@Dan
Possibly because Clam AV is glacially slow and half-blind. Tried the current before posting this against a small zoo, and on a clean machine- it's insanely slow and doesn't spot things.
For the first time, Apple is recommending the use of anti-virus tools to protect Mac systems. Long something of a phantom menace, strains of malware capable of infecting Mac machines have gradually been increasing in prevalence over recent months. In addition, VXers are making more use of web-based attack and applications …
Read carefully the Apple Support post (http://support.apple.com/kb/HT2550) for Nov. 21. There's no suggestion that the threat from viruses/malware on Macs has increased. Apple is just doing what the rest of the industry does: promoting products that it sells. Two of the three recommended products are "...available from the Apple Online Store."
As many previous comments for this posting indicate, knowledgeable Mac users are not only aware of the degree of "danger" they are in—primarily from malware, but considerate of their PC colleagues to whom they could pass on viruses. Whether we are in any more peril today than we were last year is highly debatable.
This is a complete non story. Some blogger notices that Apple updated an obscure tech support article saying that AV software isn't a bad idea in general, and it's the main story on the Reg? A slow news day indeed!
and @ Anonymous Coward: "I run OSX with protection as I think that just because no one has identified any viruses doesn't mean none exist! "
Um... if none have been identified, then how do you expect your AV software to spot them?
This looks to me just like a bit of Apple arse-covering. It's a footnote of advice, nothing more.
I gave up on Windows virus-scanners about six years ago, when I realised backups, firewalls, restricted access and careful browsing and downloading practices are far more effective.
Frankly, the anti-virus industry is a leech. Although I usually hate to side with Microsoft, I despise the whining anti-virus manufacturers who complain about the built-in protection in new versions of Windows destroying their industry. Their industry only exists because of bugs and holes - and like with any problem, eliminating the source is much cleaner than wiping up the mess.
Can do the rest of us a favor, be good little trolls now and take a long walk off a short pier. Now that that's out of the way.
Any computer user with an ounce of sense regardless of platform will keep some sort of anti virus software around and updated as a sensible safety precaution. I've always recommended Clam AV for Mac users particularly those who often operate within mixed windows/Mac environments. Especially those who make heavy use of MS Office as the Office macro virus is the only virus currently that can easily cross pollinates between platforms. While the macro virus is nothing more than a minor annoyance on the Mac side, certain variants can be quite destructive on the windows side of things. Now have I always personally followed that advice? Until recently, no not always but I'm informed and careful enough not to worry about that kind of thing while using my Mac. However when Apple moved to the Intel platform and ability to easily run windows and windows programs on a Mac started to come into full view I made sure that I and all my clients were actively running Clam on all their Macs.
The recommendation coming from Apple is sensible and I applaud them for trying to be proactive when it comes to protecting their customers. Apple has had some gaffes recently when it comes to certain security issues and my hope is they are learning from their mistakes. Also when it comes to those gaffes they do and have responded a helluva lot faster than M$ does or has.
BTW, Mac users have every right to be smug when it comes to the threat of viruses on that platform. Last time I saw any virus in the wild that was even potentially damaging to the Mac was ten years ago when seven dust hit the scene. Truth is we are just now seeing a rise in serious potential threats from malware and virii, don't like or want to accept that fact... Well tough shit if the truth hurts say ouch but try not to be such a twunt about it, kthnxbai.
Is security on the Mac rock solid? No it's not and some things could be improved upon but that is true of any platform. It is however a damn sight more secure out of the box than any windows install will ever think about being.
I am both an ISP and a reseller and the ONLY AV we have on any machines is on our mail servers as that it the only contact we have with Windows. Not any of the numerous other Macs in our organization have it as AV is a conflict from moment one.
I will remind those who say Macs aren't immune that the challenge has been out there for a number of years and the only alleged virus reports we get is from those selling AV, like the Gawd-awful "the sky is falling" Intego, and Symantec, none of whose products aren't allowed near our Macs.
Might it happen? Certainly. But AV wouldn't stop it as AV is always AFTER the fact. It is always behind AV writers and never anticipates. It can only fix or protect from already KNOWN virusses.
So you might as well wait until a virus shows up. So far, that is a very good approach.
Apple is just covering its legal butt.
Tech sites like this should know better.
Dead right. I've never used AV either. Firewall in the router, sensible browsing on a sensible browser, always junking spam and occasionally running Spybot for good measure (which has never spotted anything) is enough.
Never had a problem and if I have to rebuild once after 15 years of using the net on Windows then I'm still way ahead of all the suckers who run the truly appalling Norton (far worse than the majority of viruses).
And yes, I would know if I had a problem I just hadn't detected, I use Wireshark, ProcessExplorer and similar tools a lot, I would spot anything untoward.
Well, I've been using PCs and Macs since 1991 and I've only ever had a virus once, when my dumbass girlfriend of five years ago snooped my inbox while I was in the shower, and opened a mail attached called "ourpics.rar", and proceeded to unzip it and run the enclosed .exe
Fortunately she had the sense to confess, albiet sheepishly. She was lulled by the body text in the email, which read something along the lines of "i thank you for last night it was amazing and i send you pictures to remember me by always", bad grammar et al.
So all these years an no viruses, worms or maliciousness. How? I don't click on shit I don't want, and generally know where to get what I do want without trawling through unknown waters.
And condoms only offer 99% protection against unwanted pregnancy.
See the problem is....
"Avast! Home Edition and Clam AV provide similar options for Mac users. ®"
The Avast Product is called Avast for MAC and although the Clam AV command line UNIX package works with OS X-- I think most non-geeky MAC Users (those whose surfing habits might POSSIBLY warrant AV) would generally use ClamXav (GUI built for OS X on Clam AV)
--In fact the article by Brian Krebs the author referenced specifically mentions ClamXav and not ClamAV--
And to those 'nix fans who think their UNIX is immune.... "Certainly, the number of threats for the Mac OS are still small when compared to the hordes of families aimed at more traditional OS targets," Alfredo Pesoli, a security researcher at Symantec, wrote on a company blog last week."
Pesoli continues; "More and more malware has emerged for Mac OS X recently. All of the Mac OS-targeted malware we’ve seen is still affecting the BSD subsystem or are BSD-style infections. We haven’t yet seen anything that completely relies on the Mach Subsystem or Cocoa."
FYI thats the 'nix part of OS X --its BSD roots and he's saying the Apple specific software (Mach Subsystem and Cocoa) are not to blame.
And b4 you rant, Yes I know BSD is not linux, and, yes I know OS X's Kernel is based on BSD Kernel 3.5 which is quite "mature" (as in old) and there have been many security updates to the Kernel since 3.5 and, finally I can hear the "AH HA, See I told you it was Apple's fault for not using a NEWER version of BSD.
If you get a virus on your MAC --you did something to deserve it. (and I love this comment)
"I think it was more to pacify sysmans in mixed networks who can't bear the thought of not installing crap on computers to make them run slower and infuriate their users." --BINGO
"When the first wild OSX virus came out - that the argument seemed to be users had to type password, but reading a few Mac Forums at the time it was reported users could be set up so they were admins and password wasn't needed as part of install process."
It still asks for a password before messing with anything that doesn't belong to you – ie. anything outside of your Home folder, ie. the system. The only difference is that *your* password will let it do those things, if you're an Admin. Pillock.
@ Hell even M$ is faster in this aspect then Apple. Isnt there STILL a security vuln in Safari that has been around and known of for atleast a year or more now? @
Yeah, whatever ... how about the freshly painted MS08-068 then ... MS "finally" fixing a 7 year old SMB vulnerability (see http://www.xfocus.net/articles/200305/smbrelay.html).
Windows overuse of RPC, multiple system-level APIs accessible over network connections (remember Back Orifice 8-) and overly complex security rights/permissions have led to years of these holes cropping up.
I certainly find it much easier to lock down Unix based systems because of its inherent modularity.
As many have stated, by running as a limited rather than root/admin user and not acting brain-dead when it comes to attachments etc AV software is mainly useless as it's retroactive by definition. Use openDNS as your DNS server and a fare few dodgey sites will be blocked. AV is just money for old rope. Had it on XP because of less able users using the machine but never had a hit in 6 years. Definitely won't be buying into the performance lessening tripe on my Mac.
@AC 13:29 GMT et al.
OSX is NOT built on Linux. It's built on BSD Unix.
@Nick Fisher 14:55 GMT
Actually, the plural for "virus" is "virus", not "viruses".
Re: Malware
The biggest danger is not virus, but rather worms. If you have no mechanism for detecting unwanted intrusions, then you will one day be the target of a mindless, network-sniffing worm. Enable a firewall, at least.
Re: Multiple AV Solutions on One System
The author is misguided, or has only used Norton and McAffe ... both resource pigs. There are no performance problems when you install and use several real-time scanners and a couple of manual scanners on a single system. The reason you want to do that is because of the nature of heuristic programming. One AV solution simply can not catch every virus because of the way that piece of software is programmed to work. Similarly, a single AV solution could easily cause issues when it mischaracterizes valid software or when that solution is compromised. Unless you're running a 486 with 12MB of RAM, you won't even notice Clam and AVG and Avast! running at the same time, and you will be better protected than if you only ran one of them. You can try it for yourself; the next time you want to scan your system, try a couple of free programs and check the results. Each program will find something the others did not.
> No need for AV on Mac/Linux because there's no virii
>
> I think that's called Security through Obscurity. And we all know what the pros think
> about that.
Security through Obscurity is where there is so little publicly-available information about a system (documentation, code, etc) that vulnerabilities (eg. design flaws) cannot be found by examining said info. Vulnerabilities can be and are still found simply by bashing away at the system until it breaks.
Linux and BSD, being Open Source platforms, make a great deal of info about their inner workings available to the public, including the source. Security through Obscurity applies far more to Microsoft (although they're getting better). Admittedly also to Apple's software, except for the BSD Unix their GUI runs atop.
It doesn't matter how secure a system is if the user can circumvent that security. Social engineering is a far more reliable way around system security than poking holes in software, especially given the number of unpatchable read-only brains out there. To close off this sort of attack, the system must restrict what the user, owner and administrator (which for home PCs are all the same person) can do. Of course, once that happens, your own computer no longer belongs to you.
The user cannot always blame the vendor. Sooner or later the user must grow up and take some responsibility for the security of their system, or it's no longer their system.
One way or the other.
That said, there's a lot of crap software out there too. It's just not a black-and-white issue, and both sides prefer placing blame to taking responsibility.
Apple officially removed the web page admitting that it is an out of date article (we had debates on this same page over 2 years ago!) and was improperly advising users to install software that is no longer needed.
Some obscure blogger picks up on it, next The Register is on it like flies on sheet and the Wintards get 15 minutes of jollies.
Whats the official word now?
"""
We're sorry.
We can't find the article you're looking for.
Please return to the Apple Support homepage.
"""
End of Story
First off, has anyone stopped to consider that Jobs might just be trying to get his friends at Symantec, etc a little larger holiday bonus? It wasn't made quite public enough for that to be probable, but it is still possible.
Second, to whomever thinks that they shouldn't find and erase Windows viruses from their Macs... consider that sharing viruses is considered quite impolite, and could be construed as illegal, though if you didn't know it was there you'd probably be alright. Still, it isn't cool to put others at risk because you are lazy.
As others have mentioned, ClamAV isn't exactly optimal for desktop use. It was / is designed mainly for servers, where it gets called to scan files / volumes on demand, like checking an email attachment before allowing the message through, or daily scans on user shares. It does have real time scanning support in Linux, but it doesn't seem terribly mature from what I've seen. It definitely isn't a replacement for realtime scanning, which is what you need, if you need a virus scanner at all.
Unless Norton has improved a lot since version 10.0, it's crap. And uninstalling it is nearly impossible. That app caused me so many problems with my previous job at a helpdesk that it still makes me fume to consider how poorly designed it is. And it does tend to slaughter your performance.
Some people seem to make a big deal about *nix security and what not. A computer is secure as you make it, and not all *nix systems are equally secure. For instance, as far as I know there is no SELinux analog for OSX. Then again, it's easy to give every account root privledges and no passwords on Linux.
The main problem with realtime scanners is that they use kernel hooks that get called frequently. With 2 or more realtime scanners, you interrupt the kernel more frequently, and run the risk of having the (generally sketchy) kernel hooks interfere with eachother.
I personally don't like AV on Windows, because #1) I can remove viruses better by hand, #2) I keep an eye on processes and whatnot and I generally notice a virus quickly, and #3) I definitely notice the performance impact on heavy file IO.
"Whats the official word now?
"""
We're sorry.
We can't find the article you're looking for.
Please return to the Apple Support homepage.
"""
End of Story
"
Unless they got a virus and it deleted the page you are after?! :o
*this was a bad joke, please don't flame me as if I was being serious!!*
This story ALMOST made me think it was time to get av software on this baby... I've been close to doing it since I first got the mac sometime early this year, it just feels wrong not to, but I don't install it on my linux boxes so I fight myself whenever I get the urge to on osx, I run AVG on my windows image because it's fairly light weight and free, but the image only had .net code in there anyway so wouldn't be a total loss if it died... most of my info on osx is password protected/encrypted, and I'm a reasonably cautious browser with noscript and adblock on there, I do use firefox instead of safari, but safari is still installed unfortunately.... I also only use gmail for email as I dont trust local email clients, never have... so the only real way I can get a virus on this machine is downloading and running it on purpose, or if I decide to share a folder with my windows image in vmware, neither are very likely.
Thanks for keeping me on my toes though... even if it ends up being a non-story, it's nice to be reminded that av software does still exist, and the recommended ones for macs.
I also have no applications that run on it.... So i need to install other OS's on my overexpensive hardware.
The only way to protect against viruses coming in over the network is to yank out the network cable and put the antenna of your wireless card in a faraday cage. ( or yank it out ).