Best Free Mac Anti-Virus Software


leman

macrumors G4
Oct 14, 2008
10,271
4,801
There are still no known viruses for mac, so there is no 'best' antivirus...
 

leman

macrumors G4
Oct 14, 2008
10,271
4,801
Not true any longer.
I know of a number of trojans... but I never heard about a virus. Can you point me to a list of those? And as far as trojans go - the OSX built-in malware protection does an adequate job blocking them. Application signing helps as well.
 

Ccrew

macrumors 68020
Feb 28, 2011
2,035
3
I know of a number of trojans... but I never heard about a virus. Can you point me to a list of those? And as far as trojans go - the OSX built-in malware protection does an adequate job blocking them. Application signing helps as well.
Security researcher breakout:

http://reverse.put.as/2013/05/31/clapzok-a-reversing-the-os-x-part-of-a-multiplatform-poc-infector/

And more:
http://www.intego.com/mac-security-blog/clapzok-a-multi-platform-virus/

Public secondary announcement:

http://www.nbcnews.com/id/52113945/ns/technology_and_science-tech_and_gadgets/t/rare-real-apple-mac-os-x-virus-discovered/?lite&lite=obnetwork#.UcDtHfZgaI1

And yes, it's a virus. Not malware or a trojan. And based on that articles info, it's the second, not the first. And given the exploit research is out and there's proof of concept source code at the first link, let the waiting game begin.
 

Qaanol

macrumors 6502a
Jun 21, 2010
571
11
I was required to have Sophos when I still lived in the dorms at my school, but it never did anything.
Fun fact: many such networks check user agent strings to determine if an antivirus is required, and have a gaming-console shaped hole in them. Sometimes even a Linux shaped hole.
 

Lil Chillbil

macrumors 65816
Jan 30, 2012
1,322
95
California
mac is not like windows in that each os takes a percent of 25% of the userbase,

There are almost 10 mac os'es that people are still using so it is just not worth it to write virues for mac
 

Ccrew

macrumors 68020
Feb 28, 2011
2,035
3
Security researcher breakout:

http://reverse.put.as/2013/05/31/clapzok-a-reversing-the-os-x-part-of-a-multiplatform-poc-infector/

And more:
http://www.intego.com/mac-security-blog/clapzok-a-multi-platform-virus/

Public secondary announcement:

http://www.nbcnews.com/id/52113945/ns/technology_and_science-tech_and_gadgets/t/rare-real-apple-mac-os-x-virus-discovered/?lite&lite=obnetwork#.UcDtHfZgaI1

And yes, it's a virus. Not malware or a trojan. And based on that articles info, it's the second, not the first. And given the exploit research is out and there's proof of concept source code at the first link, let the waiting game begin.

As to application signing? "I forgot to mention two details. Syscalls are used via int80 (as Crisis dropper does for example), and that code signed binaries will also be infected, thus rendering the code signature invalid"

Even the researchers knew that they'd get called on the fact it was going to get banged on by the fandom, in making the statement: "The definition of a virus is self-replicating code, and this meets that criteria." Interesting in that it uses an exploit identified and unpatched since 2006.
 

loon3y

macrumors 65816
Original poster
Oct 21, 2011
1,223
123
i dont know the technicalities and terms



but my Diskspace Jumps from 20-15 GIGS after using my macbook for work

(i use Xcode, etc etc) and than it jumps from 15-10 when i open parallel desktop (which shouldnt even matter because i did a boot camp partition)


can anyone explain this? this is why i wanted to get a antivirus software to see whats making it do this.
 

Ccrew

macrumors 68020
Feb 28, 2011
2,035
3
Those are links to proofs of concept. I still have yet to read about any viruses in the wild.
So, tell me, with source available how long you feeling smug for? It's only a matter of time, now even shorter. That was published June 4th. Not like it's old stale news.

You only believe there are none in the wild because one hasn't stuck you in the eye. How long do you think Stuxnet ran and did damage before it was identified?.
 
Last edited:

Shrink

macrumors G3
Feb 26, 2011
8,931
1,598
New England, USA
i dont know the technicalities and terms



but my Diskspace Jumps from 20-15 GIGS after using my macbook for work

(i use Xcode, etc etc) and than it jumps from 15-10 when i open parallel desktop (which shouldnt even matter because i did a boot camp partition)


can anyone explain this? this is why i wanted to get a antivirus software to see whats making it do this.
The only "antivirus" I've seen recommended here, and one I use, is ClamXav. It's not really an anti-virus, but rather an app that will do a scan and quarantine any corrupt files, malware, etc.

It doesn't run all the time, so it's good on resource use. I run it once a month, and it does the job.
 

leman

macrumors G4
Oct 14, 2008
10,271
4,801
Security researcher breakout:

http://reverse.put.as/2013/05/31/clapzok-a-reversing-the-os-x-part-of-a-multiplatform-poc-infector/

And more:
http://www.intego.com/mac-security-blog/clapzok-a-multi-platform-virus/

Public secondary announcement:

http://www.nbcnews.com/id/52113945/ns/technology_and_science-tech_and_gadgets/t/rare-real-apple-mac-os-x-virus-discovered/?lite&lite=obnetwork#.UcDtHfZgaI1

And yes, it's a virus. Not malware or a trojan. And based on that articles info, it's the second, not the first. And given the exploit research is out and there's proof of concept source code at the first link, let the waiting game begin.
Interesting, thanks for sharing! Yes, its a 'virus', albeit a very primitive one. Actually, this virus works more like a trojan, because you need to launch the infected application for it to do its work. It is not really using any exploits... it just modifies all the executables it can find. And it can't infect signed applications. I don't see any principal difference to a program that will simply delete your entire hard drive when launched. And hey, it would be much easier to code ;) Bottom-line: if all viruses where like that, the virus problem simply won't exist. Of course, it is a threat which should be addressed (I don't think that fixing that __PAGEZERO thing will help as the virus could simply modify the real application entry point), the easies way would be probably to compute checksums for each executable and warn them if the checksum changes suddenly.
 

pastrychef

macrumors 601
Sep 15, 2006
4,520
1,020
New York City, NY
So, tell me, with source available how long you feeling smug for? It's only a matter of time, now even shorter. That was published June 4th. Not like it's old stale news.

You only believe there are none in the wild because one hasn't stuck you in the eye. How long do you think Stuxnet ran and did damage before it was identified?.
There was also evidence of swine flu and bird flu everywhere. I didn't run and hoard Tamiflu back then either.

Stop spreading FUD and say those are proofs of concept. All of the previous proofs of concept have all amounted to nothing.
 

loon3y

macrumors 65816
Original poster
Oct 21, 2011
1,223
123
can anyone determine if theres something terribly wrong with my macbook?
 

pastrychef

macrumors 601
Sep 15, 2006
4,520
1,020
New York City, NY
can anyone determine if theres something terribly wrong with my macbook?
I'm unfamiliar with the apps you use, but disk usage can originate from apps that use disk space for scratch and also from not having enough RAM. You can use Activity Monitor (found in your Utilities folder) to see RAM usage.
 

ChrisA

macrumors G4
Jan 5, 2006
11,609
408
Redondo Beach, California
any suggestions?
Of course a trojan is trivial to write. I can give you a one line shell script and tell you it does something good. Nothing you can do about those (except maybe read the script.)

But viruses just are not a problem. Yes there have been some lab demoes but none in the real world. In fact viruses are unique to MS Windows. We just don't see them in other OSes. None for BSD, Linux, Solaris, VMS or anything other then Windows.


The BEST thing you can do is NEVER do normal day to day stuff in an account that has admin privileges. Make an account you never use for that.
 

ChrisA

macrumors G4
Jan 5, 2006
11,609
408
Redondo Beach, California
i dont know the technicalities and terms



but my Diskspace Jumps from 20-15 GIGS after using my macbook for work

(i use Xcode, etc etc) and than it jumps from 15-10 when i open parallel desktop (which shouldnt even matter because i did a boot camp partition)


can anyone explain this? this is why i wanted to get a antivirus software to see whats making it do this.
Why not just look for large files? In the shell use "du" and sort the output by size. That will find the biggest files and folders
 

Watabou

macrumors 68040
Feb 10, 2008
3,414
691
United States
but my Diskspace Jumps from 20-15 GIGS after using my macbook for work

(i use Xcode, etc etc) and than it jumps from 15-10 when i open parallel desktop (which shouldnt even matter because i did a boot camp partition)


can anyone explain this? this is why i wanted to get a antivirus software to see whats making it do this.
Yes, this is normal, and may be because you are running out of memory and the OS is writing information to the hard drive. Basically this is called virtual memory and you shouldn't have to worry too much about it. If it's a big problem, upgrade your ram, especially if you are virtualizing another OS. If you have anything less than 8GB, you will run out of ram pretty quickly, which causes the OS to write the information to the hard disk instead of the faster RAM. This is normal and not a virus.

Installing antivirus software on the mac is pretty useless at this point when there are only trojans (that should be pretty easy to avoid). There are currently no viruses in the wild for the Mac.
 

GGJstudios

macrumors Westmere
May 16, 2008
44,379
704
And yes, it's a virus. Not malware or a trojan. And based on that articles info, it's the second, not the first. And given the exploit research is out and there's proof of concept source code at the first link, let the waiting game begin.
Those are proof-of-concept viruses that exist only in a lab. They don't exist in the wild, so they pose no threat to Mac users.

Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 12 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). 3rd party antivirus apps are not necessary to keep a Mac malware-free, as long as a user practices safe computing, as described in the following link.
Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.

To answer the OP, the best free Mac anti-virus is common sense, combined with a bit of awareness.
my Diskspace Jumps from 20-15 GIGS after using my macbook for work

(i use Xcode, etc etc) and than it jumps from 15-10 when i open parallel desktop (which shouldnt even matter because i did a boot camp partition)


can anyone explain this? this is why i wanted to get a antivirus software to see whats making it do this.
That has nothing to do with malware. There are many possible explanations, including app workspace, paging activity, etc. When troubleshooting on OS X, malware should be the last possibility you consider, not the first.
 

loon3y

macrumors 65816
Original poster
Oct 21, 2011
1,223
123
Yes, this is normal, and may be because you are running out of memory and the OS is writing information to the hard drive. Basically this is called virtual memory and you shouldn't have to worry too much about it. If it's a big problem, upgrade your ram, especially if you are virtualizing another OS. If you have anything less than 8GB, you will run out of ram pretty quickly, which causes the OS to write the information to the hard disk instead of the faster RAM. This is normal and not a virus.

Installing antivirus software on the mac is pretty useless at this point when there are only trojans (that should be pretty easy to avoid). There are currently no viruses in the wild for the Mac.


thanks this makes sense, and this is whats probably happening, i have 8GB but i guess its not cutting it. im gonna try to stick with this macbook till they come out with a quadcore 13".

but if i dont wait, and get a rMBP, would i still have the same memory issues? because the 13" is still maxed at 8GB, but im gonna get atleast 512 SSD when i do get it


i didnt know about viruses and stuff but i knew theres hardly none or none but i seriously didnt know what was wrong with my macbook, although i love my macbook pro, i only use it for work, at home i got a gaming rig GTX670 yall! with i3770k