Best Antivirus for mac

Discussion in 'Mac Apps and Mac App Store' started by jakeroonz, Jun 13, 2011.

  1. jakeroonz macrumors newbie

    Joined:
    Jun 13, 2011
    #1
    Hi, I am a first time mac user

    Do I need to be using an antivirus on my mac?
    And if so, what is the best one for general use?

    Thanks
     
  2. tersono macrumors 68000

    tersono

    Joined:
    Jan 18, 2005
    Location:
    UK
    #2
    Personally, I don't bother. The only time you really need to worry about it is if you are sharing files with Windows users - a Mac may not be susceptible to a Windows virus, but can pass them on, obviously.

    If you feel the need, Sophos (there's a free home version) is as good as any.
     
  3. gorskiegangsta macrumors 65816

    gorskiegangsta

    Joined:
    Mar 13, 2011
    Location:
    Brooklyn, NY
    #3
    You do not need an antivirus software for Mac. Macs aren't prone to viruses as Windows PCs are.

    Viruses are a type of malicious software that replicate themselves and thus move from one computer to another, infecting multiple computers. The Mac OS is built in a way that prevents this sort of thing from happening. In fact, there haven't been any viruses for Mac OS X since it was released 10 years ago.
    HOWEVER, there are other types of malicious software that can affect a Mac. But they're quite rare and require you to download and manually execute them.

    Solution:
    When surfing the internet, exercise caution:
    Be weary of any pop-ups prompting you to download something (that you yourself didn't facilitate).
    If something downloads automatically (without your input), check your "Downloads" folder and remove the file by dragging it to the trash.
    Before running any application (.app file in Mac OS X), make sure you know what it does and what its purpose is.
    Also, be weary of suspicious emails (Spam) and always shop at trusted websites.

    There's an excellent guide made by GGJStudios on Mac Virus/Malware Info I suggest you read it to get a clearer understanding of malicious software on the Mac.
     
  4. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #4
    I agree with everything in your post except this. There is nothing in Mac OS X that prevents viruses. Mac OS X, like every other OS, is not immune to viruses. There simply aren't any in the wild.
     
  5. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #5
    The lack of something prevents viruses that target OS X. Specifically, the low incidence rate of privilege escalation vulnerabilities compared to other OSs makes developing successful malware for OS X more difficult.

    Most malware for Windows does not chain together a remote exploit with a local privilege escalation exploit to achieve system level access. Malware typically relies on the fact that the OS with the greatest market share, Windows XP, does not use discretionary access controls to prevent system level access by default. Only a remote exploit is required to achieve system level access in a Windows XP admin account.

    Other examples show that the more targeted software for exploitation is the target that is easier to exploit. Microsoft IIS (~30% market share) is targeted more than Apache (~60% market share). Obviously, easier targets are exploited more than difficult targets.

    The relative ease to exploit Windows XP in conjunction with it's large market share are the reason that so much malware exists for Windows. The disproportionally large volume of Windows malware is a function of both being the easier target and having a greater market share.
     
  6. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #6
    I agree that it's more difficult, but I know you'd agree that it doesn't "prevent" viruses, since it is possible... however unlikely... that a Mac OS X virus could be released in the wild sometime in the future.
     
  7. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #7
    You can't use a combine two sets of facts to bootstrap a logical fallacy. The reason that Windows is the victim of so many exploits is that it is a softer target, period. The fact that it has a larger installed base is true, but does not correlate to its vulnerability. Even within the universe of different versions of Windows, the worst exploits do not correlate to the largest marketshare or installed base.
     
  8. s15119 macrumors 65816

    s15119

    Joined:
    Nov 20, 2010
  9. munkery, Jun 14, 2011
    Last edited: Jun 14, 2011

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #9
    Logically, the amount of malware (including examples such as rogue AV software like MACDefender) for each OS should be proportional to the market share of each OS if the ease of each target is not a factor determining the development of malware.

    This is not represented in the wild because OSs are not equally exploitable to the system level. Exploitation to the system level allows the installation of more malicious and effective malware.

    Therefore, the volume of malware for each OS is determined by both it's market share and ease to exploit as well as how the OSs compare to each other in these domains.

    If Windows was as difficult to target as OS X, it would still have more malware due to it's greater market share. The malware would mostly be easily avoidable trojans, much like the few examples of Mac malware.

    But, Windows has disproportionately more malware including malware that is more difficult to avoid due to being a much easier target to exploit to the system level.

    Other examples in the wild show that the ease of exploitation is a more determining factor than market share but a measure of market share is not completely uninvolved.

    For example, Apache, which has the greater market share, is more difficult to exploit than Microsoft IIS. Microsoft IIS is more exploited than Apache due to being the easier target but the discrepancy is not equal to that seen between Windows and Mac.

    Apache exploits do appear in the wild despite being more difficult to produce because of the necessity for these exploits due to Apache's greater market share.

    Regardless of an OS's market share, the more secure OS is the OS that is more difficult to exploit to the system level.

    So, how is this a logical fallacy?

    The lack or low incidence rate of privilege escalation vulnerabilities helps prevent the development of viruses for OS X. Also, many technologies (NX, ASLR, ProPolice, mandatory access controls) within the OS help prevent vulnerabilities from being exploited.

    But, yes, nothing prevents virus infection if the virus has already been developed other than a patch for the exploit from the software vendor.
     
  10. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #10
    There is nothing logical about this statement. It is simply an assertion based on fallacious thinking.

    You start with a false premise; you reach a false conclusion. Obviously, malware needs a threshold number of targets in the installed base in order to propagate. I would contend that the MacOS X installed base has been over that threshold since the 1980s. Having exceeded the threshold, the number of exploits is a function of the softness of the target.

    The thing that gets my goat about the marketshare argument is that it is relatively new in the history of personal computing. It was proffered in 2001-2002 during the early days of Windows XP. XP had come under a withering attack of viruses that threatened to destroy Microsoft. To a growing chorus of critics, Bill Gates claimed that Windows had more viruses because it ran on most computers on Earth.

    The popular press, Windows fanboys, and the elements of the IT community accepted the Gates assertion with asking questions. Windows was not the culture medium for computer viruses, it was popular. Gates had converted a damning flaw into a badge of honor.

    Gates's statement was an assertion made with absolutely no data to support it. What is more, the majority of the installed based still ran Windows 95/98 which was not vulnerable to the viruses that were bringing Windows XP to its knees. Put under a microscope, the market share argument is based on false premises and outright lies.

    Not in the decade since Gates first made the statement has anyone presented a scientific case to support the contention that market share has anything at all to do with the number of viruses or other malware on a platform. "It stands to reason that ..." and "It is only logical that ..." are preambles to statements pulled out of your rear. There is ample counter examples including the IIS and Apache examples that you posted.
     
  11. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #11
    You haven't defined why that statement is illogical.

    Game theory shows a certain threshold needs to be crossed before malware will begin to be produced.

    Beyond that, the volume of malware should be proportional to the OSs market share if a)that threshold has been crossed and b) the OSs being compared are equally exploitable.

    The Apache example I provided explicitly supports my statements.

    There are exploits for Apache despite being the more difficult target. The discrepancy between the exploit ratios of Apache/Microsoft IIS and Windows/Mac is due to Apache having a greater market share relative to its usage domain.

    By your reasoning, Apache and Mac OS X would have a similar ratio of exploits in contrast to their respective competitors if target softness was the only factor contributing to malware development.

    This is further supported by the fact that comparing the surface area of attack between Apache and OS X is comparing one application against a whole operating system. A whole operating system is the softer target due to inherently having a much greater surface area to attack. But, Mac OS X has proportionally fewer exploits than Apache relative to their respective competitors due to OS X having a lower market share relative to its usage domain.

    Aggregating the data about exploits across both the Apache/Microsoft IIS and Windows/Mac interactions shows that to some degree market share is a factor.

    I do agree that being the softer target is the more important factor; this is shown via the Apache/Microsoft IIS example.

    So, you think if Mac OS X was the only OS on the planet that it wouldn't have more malware than it does now?
     
  12. benhollberg macrumors 68020

    benhollberg

    Joined:
    Mar 8, 2010
    #12
    I use Sophos but I read on here that it can actually make your computer more vulnerable?
     
  13. munkery, Jun 14, 2011
    Last edited: Jun 14, 2011

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #13
    Sophos will provide system level access if it is exploited given that it runs as root. It is also only 32 bit so it only has the most basic set of security mitigations in place to prevent exploits from successfully providing access to the system. But, Sophos does include full on-access scanning.

    ClamXav only runs with user level privileges so it will not provide system level access if exploited. It is always a good habit to avoid using client-side software that runs with elevated privileges. But, ClamXav only includes limited on-access scanning.

    ClamXav detection rates for Windows malware other than those distributed via email is not very good. But, you are not running Windows. Detection rates for the limited number of Mac OS X trojans tends to be fairly decent.

    Detection rates of browser exploits is typically low for any AV software. So, full on-access scanning is not really needed given that Mac OS X does not run with elevated privileges by default and malware that can only be detected via full on-access scanning is not well prevented by AV software. Why add the risk of a process running with elevated privileges if it does not accomplish much anyway?

    User knowledge can keep you safe from trojans given that trojans require user interaction to install unless the user is running with elevated privileges. At the moment, Mac OS X malware is only made up of trojans that require user interaction to install.
     
  14. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #14
    See below.

    Do you have a link or some authority more substantial than this assertion?

    That's just it. You have no evidence that MacOS X is exploitable. Therefore, you cannot make a valid statement about the importance of market share.

    You may make any claim that you want. However, you have presented nothing to tease-out the importance of market share and exploitability of IIS and Apache.

    Takeaway message: Until you can present some verified numbers to support your assertions, you are talking through your hat.
     
  15. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #15
    Google "Game Theory" and apply a little bit of reasoning. Add other relevant parameters to your search for more specific information.

    And ask yourself this question, "do you think if Mac OS X was the only OS on the planet that it wouldn't have more malware than it does now?"

    The last time Apple sent out a security update suggested that it does have software vulnerabilities. Maybe, I am just a crazy person.

    Really? Are you sure? ;)

    Again, ask yourself this question, "do you think if Mac OS X was the only OS on the planet that it wouldn't have more malware than it does now?"

    Obviously, the ease of exploitation is the primary factor but market share is not completely irrelevant.
     
  16. gorskiegangsta macrumors 65816

    gorskiegangsta

    Joined:
    Mar 13, 2011
    Location:
    Brooklyn, NY
    #16
    It's not specifically the market share that is responsible for there being more malware for Windows vs. OS X. It is the hackers' willingness to target one operating system over the other because of its market share and how many users it would potentially affect. If a thief is given an option to either enter a room where he can potentially steal 100 wallets or enter a room where he can only steal 10; it's a no brainer that he's going to pick the 100 wallet room.
    I don't think anyone can deny that if there were enough individuals determined to break in, they would definitely put OS X to its knees.
     
  17. MSQ macrumors newbie

    Joined:
    Jun 14, 2011
    Location:
    Tennessee
    #17
    Not really, but I use one just to be on the safe side.

    I use ClamXav. There's also Sophos Anti-Virus.
     
  18. munkery, Jun 14, 2011
    Last edited: Jun 14, 2011

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #18
    This argument fails to include the fact that there is also a difference between the rooms in relation to the ease with which the wallets can be stolen. But, if only given the more difficult room in which to steal, thieves will still try to make a living.

    Malware developers do create malware for OS X. The recent reports concerning MACDefender, Weyland-Yutani Bot, and BlackHole RAT show that Mac malware is being developed.

    But, Mac malware is not as successful as Windows malware due to achieving system level access to install more covert and malicious malware, such as viruses, being more difficult in OS X. Mac OS X has not yet had a virus in the wild. Users are more safe using OS X given that the likelihood of being exploited is much lower despite any measurement of market share.
     
  19. gorskiegangsta macrumors 65816

    gorskiegangsta

    Joined:
    Mar 13, 2011
    Location:
    Brooklyn, NY
    #19
    Well, OS X is based on the Unix kernel and file system, which has solid memory protection built in. Thus, it does not allow rogue processes to "take over" the system by hanging, while they replicate and embed themselves deep into the file system. By contrast, Windows NT has had spotty (some would argue virtually non-existent) memory protection since NT 3.5. Microsoft explained it by pointing out all different kinds of possibilities for developers, especially in gaming. Well, it worked out... sort of. Gaming on Windows boomed; lots of great titles came out, many of them pushing the envelope in graphics, complexity, etc.. The problem was that it also opened possibilities for other kinds of developers - hackers.
    But like I said before, if there are enough individuals determined on breaking in, they will succeed. OS X is not invincible, if I inadvertently made it sound so, I am truly sorry.
     
  20. 42streetsdown macrumors 6502a

    42streetsdown

    Joined:
    Feb 12, 2011
    Location:
    Gallifrey, 5124
    #20
    I agree, it's a waste of time, space, and processor resources.

    Just be ever vigilant online.
     
  21. gorskiegangsta macrumors 65816

    gorskiegangsta

    Joined:
    Mar 13, 2011
    Location:
    Brooklyn, NY
    #21
    While this is partially true - OS X handles processes in more secure manner than Windows - if OS X and Windows have had reversed market share, the hackers would try, and have kept trying, giving it their best, to find more ways to exploit OS X while generally ignoring Windows (even if it had fundamentally weaker "security") because Mac OS X would be "where the money is."

    No one is arguing about that. The argument centers around the primary reason why there are more malware being developed for the Windows platform. It is its marketshare and not these relatively small differences in "security."

    I'm sorry, but I cannot disagree with you more on these last six words. We're talking about individuals who are willing to break the law to get what they want. Do you really think they would stop short at this relatively small challenge of Mac OS X being slightly "more secure" than Windows, if Mac OS X was the money pit? Fine, viruses wouldn't work well against OS X, so the hackers would simply use other ways to get what they want. Viruses are only notorious because they've been used to great effect by hackers. Remember Stuxnet a few months ago? It was a worm that caused actual physical damage - something never seen before. I think you either grossly underestimate the ability of hackers, or dramatically overestimate the thing we call "security."
     
  22. tdgrn macrumors 6502

    Joined:
    May 1, 2008
    Location:
    Little Rock, AR
    #22
    Common Sense! Seriously, don't click on stuff that you are unsure about, and if you are unsure, don't click it! Seriously though, just use your noodle, you should be fine. While there has been a scare lately with the MacDefender malware it is only a scare. Without an Administrator password any bit of code can not damage the core system files that Mac OS X uses. The MacDefender scare is mainly a social engineering tactic used by scammers to get your credit card info. It actually does not harm your mac or its files, other than annoying you.
     
  23. munkery, Jun 14, 2011
    Last edited: Jun 14, 2011

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #23
    The state of exploitation in concerns to Apache/IIS shows that you are incorrect. IIS has lower market share but is exploited more than Apache because IIS is the easier target. Malware developers do not ignore any platform.

    Snow Leopard has only had 2 elevation of privilege vulnerabilities since it's release. It is not a small challenge to link a remote exploit to local elevation of privileges exploit in OS X.

    Windows XP typically only requires a remote exploit to achieve system level access. Even if an elevation of privilege vulnerability is required, XP is still much easier to exploit than OS X due to the Windows registry. Even Windows Vista/7 have far more elevation of privileges vulnerabilities and these vulnerabilities are more easily linked to remote exploits via the registry; Mac OS X does not store settings as insecurely as the Windows registry.

    Stuxnet exploited a kernel device driver by manipulating the driver's registry entry to achieve elevation of privileges to gain system level privileges. These kernel device driver elevation of privilege vulnerabilities are common in Windows.


    Here are the numbers:

    Apache market share (~60%) to IIS market share (~22%)

    5 (Apache) : 28 (IIS)

    So, ~15% of the malware across Apache and IIS targets Apache.

    OS X market share (5.32%) to Windows market share (88.7%)

    33 (OS X) : ? (Windows)

    But, 33 is 15% of 220. So, 220 - 33 = 187

    Do you think that there are only 187 unique example of Windows malware?

    No, there is exponentially more than 187 examples of Windows malware.

    This means that a much lower percentage of malware targets OS X than Apache relative to each of their respective competitors. A lower percentage of malware targets OS X than Apache in their respective domains given that OS X also has a lower market share in relation to its usage domain, especially, given that OS X has a much larger attack surface than Apache.
     
  24. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #24
    Read post #13 for an explanation of why you shouldn't use or recommend Sophos.
    Even the 33 figure is misleading, as many are simply slight variations of the same threat. It looks like there's less than a dozen unique threats to OS X.
     
  25. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #25
    True, less than 10 (only around 6 still relevant) if exclude variants. I didn't bother going into that level of detail because it really made no difference to what I was trying to convey.
     

Share This Page