Antivirus

[revmacian]

I would like someone to clear up some confusion.

We all know that the term 'malware' is an umbrella term used to define malicious software. We also know that viruses are a specific group of software within the category known as malware but require a different mode of defense. Thus, all viruses are malware but not all malware are viruses.

Are anti-virus apps designed to protect against various types of malware or just Mac viruses?

1. If they're only designed to protect against Mac viruses then the public needs to know (a) which viruses they target, and (b) which computing environments said viruses can infect. This information should be easy to obtain being that anti-virus apps rely on virus definitions in order to function properly.

2. If anti-virus apps are designed to protect against numerous forms of malware, then anti-virus makers need to change the name of their software to remove the implication that they target viruses and not all forms of malware.

3. How is malware scanning/removal affected by SIP (System Integrity Protection) and other security features found in current macOS systems? For that matter, how is a virus affected by these security features? What about other malware?

It is also helpful to keep in mind that salespeople often list features as selling points but they don't always list shortcomings. Here is an example (just a hypothetical situation to show my meaning):

It would help anti-virus salespeople to state "Our software protects against VirusX" in order to sell their wares. And their software may very well protect users from VirusX. This salesperson lists protection against VirusX because it adds another feature to drive sales. But, what the salesperson doesn't mention is that VirusX was designed for System 9 and wouldn't be able to run on OS X or later - divulging this information would hurt sales so it is conveniently omitted. Again, just a hypothetical situation.

Can someone clear up this confusion using credible statements (URLs, white papers, established security experts etc.) that we can all find and research for ourselves? I went to search for 'Mac virus' and was presented with numerous links listing malware but none of them listed only 'Mac viruses' - I discussed the term 'malware' at the top of this post. I think some of the people in this thread suffer from this same confusion.

Otherwise I remain suspicious that anti-virus supporters are relying on confusion in order to support their position.. though they may not realize their confusion.

 

[Weaselboy]

Are anti-virus apps designed to protect against various types of malware or just Mac viruses?

They detect Mac malware also. This link is a little old, but he did a pretty good test of Mac AV apps and how well they detect malware.

https://www.thesafemac.com/mac-anti-virus-testing-2014/

 

[GGJstudios]

The majority view in this thread, as well as others on the same topic, appears to be that MacOS is so secure it doesn't suffer from the diverse malware afflictions that affect Microsoft Windows.

That is true. macOS is not immune to malware (no OS is), but there isn't nearly as much macOS malware in the wild as there is Windows malware.

There are many posts from Mac users stating they have happily used their Macs for years without any protection against malware, giving them assurance it's safe to assume additional protection tools are a waste of money on a Mac and could also be detrimental to performance or even system security.

The bold text in your post is inaccurate. Experienced Mac users in this thread are not suggesting using Macs without any protection against malware. We're saying you don't need a software application to protect against Mac malware. Instead, we have a much more effective method of protection: practicing safe computing.

I perceive a risk in assuming that MacOS is bullet-proof and as its user base has grown exponentially over the years so its attraction has increased for those who would seek to use their advanced IT skills for malevolent purposes.

The market share theory has been completely debunked countless times. There was much more malware in the wild, including true viruses, in Mac OS 9 and earlier, when Apple's market share was much smaller. Apple's market share has grown significantly since then, but the instances of malware have reduced, not grown.

Many who join in the Mac malware discussion in this thread and elsewhere make some false statements or assumptions about what experienced Mac users are saying:

Here is what we are NOT saying:

1. Macs are immune to malware.
2. There is no Mac malware.
3. Malware = Virus and Virus = Malware
4. You don't need any malware protection on a Mac.

Here is what we ARE saying:

1. Macs are not immune to malware.
2. Mac malware has diminished as Mac marketshare has increased.
3. Mac malware is relatively rare, with less than 1% of Macs being infected with the FlashBack Trojan, which was one of the more prolific examples of Mac malware.
4. A virus is a specific type of malware requiring a software defense.
5. There are zero macOS viruses in the wild.
6. You can effectively protect your Mac from malware by practicing safe computing, without any need for antivirus or anti-malware software applications.

Every Mac user will make their own judgement call on their perception of the likelihood of the risk, but I suggest that this is a personal decision rather than a one-fits-all policy for everyone.

I completely agree that this is a personal decision, which is best made if a user has the facts with which to make an informed decision. Those who spread FUD by simply repeating the sales pitches of antivirus software companies are not contributing to an informed decision. That is why we repeatedly have these discussions, so new Mac users who read these threads won't be misinformed about Mac malware.

Are anti-virus apps designed to protect against various types of malware or just Mac viruses?

No antivirus apps protect against Mac viruses. That's because there are no Mac viruses to be protected from. Mac "antivirus" apps are really anti-malware apps. What they defend against varies, depending on the app. Some such apps detect Windows malware as well as Mac malware. Others only check for Mac malware. Some detect malware that others do not. No antivirus or anti-malware app has a 100% detection rate.

It would help anti-virus salespeople to state "Our software protects against VirusX" in order to sell their wares. And their software may very well protect users from VirusX. This salesperson lists protection against VirusX because it adds another feature to drive sales. But, what the salesperson doesn't mention is that VirusX was designed for System 9 and wouldn't be able to run on OS X or later - divulging this information would hurt sales so it is conveniently omitted. Again, just a hypothetical situation.

Actually, that's not a hypothetical situation. I've participated in countless discussions like this one over the past 10 years. I recall investigating some such apps years ago to look at their malware definition files. One claim was that their app detected X number of Mac malware (some big number). After investigating, I found their malware definitions included malware that worked on Mac OS 9 and earlier, none of which can even function on macOS. So they were claiming a much greater proliferation of Mac malware than is actually true.

Otherwise I remain suspicious that anti-virus supporters are relying on confusion in order to support their position.

Exactly.

They detect Mac malware also. This link is a little old, but he did a pretty good test of Mac AV apps and how well they detect malware.

https://www.thesafemac.com/mac-anti-virus-testing-2014/

Thank you for the link. One interesting quote from that article:

However, it is important to keep in mind that Mac OS X already does an admirable job of protecting against malware. At this time, there is no known malware capable of infecting a Mac running a properly-updated version of Mac OS X 10.6 or later, with all security settings left at the default (at a minimum).

 

[revmacian]

They detect Mac malware also. This link is a little old, but he did a pretty good test of Mac AV apps and how well they detect malware.

https://www.thesafemac.com/mac-anti-virus-testing-2014/

Thank you for that link. Yes, it is a little old but worth reading nonetheless.

One thing I found very interesting in that article in the section entitled Conclusions:
"At this time, there is no known malware capable of infecting a Mac running a properly-updated version of Mac OS X 10.6 or later, with all security settings left at the default (at a minimum)". It should be noted that this does not relieve us of the responsibility of practicing safe computing.

Also of particular interest is the section entitled Anti-virus Engine Notes - there were some important shortcomings with some of the anti-malware apps.

This article links the Mac Malware Guide, which also links Mac OS X Security Configuration Guides.
[doublepost=1547920783][/doublepost]I also found The Mac Malware Catalog, by Thomas Reed.

"Due to the extreme rarity of Mac malware, it's often difficult to find good information about it... very few people have actually ever seen any of it"
[doublepost=1547921463][/doublepost]Even the maker of Malwarebytes admits..

"Just keep in mind that no anti-virus software can ever take the place of cautious online behavior, which will be discussed in detail in the next section."

Source: Mac Malware Guide : Do I need anti-virus software?

 

[Weaselboy]

Even the maker of Malwarebytes admits..

https://www.thesafemac.com/about/

He doesn't post a lot any longer, but Mr. Reed has an account here under @thomasareed.

 

[GGJstudios]

"At this time, there is no known malware capable of infecting a Mac running a properly-updated version of Mac OS X 10.6 or later, with all security settings left at the default (at a minimum)".

It should be noted that this does not relieve us of the responsibility of practicing safe computing.

there were some important shortcomings with some of the anti-malware apps.

"Due to the extreme rarity of Mac malware, it's often difficult to find good information about it... very few people have actually ever seen any of it"

"Just keep in mind that no anti-virus software can ever take the place of cautious online behavior"

These are exactly the things I and others have been saying for years regarding this topic.

 

[revmacian]

These are exactly the things I and others have been saying for years regarding this topic.

And please continue.. it's folks like you that help us understand stuff.
[doublepost=1547930049][/doublepost]I have a feeling this is going to ruffle some feathers, but I'm not here to win a popularity contest.

From what I've seen, especially today, it's far more important to practice safe computing than it is to run software, that may or may not work, to detect something that the majority of us will likely never encounter.

 

[Gregg2]

From what I've seen, especially today, it's far more important to practice safe computing than it is to run software, that may or may not work, to detect something that the majority of us will likely never encounter.

Yes! You have understood this issue correctly, based on the most current information available that has been shared in this thread. Sadly, some refuse to be persuaded to discard long-held untruths about Macs and, specifically, viruses that they cannot support with facts, such as the name of a known OSX or macOS virus and the date of its detection. If that occurs someday, it will be big news.