back to article Mac security packages range from peachy to rancid – antivirus tests

Independent tests of Mac antivirus products have discovered that the effectiveness of these security packages runs from a risible 20 per cent to an unimpeachable 100 per cent. German security lab AV-TEST.org put 18 free and paid-for Mac OS X security products and services to the test, discovering widely differing performances …

Sophos not good with Mavericks in my experience

On my 2013 MBA Sophos and Mavericks don't play nicely together. Sophos randomly prevented browsers (FF, Chrome, Safari) from accessing the internet connection. I fixed it by uninstalling Sophos.

1
0

Re: Sophos not good with Mavericks in my experience

I only recently installed Sophos on to a Mavericks box and it hasn't managed to complete a full scan yet. It did quarantine a few browser nasties but was not able to delete them. There could indeed be Mavericks issues?

0
0

Re: Sophos not good with Mavericks in my experience

Paul - I didn't have any trouble with scanning. `If it's finding stuff it can't delete it might be because it's scanning your backups (e.g. Time Machine). If Sophos is scanning your backups then that might be why it's taking a long time - or not finishing. If it does find bad files on your Time Machine then Sophos doesn't have the privileges to delete them and you have to do it manually.

My problem was that occasionally it would look like my wireless link was down cos I couldn't see the web from browsers. After lots of messing about I discovered that it was Sophos and the only way to fix was to uninstall it.

I've run without AV for a couple of months. I read all the stuff about Macs' inherent protection and the fact that there aren't many virus attacks for Macs, but I don't like not having AV. I've just installed a trial of Bitdefender, so I'll see how it goes.

0
0
Len
Alert

Which samples were used?

Is the list of samples they used to test available somewhere?

I have to say, choosing a security product that has to protect two OS-es (my own OS X but also other people's Windows that I might send stuff to) is a lot harder than just protecting Windows. I use Intego for two reasons, protect my own machine that runs OS X but also machines of my clients that run Windows and I don't want to forwards Windows malware on to.

It seems that Intego isn't too bad on OS X malware but could do better for Windows malware. Do I choose my own security over that of Windows users? Interesting dilemma.

1
0
Silver badge

Re: Which samples were used?

"Do I choose my own security over that of Windows users?"

Bottom line: Yes.

You should trust that said Windows users are themselves adequately protected - or if you are in a position where you deal with or advise on their IT, you try to make sure they are - but on your computer, your security comes first.

0
0

Chowder

ClamXav not mentioned on there I see...wonder how that fairs.

6
0

Re: Chowder

Historically, clamXav on the mac has been decent at detecting viruses, but slow and resource-hungry (in brief, avoid). I have Sophos running and it seems fine, but I'm open to alternatives.

1
0

Re: Chowder

I also use clamXav, and have yet to catch anything nasty (that I know of). It could be I'm being lax with my security, but I just get the sentry program it comes with to scan anything that appears in my 'downloads' folder, and then make sure anything I download/copy/import/etc passes through said folder. So far so good.

1
0
Silver badge

Re: Chowder

I use clamXav - and it's successfully identified viruses on flash sticks that were missed by colleagues computers which rely on the work standard install of McAfee. Okay, so this probably isn't news - but at least clamXav ain't on the bottom of the pile.

2
0

Re: Chowder

"missed by colleagues computers which rely on the work standard install of McAfee."

McAfee doesn't really detect anything. It just looks pretty in the system tray, and sometimes tells you the internet uses cookies.

Some might even argue the names of their products are in fact misleading.

0
0
Silver badge
Mushroom

misleading title

There are not virus' on OSX only malware, and I believe you have to provide admin credentials in order to install it

7
4

Re: misleading title

I belive this is also true for Windows Vista and later versions. I'm not 100% sure, but I haven't heard of a single Virus for Windows either since Vista.

All the mac mac osx malware today, and I believe all the malware for modern windows versions, are defined as Trojans, Worms etc.

That means you are safe without AV on both platforms, as long as you know the means they want to infect you with, and avoid those situations.

Social engineering is used to fool people to install malware today, phishing etc. But pure Computer Viruses that lives up to the definition of a computer Virus nope.

Then we have the AV companies that cry wolf wolf when there are no wolf. Symantec did this a lot. And many others. Only honest AV company I know when it comes to Mac Malware is F-Secure.

When symantec said there was Viruses for Mac F-Secure said we have no reason to make a AV for the mac, there is no Viruses yet for the mac, and very few trojans that pose a unsignificant threat.

Now that is Years ago, today F-secure has a product for the mac, but at least they weren't trying to phish customers with false alarms.

I have clamxav installed, but manually run it on some windows files maybe once every second year.

Now people that write articles on malware should start using the correct terms for each kind of malware, including the source for this article. The one that wrote that blog is clearly stating that he does have his own definition of what a computer virus is.

The source he refers to is a bit better and doesn't use the word virus, but malware, trojan and worm.

Now I challenge someone more knowledgeable than me to list true computer viruses for both Windows since Vista came, and for OSX. I would be happy to be proven wrong, not so glad though.

0
0
Anonymous Coward

Re: misleading title

I would have to disagree about enter the password to install.

Most of the malware I see (admittedly Windows) is designed not to be installed, so downloaded either willingly (duped) or silently via exploits and run as user with persistence of being added to the user's (not the system's) start-up applications. This user area is obviously for usability but can be exploited.

I believe this can be seen in the 600,000 plus Mac Flashback infections back in 2012 via the Java exploit route.

This generally is the exception to the rule of Mac's don't get viruses or malware but it did prove that they can which is why Apple changed their marketing to "Built to be safer"

0
0
Len

Re: misleading title

There are precious few OS X viruses, two I believe, which indeed need the admin password to be entered before they do anything. Then again, even on Windows new viruses have become increasingly rare due to better security of the underlying but also because there are now easier ways to drop dubious payloads on people's computers.

That OS X doesn't really have viruses doesn't mean OS X doesn't have malware. Viruses are just a bit old-fashioned subset of malware. It tends to have shifted focus to drive-by downloads using vulnerabilities in Flash and Java binaries for instance. Sophisticated exploit kits just pack a range of exploit that targets various platforms, versions and vulnerabilities. OS X is not fully immune from those (although removing Flash and disabling the Java web plugin help a lot!). That is why I run an AV product on OS X.

0
0
Trollface

They didn't review...

...MacKeeper, which always shows up in spammy banner ads when I have to use a browser that doesn't have AdBlock installed on it.

1
1
Silver badge

Re: They didn't review...

MacKeeper is the single most widespread Mac malware. Ever.

4
0

Re: They didn't review...

My housemate — no, really, not me — recently installed some peer-to-peer software or another that also hijacked her browser so that adverts for MacDefender were shown in a pop-up window every time she followed any link and in a large banner at the top of every page she visited. Which makes it little better than ransomeware. She'd downloaded some clearly dodgy software and supplied root privileges for install but what's the difference what the attack vector was once it's installed?

The specific Trojan causing this was called VSearch or something like that; the binaries were in /System/Application Support, which as someone who knows the general startup procedure were easy to find and remove manually. I think most Mac malware is still at that level. I fear it may not stay so simple for long.

1
0

Tips

Don't install Flash. It's an awful risk to take. OS X will insist that you're using the latest version of Flash before it allows it to run, but you'll be safer if you don't install it at all.

Don't install Java unless you really need it (most people don't need it). Again, a 3rd party train wreck that's had a long history of vulnerabilities.

Use the latest version of OS X. Set the security settings so that apps may only be installed that originate from the Mac App Store and identified developers.

To the best of my knowledge there are no OS X 'viruses' in the wild. There's always the chance of you installing malware (naughty software that does things it oughtn't to), so be careful about what you do install and where you get it from.

I've read many many times that if you follow these basic precautions, you won't need antivirus software hogging your machine cycles on OS X.

5
2
Silver badge

Re: Tips

Use click-to-play for all plugins. There's nothing like not actually running the plugin at all if you don't need to to avoid drive-by malware.

1
0
Anonymous Coward

Re: Tips

I've read many many times that if you follow these basic precautions, you won't need antivirus software hogging your machine cycles on OS X.

Depends - if you receive email and need to communicate with Windows users you're still better off doing at least a scan. This is my main issue - the times that I do a scan it tends to show up Windows viruses in spam folders, I have seen very few Mac malware. Having said that, the reason I scan frequently is because I want to keep it clean - a belief that Macs is safe all by themselves is foolish.

We have machines locked down with Hands Off which doesn't just lock down network access, but also what apps can do on the hard disk.

As for working with non-admin accounts, it's not as easy as it appears. As with Windows, there are still a *lot* of coders out there who seem to assume the user has full access, and code accordingly.

0
0
Silver badge

Re: Tips

I would consider strength-in-depth on any system, regardless of OS.

- Take regular backups.

- If there's a decent endpoint protection (AV, firewall etc.) product, use it.

- If something isn't required, remove it.

- For everything that's left, patch it.

- Test system after patching. If something broke, consider reverting to last known good (aren't you glad you had that backup?).

0
0

Re: Tips

"Depends - if you receive email and need to communicate with Windows users you're still better off doing at least a scan."

That's what Douglas Adams would call an SEP - Somebody Else's Problem.

If the Windows machine you are sending email to doesn't have adequate protection, it will get infected sooner or later anyway.

I concur with the advice given previously - there's no need for any of these products.

0
0
Silver badge

not news

I am totally not surprised that Sophos scored well. I'm also totally not surprised that Norton, McAfee, and Webroot stunk up the place.

1
0
Anonymous Coward

20 million nasties?

I wonder if a Mac could even carry that amount of nasties around, then get connected to an unprotected Windows network. Picture air-borne Ebola.

I wonder how many actual RNA-alive nasties can mother nature throw at us, provided there are gazillion more methods to our fleshy demise and how efficient is OUR immune system when compared to the digital ones.

0
0
Facepalm

2005 is calling and it wants its dumb idea back ..

"#2) Enumerating Badness: Why is "Enumerating Badness" a dumb idea? It's a dumb idea because sometime around 1992 the amount of Badness in the Internet began to vastly outweigh the amount of Goodness .. ref

1
0

Re: 2005 is calling and it wants its dumb idea back ..

To be fair to Apple, to run an unsigned application you now need to go into the Finder, right click on the thing, select 'Open' and then say 'Yes' to the warning prompt that appears. Signed applications from outside the App Store show the prompt and Apple can withdraw the certificate centrally. In both cases this needs to be done only once to bless the app as permitted. Only App Store apps, which Apple has inspected, run immediately, first time.

Of course you can turn all that off if you want, but it's an attempt to push towards enumerating goodness and away from enumerating badness.

3
0
Bronze badge
Coffee/keyboard

Macs only need a HIPS..

vulnerabilities are rare enough in Macs, I would say a good file cleaner(if there is such a thing for Macs), and Rapport for Safari are good enough. The few malware that could end run such a system are covered in the Apple store as downloads for malicious file removers, when and if they rarely come up. I'm not saying Macs are like an Army tank, it is just that it takes less effort to secure them. But then it has taken less effort to secure new versions of Windows too. Just don't run as administrator! And of course anyone should be using a good password manager by now. The only difference with Windows is so many of the applications put holes in the system, you really need to keep up with the applications patches. My brother tells me this isn't a problem with Macs - if the app comes from the Apple store it already auto updates. Feel free to flame me, I am OS agnostic.

If you just want to keep Windows malware out of your email to protect others, then Clam X AV is good enough there, I suspect. No one should trust email now days - even coming from trusted contacts! Some Mac heads tell me they don't trust the built in firewall, so I'm sure there are good 3rd party versions out there that Apple will tolerate. Online Armor is one of my favorite Windows firewalls, I'm not sure what will run on a Mac that comes close to that kind of lock down.

0
0

Re: Macs only need a HIPS..

Rapport is a horrible resource hog, I have seen many instances of high CPU usage on OS X.

0
0
Anonymous Coward

Re: Macs only need a HIPS..

Vulnerabilities are not rare in Macs, what is rare is exploitation of those vulnerabilities.

It's also worth remembering that malware is all about financial gain now, so why spend too much time writing malware that will attack Mac OSX which the last time I read made up about 8 or 9% of the desktops/laptops internet connected.

If the market share goes up significantly I would suggest that Macs could be targeted more, I think Flashback was so successful from a number of infections point of view at least, largely due to the "Macs don't viruses" marketing.

0
0

Re: Macs only need a HIPS..

I've seen Rapport cause the fans to kick in on a windows laptop doing absolutely nothing. It's a horrible piece of software recommended to me by my bank. Needless to say it was soon removed.

I run no AV on my macs but I do use ad-block, flash-block etc as well as Little Snitch which should I happen to catch anything will generally highlight that something new is trying to access the network. I've seen evidence before where malware looked to see if this product existed and didn't install itself it it did.

Oh and stay off bit-torrent. That's the easiest way to get someone to type their password in to install something they think they want when it's actually compromised.

0
0

Re: Macs only need a HIPS..

"The only difference with Windows is so many of the applications put holes in the system, you really need to keep up with the applications patches. My brother tells me this isn't a problem with Macs"

Why wouldn't it be a problem with Macs when it is with Windows? It's still software.

Besides, most malware comes from an idiot specifically asking the computer to run the dodgy code, which then sticks itself into a startup folder/script/schedule. For Mac users, you can probably even skip the startup bit - they rarely log off anyway (shutting the lid is not shutting down).

0
0
Bronze badge
Coffee/keyboard

Re: Macs only need a HIPS..

He says this isn't a problem because Apple updates everything including his applications automatically. So any vulnerabilities are patched - hopefully before zero day.

0
0
Bronze badge
Coffee/keyboard

I've tested Rapport..

on Windows, and it is the only solution that passes all of the AKLT tests with flying colors! So I call BS on people that say it doesn't workl - but I digress on Macs, because I have no idea if an anti-keylogger test application is available for Macs. On windows, all of my clients use it from XP to Window 8, and from old Pentiums to the latest Intel i7 processors, with nary a hiccup - I don't know what people are talking about performance hits - most of my clients machines are the fastest Windows machines I've seen of their type. I'd sooner believe you have a malware infection that is fighting the protections of the Rapport utility. Maybe you should check the console to see if any attempts were made to modify the browser.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2017