>>Hate to muddle the waters with facts or input from experts but I found this an extremely good article.<<
Most people and many security think that the install base of the Mac is too small to attack.
Those who know better know that is WHY it is such a great target.
Don’t forget our resident Mac expert... :-)
I vote for Linux with no GUI.
Ya know... after years and years of using Macintosh anti-virus software, I’m considering just getting rid of it. I mean, in over 25 years of continuous Macintosh usage, I’ve had exactly one virus show up (and it was a minor one at that time), back in about 1988 or 1989. It’s been so long ago, I just can’t quite remember when... LOL..
And since that time, I’ve had zilch... nada..., nothing show up... nothing at all. And yes, I do run an anti-virus software package, but as I said, I’m wondering why... :-)
It’s from Intego and I think I’m just handing them over money every year for no good reason... ya know what I mean...
Anyway... if someone wants to be on the safe side and something does pop up about 20 years later, down the road, then sure... run some anti-virus software on the Macintosh...
It could be because MACS are not a big market and the perception is that most of the hacking attacks take place more on PC’s then Macs.
Written on February 04, 2010
by Dave Greenbaum
Just over a year ago, Mac users began to feel a bit more Windows-like after a major Mac trojan horse was discovered in the wild. Of course, you’d get it only if you obtained copies of pirated software. While there had been a few scattered OS X virus reports, this trojan had the most destructive potential to date.
Since that rumble last year, the Mac security front has been relatively quiet. This begs the question that has been on many people’s minds and one I get asked on a daily basis: “Why don’t Macs get viruses?”
Of course, we know the question isn’t valid. Macs can be attacked as evidenced earlier. Even Apple suggests running some kind of antivirus software on your Mac and included one with a .Mac subscription. Additionally, numerous security flaws are found and Apple releases regular security updates to patch them up. So, a better question might be “Why don’t Mac users have to worry about malware like Windows users do?” I suspect a relatively small number of readers have active antivirus software running on their Mac, despite Apple’s recommendation. For purposes of simplicity, we’ll lump viruses, worms, spyware, malware, and trojans under the common term of “viruses.” Here are the common responses given and my take on them.
Macs Aren’t Popular
Why do people rob banks? That’s where the money is! (Sutton’s Law). Because Windows-based computers represent around 90 percent of the market, virus writers get more bang for their buck. Not only does a Windows virus spread farther and faster due to its numbers, but the people writing viruses are more likely to have Windows machines upon which to code. And the banks are running Windows as well, so Windows is where the money is.
Of course, when Apple introduced Intel-based computers, some were concerned that Macs would get PC viruses because they were running the same chips. The chip switch was a legitimate concern, but for a different reason. If cheap PCs could be turned into Macs, the enemy could use that to their advantage and begin diversifying. Hacking the Mac OS to run on a PC would provide an easy way for malware writers to explore the MacOS.
However, as the Mac’s popularity has increased, we haven’t seen a rise in viruses for the Mac. Popularity is a weak rationale.
Macs Don’t Maintain Backward Compatibility
Since 1984, Apple has made multiple shifts in its operating system strategy. First there was the shift from 68K processors to PowerPC, and then the shift from Classic to OS X, and then finally the shift from PowerPC to Intel based processors. That old copy of MacWrite or NetTrek won’t run on your new MacBook without major emulation and other chicanery. On the other hand, WordPerfect 5.1 for DOS runs great on a Windows 7 PC with just a minor tweak.
Microsoft, in order to maintain compatibility with older products, has never fully excised old code and flaws in its operating system. Apple has been willing on at least three occasions to completely abandon old software and start from scratch. Because Apple controls the hardware and the software and has a much smaller installed base, it is better positioned to make these drastic moves.
Ironically, Macs used to get tons of viruses in the System 7 days. I fondly remember “Disinfectant,” and countless viruses spread via floppy disk. As the Classic OS evolved, less and less viruses worked until finally OS X rewrote the OS book. Which leads to the final reason for the dearth of Mac nasties.
Macs Were Designed with Security in Mind
Since Apple knew about Mac viruses, it was able to redesign the operating system with safeguards in place to prevent malware outbreaks. The proper use of the Administrator account and password was the most important key in preventing the spread of any Mac viruses. For those unfamiliar, on a Windows XP PC, programs can install automatically without an administrator name and password. While Vista and Windows 7 ask permission sometimes, you can still easily install programs (and therefore viruses) without intervention from a user.
Alternatively, Mac programs requires someone with Administrator privileges in order to install most software. In my day job as a computer repair tech, countless Mac clients can’t even remember their own password, so they are extremely unlikely to accidentally install some software. Windows PCs are usually infected by clicking on some kind of link followed by Windows automatically installing a virus in the background without user consent or intervention. This idea is as foreign to Mac users as a .dll file.
Because Apple has a quicker schedule in updating and patching its operating system, any flaw that is found and acknowledged by Apple can easily be patched via an update or the next operating system. Getting Apple to acknowledge some of these flaws is a different story, though Snow Leopard provided protection against the trojans discovered last year.
Do you run antivirus software on your Mac?
Good question. Apple said at one time it recommended antivirus software (though later it recanted), yet most Mac users don’t. The risks of a virus on your Mac are slim and protection software is perceived as slowing down computers and being generally buggy. Unlike most other software, virus protection requires a yearly fee to keep protection active. If you stay away from the red light district on the Internet, you are much less likely to get a virus. Make sure your system password is a good one and hard to guess. Be wary of any software you download and check the source. That’s why you get the warning now whenever you download a program from the Internet. Common sense is your first line of defense.
Personally, at home, I have ClamXav installed. It’s a free program that will scan your Mac to determine if you have a virus, but won’t pre-emptively protect you from getting one. It’s an “on-demand” versus an active scanner. I update and run it every so often after I hear of some new threat.
For my work computer, I have Intego VirusBarrier installed. The program is unobtrusive and has little or no impact on the performance of my Mac mini. Because I work with a large number of clients, I can’t always guarantee that they haven’t downloaded an Internet Nasty and I don’t want to catch what they have on their computer.
The choice is yours whether to run antivirus software. The reasons why Macs don’t get many viruses are as much based on luck and market conditions, as they are on inherent security. At the very least, besides a good administrative password, a Mac on the Internet should have a copy of ClamXAV on it that can be run at the first sign of trouble and updated after a suspected outbreak. Furthermore, remember that “social engineering” threats, like phishing emails that attempt to steal your passwords can affect Mac and Windows users equally. Stay on your toes and never respond to unexpected emails that try to scare you into visiting a website that requires your password or other personal information.
They’re all secure if you stay offline. And keep it in a secured vault. Or leave them unplugged and turned off. :)
By Bambi Brannan
Monday, February 27, 2006
Just when you thought Mac OS X was safe and secure, there’s a barrage of… virus protection software makers.
Which is more dangerous? The virus, or the innoculation? Guess who says you need protection?
Despite the scares of last week’s trojan horses, and OS X exploit vulnerabilities (one of which was fixed last year, the other is easily fixed in two seconds, and my practicing Safe Downloads), the Mac has become a target again.
This time, those doing the targeting of Mac OS X are the virus protection makers, such as Sophos and Symantec. Who’s protecting us from the protectors?
For all intents and purposes, it’s nearly impossible to protect a Mac from a trojan horse. Why? Trojans rely on human intervention; downloading or opening a file without knowing the sender or the contents.
That’s a sure recipe for disaster, and there’s not many software applications to protect the user from the user.
The security folks at Sohos and Symantec and Intego and Trend Micro, and elsewhere, sell software to guard computers and networks against the threat and damage of malware; viruses, worms, trojan horses, etc.
They have a vested financial interest in spreading a little fear among Mac users.
As we saw in last week’s news headlines, malware is out there for the Mac. More will come.
What can you do to protect you and your computer and your files?
If Sophos and Symantec have a say, you’ll buy products from them to give you and your computer more protection.
Of course, none of the major or minor virus protection services could have protected any Mac user from the recent so-called outbreaks of malware for Mac OS X.
That begs the question, “Why bother?” Why worry about protection until there’s something to protect against?
That’s a valid point, and a simple answer isn’t easy.
Sophos is the latest to offer anti-virus software for Mac OS X.
What does it do?
“Sophos Anti-Virus provides integrated cross-platform virus detection on Macintosh servers, desktops and laptops. Our powerful Sophos virus detection engine scans all potential entry points for potential threats, and also detects non-Mac viruses that could be harbored on Mac computers.”
What does it cost? That’s easier to ask than it is to get Sophos to tell you. We’re still waiting for a quote. Why? Here’s what Sophos has to say:
“Your request is now being dealt with and you will hear back from the Sophos team shortly.” That was then and this is now. So far, silence.
Thanks. It’s reassuring to know that the people who claim I need virus protection are willing to jump into action immediately and provide me with their so-called solution.
It looks to me as though Sophos and Symantec and many other virus makers make their money selling to one (or both) of these two entities; Windows users, Windows business users.
Mac users might be a future market, but for now, we’re an afterthought. How can I tell?
About virus reporting capability of their anti-virus for Mac OS X, Sophos says, “Every virus incident is automatically reported to the administrator, making day-to-day management even easier.”
Uh, administrator? See what I mean?
Virus protection is a serious issue and Mac users need to be concerned.
But it all boils down to three basic issues; need and trust and results.
Do we need what the malware protectors are selling? Can we trust them to provide us with protection? What do the results show so far?
As to the need, there are still no viruses of substance to report; same with worms; both of which could be dangerous to Mac users.
Will the malware protectors provide Mac users with protection before said malware strikes? Thus far, they have not. Finally, what do the results show so far?
FUD. Fear, uncertainty, and doubt emanating from malware protectors.
It’s the FUD I want to remove, and it’s protection I want to have. For now, common sense and Mac OS X seem to be doing a better job than the malware protectors.
Update - I finally received a response from Sophos regarding their anti-virus software for Mac OS X. Four days after my query for pricing. It was just an email response. No price, and a curt “Please call me.”
I find that living in a cave with the technology available in 10,000 BC affords absolute safety as far as theft and cyber crimes. The only drawback is a life expectancy of less than 30.
Have to agree, I got a reall nasty hack in Jan. PC
Yes, a Mac is 100 percent safe from viruses designed to attack PCs. And although no computer connected to the Internet is completely immune to all viruses and spyware, the Mac is built on a solid UNIX foundation and designed with security in mind. The Mac web browser, Safari, alerts you whenever you’re downloading an application — even if it’s disguised as a picture or movie file. And Apple continually makes free security updates available for Mac owners. You can even have them download automatically.
One thing that seems to be overlooked. Macs OSX machines are more expensive, ergo they are used by more upscale people with a probability of higher incomes. Now if I were targeting people to pilfer bank accounts etc. Who would I target? Yes Macs have a smaller market share, but that does not necessarily make them safer. A study should be made of how many Macs are attacked in total as compared to the number of Macs out there. That will give you the risk factor. If say 2 out of 15 macs get attacked but 10 out of 85 PC’s get attacked, the percentages are almost the same.
IMHO computer security is just like seat belts and door locks... they’re dependent upon the end consumer using them appropriately.
If a Mac user figures that his computer is completely safe right out of the box, he is less likely to use antivirus software, perform backups, password-protect his computer or other basic functions to keep his computer protected. 999 times out of 1000, he’ll be fine... the same way most of us would be fine driving to work every day without fastening our seatbelts or using turn signals.
Though a computer virus can attack virtually any computer, it is a bit more difficult for a Mac to contract one. The reason it is said that Mac computers are less likely to get a virus is due to the fact that Mac OS X is founded on the UNIX kernel, which is thought to be the safest operating system available. A kernel is the main component of an operating system, which is responsible for managing memory, disk drives and processor; and the first thing that loads into memory during system startup is the kernel. Another reason why Mac users get less viruses when compared to Windows users is due to the fact that there aren’t as many users of Mac. If a hacker would write a virus to harm computers, he would wish to cause damage to the greatest number of users and obviously those users are Windows users. It is approximated that nearly half-a-billion people use Windows, while Mac has only twenty five million users. If we go into some detail, we find out that over 80% of Windows users are home users and the remaining are business users. If we look at Mac, we find an opposite trend - 90% of Mac users use it for business purposes and 10% use it at home.
For a hacker, it is not so easy to create a virus - it's a very complicated task. Hackers know that most people use Windows and chances are that they, too, are more familiar with Windows than Mac. Therefore, they do not bother themselves to learn a new system to develop a virus for it. It is unlikely they would do it even if doing this will gain them a few more million victims. Thousands of tools, scripts, code and software that has already been written is mainly designed for Windows operating system, so half of the problem is already solved for them. Those individuals who run Windows operating system as a cross platform machine on Mac are also not safe from Windows viruses. Although, Mac users are safer from viruses than Windows users are, it must be noted that they are not completely safe from the rapidly growing viruses. Never know, tomorrow they may become as vulnerable as Windows users. Apple advises Mac users to install antivirus software to strengthen their immune system against rising dangerous threats.
by Rich Mogull
When people find out I'm a security expert, I can almost guarantee the ensuing conversation will evolve in one of three ways. If they are technologically illiterate, I'll have to explain I don't know anything about trading securities and can't help them with any hot tips. If they use Windows, I'll tell them to back up their data and reformat the system. But if they use Macs, the discussion usually becomes a little more complicated.
There is a misperception among much of the security community that Mac users don't care about security. Since joining TidBITS I've learned that Mac users are just as concerned about their security as their Windows brethren, but they aren't really sure what they need to know. Even the most naive Windows user understands that their system is under a constant barrage of attacks, but the Mac user rarely encounters much beyond the occasional pop-under browser ad and, of course, oodles of spam.
When people find out I'm a Mac security expert, they ask, "Oh, so do I need to worry more about security?", quickly followed by, "Do I need antivirus software?" While the antivirus answer isn't completely straightforward, it's also not all that difficult.
The reality is that today the Mac platform is relatively safe. Hundreds of thousands of viruses and other malicious software programs are floating around for Windows, but less than 200 are known to target the Mac, and many of those are aimed at versions of the Mac OS prior to Mac OS X (and thus have no effect on a modern Mac).
It's not that Mac OS X is inherently more secure against viruses than current versions of Windows (although it was clearly more secure than Windows prior to XP SP2); the numerous vulnerabilities reported and patched in recent years are just as exploitable as their Windows equivalents. But most security experts agree that malicious software these days is driven by financial incentives, and it's far more profitable to target the dominant platform.
Desktop antivirus software is also only a limited defense, and one that's typically very resource intensive. By even the most positive assessments, antivirus software catches only 85 to 95 percent of known malicious software (viruses, worms, trojans, and other nasty stuff) in the wild. This leaves a significant level of exposure, especially considering you're running software that brings your system to its knees whenever you have a full scan scheduled. Antivirus tools are intrusive by nature, don't offer nearly the security they advertise, and can be costly to maintain over time. I personally rely on other defenses to prevent malicious code from ending up on my computers in the first place, and so far (fingers crossed) have never had antivirus software find anything on any of my Windows XP systems. I don't even bother to run it on my Windows Vista systems, due to that platform's stronger security and the limited number of malicious programs that target Vista. When I've tested Macintosh antivirus programs, they typically only find infected attachments in my spam folders. Scanning all your incoming mail at the gateway, maintaining safe browsing habits, and using a browser plug-in or two can be more effective than desktop antivirus software, as I'll discuss.
Even if Mac OS X is no more secure, we Mac users are currently at a lower level of risk than our Windows counterparts. It's reasonable to assume that this dynamic could change, but considering the current level of risk, and the resource intensity of most antivirus software, it's hard to recommend antivirus except under limited circumstances. Here are the factors I suggest you consider before using antivirus software.
At some point, assuming Apple continues to make appealing products, we Mac users will become bigger targets and face a higher level of risk. Adam J. O'Donnell, Ph.D., is the Director of Emerging Technologies at Cloudmark and has recently been using game theory to analyze at what point Macs become more targeted for malicious attack. He states, "Game theory shows that an inflection point will come when the rate at which a malware author can reliably compromise a PC rivals that of the Mac market share. It is at this time you will see monetized, profitable Mac malware start popping up." For example, Windows Vista is a dramatically more secure product than its predecessor. As it's deployed more widely, we could hit an inflection point where the combination of growing Mac market share, and increased difficulty in exploiting Windows, makes the Mac a more profitable target.
How can we avoid this? That's mostly up to Apple. In Mac OS X 10.5 Leopard, Apple began implementation of a number of anti-exploitation technologies that could increase the difficulty in exploiting the platform, but most features weren't fully completed and don't provide the necessary protection to limit attack effectiveness (see "How Leopard Will Improve Your Security," 2007-10-22). If Mac OS X maintains even just security parity with Windows, yet Mac market share stays in the low double digits, Windows should remain the dominant target. We need to continue to pressure Apple for a more secure platform so these technologies are fully implemented before the malicious software market dynamics shift. Better library randomization, sandboxing, and QuickTime and Safari security features will go a long way to protect Mac users.
In short, at this point in time, I don't recommend desktop antivirus for the average Mac user. You only need to deploy it if you engage in risky behavior, need to protect friends on Windows, or comply with corporate policies. It's quite probable this will change in time, so it makes sense to take some reasonable precautions today and stay aware of the world around you. Better yet, let's continue to pressure Apple for stronger security so we can completely avoid resource leaching desktop antivirus in the long term.
I am a Windows guy, but I also spend a very big slice of time on Linux - I fix computers for a living.
I can be sitting on the System Desktop as user:System in mere seconds on a Windows box, even if I don't know it's passwords.
It is infinitely harder to hack a *nix box, even at the simplest levels, because of the no-man's-land between the system/root and Userland.
I have been fixing computers since the mid/late 80's and I have yet to have *any* computer other than Windows boxen cross my bench with infection (except for those I infected purposefully as proof of concept research).
As I said, I am primarily a windows guy - I use it all the time, and I write for it - But the reason Windows gets more bugs is because it is hilariously easy to exploit, and always has been.
Pretty well answers the whole debate.
As for me, I have yet to get any malware on my Mac running OS X sans AV for about 7 years.