Do I need anti-virus, spyware removal software?

Discussion in 'iMac' started by silviasilvia, Apr 18, 2010.

  1. silviasilvia macrumors newbie

    Apr 18, 2010

    First time owner of Mac and never thinking about switching back to PC. I bought the IMAC 2l inch a couple of days ago.

    I am wondering if i need to install any anti-virus software, ccleaner, ad aware , spybot or spywareblaster like i have on my PCS.

  2. thelosmos macrumors newbie


    Jun 20, 2009
  3. GGJstudios macrumors Westmere


    May 16, 2008
    A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability.

    From Symantec:
    As of this time, there are NO viruses in the wild that affect current Mac OS X. In the past, there have been a few viruses that ran on older versions of the Mac operating system, but no longer.

    There are, as of this time, trojans that can affect Mac OS X, but these must be downloaded and installed by the user, which involves entering the user's administrator password. Trojans can easily be avoided by the user exercising common sense and caution when installing applications. A common source of trojans is pirated software, typically downloaded from bit torrent sites.

    Having virus protection software on your Mac is pointless, as far as protecting your Mac from viruses, since AV software can't detect a virus that doesn't exist. It is possible to have a file reside on your hard drive that contains a Windows virus, but since a Windows virus (program) can't run in native Mac OS X, it would be harmless to your Mac. Some choose to run AV on their Mac to scan for Windows viruses, so the Mac user can't pass a virus-infected file to a Windows user. In my opinion, a Windows user should be protected by their own AV software, so the burden of protection lies with the Windows user.
  4. ARF900 macrumors 65816


    Oct 30, 2009
    Simply no. There are no known viruses for mac OSX. There are antivirus sweets for mac but all they will do is kill any windows viruses you get to prevent your mac from infecting other PCs on your network.
  5. mtnDewFTW macrumors 6502a

    Oct 26, 2009
    San Francisco, CA
    Well, one of the advantages to owning a Mac is that you don't have to worry about getting viruses.

    There are actually very few viruses out there that are made to attack Macs. Most of them are made for PCs. So, my answer is, no you don't need it. I think getting a anti-virus program for a Mac is like giving a police officer a tank. It'll be safer, but you just won't need it.

    Anyway, hope this helps.
  6. AV8TOR macrumors regular


    Mar 8, 2010
    Fort Worth TX
    Silvia it was not that long ago I made the same transition that you just made and as you will see in a short time that it was well worth it. The freedom of just "using" your computer now is great.

    You also found a great forum to make it easier as well. Enjoy!
  7. silviasilvia thread starter macrumors newbie

    Apr 18, 2010
    Thanks everyone for being so helpful.

    I wish i had switched over to Mac years ago. I love my IMAC...still learning functions and will be attending the Apple workshops. Video tutorials were very easy to understand.

    It was either Imac or mac mini and i chose Imac.
  8. GGJstudios macrumors Westmere


    May 16, 2008
    Welcome to Mac ownership and welcome to MacRumors:Forums! You'll find a lot of information both here and on the web. Here are a few resources that may be helpful:

    Welcome to Mac ownership and welcome to MacRumors:Forums! You'll find a lot of information both here and on the web. Here are a few resources that may be helpful:

    Apple resources:
    MRoogle for searching the forums with Google (always a good idea before posting new questions)
    How to set up a quick right-click search of the MR forums.

    MacRumors resources:

    You can find lists of essential applications in these threads:
    More apps on these sites:

    If you search the forums and don't find what you're looking for, just ask! There's lots of friendly help here! Enjoy your new Mac!
  9. 300D macrumors 65816


    May 2, 2009
    Yes, you need at least two anti-virus programs running. There are thousands of viruses that pose a never-ending threat to your computer's security. Without them thieves will steal your identity, spammers will gain control of your e-mail accounts and pedophiles will know where your kids go to school.
  10. Man-Droid macrumors regular

    Aug 27, 2009
    Tampa, Fl
    One more no from me. I have been a Mac user for about 11 years and never had to worry about viruses. I had virus protection software at one time and found I just didn't need it.
  11. Rodus macrumors 6502a


    Oct 25, 2008
    Midlands, UK
    No, 20 years of Mac use and never had a virus.
  12. GGJstudios macrumors Westmere


    May 16, 2008
    While your comments may be facetious, there are some in this forum naive enough to believe you. To avoid any confusion, you don't need any AV programs on Mac OS X. Even on Windows, you shouldn't run two AV apps, since many AV apps will treat the presence of another AV app as a virus. Also, a virus, or even access to your computer, is not necessary for an email account to be hacked. Finally, identity theft can happen to those who don't even own or use computers.
  13. pilot1226 macrumors 6502a


    Mar 18, 2010
    Since I didn't see it mentioned, I have ClamXav installed on my iBook to help with the prevention of passing Windows-related viruses to other computers on my network. This is a free application that can be Google'd.

  14. pastrychef macrumors 601


    Sep 15, 2006
    New York City, NY
    I let them fend for themselves. Why install unnecessary apps on your own computer?
  15. Max(IT) Suspended


    Dec 8, 2009
    I second that, if you are going to exchange data with PCs
  16. Shadez macrumors newbie

    Apr 13, 2010
    Hi am new to mac as well and was going to buy intego before I found this forum. Just was curious how you know what apps are trust worthy as i have already found hundreds just not downloaded as I don't know who to trust.

    I take it the downloads available on the mac site are trustworthy but what do they mean when they are classed as shareware instead of freeware?:eek:

    Really appreciate any help.
  17. GGJstudios macrumors Westmere


    May 16, 2008
    Most apps are trustworthy. You mostly encounter malware in pirated software that you download from torrent sites. Anything you get from Apple, Amazon,, etc. are fine. If you're interested in a particular app, you can always use MRoogle to search this forum for comments about that app. That will not only let you know that it's legit, it will also give you some idea of how helpful that app has been to other forum members.
  18. Sir Lorad macrumors member

    Apr 22, 2010
    just in case I've installed the freeware iantivirus in both mine and wife's macbook.

    Better to prevent.
  19. GGJstudios macrumors Westmere


    May 16, 2008
    iAntiVirus is bogus
  20. smithrh macrumors 68020


    Feb 28, 2009
  21. Rodus macrumors 6502a


    Oct 25, 2008
    Midlands, UK
    And the best thing you can now do is uninstall it as it's a pile of garbage and a waste of HD space and CPU cycles. If you absolutely insist on using antivirus (which you don't need) then use Clam Xav.
  22. BelowTheBelt macrumors regular

    Aug 16, 2009
    I work in an enterprise environment with Mac's that control media playing on screens for operations personnel, all the way to mission critical systems at our oil refinery running on OSX Server Snow Leopard, and I will tell you every single workstation has Antivirus installed on it.

    It's better to be safe than sorry; with the power your new computer has running an antivirus app will have very little impact on your system resources.

    There are many choices out on the market, I myself along with the company I work for use Kaspersky for all workstations and mobile Mac's.

    My personal workstation is a iMac i7 and I see no more than 8.5 Mb Ram used from Kaspersky, it's a constant scanner app that will check every file moving through memory.

    Just some food for thought, I have been a Mac user for 29 years and I would just as easily say the same thing as other people here, "No" however times are changing as Apple garners popularity.

    Do check out other options for protection, I think it's a small price to pay for piece of mind.

    Just my 2 ¢
  23. archipellago macrumors 65816

    Aug 16, 2008
    not just him saying it either..

    Celebrity Hacker: Microsoft Leads Industry In Security

    Celebrity Hacker: Microsoft Leads Industry In SecuritySecurity expert Marc Maiffret parlayed his teen hacking skills into getting paid to find holes in Microsoft software. Now, he says, Adobe and Apple can learn from Microsoft's past.
    For Marc Maiffret, the turning point in his life came when—at the age of 17—he woke up to an FBI agent pointing a gun at his head.
    A runaway and high school dropout, he had just returned home and landed his first professional job using his computer skills for the good of companies instead of for mischief. But his past was still catching up to his present.
    Young, articulate, and outspoken, Maiffret went on to become a celebrity hacker wunderkind, testifying before Congress on security issues, featured in cover stories in numerous magazines and newspapers, appearing in MTV's "True Life: I'm a Hacker," and being named one of People Magazine's 30 People Under 30.
    As a co-founder of eEye Digital Security, the street-savvy, brash teen quickly became a thorn in the side of software giant Microsoft, finding vulnerabilities in its products, including the hole that the Code Red worm used to wriggle its way onto thousands of servers in 2001.

    Today, at 29, the boyish-looking Maiffret is still causing trouble—the good kind. He joined anti-malware firm FireEye in mid-December as chief security architect. In a recent interview with CNET, Maiffret talked about growing up fast and how he stays ahead of the game.

    Q: What are you up to?
    Maiffret: I'm chief security architect at FireEye and I focus on improving our product's ability to detect threats. I'm also managing FireEye's research team and I have various speaking engagements.

    Where were you before FireEye?
    Maiffret: I was with The DigiTrust Group, which is managed security services company targeting small to medium-sized businesses, taking over their Windows desktop security.

    When did you start eEye?
    Maiffret: I started it when I was 17—co-founded it with my friend Firas Bushnaq and did that for about 10 years or so.

    At eEye you caused quite a stir over at Microsoft. Tell me about that.
    Maiffret: Yeah. First and foremost, we were building a vulnerability assessment product that could scan your company network and tell you here's all the ways a hacker could break in and here's how to fix it. I was focused on Windows and Microsoft platforms in the beginning. I had been interested in vulnerability research since 1997and more serious stuff in 1998 and 1999. I started to discover some of the more critical remote Microsoft vulnerabilities where you could compromise any Microsoft Web server. That kicked off some of the first real intense looks at Microsoft from a security perspective.

    How would you characterize the state of security at Microsoft products at the time?
    Maiffret: At that time they didn't even have a dedicated security team. One guy acted as a liaison between marketing and engineering and they treated it very much as a marketing problem, not as a technical problem and not one they needed to focus on addressing. Their attitude was, "if we can keep evil research guys quiet no one will talk about it and we won't have to be distracted trying fix these things." We were not OK with that. We were outspoken, which was unique for a business with tens of millions of dollars in revenue.

    Most businesses bite their tongue, because it's not beneficial to speak out against the largest software company in the world. But if you truly cared about improving the world's security you had to do things for the IT community and not just worry about selling products. We did that by holding Microsoft's feet to the fire and holding them accountable for what they were doing wrong.

    It started to shift away from being a marketing nuisance and started mattering to them as a company when Bill Gates released his Trustworthy Computing memo [in January 2002]. He stated this was the No. 1 objective of the company, to have the software become secure to the point where people actually trust it. There was a lack of faith in Microsoft and security, especially after all the computer worms like Code Red and Slammer. Banks were talking to Microsoft about switching. Now when you look at Microsoft today they do more to secure their software than anyone. They're the model for how to do it. They're not perfect; there's room for improvement. But they are definitely doing more than anybody else in the industry, I would say.

    Are they the model that other companies are following?
    Maiffret: From an internal process in how they go about auditing their code and securing software from a technical perspective, they do have one of the best models. The area they still have room for improvement is around time lines of how long it takes for them to fix things. We see time and time again when somebody responsibly reports a security problem to Microsoft it takes many, many months, if not upwards of a year, to get these things resolved. Should there be some new zero day critical emergency, we see they are able to get something out within a couple of weeks. You look at companies like Adobe and they are where Microsoft was 10 years ago.

    [Apple has] really only begun in the last six months or so taking security seriously and understanding that it impacts their business in a serious way.

    In what way exactly?
    Maiffret: Adobe, and even Apple, is a good example. They are starting to get black eyes with people saying Adobe is a bigger worry than Microsoft is at the moment, which I agree with. As those things are happening, Adobe and Apple and other companies are starting to pay attention and care more. But a year ago, it was still very much a marketing thing. People from both companies treated it as a marketing problem. They didn't have good technical structures behind the scenes. Now they are staffing up and hiring industry notables like Window Snyder [ex-Microsoft security employee recently hired by Apple]. They've really only begun in the last six months or so taking security seriously and understanding that it impacts their business in a serious way.

    And you think Apple is taking it seriously too now?
    Maiffret: Oh yeah. It's even a little scarier with them because they try to market themselves as more secure than the PC, that you don't have to worry about viruses, etc. Anytime there's been a hacking contest, within a few hours someone's found a new Apple vulnerability. If they were taking it seriously, they wouldn't claim to be more secure than Microsoft because they are very much not. And the Apple community is pretty ignorant to the risks that are out there as it relates to Apple. The reason we don't see more attacks out there compared to Microsoft is because their market share isn't near what Microsoft's is.

    Are they on par as far as code?
    Maiffret: I think Microsoft does a better job with their code auditing than folks like Apple do. We've only seen a scratching of the surface as far as Apple vulnerabilities because nobody cares to find them. There's nothing inherent with Apple themselves and their development. The only reason Apple gets little increase in security is because they're running on top of a Unix-based operating system and they can take advantage of some of the things that have been done for them.

    What are the big threats now?
    Maiffret: The desktop apps are now the biggest targets. Adobe is a great example of that. People don't have patch processes in place for Adobe and other applications like they do for Microsoft software. The Web-based applications are also big targets—companies putting Web apps online and weird uses of Facebook. Facebook is becoming its own complex platform with all these different apps integrated.

    Do users need to do something different with the attack vector shifting?
    Maiffret: A few years ago, the types of attacks were e-mails that appeared to come from your bank. You could just log into your bank and see if there was a notice for customers. It was old-style phishing. It's easier to look for that and avoid those things. Nowadays, when attacks are increasingly being leveraged from legitimate Web sites, it's harder. For instance, where the CFO of a company was targeted because he was on and some guys in Ukraine paid to have a flash-based advertisement taken out on financial sites. That's the scariest shift to me.

    I don't even know of a way right now, with the various types of attacks, how to explain to my mom what not to click on and what not to do because just through the normal browsing attacks are going to be coming at her. It's so low-level and behind the scenes. You just happen to click on a news link and a flash link off to the side that you're not even interacting with compromises you. The potential of educating users is going away quickly. It means we have to be better as technology people and security companies at preventing these things.

    What do you think about Google's news that it was attacked late last year?
    Maiffret: It was awesome that they went public with it. Breaches happen all the time. The attacks like Google reported are very commonplace, but unless it's a significant enough breach to require some sort of disclosure, there's not any motivation for companies to talk about it. At the same time, the attacks were sophisticated in the sense that there were a large number of companies (more than 30) targeted in a short period of time and that the compromises were successful.

    But the actual piece of malware and exploit used to break in was more simplistic than what we see in everyday cybercrime data thefts. I don't think the attackers were amateurs. I think they knew they didn't have to do any sort of James Bond crazy exploits and malware. Just by writing your own run-of-the-mill simple malware, as long as it's a brand new piece of malware, antivirus software completely misses it because there is no known signature.

    What do you think about the allegations that the attacks came from China?
    Maiffret: It's a very hard thing to answer. When you look at the types of systems and data accessed and where the few hops we know about were—from a computer in China to computer in Taiwan—you think if someone's trying to frame China, they did a good job with it. The problem is it would be easy to pin it on someone else. From my personal experience and things I've seen firsthand coming out of China, it makes perfect sense to me. But to have factual data we can point to that's a smoking gun, it becomes extremely hard.

    It turned out that at least in some of the attacks an Internet Explorer hole was used. Could there have also been other exploits used, targeting the PDF format perhaps?
    Maiffret: Yes. It's hard to think that given the number of companies targeted and given the fact that in the same time frame there was a zero-day (Adobe) PDF vulnerability out there and unpatched, it would make sense that there were other exploits being used.

    The other thing no one has talked about, and which I've been wondering about, is when you use an IE exploit, you'll use it against a user and get access to their desktop computer. You have to specifically target someone in IT with the keys to the kingdom and access to all the internal servers. How did they go from an IE desktop exploit to getting to the internal systems? That either involves more hacking that we haven't been told about, or they just happened to get the right employee that had access to everything by default, which I find hard to believe.

    It was the summer between eighth and ninth grade when I finally got a computer and Internet access. I think I literally slept only a few days that summer and learned everything I could.

    The news has brought increased attention to espionage and cybersecurity. How much is legitimate and how much is hype?
    Maiffret: There has always been espionage. If you look at all the data online, it's on computers and it makes sense that espionage would follow with it. It's easier to have people on computers trying to steal secrets from another country or company than it would be to physically try to get into the companies or meet people in a back alley hand-off of documents. Now you can be sitting on laptop anywhere in the world. Aspects of espionage and cyberwar can be hyped up, but at the end of the day I don't know if it's been hyped enough in the sense that I don't think people understand how big of a problem it actually is.

    From a consumer perspective, a lot of people are concerned about online banking. Do you bank on the Internet?
    Maiffret: Yes. I do everything online. And I do it on my phone too. I would feel more comfortable doing things on my phone than on my computer, for the most part. On a computer there is so much attack surface to be compromised. Yeah, the iPhone has vulnerabilities, but when you look at the sheer numbers, like the fact that I open up PDF documents all day for work, that's a lot scarier than the idea that I'm on my phone. I'm also a Windows Mobile guy and a lot of people think it sucks so it's like running a Mac desktop—nobody cares.

    The thing I would never want to put online would be my Social Security number. That kind of identity theft can be a nightmare to clean up. Not even online, but at the gas station where card skimmers are becoming so commonplace. In those cases, it's better to use a credit card and not your ATM and PIN combination where they can take money out of your account directly. The threat with online banking is that scammers will set up a bill pay account to themselves or do customer-to-customer or some other type of wire transfer. People should set it up with their bank so that their bill payees are locked and they can disable or freeze wire transfers or require a phone call from the bank before such transactions are done.

    How did you get into computer hacking and security? If you started your first company at the age of 17 you were probably pretty young when you got into it.
    Maiffret: When I was in the seventh or eighth grade, I met a friend who was into phone freaking, manipulating the phone system, everything from making free calls to blue boxing [devices that simulate the phone operator's dialing console], and I got into that first because I didn't even have a computer. That led to learning about BBSes [bulletin board systems] where you would dial up with a modem and you would be connected to a newsgroup where you could trade different posts and files. That led to learning about hacking a bit. It was the summer between eighth and ninth grade when I finally got a computer and Internet access. I think I literally slept only a few days that summer and learned everything I could.

    Where did you grow up?
    Maiffret: Orange County, an hour south of Los Angeles in Southern California.

    Did you have a mentor or someone at school who showed you the ropes?
    Maiffret: Not really. After school, I would go to where mom worked at a doctor's office and the owner would let me play on his computer. I always wanted to take things apart, like my dad's stereo. I wanted to know how everything worked. The doctor saw I had a knack for it and when he eventually bought a new computer he gave me his old one to take home. The computer was three or four years behind what my friends had and they were playing the latest cool video games and I couldn't do that. So that drove me to find out what kind of other interesting things I could do. Hacking was a big part of that. When I was doing hacking it was an escape from my crazy home life. It was an escape where people weren't telling me what to do. You were in control versus just being on some kind of roller coaster as a teenager.

    [Computer security is] one of the only industries in the world where you're pretty much set up for constant failure and a race that never ends. You never really have a victory because as soon as you do the bad guys have moved on to something else.

    Were you the stereotypical antisocial geek?
    Maiffret: I was an average kid up until ninth grade. Going into high school was where I got into hacking and I definitely became more antisocial because I was fixed on doing that. Then I ran away from home for about a year. I went to Florida and was living with some different hacker friends of mine. We were part of a hacker group.

    What group?
    Maiffret: Rhino9. L0pht, which was much better known, was focusing on Unix and we were trying be the equivalent with Windows and Microsoft.

    Is that when you had your brush with the law?
    Maiffret: Yeah. After I got back (home). After about a year, I felt like I didn't know where my life was going. I had no direction. I was living off friends and wasn't happy. Finally, I came back home and talked to my family and said I wanted to do computers and security. I didn't want to finish high school because I knew what I wanted to do. My mom was cool and said "I'll give you two months to find a job, but you have to support yourself, otherwise you're going back to school." A couple of weeks after that I got my first real job working for a Web development company, which is where I met the owner Firas, who I eventually started eEye with.

    One day I had the pleasure of waking up with a gun to my head from the FBI. I had been raided and everything. I don't have any record and I wasn't charged with anything. They thought I was doing crazier stuff than I was. I'm not actually sure why. They took all my equipment. For the first couple of months after that I was waiting for them to come back, but nothing happened. I was 17 at the time and it was a wake-up call; that this hacking and screwing around wasn't going to help me make the life I want.

    So I talked to my friend Firas and told him about my ideas for a security product. That's when we started eEye and created the first product, which was to automate what I was doing hacking computers—a program called Retina. It would show you how to scan computers and break in but also how to fix it. Within a few years we were doing tens of millions of dollars in revenue and had 60-plus employees. To this day, Retina is a mandated standard part of the Department of Defense. Military bases around the world are using it.

    I was in DC recently, meeting with different agencies and they all know my background. That was the smartest thing I did, to never try to hide my past. I run into people now who say they remember me messing with this server or that when I was a teenager. A year after I was raided I had an interview on an LA radio station and afterward the lead FBI investigator on my case called me and said "Hey, I heard what you're doing. It sounds like you turned your life around." And he wanted to let me know that the case was totally closed and that they were sending me all my stuff back, which was a really interesting time capsule. Even though it was only a year or a year-and-a-half later, to get this hacking stuff back was interesting.

    Anything else to add?
    Maiffret: One question I ask myself is what keeps me going? What makes it interesting? If you look at how much progress has been made in security, companies are still getting hacked as much, if not more than 10 years ago. I've seen people get burned out on it because it's one of the only industries in the world where you're pretty much set up for constant failure and a race that never ends. You never really have a victory because as soon as you do the bad guys have moved on to something else. In other aspects of life, it's easy to become complacent and clock in at 9 and out at 5. But for me security has some new challenge every day. The intellectual challenge is what drives me.
  24. Rodus macrumors 6502a


    Oct 25, 2008
    Midlands, UK
    ^^most of the security companies have been spewing that kind of thing for years, usually when they have a new product to sell, yet still there's been no malware outbreak on the Mac.

Share This Page