Mac Virus Protection; why bother?
TUAW reader Gonzalo asks us if he should be worried about viruses on his brand new Mac. Apple store employees say that he should invest in some antivirus software, whilst his Mac loving friends tell him to chill out and save his money.Where do I fall on this spectrum?
As a wise man once said, 'a stitch in time saves nine.' Sure, there are no known viruses for OS X in the wild (there are some 'proof of concept' viruses out there) but that doesn't mean there will never be a virus for OS X.
But Scott, why would someone bother writing a virus for OS X when Windows has 14000% marketshare? Many people point to this fact and sleep soundly because of this concept of 'security through obscurity,' but thanks to the iPod the Mac is on everyone's mind.
You have to ask yourself, is my computer that important to me? If it isn't, well then you have no need for antivirus software, enabling the firewall, or using strong passwords. However, if you store sensitive data on your machine, or you couldn't think about a day without your Mac you really should get yourself some antivirus software and you don't even have to pay for it.
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 2)
mapin said 10:30PM on 7-19-2005
Yep I agree, just b/c there aren't any out there now, doesn't mean there never will be an OS X or OS XI virus ! Do yourself a favor just download ClamXav for free. I don't understand why any mac user would refrain from doing so, it can only help and can't possibly hurt.
Reply
ratso said 10:41PM on 7-19-2005
The point isnt that you shouldn't care if you got infected - of course you should. The point is that even if you did get infected today's virus protection software may not be much help since it is such an unused part of the Mac world.
Reply
Scott McNulty said 10:48PM on 7-19-2005
So, ratso, that means that you shouldn't bother installing AV software? I think not. It is true that you MIGHT be the first person to get a virus for Mac OS X, but chances are you will be get it after a bunch of other folks get it (though someone does have to be first) and anti-virus software just plain makes sense.
Reply
teece said 11:49PM on 7-19-2005
I'll tell you why not. If there is ever a significant Mac virus outbreak, one of two things are possible:
You get infected before it goes mainstream, in which case I guarantee you your virus scanner will NOT detect the virus. In this scenario, unless you knowingly and foolishly grant a privilege escalation to the virus, the result will be nothing that can't be repaired with your backups (you DO have backups, right?)
The other alternative is that you DON'T get infected before the virus goes mainstream, in which case you get plenty of warning in the form of the media blitz that heralds "the first successful Mac virus." And you can then download a virus scanner.
In the meantime, not running untrusted apps from bizarre locations does 99.9% of everything that needs do be done to protect you from viruses.
So while a scanner won't hurt, it is still the case that no, you don't need one at all. Anything other than the free ClamAVx is a waste of money.
Reply
Joshua said 12:02AM on 7-20-2005
I think there may be some merit to getting virus protection from e-mailed virii; even though they won't infect your Mac, an AV program would help prevent you from spreading it to the unwashed Windows masses. Not that I ever bothered getting AV software. I'm just saying. I'm the kinda guy who opens infected emails just to be a jerk cuz i know it won't hurt me.
Reply
Joe Pellicer said 12:00AM on 7-20-2005
C'mon, protect your Mac! not to mention that, even if your machine doesn't get infected, you could actually pass the virus to other computers.
Reply
Derek said 12:13AM on 7-20-2005
The thing with viruses is that in order for them to really be a threat they have to have an easy way to spread over a network. The really good viruses can exploit a network vulnerability. ActiveX was possibly one of the greatest security blunders when it allowed you to get a virus just by visiting a website. Another way viruses can persist is a general lack of notification for updates. Apple does this in a great way by popping up a window in front of a significant portion of the screen. The icon is large and easily understood by the user base. Other system have small and annoying afterthoughts that really make updating a computer a hassle or confusing. These are some of the many reasons Macs have a stronger standing on security.
Reply
AHM said 12:18AM on 7-20-2005
Unless the software has some fancy heuristics built into it, it's not going to detect a new virus for Mac OS X until someone adds a new definition file. Even then, you're not going to be any better off unless you've set it to autoupdate frequently and scan your download folders or you may as well have not installed it. If a virus did appear, given all the press that it'd get, you'd know about it in any case. All AV on Mac OS X does right now is detect macro viruses in Word, and you should have macro protection turned on anyway (as should your Windows friends, if you have any). AV software slows machines down significantly (not all of us have nice, shiny new machines with CPU to burn).
Another point is that even with Windows, both spyware and viruses are very easy to avoid if you don't open unknown attachments, don't use Outlook, don't install dodgy programs, don't run IE, and have macro virus protection on. I've run Windows on my work and home machines for years w/o a single spyware or virus (except for the stuff that was there when the machine was given to me due to incompetent IT people). Practice safe hex and you'll be fine. Better, teach other people to do so (especially Windows users). A lot of viruses spread via social engineering.
Still not convinced? By all means, install ClamXav - and set it up to autoupdate and scan your download folders, or you might as well have not installed it. But for heaven's sake, don't give any more money to Symantec (Norton), Network Associates (Virex), or Intego (VirusBarrier) for products that do essentially nothing but take up CPU.
Reply
narco said 12:55AM on 7-20-2005
After reading the post, I was going to comment about how anti-virus software is unnecessary, mostly since there are no known viruses for the Mac, what are the chances of a virus of tomorrow being caught by virus software of today?
But then I read the comments. I didn't even think about spreading viruses to Windows users. Since I primarily use my computer for work and 95% of my clientele use Windows, I am really reconsidering this whole thing. Assuming the virus software can block viruses from emails, then I'll probably invest in some (or get that free thing).
Fishes,
narco.
Reply
Rafe H. said 12:53AM on 7-20-2005
The best OS X antivirus measures are to visit your favorite Mac web sites at least once a week. They contain much more information about current threats than any virus definition out there (the latter containing zero information). We'll be discussing and dissecting the first virus long before any company releases an updated virus definition that'll remove it.
But my colleague insists, "Norton Antivirus for Mac is rock-solid! I haven't been infected with a virus yet!" :-)
Reply
Taavi Taijala said 2:32AM on 7-20-2005
#4, 7, 8, and 10 have nailed it right on the head. AV software does almost nothing right now that you can't easily protect yourself from without it. Most AV software doesn't even scan your email to keep you from sending a virus to a PC friend. If you are really that paranoid though, no one is stopping you from downloading AV software or (stupidly) wasting your money, but realize (like many other's have said before me in this thread) that virus software of today will never catch viruses of tomorrow.
Reply
Steve M said 2:49AM on 7-20-2005
Nice quote Rafe, and a good point. I see the AV software makers really trying their hardest to sell to the Mac crowd, and not getting anywhere.
For me the bottom line is, the resources taken by the AV software outweigh the risks of getting infected. My simple solution to problems on my Mac (and on my Windows machine too) is this: NEVER use Microsoft applications. The two biggest vulnerabilities on Windows have been MS Office (Especially Outlook) and IE. Don't use them, don't let anyone else on your system use them. I've had multiple Windows machines in my house for over 10 years straight, and never had a virus of any kind effect any of them. I don't use AV software, I just know what I am doing.
Spread the word, don't use MS applications, and 99% of the viruses cannot get to you.
Reply
Daniel G said 10:49AM on 7-20-2005
Here's the basics, when the first Mac virus surfaces, it will be all over the news before it infects the second Apple. It will be head lines on all Apple sites, and if you're commenting on here, your certainly one to check them. As for scanning your outgoing e-mails to protect your PC friends. First of all, if they don't have AV they already have viruses. Secondly, who forwards on viruses? "Oh look, I have this mysteriuos attachment that I can't open on my Mac, maybe I should forward it on."
Anyways, my two cents. Of course unless someone develops a virus is cross platformable, then we're all doomed. Am I the only one who likes opening PC viruses on my Mac, just because I can??
Reply
Derek Jones said 8:17AM on 7-20-2005
If it were possible to make a self-replicating virus that could harm Unix, it would have been done in the last 30 years. The argument of Windows platform dominance was only a valid point in the OS 9 and previous years. We now run essentially the same core as the machines that run the internet. There are as many people who wish to do Unix and its variants harm as there are people who wish to do Windows harm.
The fact of the matter is, the only "virus" you can get on your Mac, or any *nix based system, are not virii, but pranks. Files that *you* download and execute, thinking that they are one thing, but that do something else. And they won't have any earmarks of a virus that an AV scanner would pick up, because they will be running code that executes valid system commands, such as deleting your User directory.
Historically, there are a few rare MS-DOS based viruses that successfully latched themselves into Unix computers, but they never worked as intended. More common are Windows-targetting viruses that are intentionally hosted and ran from Unix systems: still a different game. And the insanely few worms, trojan, and exploit "success stories" on Unix (again, no self-replicating, hence, no actual viruses) don't fall into the same dimension as Windows viruses.
I cannot stress this enough. If people turn their attention to Mac for malicious code, Trojans are where you are vulnerable. And there can't be a wildfire spread like what happens in the Windows world, because they cannot self-replicate and send themselves to other Mac users. You will screw yourself from downloading Mac warez, opening the .dmg, and giving the Trojan root access. None of the AV scanners will stop that from happening. And FWIW, even in this scenario, your O/S is never at risk. Your files are, the O/S is not. If you have a proper backup routine, even in this case, you will be fine.
Reply
newbie said 9:35AM on 7-20-2005
I'm a newbie to the mac and not very tech savvy. I installed all sorts of virus protection/anti-spyware protection programs on my old windows machine. when I switched over to a mac I signed up right away to .mac just to get Virex. Now I've been told that Apple is dropping Virex due to problems getting it to work with Tiger. I'd like to thank TUAW for starting this topic. Does anyone know if ClamXav has any problems with Tiger, and is it a good replacement for Virex.
Reply
Gonzalo said 10:51AM on 7-20-2005
Thanks for the feedback guys.
Reply
Scott Mesch said 10:17AM on 7-20-2005
It is ridiculous to add anti-virus software to any Mac. I work as a network consultant for Mac and Windows systems.
Even if the anti-virus software is free, it is not worth the trade off. Those of you who are recommending anti-virus software for a Mac are ignoring the fact the it slows down your computer a great deal and causes incompatibilities with other software. This is a BIG price to pay. My company removes virues from Windows computers for our clients several times each week. Frankly, getting a virus and then removing it is less of a hassle than putting up with the problems that anti-virus software causes. Out of the thousands of Windows viruses out there, I have not seen any that delete users files.
If you want a daily hassle of updating your virus software and want your computer to run at 50% or less speed, then add anti-virus software to your Mac!!
Reply
ChillyWilly said 2:17PM on 7-20-2005
AHM wrote:
"Another point is that even with Windows, both spyware and viruses are very easy to avoid if you don't open unknown attachments, don't use Outlook, don't install dodgy programs, don't run IE, and have macro virus protection on."
At some point, all of these "avoids" hinder how people actually do work on their systems. There are some sites that work only on IE. If you connect to Exchange Server, there's not that many alternatives to Outlook that work for most.
"I've run Windows on my work and home machines for years w/o a single spyware or virus (except for the stuff that was there when the machine was given to me due to incompetent IT people). Practice safe hex and you'll be fine. Better, teach other people to do so (especially Windows users). A lot of viruses spread via social engineering."
I agree... *if* you can teach people to not do stupid things on a computer, then they won't get hit. But that's never 100%, no matter how much you teach and explain something to a user that isn't a techie or literate in the world of Windows.
I have several clients that I manage (all on Windows systems) and a good 40% of them will click on an attachment and get infected (before the AV company has a chance to issue a new protection update).
Over the years, I've rarely been hit with a virus because I know what to do.
As for the Mac and virus protection, I run it (Norton ver. 10) just in case and as a nice background safety measure. And as the Mac starts to get more popular and gaining more market share, the useless hackers will find another avenue to waste their talents on, working towards that 15 mins of fame their stunted egos thrive on.
I say, at least run the free AV... you can never start protecting yourself too soon.
Reply
ChillyWilly said 2:26PM on 7-20-2005
Scott Mesch wrote:
"If you want a daily hassle of updating your virus software and want your computer to run at 50% or less speed, then add anti-virus software to your Mac!!"
Daily updates?? Norton 10 gets updates about once every 10 days and it's automatic. And I've not noticed any slow down since I installed it. I ran for a month when I got my Mac mini before I got it, but only did so at my own leisure.
50% or less speed?? What kind of Macs are you running on? Even my older Umax that runs OS 9.1 and Virex 6.1 didn't experience any slow down when I installed it.
Now if we are talking Windows and the 5 different apps I have to run every single day, then I can agree with your end results.
Reply
PXLated said 3:20PM on 7-20-2005
Never run the stuff. As others have said, I'll worry about it IF/when something affects the Mac. Till then I'll just relax, sit back and just enjoy my good fortune and wise choice in computers :-).
Reply