Antivirus For Mac

Discussion in 'Mac Apps and Mac App Store' started by goopyspooge, May 4, 2011.

  1. goopyspooge macrumors newbie

    Joined:
    May 4, 2011
    #1
    Now I know an antivirus is not needed but I would like to have one anyways just to be safe. Which do you guys recommend Sophos or ClamXav. I am currently using Sophos and don't have any problems with it but I have heard there are some vulnerabilities with it. I have heard good things about ClamXav but I have also heard some bad stuff. Which one do you guys think is best regardless of if it is needed or not.
     
  2. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #2
    Look at What about sending files to Windows users? in the following FAQ:
    Mac Virus/Malware Info by GGJstudios
    There are currently no viruses for Mac OS X in public circulation, only a handful of trojans and other malware, which have to be installed manually via entering the administrator password.
    The only anti-virus you need to protect your Mac is education and common sense.
     
  3. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #3
    It's really not necessary to keep your Mac safe from malware. Read the link that simsaladimbamba posted. It will help you understand why antivirus is not needed. Sophos should be avoided, as it could actually increase your Mac's vulnerability, as described here and here.
     
  4. munkery, May 4, 2011
    Last edited: May 4, 2011

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #4
    Sophos will provide system level access if it is exploited given that it runs as root. It is also only 32 bit so it only has the most basic set of security mitigations in place to prevent exploits from successfully providing access to the system. But, Sophos does include full on-access scanning.

    ClamXav only runs with user level privileges so it will not provide system level access if exploited. It is always a good habit to avoid using client-side software that runs with elevated privileges. But, ClamXav only includes limited on-access scanning.

    ClamXav detection rates for Windows malware other than those distributed via email is not very good. But, you are not running Windows. Detection rates for the limited number of Mac OS X trojans tends to be fairly decent.

    Detection rates of browser exploits is typically low for any AV software. So, full on-access scanning is not really needed given that Mac OS X does not run with elevated privileges by default and malware that can only be detected via full on-access scanning is not well prevented by AV software. Why add the risk of a process running with elevated privileges if it does not accomplish much anyway?

    User knowledge can keep you safe from trojans given that trojans require authentication to install unless the user is running with elevated privileges. At the moment, Mac OS X malware is only made up of trojans that require authentication to install.
     
  5. goopyspooge thread starter macrumors newbie

    Joined:
    May 4, 2011
    #5
    So should I just AppZap Sophos and get ClamXav or should just not use any of them. I do run Windows in BootCamp by the way.
     
  6. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #6
    You should remove Sophos, but not with AppZapper. You don't need any antivirus to protect your Mac. You do, however, need to understand what safe computing practices to follow. Read this: Mac Virus/Malware Info

    AppZapper is ineffective in completely removing apps. The only effective method for complete app removal is manual deletion:

    If you run Windows, you need Windows antivirus app running.
     
  7. goopyspooge thread starter macrumors newbie

    Joined:
    May 4, 2011
    #7
    What is so bad about AppZapper, it has been serving me well so far.

    I don't let Windows connect to the internet, I only use it to play games. I would like an AV for mac that would scan for Windows viruses though. I know Sophos scanned Win viruses but I removed it already and don't want it back. I was thinking about get ClamXav but still not sure.
     
  8. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #8
    AppZapper, AppCleaner, CleanApp, TrashMe, and similar apps do not do a thorough job of removing all files/folders related to deleted apps. I tested several of these, using Skype as the app to be removed. Of 17 items to be removed:
    AppZapper missed 13 items
    AppCleaner missed 11 items
    AppDelete missed 8 items
    Hazel missed 9 items​
    I also tested AppTrap, CleanMyMac and a few others, but don't recall how many items they missed. All left files/folders behind. In most cases, they remove .plist files and a few others, but leave behind much larger files and folders. (you will find a discussion of these tests in the thread linked below)

    One app that I would not recommend, based on the number of complaints that have been posted in this forum and elsewhere, is CleanMyMac. As an example: CleanMyMac cleaned too much
    As stated in the Virus/Malware Info link, ClamXav scans for both Windows and Mac malware.
     
  9. goopyspooge thread starter macrumors newbie

    Joined:
    May 4, 2011
    #9
    Thanks for the information, in case you can't tell I'm new to Macs, I have only had one for about four months now.
     
  10. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #10
    I would recommend using Microsoft Security Essentials, because it is free and has rootkit detection rates on par with the best commercial AVs, and CCleaner to clean the registry periodically.

    CCleaner only cleans the registry of unneeded entries; it does not attempt to fix registry entries. Delete software that has potential registry issues, run CCleaner, and then reinstall the software to "fix" the registry entries. Registry tools that "fix" entries for installed software tend to break as much software as they fix.

    Whether or not you run AV software in Mac OS X is personal preference. I periodically run on-demand scans just as an extra precaution.
     
  11. goopyspooge thread starter macrumors newbie

    Joined:
    May 4, 2011
    #11
    @munkery What Mac AV do you use.

    I already have CCleaner I have been using it for years. I might get Security Essentials, I don't think I will because I never have Windows connected to the internet.
     
  12. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #12
    I run on-demand scans with ClamXav every couple of weeks just for peace of mind.

    Are the games you play online games?

    Do you connect to servers?

    You should run AV software if you are playing online games in Windows.
     
  13. goopyspooge thread starter macrumors newbie

    Joined:
    May 4, 2011
    #13
    As much as I would like to play some of the games online I would rather just play it safe keep it disconnected from the internet, I can play online games just as good on my ps3 so that's what I do.
     
  14. triplecore1 macrumors member

    Joined:
    Jun 11, 2009
    #14
    This a dumb question, but how would I know if I have a trojan on my computer? I do download a lot and share USB with friends during college projects.

    THanks
     
  15. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #15
    Simply downloading and sharing files won't infect your Mac with a trojan. You have to actually install the app, which involves entering your admin password. Surely you know what you've installed. The higher risk activities would be installing pirated software or installing codecs or plugins from disreputable sites, like porn sites. Read this: Mac Virus/Malware Info
     
  16. triplecore1 macrumors member

    Joined:
    Jun 11, 2009
    #16
    i don't, but in the event i ever decide to be a pirarter of software what would you recommend? I do download free software that is freeware to try at times, and i rather be safe then sorry.

    Thanks
     
  17. GGJstudios, May 4, 2011
    Last edited: Feb 11, 2015

    GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #17
    Don't.
    Freeware isn't a problem. If you're unsure about an app, search for the app name in this forum with Google to see what others are saying about it.
     
  18. triplecore1 macrumors member

    Joined:
    Jun 11, 2009
    #18
    yes i don't because the software on mac is really cheap and most games don't run on mac anyways. To be honest its easier just to download movies from iTunes. A "Friend of Friend" I know used to download movies, but the hastle of the waiting for it to download + risk being sued. Then the hours taking to convert, then the bad quality wasn't worth it. My friend realized it was just easier to pay $9.99 to download the movie and be able to plug in the iphone, ipad, and apple tv and have it sync and still have good quality. :)
     
  19. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #19
    Most websites where you can download freeware, such as MacUpdate, take measures to ensure the apps are safe. It is not a perfect system in that it has inadvertently hosted two trojans for a very brief amount of time.

    But, given the amount of software associated with MacUpdate, that is a pretty decent track record. More curated sources, such as the Mac App Store, should be even safer sources to download freeware.

    These types of sources also rely on the reputation model to some degree. Apps that a lot of other users have installed and that has good reviews is most likely safe as long as you download the app from a safe source, such as a MacUpdate and the Mac App Store.
     
  20. Kasalic macrumors regular

    Joined:
    Jan 20, 2011
    #20
    One important thing you can do to minimise risk is the following. Set up a new account on your Mac (I call mine cadmin) and make this account an Administrator. Then log back onto your usual account and untick the 'Allow this user to administer this computer on the Accounts part of System Preferences. Now reboot the Mac and log in as usual. In order to install new apps and make other changes you now have to use the cadmin account name and password.
     
  21. Mal macrumors 603

    Mal

    Joined:
    Jan 6, 2002
    Location:
    Orlando
    #21
    That has almost no effect. Any trojans capable of doing damage always require an administrator's name and password to install, period. I run as an admin user account on my computer, always have and always will. There is no additional risk from doing so.

    jW
     
  22. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #22
    Agree. If you look at the folders you can modify without authentication in a standard account vs an admin account in OS X, there is very little security implications from the changes. This becomes more and more true with each new release of OS X.

    A noticeable change is that apps that install via drag and drop will require authentication to install in the default applications folder in a standard account. But, users can drag and drop those apps anywhere in there home folder without authentication and the apps will still function.

    Apps that install via drag and drop are not able to modify the system level of the OS unless the app prompts for authentication at launch.
     

Share This Page