Posted on 10/18/2015 10:27:26 PM PDT by Swordmaker
I had a short-lived experience using anti-virus on my Mac. Why don’t I use it anymore?
Mac anti-virus has always been a talking point amongst Mac users. We sit smug behind our ‘secure’ Apple computers, poking fun at Windows users and their constant battle with anti-virus suites and malware protection.
The number of Windows computers I get asked to look at because they are running slow and the culprit are viruses and junk-ware programs that hog system resources and take over their browser is ridiculous.
In early 2014, I briefly tried out Sophos Home Edition for Mac and had every intention of keeping it installed ‘just in case’. After all, it is better to be safe than sorry. But after a few weeks, I removed it. Apart from a the test eicar virus, it detected nothing on my Mac nor any drive I plugged in to it.
I had in the early days of OS X also tried ClamXav, but I didn’t continue with this either.
There is something unnatural about having anti-virus protection on OS X. I don’t want a background process taking up system resources – however small it is. Some suites on Windows can choke a machine and bombard you with pop-ups, notifications, and updates, and that would drive me insane.
Mac users are very complacent regarding the safety of their computer. Deep down we all know our beloved machines aren’t impenetrable – but we also know that OS X with its Unix/BSD base is built in such a way that makes it very hard to get to.
Linux users are in the same boat. Their *nix base and minority operating system means most will sit with the same attitude as Mac users and use no protection even though there are a few Linux infections around.
Most of the issues surrounding OS X in the past few years have been about security, Java, or Flash – and this is handled by Apple and Adobe releasing a patch.
2012 saw 600,000 Macs worldwide infected with the Flashback Trojan – although personally I don’t know anyone who was infected by it. This is the most well known attack I am aware of.
There are dangers for OS X out there in the wild, and any Mac user with an ounce of knowledge knows this. However, until there is a real risk of my machine being seriously infected by something extremely nasty, I am going to continue to sit here without any protection – just a bit of common sense what sites and places I visit and which links I click on in emails.
The major reason for using anti-virus on a Mac is to prevent a Windows infection being spread around.
Keeping your computer clean is your responsibility – not mine. If you choose to use an operating system that requires constant looking after, that is your problem. Yes, this may seem arrogant and selfish, and it could come back to bite me when OS X gets taken by surprise, but I’m willing to take that risk.
What’s your opinion? Perhaps you are a Mac user wondering what to do, or maybe you are a Windows user looking in.
I had two Macs in my office whose UUIDs were listed as being among the infected members of the FlashBack MacBot. . . but one was a dedicated single purpose Mac that had never even been on the Internet and did not even have Java installed, and the other also did not have Java, but was on the Internet. Neither showed any signs of infection. . . or being a member of the bot, which was easy to determine.
"2012 saw 600,000 Macs worldwide infected with the Flashback Trojan – although personally I don’t know anyone who was infected by it. This is the most well known attack I am aware of."
There's a very good reason You don't personally know anyone who was infected by the Flashback Trojan, Simon: it was a HOAX perpetrated by Dr. Web, a Russian Anti-Virus software publisher who was trying to sell their new Mac Anti-virus for Business app. Dr. Web Claimed to have what they claimed was a honey-pot server they had built to intercept the "infected" Macs as they "called home for instructions" from the malicious server of the bad guys. . . but that was NOT actually what they had. Instead of a honey-pot, they had a server with a list of Mac UUID's of 600,000 Macs, many of which had never had Java installed—a requirement to be infected, ever been sold yet, or in many instances, even been manufactured yet! Many of the so-called "infected" Macs whose UUID's were on Dr. Webs' so-called honey-pot's list of infected Macs were found to be NOT infected, did not have Java installed (Java was not a default install on OS X), and some had not even been on the Internet to even be infected at all! In fact, NOT A SINGLE INFECTED MAC was ever found in the wild!
At the time that Dr. Web announced their finding of this 600,000 MacBot, the vulnerability that Flashback Trojan utilized had been CLOSED for over six months and Apple had the Trojan's signature in its Gatekeeper for that entire length of time. To even GET infected with this supposed Trojan, all 600,000 Macs would have to have visited an obscure Russian language website and downloaded character definitions for a Russian language role-playing game that had only had under 20,000 downloads of the game. . . but they would have us believe that under 20,000 game players of a Russian language game somehow persuaded 600,000 English-only-speaking Mac users in America and the UK (95% of the supposed infected machines were apparently located in the US and the balance were in Canada and the OK, and only 2% were Windows machines????) to connect to download malware loaded character definitions for the game???? I really don't think so.
In any case, within a week of Dr. Web's hyped announcement of 600,000 infected Macs, the number claimed had dropped to under 250,000, then later that week to under 180,000, then later to under 120,000, then under 86,000 then dropped completely off the news cycle as NO ONE FOUND any infected Macs in the wild!
If you want on or off the Mac Ping List, Freepmail me.
I’ve been running several flavors of Linux since 1994. Have yet to have a virus infection on one of them.
Root kits? Might have had one. Not sure about that.
Never had a adware attack.
But I do not use Adobe Flash. Most of the time I only enable the minimum java needed to render the screen.
Latest install is set up to use TLS only secure shell when logging in.
Am pretty happy with this install. Debian with XFCE packages.
IMO, MacKeeper has poisoned the well. Everything I have ever read and everyone I have talked to with any experience regarding the product has warned me to stay as far away from that thing as I can.
Yet almost everywhere I go online, whenever the website detects a Mac on the other end, up pops these persistent and aggravating ads that use increasingly sneaky tricks to try and get me to download and install the program.
Even if a anti-virus program for Macs came out that was solid gold, I wouldn’t trust it at this point. It may not be rational, but it’s the way I feel.
There is something unnatural about having anti-virus protection on OS X. I don’t want a background process taking up system resources – however small it is. Some suites on Windows can choke a machine and bombard you with pop-ups, notifications, and updates, and that would drive me insane.I have two things to say about this.Mac users are very complacent regarding the safety of their computer. Deep down we all know our beloved machines aren’t impenetrable – but we also know that OS X with its Unix/BSD base is built in such a way that makes it very hard to get to.
These days the "BSD Unix" defense is not worth as much as it once was. And you know, Swordmaker, that I am a Unix-head at heart, and believe that it is the strongest operating system in common use, bar none.
As a System Admin, I see malware emails blocked every few minutes in my corporate firewall. Very few are the old-style direct attacks on an OS. They're almost all attacks on the users.
HUMAN OPERATORS can -- and DO -- compromise any operating system, no matter how intrinsically strong. I'm not sure I like the author's cavalier attitude regarding the real vectors in use these days -- particularly phishing and spear phishing attacks, never mind things like leaving a few infected USB flash drives in the company parking lot for employees to pick up and carry inside...
> I don't bother with anti-virus on my Macs either. But I'm extraordinarily careful where I go on the internet, what I click on, and what I open in email.
I believe strongly in disaster recovery preventative measures. On my Macs, I use Time Machine religiously.
And I do a complete TM backup every so often IN ADDITION to the normal incremental one, as a total snapshot of my system in case the TM archive gets eaten or corrupted.
And I use a variety of separate media -- no point having all your backup eggs in one basket.
And my main archive is a mirrored RAID-1.
Belt, suspenders, and a skyhook.
I've used Windows for 20 years.
If the author used Windows, and if the author followed his own advice, he would have had almost no problems with Windows, either.
I've had 4 viruses in 20 years. Two of them after opening or downloading Adobe documents.
I currently have a virus that attacks and shuts down my McAfee firewall and gives me a pop-up that wants me to download a software program.
I've done a half dozen full computer scans, and I have no idea where this thing is hiding, or where it came from.
Intel has purchased McAfee, and a few weeks ago they shut down the McAfee Help Desk and the User Chat Room, so I don't even know how to alert McAfee to the problem.
There are many posts on Google about this pop-up, and many very complicated suggestions about how to stop it, but there is no way to verify these solutions, so I have not tried any of them.
So, obviously, Windows is not perfect, but 4 viruses in 20 years, for the most widely used desktop OS in the world, is not a bad record, either.
I can't tell me who much time I used to spend just cleaning up Windows, it was at least once a month. You shouldn't have to run all of these programs just to keep the system stable.
I’ve had only Macs for well neigh on to 20 years—and never a problem, as far as a virus is concerned.
The author of the article doesn't have very much information on Windows security and definitely misses the main point. Which is that Windows relied on security through obscurity and MS has slowly added access control. In contrast Mac and Unix started with nearly complete access control. The main point is that defenses like least privilege and access control are open and relatively simple and meant to be scrutinized. The result is very few privilege escalations on MacOS. We talked about one in a thread once. It was a genuine threat, but easy to patch. So easy, I figured out how to patch it myself. Try that on Windows.
Another Windows problem: for performance reasons Windows had graphics code in the kernel and paths from external input to that code. Enough stupid stuff like that makes for a robust supply of potential vulnerabilities.
Everything you said is excellent advice, regarding being careful bringing data into the Mac, and backing up your data. I also use a mirrored RAID-1 external enclosure for my main archive where my Time Machine backup folder resides. Here is why a full TM backup is warranted every so often:
Sometimes Time Machine will have a corrupted incremental. When I have migrated data from an old drive to a new one, sometimes not all the Time Machine incremental backups get copied due to a corrupted file. Rarely happens, but it can happen. I use the Finder Copy operation to copy the backup folders between hard drives. Promptly followed by a full backup to the new backup folder. Recently upgraded to a pair of 6TB drives from 3TB in the RAID-1. I keep the old ones with the data for a while as insurance.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.