of virusbarrier x4 at moment which seems ok, is there a better one out there ?

Thanks

[cgc]

I used to use ClamXAV which is free.

[Big Mac]

More viruses? Where? That's FUD.

There was one really stupid trojan that counted as the first Mac malware out in the wild, but it was lame. There are no true viruses on OS X as of yet.

[peeb]

You really don't need any. You can use Clam, which will stop you passing windows viruses on, but really, you don't need it.

[JustinHorne]

I get that you'd feel safer with one, but you just don't need one. You don't.
REally.
No, like... REALLY.
You don't.

[analogika]

Originally Posted by Dazed 

it seems more viruses are making there way onto macs.

But yeah, ClamXav.

[angelmb]

Originally Posted by Dazed 

… since it seems more viruses are making there way onto macs …

Would you mean those coming from Windows-world able to infest your BootCamp partition and/or VMware Fusion-Parallels disk?

I myself use Virex with my Mac just as courtesy towards my friends running Windows, but as long as you can get free & wroking alternatives, go for them. I have installed AVG Free onto an intel Mac which occasionally runs Windows XP Home under VMware Fusion.

Anyway, let them come, MacNN hamster is gonna serve them right !!!

[ghporter]

ClamAV has both Mac and PC versions, and being free it's a good choice. But the talk you hear about Mac viruses is almost entirely that-talk. There are currently NO viruses (or trojans or worms...) that can affect Macs in the wild. There have been a few "proof of concept" bugs in the past, but the combination of a more secure OS model and the relative difficulty of writing (cobbling together) viruses for Macs compared to PCs has made for a basic lack of effective Mac viruses. The most successful examples required users to take obvious action, and used "social engineering" to convince them to do it (like "here's a picture of the new Tiger desktop-you need the attached viewer to see it").

I personally use the school-supplied Norton Antivirus, and it's been pretty much benign. I use the school-supplied Symantec Client Security suite on my Windows installations though, and that's the real area you have to worry about.

[Cold Warrior]

I've never liked a lot of the big-name AV clients because they seem to install a lot of system-level processes that mess up or slow down my machine.

glenn -- have you seen any issues with Norton AV on Leopard (if you're using it)? I have access to it as part of my work's license, which also includes installation on personal machines.

[ghporter]

Not up to Leopard yet. From the numerous reports of minor issues, maybe I'm glad I haven't upgraded yet... But I haven't gotten there so I haven't tried it. Symantec at least says that Norton AV (Mac) 10 is compatible with Leopard-that's a good sign.

[mpancha]

I'm actually about to install Symantec 10 on a Tiger machine at work and was looking around for horror stories. Thus far I haven't found any, and hopefully I'm not the first to provide a horror story.

I'll keep you posted on success or failure of Symantec 10 on 10.4

[peeb]

The only horror story is that it is a waste of time and money.

[JRoDDz]

The only way you'll get a virus is if you go to www.getamacvirus.com and install it yourself.

[Kevin]

Yeah.. never had a anti-virus software installed on any of my Macs at home or at work.. never had a virus. While there is a chance a Mac could get a virus, it's a very very very slim one. And it has to do with not having any common sense.

There is a ton of FUD going about on the internet how OS X is now as bad as Windows, or worse when it comes to security with viruses for some reason. All of it is baseless MS style FUD.

I am not saying It's not possible to get a virus on OS X. I've just never known anyone to get one.

[peeb]

I am saying that it is not possible to get a virus on OS X right now.

[analogika]

Originally Posted by mpancha 

I'm actually about to install Symantec 10 on a Tiger machine at work and was looking around for horror stories. Thus far I haven't found any, and hopefully I'm not the first to provide a horror story.

I'll keep you posted on success or failure of Symantec 10 on 10.4

You want the horror stories?

Norton Anti-Virus makes Mac OS X less secure?: News - Security - ZDNet Australia

This sort of thing has happened at least TWO TIMES THIS YEAR ALONE, and it did NOT affect anybody who DIDN'T have Symantec/Norton's crap software installed.

[besson3c]

Originally Posted by peeb 

I am saying that it is not possible to get a virus on OS X right now.

It depends on how you define "virus". Usually I find the definition to be non-specific and generic.

It's quite possible to run malicious software that deletes all of your personal files, or does any other assortment of malicious things, it's just a question of propagating the viruses where it becomes difficult.

[peeb]

I agree - but the common definition of virus is that it is self-replicating and installing. Malware that you have to install yourself is not a virus. Sure, I can write a script to delete all your personal files, and email it to you, asking you to run it, but that's not a virus.

[besson3c]

Is it? I always get viruses, trojans, and worms mixed up... Root kits are pretty clear.

I'm assuming that the idea of trojan is that the software claims to be something it is not, but I'm not sure about the precise differences between viruses and worms, or whether spyware is considered to be a trojan.

Anyway, like I said, it seems that most people just use the term "virus" to mean just about any of these things.

[analogika]

There is pretty much no way that a virus checker could protect against trojan horses that the system itself doesn't already employ (e.g. require a password for system access and require signatures).

[analogika]

Originally Posted by peeb 

Sure, I can write a script to delete all your personal files, and email it to you, asking you to run it, but that's not a virus.

It's also of no interest to anyone to write, and there is also no way to protect against it.

[peeb]

Absolutely. In fact, it would be just as effective for me to email you asking you to delete all your personal files. The same common sense test will protect you, or not.

[besson3c]

Originally Posted by analogika 

There is pretty much no way that a virus checker could protect against trojan horses that the system itself doesn't already employ (e.g. require a password for system access and require signatures).

So, as is often the case with this sort of discussion the general idea of whether we are discussing what is theoretically possible, and what actually exists or doesn't exist surfaces...

Right now, malicious Mac software doesn't exist, or at least its existence isn't widely known. However, in *theory* it is possible to write something that will do something malicious that will fall into many people's umbrella and vague category of "virus".

The way I approach this is with a balance of both pragmatism and understanding of the theoretically possible. I don't recommend that people install something like Norton since it often creates more problems than it solves, but at the same time it isn't wise to hold our noses up in the air and say "Macs can't get viruses". We all need to be prepared for what might happen, and complacency is all too easy to progagate...

Maybe complacency *is* the self-propagating Mac virus! Woah, did I blow anybody's mind?

[olePigeon]

ClamXAV does not disinfect, so if you get a Word document with a macro virus attached (which we see all the time at work), then it won't protect you.

The best antivirus I've fond is Sophos. It's probably the most expensive, but it's also the least obtrusive. Norton Antivirus is probably the worst.

Sophos runs in the background, and the only indication that it's running is a menu at the top of your screen. It's not like Norton, Integro, and McAfee where it's resource intensive and has popups every 10 seconds reminding you how great a job its doing, with more popups every time you connect an external drive or (gods forbid) a network volume.

Sophos is nearly transparent in its operation.

[besson3c]

Sophos what? Sophos is the name of the company, they make several anti-virus products.

[mpancha]

Originally Posted by analogika 

You want the horror stories?

Norton Anti-Virus makes Mac OS X less secure?: News - Security - ZDNet Australia

This sort of thing has happened at least TWO TIMES THIS YEAR ALONE, and it did NOT affect anybody who DIDN'T have Symantec/Norton's crap software installed.

I know Symantec's track record, but I'm testing the new version (SEP, v10 on the Mac ... that's the version according to the CD)

And also, that article is dated: 22 December 2005 02:25 PM.

I'm installing in a corporate environment, mixed windows/mac, and files go back and forth across the network all day. I understand that currently OS X doesn't have any known viruses... but I'm not going to ignore the possibility either.. If I did, it wouldn't make me work my paycheck. Just my take on the OS X & Virus debate.

At home I don't bother with antivirus on any of my Macs... at work though, I would be foolish to not install one.

[analogika]

Originally Posted by besson3c 

So, as is often the case with this sort of discussion the general idea of whether we are discussing what is theoretically possible, and what actually exists or doesn't exist surfaces...

Right now, malicious Mac software doesn't exist, or at least its existence isn't widely known. However, in *theory* it is possible to write something that will do something malicious that will fall into many people's umbrella and vague category of "virus".

WHICH CANNOT BE PROTECTED AGAINST AND WHICH NOBODY HAS ANY INTEREST IN WRITING, because IT CANNOT SPREAD in any meaningful way.

Why are you responding to my post using an argument that I've just countered already?

Originally Posted by besson3c 

The way I approach this is with a balance of both pragmatism and understanding of the theoretically possible. I don't recommend that people install something like Norton since it often creates more problems than it solves, but at the same time it isn't wise to hold our noses up in the air and say "Macs can't get viruses". We all need to be prepared for what might happen, and complacency is all too easy to progagate...

No argument here.

Note that I recommended ClamXav up above, though I myself will hold off on that until the first virus is actually up and about.

[analogika]

Originally Posted by mpancha 

I know Symantec's track record, but I'm testing the new version (SEP, v10 on the Mac ... that's the version according to the CD)

And also, that article is dated: 22 December 2005 02:25 PM.

Which is why I SPECIFICALLY referred to "THIS YEAR ALONE" - in 2007.

And two widespread security scares in the past six months have BOTH involved Norton Antivirus.

Norton AntiVirus for Macintosh causes Mac vulnerability - heise Security
Carrel.ORG: Security Advisory: Norton AntiVirus for Macintosh

And there was another issue not too long ago, can't find it right now, though.

And another in 2006.
Keep that **** AWAY from your computer.

[cgc]

Wouldn't it be funny if all our Macs were zombies...our complacency makes up perfect targets.

[mpancha]

cgc >> as not funny as that would be if it were true... it would be hilarious at the same time

So I've had Symantec running on a test machine all day, threw a few dummy viruses on it which it caught. Nothing positive or negative to say about it really. Until I hear of malicious issues with this version, it'll be going on the rest of the Macs in the office tomorrow.

The one thing that would keep me from installing it on my home PC, is that every CD/DVD I insert in the test iMac pulls up a scan. I can cancel it, but the fact that it pops up and is obtrusive makes me not want to bother with it at all on my own machines.

[besson3c]

Originally Posted by analogika 

WHICH CANNOT BE PROTECTED AGAINST AND WHICH NOBODY HAS ANY INTEREST IN WRITING, because IT CANNOT SPREAD in any meaningful way.

It depends on what you mean by "meaningful way". It cannot auto-propagate, but it can be intentionally emailed or planted.

Why are you responding to my post using an argument that I've just countered already?

Chill, I just using your post as a launch place for my points.

[ghporter]

If by "planted" you mean "inserted into the target computer directly through physical interaction with that computer," then sure, that's a possibility. But one basic rule of computer security is "if the bad guy can touch your computer, then it's compromised." So who cares if he plants a keylogger or timebomb? He's compromised the machine, and that part of the game is over.

An emailed piece of malware must be actively installed by the user. Unless the user is dumber than dirt, (or really naive), it's not an effective way to move such things to new hosts. As a distribution method, it's unacceptable, and it's not used by the Windows malware pushers, so why would a Mac pusher try it?

[besson3c]

I still get virus emails quarantined by my server every once in a while such as SomeFool or MyDoom, but I have no idea how Windows viruses work these days because I don't keep up with the Windows virus world.

I was thinking about email, but you could also use IM, DNS, a particular application, a Phishing technique, etc. Mind you, I'm not saying that this is probable, but I'm sure if you were to sit down and think about it you could think of several ways to "plant" (for lack of a better word) a file onto somebody's computer.

[peeb]

You know, anti virus software will not protect you from that kind of attack.

[besson3c]

I know that peeb...

Here is my point again, restated and hopefully explained better:

If you use the term "virus" in a very generic sort of way to mean "malicious software that messes up your computer" as it often seems to be used, it is obviously possible to both write and somehow get malicious software on a Mac. Since nobody has found a successful way to propagate it, all of this is more of an academic argument than a pragmatic one, but my point is that we shouldn't think for a minute that it is not *possible* to obtain a virus on a Mac, especially using the definition I've used above.

How is this information useful? Well, in simply understanding, recognizing, and teaching that a Mac *can* be affected is better than propagating the myth that Macs are and will always be impervious to any and all variety of virus.

[Cold Warrior]

except that 'virus' isn't very generic. It's a specific term connoting specific activities and self-propagating.

[besson3c]

Originally Posted by Cold Warrior 

except that 'virus' isn't very generic. It's a specific term connoting specific activities and self-propagating.

I know, we discussed trojans, worms, root kits, and viruses earlier on in this thread...

I keep on drudging up the common use of the word because this is how many non-technical people talk about these things, for better or worse. We've sort of adopted "powerpoint" to mean a presentation even though Powerpoint is an application.

I don't want to belabor this any further though, because my main point I was trying to make has been made and it seems that it is not being disputed.

[peeb]

Indeed - it don't think it is helpful to use the term virus, which does have a specific definition, to mean anything with harmful effects. Like its medical counterpart, the term has a real meaning, using it to mean 'infection', 'broken leg', and 'virus' is unhelpful.
If the question is 'is it possible to write software that is harmful, and somehow trick a user into running it?', then sure - you can do that on a Mac. If the question is 'are there any examples of the self-replicating, self-installing malware that are common on PCs that do not have to be explicitly run by the user?', then the answer is 'no'.

[peeb]

I'm not disputing your point that many people misuse the term virus - I don't think we are in disagreement, the place where I part company with you, perhaps, is that I don't think we should adopt this definition.

[besson3c]

taking this into a whole other direction outside of the realm of viruses on a Mac, another example other than "powerpoint" is "PC". People use it to refer to a PC running Windows (even Apple uses it this way), but a PC could also mean a PC running any other OS. So, at what point do we adopt this language that manages to communicate effectively for the most part, or do we?

[peeb]

I don't know - it's part of the broader problem of brand names becoming generic, like Hoovers. Everyone knows that Hoover is a brand name, but it is used as a generic - Xerox as well. I have less of an issue with PC, although I can't really explain why... Powerpoint I don't like, also, 'powerpoint projector' is one that has currency where I work, which I loathe!

[analogika]

Originally Posted by peeb 

If the question is 'is it possible to write software that is harmful, and somehow trick a user into running it?', then sure - you can do that on a Mac.

And the point I made is that it is IMPOSSIBLE to protect against such an attack through any sort of installed prevention-software, because once it depends on user interaction, there is no automated process that can be watched for.

Originally Posted by peeb 

If the question is 'are there any examples of the self-replicating, self-installing malware that are common on PCs that do not have to be explicitly run by the user?', then the answer is 'no'.

Currently.

[Kevin]

Originally Posted by olePigeon 

ClamXAV does not disinfect, so if you get a Word document with a macro virus attached (which we see all the time at work), then it won't protect you.

The best antivirus I've fond is Sophos. It's probably the most expensive, but it's also the least obtrusive. Norton Antivirus is probably the worst.

Sophos runs in the background, and the only indication that it's running is a menu at the top of your screen. It's not like Norton, Integro, and McAfee where it's resource intensive and has popups every 10 seconds reminding you how great a job its doing, with more popups every time you connect an external drive or (gods forbid) a network volume.

Sophos is nearly transparent in its operation.

If OS X ever gets to the point where Viruses are actually a problem I'll have to look into it. Till then I will continue to run nothing, and just use common sense.

[itrush07]

Lots of infos here, (newbie here)

[peeb]

Originally Posted by analogika 

And the point I made is that it is IMPOSSIBLE to protect against such an attack through any sort of installed prevention-software, because once it depends on user interaction, there is no automated process that can be watched for.

Agreed.

Originally Posted by analogika 

Currently.

Agreed - but that's what we're talking about.

[Trytti]

My ISP subscribes to Postini which catches viruses before they even make it to my ISP. I also read enough computer news such that I would be aware of any new viruses. Virusware at this point is just something to slow down the computer.

[ghporter]

Originally Posted by Trytti 

Virusware at this point is just something to slow down the computer.

Your experience with antivirus packages is not terribly recent if you think that all you'll get is a slow computer. I have never noticed any slowing of any of my computers by antivirus software, whether it's been a Mac or a PC. But then I tailor the software's settings to reduce overhead when it scans, though I always use real time file monitoring.

In other words, while there's no driving need at the moment for a Mac to have an antivirus suite, using a good one shouldn't hurt at all.

[olePigeon]

Originally Posted by besson3c 

Sophos what? Sophos is the name of the company, they make several anti-virus products.

Uh, Sophos Anti-Virus for Macintosh? I don't think he needs a hardware router with content filtering, just the software.

Originally Posted by Kevin 

If OS X ever gets to the point where Viruses are actually a problem I'll have to look into it. Till then I will continue to run nothing, and just use common sense.

True. I only recommend it if you correspond regularly with Windows users utilizing Microsoft Word and Excel documents. Some of those Word Macros raise hell with permissions on OS X and quickly infect other Word documents. The biggest annoyance is that it turns every single Word document into a read-only document.

[besson3c]

Originally Posted by olePigeon 

Uh, Sophos Anti-Virus for Macintosh? I don't think he needs a hardware router with content filtering, just the software.

Sophos also makes Sophos PureMessage, for instance, which is software.

[peeb]

I don't think he needs the software either.