Sophos released a free of charge Mac anti-virus product for consumers on Tuesday in a bid to highlight the growing security risk against the platform and to shake fanbois out of their complacency. The business-focused internet security firm is making Sophos Anti-Virus Home Edition for Mac available for download at no charge - …
I'm sure this will be news to all those Mac users who've been running the free antivirus package ClamXAV for years!
Sophos AV for Mac
Be thankful - at least it's not Symantec who've done this. Their crappy bloatware could make even Deep Blue and HAL 9000 run slowly.
not the first free av
clamxav is free, for example.
Yes, you should have mentioned ClamXAV as another free Mac solution. The main reason to to run something like this on a mac at the moment is if you interact with a lot of windows people that have a habit of sending infected doc/x files everywhere - you can sanitise before sending on, and also warn the sender (not to send you doc/x ever again)
I have the highest regards for Sophos...
In my experience they are one of the good guys in a rather iffy industry sector. I'll certainly download this to take a look at it, and it's the kind of thing I'd probably install assuming negligible performance hit and compatibility issues.
However the article needs some work:
"Windows threats counted in their millions dwarf the number of strains of Mac malware, which can be counted in their thousands".
Oh yes? As far as I can tell the strains of Mac malware can be counted in their tens. Well, a single ten anyway.
And where is the list of Malware that the Sophos scanner protects from? There's no clue on their site or indeed in the article. There's a hint that it is based on heuristics to try and counter novel threats, that's nice. But more details please.
Finally "fanboi... complacency". Thanks for kicking off with that tired old strawman. Yes Mac users can be complacent, but that's for the fairly rational reason that there isn't really much in the way of Malware circulating in the wild (yet). That doesn't mean I'm complacent about downloading warez or clicking on links indiscriminately. I keep a close eye out for news of vulnerabilities or trojan threats, I have a copy of ClamAV lying around somewhere. But that doesn't mean that I've felt the need to rush out and by the hunks of pointless junk that are the current crop of commercial Mac AV scanners.
Now yo9u've got me wondering whether, with the advent of the AppStore in Lion OS X 10.7) Apple will introduce a 'Only allow executables installed by Apple to run' sandbox switch.
I will be installing this when I get home this evening.
It will be like wearing a seatbelt in the car where you don't expect to have an accident, but you take precautions to safeguard yourself in the event that it should happen. With AV on the Mac, there are so few threats, is it worth bothering with? Well yes, as long as the chance of infection is above zero, no matter how infinitesimally small it is, you should take precautions.
I'd like a little info, too
Clam seems to fix Windows malware, 'cause there isn't any Mac malware to bother with. Does this thing from Sophos fix Windows malware, too? If so, there may be a reason to download it. If not, why bother? There is, at present, no significant threat. The only real Mac malware out there are a few Trojans, and if you stay away from porn sites and don't download warez you're safe from them. There are no drive-by malware threats, though as Flash and PDF have the same vulnerabilities on OS X as on Windows there could be. If someone actually created a real threat, say one based on Flash, I'd either kill Flash (extremely likely) or get Mac A/V (unlikely). I may just kill Flash on my machines anyway. As it is I usually run ClickToFlash, NoScript and AdBlocker or some equivalent thereof. That eliminates almost all strange things out there, no A/V necessary.
As much as you are offended...
Sadly, there are quite a segment of mac fanbois who feel their OS is superior because "there are no viruses for Mac", which quite clearly is not the case.
So yes, there are a lot of people who are complacent about malware threats on Mac OS X, and many of them are home users because they believe what they've been told by Apple Store staff and anecdotes that are no longer true.
So as much as you're insulted by "that tired old strawman", it is applicable. Perhaps not to you, or many El Reg readers, but it still applies.
"The only real Mac malware out there are a few Trojans, and if you stay away from porn sites and don't download warez you're safe from them."
Not strictly true - http://www.theregister.co.uk/2010/10/27/koobface_for_mac/
not ready for prime time
As the article at www.theregister.co.uk/2010/10/27/koobface_for_mac/ itself states, this bit of malware is not fully baked. I repeat: the only real OS X malware are a few Trojans. And you have to recall that the group making the warning is Intego, who have in the past been known to be somewhat... sparing... with the truth in their malware warnings. As of the last time (the very last time) that I visited their site, they boasted that their A/V software 'protects' against malware including the Scores, WDEF, and NVIR viruses. Those particular viruses cannot spread on any version of the Mac OS since System 6, and cannot run on any version of the Mac OS since System 7. It's impossible for them to do anything to OS X... or to OS 9. They say that they include those ancient malware to cover those who use Classic, but as Classic _is_ OS 9, running in emulation under OS X, and as those items can't run in OS 9, that claim is pure and simple bullshit. And, in any case, there's no point in covering _anything_ that works with Classic when a vendor makes a release of software for OS X 10.5 Leopard or later, as _Classic doesn't work in Leopard_. Apple killed it. This means that any malware for any version of the Mac OS prior to OS X is dead, dead, DEAD. It's ex-malware. It'd be pinning for the fjords if only Norwegians would let it into their country. And yet Intego _still_ lists 'protection against Classic malware' as a feature on their latest version, for 10.6 Snow Leopard...
If even Intego states that the threat from koobface for Mac users is minimal, I'd say that a better description is 'nonexistent'. I simply don't trust the buggers.
It is NOT the first
The first free Mac A/V software was Disinfectant, created by Northwestern University professor John Norstad in 1988 and discontinued in 1998.
It's not even the first free Mac A/V for OS X; Clam is available on OS X in at least two variants. There's nothing for it to do other than hunt Windows malware, but it's available.
And if you think that there are 'thousands' of OS X malware threats, perhaps you'd not mind listing the first hundred? I suspect that there aren't 'thousands' of Mac malware threats even if you go back to 1988 and count 'em all. IIRC the last version of Disinfectant listed a grand total of 1497 threats, which isn't even a thousand and a half. Of course, Disinfectant didn't do anything about Office macro viruses, and didn't even detect them, and there _were_ thousands of those... but only a very few worked on Macs, the rest merely could be carried by Macs and then infect WinBoxes. It appears that almost all Office macro virus writers expected their targets to have a 'C:' drive and hard-coded their malware accordingly... Mac users usually found out that there was an Office macro virus around when WinBoxes in their vicinity started acting more squirrelly than normal. Given the way that Win98 behaved, this often took a while to become clear.
Yours, still smug and perspiration free.
When I was at university 1990-1993 Mac viruses were a real problem.
Like a real big problem - and no-one used MS products on them either. If you weren't running something like SAM you risked nasty things happening.
Although, to be honest, getting all smug about your Mac being relatively virus safe is about as sensible as being smug that this piece of A4 paper I have here (80gsm, ruled) is virus safe.
yep, it _used_ to be real
At one point there were more Mac malware, mostly viruses, than Windows malware. That's why Norstrad created Disinfectant, and why there really was a reason to use SAM or Virex or something similar. However, by 1999 the only serious malware that hadn't been stamped out by Apple changing the system were Office macro viruses, and Microsoft got most of those by making changes in how Office macros worked. They didn't get _all_ of them, but as the vast majority of Office macro viruses didn't work on Macs (no 'C:' drive, and the virus writers just loved to hard-code in 'C:' drives...) that threat rapidly dwindled. I used Virex up to about 2002 or 2003, mostly to kill macro viruses. I stopped using it when I noticed that there simply weren't that many macro viruses hitting my systems any more, and new versions of Virex were actually more dangerous than most malware. (Virex 7.5 would eat email. They 'fixed' this by turning off the incoming email scanner. So far as I know it's still turned off, seven years later.)
If, and it's a big if, there is ever again a serious malware threat, then I suppose that we'll wheel out A/V for our Macs. Not from Intego or Symantec, though. Those boys will never see so much as one penny from me or any from any operation I control.
A list of Mac malware
If you query the Sophos site, you can see about 80 specific mac malware that they've done a (brief) write-up on, and they don't write up everything explicitly - particularly when there are multiple, similar variants of the same thing:
Them, of course, there are the various vulnerabilities of "common platform" applications as others have pointed out...
... the Software's About Box says: "Protects against 2110692 threats"
Can anyone with the Windows version tell me if the same number occurs there?
The software uses the same threat definitions as the Windows product because it also detects files that are carrying Windows nasties. So right now my Sophos Endpoint Security for Windows shows 2110694.
I realise that's a long "yes"!
and that list
is a classic example of the massive FUD that is the A/V industry. Let's look at a few of the items on it.
Hmm.. the Autostart worm. Three entries. (Autostart A, B, and C). This is the very last serious Mac malware ever to roam the Earth... and it dates from 1998. And it's a Mac OS 9 only virus, which can't spread if you simply go to Control Panels and _switch off_ CD autostart.
Hmm. Sevendust. The second-to-last major threat. Totally unable to run under OS X, even in Classic mode.
Hmm. INIT, CDEF, NVIR, WDEF... all of them System 5/6 viruses, killed by System 7, cannot run on PPC... Even less of a threat than Sevendust.
The only _real_ threats in that list are all Trojans.
So it _does_ protect against WIndows malware. There's a reason to get it after all.
But does it protect against
The most irritating virus of them all, the Mac Smugness My Farts Are Odorless one?
it protects against everything. Deal with it.
Still smug after all these years.
super awesome mega secure OS X doesn't need antivirus!
Here come the fanbois whining about how they're only complacent about security because they don't need it because Mac OS X is the most amazingly ultra super secure software ever created. Talking about security with the Apple zombie hordes is always an exercise in futility. With Apple starting to get enough market share to become a target for malware writers, the fanbois blissful ignorance of all things security will be coming to end soon.
I don't need A/V protection on a Mac! There's only been few malware programs ever written for the Mac, therefore there will never be any!
Brilliant thinking fanbois
1 back in the 80s and 90s when there were a lot of viruses on the Mac platform the market share, especially in the 90s, was a lot less than it is now. it's not the low market share that makes OS X a hard target, it's that it's a hard target. Deal with it.
2 there are no serious malware threats on OS X at this time. Period. The closest are a few Trojans. Deal with it.
3 it's not that it's impossible for malware to work on OS X; the existence of the pitiful handful of Trojans and the not-ready-for-prime-time things like koobface for OS X show that it's perfectly possible. However, it is _hard_ for the malware boys to write something that actually works on OS X. There has not been a serious malware threat on the Mac platform since the autostart worm of 1998, and as that was on OS 9, there has _never_ been a serious malware threat on OS X. Deal with it.
4 it may be that a serious threat shows up tomorrow. It's extremely unlikely, but it's possible. If one does show, then it's also extremely unlikely that any of the existing dross offered as A/V software for OS X will do a damn thing to stop it. In particular it is appallingly clear that the utter crap turned out by Symantec and Intego simply will not be up to the job. Period. End of story. There is absolutely no point in investing in _current_ A/V on the Mac platform as there is no serious current threat and the existing commercial (and freeware) A/V are, to be blunt, toys. Deal with it.
When a real threat arrives, if one ever does, then those of us on the Mac platform will have to do something about it. But as no-one can have a clue about the nature of any future threat, and as it is blindingly obvious that the A/V industry, far from even trying to get a clue about it, is busy dumping lots and lots and lots of FUD and is pumping up the 'threats' they 'protect' against by including malware from the 1980s and 1990s which cannot run on OS X no matter how hard they try, and including Windows malware in the totals, despite the simple fact that Windows malware is no threat to Macs in any way shape or form, then the best thing to do is to keep our money in our wallets and ignore the FUD... unless and until there's a real threat. Deal with it.
If this be 'smug', and 'complacent', then make the best of it.
And I really would like to know how Mr Powell here _knows_ that the time of 'blissful ignorance' will be ending soon. I really would. Particularly when long-term Mac users remember when there were more Mac viruses than Windows viruses and when A/V was necessary... and _know damn well_ that A/V is _not_ necessary at this time on a Mac. Period. Perhaps Mr Powell can share with us his reasoning for that 'marketshare' argument, given the Mac OS's market share in 1998 when the autostart worm and sevendust were active, compared to market share at present. Hint: the current, as in right now, Mac market share is _considerably_ larger than it was then. And, as this is a _considerably_ larger share of a _vastly_ larger total market, if the 'market share' argument was of value then major malware attacks should have started _years_ ago, when the loss of market share was counteracted and the growth in share started and then got past the 1998 levels.
Please, Mr Powell. Share your data with it. I'd just love to see it.
Here we go again
I lost my entire Macintosh database in 1988, because of malware distributed by Apple Computer Inc. on a floppy diskette containing laser printer drivers. I reported the problem by telephone to the woman in charge of European software distribution and she said: "Oh, le foutre [she was French], is it on the printer drivers too?" Then she remedied the situation immediately by sending me another floppy diskette entirely free.
Fortunately, the problem of potential malware infestation went away completely a few years later because, until now, I'd never found a virus scanner that would run on OS X. Thanks to The Reg, I'm now staring at a progress bar showing that about one percent of 2.8 million files seem to be OK, and I'm back to the heart-in-mouth excitement of running Disinfectant on System 4.
Malware - Yes... viruses - No!
What this needs is a complaint to the Advertising Standards Authority, based on one simple issue... are there any viruses for OSX (no!), and if the answer is "no", should this product continue to be marketed and sold as an "anti-virus product" (no!)?
Don't get me wrong, it might well address Windows viruses and a few Mac trojans, but that's like saying cheap tinfoil (as used in Register anti-alien tinfoil hats) can be marketed as a medical brain-protection device.
So folks... THIS IS NOT A MAC ANTI-VIRUS PRODUCT... I feel better now. But I still think that Sophos should be reported to the ASA... then they will have to produce the proof, or withdraw the claims... Simples! :-)
How smug can you get, hmmm?
Anonymously to avoid being a future target of the tedious, patella-strung, XYY-versioned, Mac/Apple/OS X-bashing zealots - of which there is no shortage in the comments here.
There is really no argument not to install this freeware offering; if you install it, and sign up for the announcements, you're an early adopter, and will have a slight edge when it comes to influencing the direction that Sophos may take the thing. And, of course, given the long tradiiton on the platform of there being a free, effective AV application around, there's an opportunity to put the screws to Sophos to keep the price 'no-to-low'.
In a related vein, there's really no argument to be made against running it periodically - particularly over the dreck you receive from your correspondents, to determine which of them to avoid digitally. It might be interesting, informative, and fun; running the thing and finding a Windows-targeting threat (potentially) gives you, OS X user, a chance to inform a Windows-using correspondent of the threat(s) resident on their computer. Have to like that kind of smug.
Finally, the reporting of 'millions and millions served' within the program is certainly dubious, and falls short of being forthright and up-front in not specifying that the number represents threats that almost exclusively target Windows. That should be fixed, I think.