Do you use antivirus software?

The infection reported by the Mac user in that link appears to be a browser infection but I really don't know what its method of infection was. If you do a search for that infection it is reported that Malwarebytes can detect it. There is a good chance other Mac security software could have detected and blocked it as well.

 

Simply practicing safe computing would have avoided it. It is introduced by the user carelessly installing it without thinking about what they're installing.

https://www.fixyourbrowser.com/removal-instructions/adware/beeaware/

 

That's a valid point regarding a vulnerability being created that wasn't there before but not all Mac security software is the same...just don't use Sophos then.

Why not have security software installed that can detect and block BeeAware?

I'm all about keeping it simple in regards to my own Mac system security. There is nothing more simple that installing simple set and forget security software to help protect from infections. I thought that was what Macs were supposed to be about. The last thing I would want at home or in a business environment is some user like an employee, child, friend, etc... who isn't "security minded" to jump on one of my Macs or on my network and act irresponsibly....install untrusted apps, access questionable web sites, open attached files, etc..

--- Post Merged, Feb 10, 2019 at 8:57 AM ---

That's why most modern security software detects PUPs (potentially unwanted programs) in addition to spyware, malware, viruses, adware, ransomware etc.. It's difficult for the common user to understand and remember all the security rules in regards to installing apps, downloading and opening files, etc.. and even if you follow those safe practice rules there is no guarantee that that next link you click on is bad or file you downloaded is safe. I'd rather have a way to detect those threats than not have it... especially if other users have access to that computer.

 

No AV app has a 100% detection rate. You may have an app that detects BeeAware but doesn't detect another form of malware. Or it may detect other malware but not BeeAware. The bottom line is there is NO anti-malware app that can provide complete protection. Since macOS/OS X was introduced over 17 years ago, practicing safe computing has successfully defended against ALL Mac malware in the wild.... something that no AV app can claim. One of the dangers of such apps is they offer a false sense of security. If a user doesn't practice safe computing, a Mac can be infected, even while running an AV app.

Practicing safe computing without anti-malware apps provides better protection than anti-malware apps without safe computing.

 

What you are saying about no AV/security app having 100 percent detection rate is true for Windows machines as well... but not using security software lowers your automatic detection rate to zero.

Ok... again ... prove to me that having Mac security software (other than Sophos or one that like it that opens vulnerabilities) is safer than not having it... because even if you practice safe computing in a work or home environment you don't have control over everything that other users do on their computer.

 

If a user wants to do foolish things such as installing pirated software, you can't be assured that a particular AV app will defend against whatever malware they may install. Also, no AV app will protect against a zero-day threat, which safe computing has. Your proposed solution to install an anti-malware app and forget it, rather than practice, teach and enforce safe computing, is ill-advised and ineffective.

Add to this the fact that Mac malware is so relatively rare that most Mac users will never encounter any, whether they're running an anti-malware app or not.

 

My Mac security software detected and blocked an infection and it was an infection I wanted to have blocked than to have it residing with other files on my Mac. https://forums.macrumors.com/threads/another-infection-blocked-from-downloading-onto-mac.2166679/

It appeared to be a Windows threat... but I use Windows VMs on my Macs which could be vulnerable. Those VMs also have their own AV/security software but I they don't necessarily run the same one. My goal is to increase the detection rate to lower the potential threats.

 

That is a Windows-only threat and cannot affect your macOS installation. If you run a Windows VM on your Mac, the Windows VM should run the antivirus app, not your macOS installation. Running an antivirus app on macOS will not protect your Windows VM environment.

 

Yes it was a Windows threat and I stated it in my post but it was blocked by Mac AV software while downloading as an attached email file. Depending on how you set up your VMs... with coherence enabled those Windows VMs will open files on your Mac and those files on the Mac side are accessible in the Windows VM environment.

As I already stated in the last post and just as you pointed out... not all AVs have a 100 percent detection rate... which is one reason to run a different AV in the Windows VM than the AV/Security software you run for the Mac... It's called redundancy and it's used in the business and corporate environment all the time... and it's the concept behind why common computer users will sometimes run different types of security software on the same machine.

 

This post seems central to the whole debate....and the key word are...."if the user practices safe computing".

I have never had malware or a virus on any Mac, but I have provided support to people who have. Malwarebytes (free) cleared out loads of adware which had taken over one persons machine. Same thing happened to her again, a year later, but she was able to do it herself with Malwarebytes this time.

My point is that the vast majority do not practice safe computing. They don't read MacRumours or any computer sites. In a large company of several thousand people there will be a lot who don't practice safe computing, which makes a policy of mandating AV protection more understandable.

 

Someday, those folks who installed virus or malware protection on their macs, are going to be glad they did. It's known as planning for the future instead of reacting to an occurrence. I plan on the future in lots of ways. I gas up before the car runs out of fuel, I get groceries before I run out, I buy insurance because I MAY need it, I buy bullets before I NEED them, I have fire extinguishers even though I have NEVER had a fire in the house. While these are not direct corollaries, I think most folks will get my drift.
It hurts NOTHING/NOBODY to recommend running those security programs on my/your Mac. For those folks who take the advice of "experts" who loudly proclaim you don't need virus/malware protection? Someday you will. Who do you want to believe? OBTW google this "should I run a virus or malware prevention on a mac?" and you will get this page as the first choice that is not from a paid sponsor, from a mac centric website. https://www.macworld.co.uk/feature/mac-software/can-macs-get-viruses-3454926/
So Macs CAN get viruses/malware.

--- Post Merged, Feb 10, 2019 at 10:59 AM ---

You are 100% correct, however. I am associated with a senior community. I can tell you that seniors trust to much and get into trouble because of that. Most of them, and myself, have not a scintilla of the knowledge that you or PTA have. Besides, 95% of the general population doesn't have the common sense God gave a cucumber.
Yet I am also knowledgeable enough that folks are always asking me for help or advice. I would be doing those folks a HUGE disservice if I were to take the attitude that "Macs don't need virus/malware protection". And I live by my advice, all my macs are running anti-virus AND anti malware. It doesn't do any harm and gives peace of mind, to them and to me.
So, at last count 186 posts into this thread and I am more determined than ever to promote anti virus and anti malware to those who ask.

 

Nice find. That Macworld UK article really sums it up and there is some additional information and Mac infection data that I didn't know about to back up exactly what we (advocates of using Mac AV/security software) have been saying all along in these Mac AV/Security topic threads.

 

CVEs are a concern of anyone who cares about the actual, real, threat level. That you don't care says all that is necessary about you.

The fact remains that the threat environment for Macs is what should determine whether or not antimalware is necessary, not arbitrary feelings. The threat level is measured by, among other things, the CVE listings. At current levels, there simply is no requirement to use Mac antimalware, other that someone's (misguided) policies.

And, frankly, if you insist on my not merely having antimalware, but your corporate antimalware, I wouldn't accept employment from you. Deleting those things after the job is usually a major pain. Symantec products in particular really hate to be uninstalled. I recently did some work for a corp which was... cautious, shall we say. They turned off access to all but two of the USB ports (mouse and keyboard) in software, and then went back and did the same in the BIOS. They locked down Microsoft's corporate AV (I can't think of any reason for someone who _isn't_ a total Microsoft fanboi to use that instead of Sophos or Symantec or Trend Micro or pretty much anything else, but they used Microsoft AV. Silly boys.). They had mandatory profiles in Active Directory. They had the BIOS password-protected. A different password was required on bootup. SecureBoot was turned on. In order to deal with the problem I had to get the boot and BIOS passwords, turn SecureBoot off, unlock the USB ports, boot up, take the system out of AD (no, they didn't have a separate local machine account. Security risk. Don't look at me that way, it wasn't _my_ idea), turn the software USB locks off, and turn the MS AV off. This involved multiple reboots. The problem was then addressed, and then everything was restored. They then complained bitterly when the bill was presented. Two weeks later they called back, with a similar problem on a different machine, despite the fact that they hadn't paid the full invoice for the first job yet (they didn't like the 'padding' I'd added because of the security rigmarole). I declined to take the job, it was way too much effort, especially as they didn't want to pay. (They still haven't paid up.) Life's too short to have to put up with idiots. The last I heard they were still looking for someone to fix their problem, no-one would take the job.

--- Post Merged, Feb 10, 2019 at 12:15 PM ---

You do know that existing antimalware has a significant problem detecting future malware, don't you?

Ah, well.

 

I suppose it just depends on the person and as @Martyimac and @SoCalReviews point out, a lot of people out there need the protection. Our field technicians on Windows are all protected by AV apps - can you imagine a tech spreading a virus/malware in a client’s network?! It’s a pity though, as my experience on Windows machines is that the AV or “Internet Security” apps are massive resource hogs. Maybe this has improved lately and maybe the Mac equivalents are more efficient. Because of this experience, I personally try to avoid them, both on Mac OS and Windows, although...

On my MBP, I run a couple of VMs and run the basic Windows Security Essentials in Windows 7 to provide some basic protection on the Windows end. I am careful with what I install though and don’t share my thumb drives willy-nilly. I fact, if a drive has been between a couple of client PCs, I’ll nuke it with an erase on my Mac and I typically only use the drives in Mac OS. I’ve been running like this for a number of years and no issue so far. For sure, I’m a specific type of user and possibly tolerant of elevated risk - I’m willing to live with it just for the reduced performance hit. There is nothing more frustrating than a bogged-down system. I must mention at this point though, if I hear the fans spinning up on my MBP and I check the “apps using significant energy” list, it’s the VM...check the VM...and it’s Security Essentials running a scan. Fortunately, getting focus back to Windows gets it to back off.

So I see both sides here and unfortunately an OS like Windows really does need protection. Now, a genuine question for the Mac OS side. If standard users are not given admin rights, will they not be protected from themselves? I know this wouldn’t really work that well with Windows...

My final comment is about free vs. paid: I personally tend to choose the paid route for any product that is reasonably important. A company charging for a product or service needs to ensure that it delivers and remains competitive - so the company can survive and make a profit. My logic tells me that I stand a better shot with a carefully selected member of this crowd. Plus, when I pay for the product, I’m reasonably sure that I’m not the product down the line.

 

That is a pretty bold claim given that several antivirus application have been identified in the past that introduced security holes.
Additionally virus detection rate is not exactly satisfying, to say the least. Most of the time its pretty poor. Not to mention the AV could detect windows viruses only for the simple fact that there are no Mac viruses out there.

In conclusion: you advocate the installation of software that potentially punches security holes while at the same time could in a best case scenario detect viruses that do not even pose a threat to the host system.

As long as there are no viruses affecting Macs AV software is useless at best and harmful at worst. My choice therefore is obvious

 

Have you ever had to defend yourself in a lawsuit regarding business or corporate systems security work that you were responsible for or have you had to file a lawsuit for money due to you for work relating to system security? I know friends who have. When you are filing your case to defend your professional computer services or suing for money owed to you for contracted admin work and the company or business on the other side is saying that you didn't protect their computer network that went down due to an infection... and the cost of downtime is costing them thousands to tens of thousands or more per day in downtime.... Your position about Mac's not needing AV/Security software because of blah blah blah isn't going to hold up no matter how many posts you reference in a Mac enthusiast forum.

 

Wrong. YOUR posts are incorrect, irrespective of how often you repeat them. I actually have been involved in cases you described; as long as you can reasonably explain why AV on a system would harm rather than salvage the host you are good. Your arguments are by and large FUD.

Its a question of how how the court's experts argue as well as the overall system/network infrastructure. I have been involved and observed several respective trials; in no case did a court rule against someone who did not run AV on up to date Linux or Mac machines. AVs should be installed on a separate host, usually the firewall (ideally along with DPI and other security features). At least the latter is also true for Windows hosts

Myself: OSCP and MSc InfoSec and Digital Forensics

 

Read my previous posts... I am talking about business/corporate security software which is different from normal consumer security software... YES it's usually installed on a separate host or server... How it usually works is that computers are not allowed to connect to the network unless they are registered and authenticated... and this includes Macs, Windows and any other systems on that network.

If you really have been involved in lawsuits such as the type I was referring to then you wouldn't be making such absurd posts... Good luck going to court without security record data showing that on all the computers on the network were updated and secured with security detection software against infections... and the owner of the company is trying to get out his payment contract by saying that your lack of system security procedures has been costing him tens of thousands per day in business downtime.

 

So you agree AV installations on Mac hosts is not the way to go. So we're good, we seem to finally agree.

 

It depends on the security software setup. It can use a host or it can include a host or security server on the network in conjunction with indivdual security software on each separate computer that can run independent of the host/server... it's done this way to ensure a uniform protection on devices that may be used outside of the local secure network... Those devices will need protection outside the network as well... and Yes that includes Macs.

 

Agreed. You cannot not, however, protect devices punching security holes into them, which is particularly unreasonable if there are no actual threats out there.

I am well aware that on the corporate level there is always some pressure (apparently stemming from the Windows world, where at some point AV was just a necessity) to "do something, just in case". Technically, though, this is most of the time counterproductive

 

Yes, you have made some good points. I don't want to make it sound like I have all the answers here because I don't and maybe this topic deserves some kind of vigorous rational debate to help other users decide. In many circumstances it does come down to choice and preference. It's a different situation for individuals with home networks or even small businesses... and if its your own company you can hire who you want and do want you want.

 

Indeed. So do I, coz there are no absolute answers. The computer world is constantly and very quickly changing, all the time, and at seemingly increasing pace. What may be (somewhat) true today might be totally wrong tomorrow.

And, since there are no absolute answers, there is no substitute for common sense in computing, even though this sounds too much to ask for from non-experts. Unfortunately, that's how it is, there is no one stop shop AV. AV is very, very hard.

No "parachute" can save a computer from an inept user entering "sudo rm -Rf /" (DON'T TRY THIS!); the same is true for trojans etc. There is no absolute security. And it does not look like this will change anytime soon.

 

The OS itself has security holes. Just 3 days ago  had a supplemental security update for 10.14.3. If we take your comment to the logical end, we wouldn't use computers at all.
This applies to your last sentence also.

 

This was pointed out in the MacWorld UK article you linked... How Apple does it's best to patch security holes but in the meantime Mac security software can help fill in some of the security gaps before it gets patched.