Is it worth getting an antivirus these days?

pastrychef said:

The second a true self replicating virus hits OS X, it will be on every news agency and odds are you will learn how to defend yourself before any virus definitions get updated.

Click to expand...

Your confidence in the ability of security experts to detect, analyze and distribute a work-around in a short time-frame for a zero day exploit (http://en.wikipedia.org/wiki/Zero-day_attack ) is cute.

(Safari has had zero days before: http://www.bing.com/search?q=zero+day+exploit+in+safari& )

Especially given that because hardly any OS X users run any sort of protection and likely don't have any sort of network monitoring, the only way they'll detect an infection to report to a security company is via dumb luck or the virus announcing itself.

I.e., there's a good chance a significant portion of users will be infected before the virus is analyzed.

The IP ranges of the big AV companies are well known. Any virus worth its salt these days avoids attacking those ranges to avoid detection...


with regards to AV definitions:
http://en.wikipedia.org/wiki/Checksum
http://en.wikipedia.org/wiki/Heuristics#Computer_science


Heuristics enables a scanner to detect something isn't quite right and report it, even if it has no explicit AV signature for a new virus.

Checksums enable detection of changes to system files...

Without security experts finding said virus, how will virus definitions be updated to protect against it? This, again, makes anti-virus useless for a zero day attack. Your trust in anti-virust software and this heuristic technique is cute.

pastrychef said:

Without security experts finding said virus, how will virus definitions be updated to protect against it? This, again, makes anti-virus useless for a zero day attack. Your trust in anti-virust software and this heuristic technique is cute.

Click to expand...

Read up on heuristics.

You've got a better chance of finding an infection if you're actually looking for it.

I'm not saying it is a 100% solution. Nothing is.


My point is: stuffing your head in the sand and yammering "there are no viruses, os x is secure" is exactly the reason that when the virus infection eventually happens, it's going to be an apocalypse...

It's also the cause of all those annoying messages in Windows whenever you try to install anything. No thanks.

I'll worry about OS X viruses if/when there are any to worry about.

OS X isn't the flaming mess that Windows is. What applies to Windows does not necessarily apply to OS X. Think twice before entering your admin password and you will be in good shape.

It's a marketing scam. Your chances of getting hit by lightning are higher than getting an OS X virus. There are no such thing in the wild. Trojans yes. Trojans require the user to install something. Give their password. Just don't do that and you're good. Besides to really do damage you would have to give root access. The PC is crawling with viruses. There it makes sense. Worms, etc can infect your machine without any user action. But even so, I ran a PC for years and never had any serious viruses. Malware was a bitter issue. OS X is pretty immune from malware. Little javascript tricks don't really count because they rely on the stupidity of the user to believe they have a virus.

throAU said:

If a zero day was released tomorrow for OS X ...

Click to expand...

Anti-virus apps won't protect you from a zero-day virus, since they don't know what to look for. That's already been proven with some of the OS X trojans.

throAU said:

Heuristics enables a scanner to detect something isn't quite right and report it, even if it has no explicit AV signature for a new virus.

Click to expand...

Heuristics are far more effective for Windows, where there have been thousands of malware patterns to draw from. As there has only been a small number of trojans on OS X, heuristics would be far less effective on OS X. As antivirus apps haven't been successful in detecting all OS X trojans when they were first released, it's foolish to think they would do any better with a zero-day virus.

throAU said:

My point is: stuffing your head in the sand and yammering "there are no viruses, os x is secure" is exactly the reason that when the virus infection eventually happens, it's going to be an apocalypse...

Click to expand...

It is true that there are no OS X viruses in the wild. It is also true that, like every OS, OS X is not completely secure.

Stuffing your head in the sand and thinking some antivirus app is going to protect you from a zero day virus, or even currently-existing trojans is a far less effective defense than users educating themselves about and practicing safe computing, and staying aware of changes that may be reported in the news. Antivirus detection rates have been less than 100% so far, while practicing safe computing has been completely effective in avoiding any OS X malware that has existed in the past 12 years. Based on track record, I'll go with safe computing, rather trusting my Mac to some poorly-designed and not completely effective 3rd party app.

I need to start selling gas masks that will protect people from an as yet undiscovered, unnamed air borne pathogen that can potentially kill.

pastrychef said:

I need to start selling gas masks that will protect people from an as yet undiscovered, unnamed air borne pathogen that can potentially kill.

Click to expand...

Make sure the masks are heavy and bulky, have holes in them and have been proven to not successfully filter out smoke, pollen and small insects. Now make them expensive and you'll have ill-informed people lined up, believing your sales pitch.