Is there a strandard anti virus mac users should have?

[INEEDANOTEBOOK]

FYI

I have McAfee installed on my Imac since November 2009 (free from my university), and it did 3 malware quarantines since then.
Don't know what kind of malware it was, but still...

 

[GGJstudios]

I have McAfee installed on my Imac since November 2010 (free from my university), and it did 3 malware quarantines since then.
Don't know what kind of malware it was, but still...

Most likely Windows malware, which cannot infect your Mac.

 

[INEEDANOTEBOOK]

Most likely Windows malware, which cannot infect your Mac.

Windows malware can infect macs when we make a windows partition, if I'm not mistaken?

 

[GGJstudios]

Windows malware can infect macs when we make a windows partition, if I'm not mistaken?

That's infecting the Windows side, not Mac OS X. That's no different than having a separate Windows computer. It won't have any effect on Mac OS X or any files stored on the Mac partition.

 

[munkery]

OS X has more vulnerabilities than Windows. Yes, this is a fact. Also, OS X does not have the security response team of Windows. Yes, that is also a fact. OS X users rarely, if ever, have virus issues for a few reasons.

No, it is not a fact. The default setup of Safari has more vulnerabilities than the default setup if Internet Explorer. But, the default install of Safari includes a lot of third party components with bad security records, such as Flash, Java, PDF support (based on Adobe PDF specification), & etc. Internet Explorer does not include these by default and so it appears to have less vulnerabilities but in actual usage it is worse than Safari once these components are installed in IE.

Internet Explorer is worse because these components often have no security mitigations in Windows and disable the security of IE while these components only have lessened security mitigation in OS X. This problem with third party software in Windows is shown in this article.

That article also makes it apparent that Windows does not have full ASLR given that a lot of software has DLLs that are not randomized. Mac OS X is criticized for not having full ASLR because the dyld is not randomized but dyld is directory of dylibs which are the Mac equivalent of DLLs. Luckily the DLL hijacking issue in Windows is not a problem for Mac OS X.

Privilege escalation is required for virus install but browser exploits only allow for arbitrary code execution with user level privileges. Arbitrary code execution allows the attacker to take control over the vulnerable process with the level of privileges of the process which is usually that of the user (Safari has the current user's level of privileges). Privilege escalation is possible if a component (kernel or DLL) of the OS with elevated privileges is accessible by the compromised process but only if that component also has a vulnerability that is exploitable. Therefore, both the arbitrary code execution exploit and the privilege escalation exploit have to be linked together in a logical manner. This is the difficult part; finding a string of exploits. Given that such local exploits are rare for Mac OS X (only 4 in last 3 years and only 3 were in default components), the statistical odds of finding a working string of exploits for Mac OS X is not trivial; especially, when compared to the potential to find such strings in Windows, as shown by this article and this article..

Viruses, worms, and trojans that can be installed without authentication require privilege escalation. This is why malware on Mac is limited to trojans that require authentication.

 

[Tomorrow]

That's infecting the Windows side, not Mac OS X. That's no different than having a separate Windows computer. It won't have any effect on Mac OS X or any files stored on the Mac partition.

If the OS X partition is read/write available from the Windows partition, then this is still a possibility.

If the Windows OS, as installed, can't read/write HFS+, there shouldn't be a problem.

 

[GGJstudios]

If the OS X partition is read/write available from the Windows partition, then this is still a possibility.

If the Windows OS, as installed, can't read/write HFS+, there shouldn't be a problem.

Yes, first, the OS X partition would need to be read/write available. Then, the Windows installation would have to have MacDrive installed, so it could read and write to HFS+. The user basically has to jump through hoops to intentionally make that happen and, hopefully, would be smart enough to understand the implications. In real world experience with the vast majority of users and applications, my statement still stands.

 

[un.titled]

If I were going to create a virus, I think I'd go for the glory and the front page CNN article for being the person who wrote a virus for OSX and made Apple out to be liars. I don't know why people are acting like it's extremely difficult and people dump years into creating a virus and because of all that effort, they want to target the most marketshare. Good programmers could write a couple virus's in a days work.

I don't believe in the marketshare argument. Heck, the person who wrote the virus for OSX would probably be hired by Apple.

 

[INEEDANOTEBOOK]

Yes, first, the OS X partition would need to be read/write available. Then, the Windows installation would have to have MacDrive installed, so it could read and write to HFS+. The user basically has to jump through hoops to intentionally make that happen and, hopefully, would be smart enough to understand the implications. In real world experience with the vast majority of users and applications, my statement still stands.

I've no idea what HFS+ and MacDrive are, but I'll certainly try to learn more about it before doing a partition. Thanks!

 

[GGJstudios]

I've no idea what HFS+ and MacDrive are, but I'll certainly try to learn more about it before doing a partition. Thanks!

HFS+ is one of several types of formats for drives/partitions. Here's an overview:

FAT32 (File Allocation Table)

• Read/Write FAT32 from both native Windows and native Mac OS X.
• Maximum file size: 4GB.
• Maximum volume size: 2TB

NTFS (Windows NT File System)

• Read/Write NTFS from native Windows.
• Read only NTFS from native Mac OS X
• To Read/Write/Format NTFS from Mac OS X: Install NTFS-3G for Mac OS X (free)
• Some have reported problems using Tuxera (approx 33USD).
• Native NTFS support can be enabled in Snow Leopard, but is not advisable, due to instability.
• Maximum file size: 16 TB
• Maximum volume size: 256TB

HFS+ (Hierarchical File System, a.k.a. Mac OS Extended)

• Read/Write HFS+ from native Mac OS X
• Required for Time Machine or Carbon Copy Cloner backups of Mac internal hard drive.
• To Read/Write HFS+ from Windows, Install MacDrive
• To Read HFS+ (but not Write) from Windows, Install HFSExplorer
• Maximum file size: 8EiB
• Maximum volume size: 8EiB

exFAT (FAT64)

• Supported in Mac OS X only in 10.6.5 or later.
• exFAT partitions created with OS X 10.6.5 are inaccessible from Windows 7
• Not all Windows versions support exFAT. See disadvantages.
• exFAT (Extended File Allocation Table)
• Maximum file size: 16 EiB
• Maximum volume size: 64 ZiB

 

[NickZac]

Okay, well in this case there is no definite answer. Things I have read have indicated that Windows is more secure than OS X. Let's say that OS X is far more secure than Windows purely by design. You would NEVER be able to get an accurate judgment on security, and you prove this in your post below. You are not a typical user and I can almost guarantee this is a large reason for the lack of viruses. I would argue that most Apple users have a better understanding of computers and related aspects. I argue this because Apples are expensive, and market trends show that people who buy the higher end, premium products, usually have more knowledge about the product they are buying compared to the people who did not buy the premium products. Also, they have more resources invested in their purchase and are more likely to make an active effort to maximize the benefits of the nicer product. In this case, that comes down to computer literacy. How many basic users do you know that use UNIX? Even though we may disagree over why, I will argue that OS X will always be more secure than Windows given current market trends.

I also should have discussed the increased vulnerabilities part in a more intelligent manner as I may have 'jumped the shark'. Many of vulnerabilities I see are related to the current status of users, and not as much in relation to Macs, including:

-Response to a virus-how many companies are currently making good antivirus software for Macs? Most current systems have bad reviews. If a virus came out tomorrow, how long would it take for OS X to be able to correct it? I would bet you it would be a lot longer than Windows, based on the fact that far more companies make antivirus software for PCs than Macs.
-Software limitations-PC antiviral software has been around for a few decades; antiviral software for Macs is a relatively new concept and more likely to be less refined and possibly less effective
-User belief that they will not have viruses on their Macs
-As you said, if someone wants to make the nightly hacker leet news, making a virus for a Mac would make a bigger impact, although all other reasons for hacking make more sense for the user to attack PCs, specifically Windows XP.
-Compilation effect-some people argue that harmless (in the immediate) spyware, malware, trojans, and whatever else builds up to eventually cause a problem
-Time-Apple computers have a longer service life than entry level laptops and this can mean that a specific generation of any type of software may be used for years and years, giving a better 'window of opportunity' to hack Macs

Finally, I apologize for spreading incorrect information, as it was not my intention.

No, it is not a fact. The default setup of Safari has more vulnerabilities than the default setup if Internet Explorer. But, the default install of Safari includes a lot of third party components with bad security records, such as Flash, Java, PDF support (based on Adobe PDF specification), & etc. Internet Explorer does not include these by default and so it appears to have less vulnerabilities but in actual usage it is worse than Safari once these components are installed in IE.

Internet Explorer is worse because these components often have no security mitigations in Windows and disable the security of IE while these components only have lessened security mitigation in OS X. This problem with third party software in Windows is shown in this article.

That article also makes it apparent that Windows does not have full ASLR given that a lot of software has DLLs that are not randomized. Mac OS X is criticized for not having full ASLR because the dyld is not randomized but dyld is directory of dylibs which are the Mac equivalent of DLLs. Luckily the DLL hijacking issue in Windows is not a problem for Mac OS X.

Privilege escalation is required for virus install but browser exploits only allow for arbitrary code execution with user level privileges. Arbitrary code execution allows the attacker to take control over the vulnerable process with the level of privileges of the process which is usually that of the user (Safari has the current user's level of privileges). Privilege escalation is possible if a component (kernel or DLL) of the OS with elevated privileges is accessible by the compromised process but only if that component also has a vulnerability that is exploitable. Therefore, both the arbitrary code execution exploit and the privilege escalation exploit have to be linked together in a logical manner. This is the difficult part; finding a string of exploits. Given that such local exploits are rare for Mac OS X (only 4 in last 3 years and only 3 were in default components), the statistical odds of finding a working string of exploits for Mac OS X is not trivial; especially, when compared to the potential to find such strings in Windows, as shown by this article and this article..

Viruses, worms, and trojans that can be installed without authentication require privilege escalation. This is why malware on Mac is limited to trojans that require authentication.

 

[nick9191]

Ah the market share myth. Were this true:

1. If OS X has a 10% market share, you would see a number of OS X viruses. Maybe not 10%, but some. And more than one or two, even 1/70th of Windows viruses stands at 1000 viruses.

2. Certainly servers are a higher target, certainly OS X runs on very few servers compared to Windows. Nonetheless, I can disprove this with one word: Linux. Windows Server is not scalable to any great degree, Linux or BSD are the only choices (Google, eBay, US Govt.).

Windows has a high level of viruses because of poor past design decisions (Active X, all software runs as Administrator, the list is endless). When Microsoft tried to fix these issues we ended up with Vista which broke so much compatibility. Microsoft's philosophy is to drag legacy code throughout modern versions of Windows to ensure compatibility because of their place in the enterprise market. They face a constant trade off between compatibility and security.

Just as an example, UAC. UAC prevents software from running in admin mode until an admin gives permission. Unfortunately, this prevents access to core libraries that some software needs. Result, some software didn't work. It was pure incompetence on Microsoft's part, throughout the design of DOS and Windows in the 80's and 90's. Absolute pure incompetence to not take in to account basic security features that have been present in Unix since the late 60's, yes, the late 60's.

This thread is actually quite sad as it just shows the absolute dominance of Microsoft means that people project problems within Windows on to other operating systems. If Apple, hypothetically, were to release OS X to run on normal x86 hardware, to put it bluntly you are not going to see jack for viruses.

 

[GGJstudios]

... You are not a typical user and I can almost guarantee this is a large reason for the lack of viruses. I would argue that most Apple users have a better understanding of computers and related aspects. I argue this because Apples are expensive, and market trends show that people who buy the higher end, premium products, usually have more knowledge about the product they are buying compared to the people who did not buy the premium products. Also, they have more resources invested in their purchase and are more likely to make an active effort to maximize the benefits of the nicer product. In this case, that comes down to computer literacy....

I don't buy this argument for many reasons. First, Apple's advertising (which is what attracts a great number of computer buyers) touts their simplicity and ease of use. This led Microsoft to respond with ads featuring children sending pics to grandparents, etc. The fact is, the vast majority of computer users, Mac and PC alike, are less computer literate than the average MR forum member.

Also, being able to afford more expensive computers has no bearing on computer literacy. How many wealthy company owners, executives, actors, music artists, etc. who buy tech toys, barely know how to use them? How many school-age kids are extremely computer literate, even though they can't afford to buy their own computers?

The truth is that the average computer user (Mac or PC) isn't computer literate enough to protect themselves from malware beyond installing (or having someone install for them) some antivirus app. Most don't even know how to configure such apps. Most also aren't even aware of forums such as this one. But they also aren't computer literate enough to be likely to engage in riskier activities, like downloading apps from torrent sites.

The fact is that MR forum members, overall, represent a tiny minority who are more computer literate and more likely to take steps to protect our "investments". The masses out there don't even view a computer as an investment at all. To most, it's either a toy or a handy little gadget or a glorified calculator, word processor, and email checker that they're forced to use on the job.

 

[NickZac]

Apple advertises to younger persons, but this has nothing to do with computer literacy. Even kids know an impressive amount about computers to make your jaw drop, and computer usage and literacy is increasing in every age cohort, especially people over the age of 65.

Being able to afford a more expensive computer does have some effect. US stats show that wealthier people are more likely to attend college and to then generate wealth. Education is associated with computer literacy for a variety of reasons. The link may not be exceptionally strong, but I dare say at least some connection exists.

You are right in pointing out how we are the minority, as most people on this forum probably find computers to be their hobby and enjoy reading up on tech-related publications. More than likely, we can't understand the majority and the majority can't understand us when it comes to computer literacy, so drawing concrete differences is a gray area.

Now once Mac viruses become more prominent, then we will know how critical AV software really is.

I don't buy this argument for many reasons. First, Apple's advertising (which is what attracts a great number of computer buyers) touts their simplicity and ease of use. This led Microsoft to respond with ads featuring children sending pics to grandparents, etc. The fact is, the vast majority of computer users, Mac and PC alike, are less computer literate than the average MR forum member.

Also, being able to afford more expensive computers has no bearing on computer literacy. How many wealthy company owners, executives, actors, music artists, etc. who buy tech toys, barely know how to use them? How many school-age kids are extremely computer literate, even though they can't afford to buy their own computers?

The truth is that the average computer user (Mac or PC) isn't computer literate enough to protect themselves from malware beyond installing (or having someone install for them) some antivirus app. Most don't even know how to configure such apps. Most also aren't even aware of forums such as this one. But they also aren't computer literate enough to be likely to engage in riskier activities, like downloading apps from torrent sites.

The fact is that MR forum members, overall, represent a tiny minority who are more computer literate and more likely to take steps to protect our "investments". The masses out there don't even view a computer as an investment at all. To most, it's either a toy or a handy little gadget or a glorified calculator, word processor, and email checker that they're forced to use on the job.

 

[hakuryuu]

Like it or not there are trojans and other things out there both present and future that you should protect against. For a while I have run ClamXav but recently tried Sophos Anti-Virus for Mac. It is free and works incredibly well compared to Clam. It also catches Windows malware which is great for my work and is just smart as we should be doing what we can to stem the accidental flow of malware through email and file sharing.

 

[cerote]

This is for the market share argument.


What about OS9 and below. How much market share did they have? Yet they had several viruses.

What drove those virus writters to chose a low market share OS?

 

[toxic]

...

"computer literacy" means you know how to use a computer to do common tasks. it doesn't mean you know how they work or how they can be exploited.

have you ever worked in any sort of IT or tech-related service/support job? 'cause then you would know just how stupid people are with computers, no matter how intelligent they are in other areas.

I seriously doubt Mac users are more knowledgeable than Windows users. in fact, Mac is stigmatized as the OS for the computer-illiterate.

 

[GGJstudios]

have you ever worked in any sort of IT or tech-related service/support job?

Yes, since before PCs were invented.

'cause then you would know just how stupid people are with computers, no matter how intelligent they are in other areas.

Quite true.

 

[munkery]

Many of vulnerabilities I see are related to the current status of users, and not as much in relation to Macs, including:

-User belief that they will not have viruses on their Macs

This suggests that Mac users are vulnerable because they are unknowledgeable.

You are not a typical user and I can almost guarantee this is a large reason for the lack of viruses. I would argue that most Apple users have a better understanding of computers and related aspects. I argue this because Apples are expensive, and market trends show that people who buy the higher end, premium products, usually have more knowledge about the product they are buying compared to the people who did not buy the premium products. Also, they have more resources invested in their purchase and are more likely to make an active effort to maximize the benefits of the nicer product. In this case, that comes down to computer literacy.

Being able to afford a more expensive computer does have some effect. US stats show that wealthier people are more likely to attend college and to then generate wealth. Education is associated with computer literacy for a variety of reasons. The link may not be exceptionally strong, but I dare say at least some connection exists.

These quotes says Macs have less malware because the Mac user base is more knowledgeable than the other PC user base.

These two statements are mutually exclusive. How can you base a reasonable argument using both of these assumptions?

Honestly, viruses and worms are installed without user intervention so the knowledge level of the user is not a factor. Trojans, on the other hand, can easily be avoided with user knowledge unless the user is running as a superuser (Admin in Windows XP, Admin with UAC turned off in Vista/7, root in OS X). Superuser can write anywhere in system without authentication.

Now once Mac viruses become more prominent, then we will know how critical AV software really is.

How many years have both Mac and Windows users been waiting for this day?

 

[Gr80Likes2Boogi]

If I were going to create a virus, I think I'd go for the glory and the front page CNN article for being the person who wrote a virus for OSX and made Apple out to be liars.

Apple wouldn't be liars, they've never said "ZOMG Guys, we're like, never ever gonna get viruses and junk. If we do, we like, totally owe you a Coke." THEN they'd be lying, and possibly owe a lot of people a Coke.

 

[NickZac]

Interesting perspective. Knowledge and vulnerability are not necessarily related (it was even said above). There is no complete vulnerability nor is there complete security, and not all users have the same skills in the same field. I've never worked in an IT position so I do not have first hand experiences. We've been waiting a long time and that is why I said only time will tell if/when it occurs.

"computer literacy" means you know how to use a computer to do common tasks. it doesn't mean you know how they work or how they can be exploited.

have you ever worked in any sort of IT or tech-related service/support job? 'cause then you would know just how stupid people are with computers, no matter how intelligent they are in other areas.

I seriously doubt Mac users are more knowledgeable than Windows users. in fact, Mac is stigmatized as the OS for the computer-illiterate.

This suggests that Mac users are vulnerable because they are unknowledgeable.





These quotes says Macs have less malware because the Mac user base is more knowledgeable than the other PC user base.

These two statements are mutually exclusive. How can you base a reasonable argument using both of these assumptions?

Honestly, viruses and worms are installed without user intervention so the knowledge level of the user is not a factor. Trojans, on the other hand, can easily be avoided with user knowledge unless the user is running as a superuser (Admin in Windows XP, Admin with UAC turned off in Vista/7, root in OS X). Superuser can write anywhere in system without authentication.



How many years have both Mac and Windows users been waiting for this day?

 

[INEEDANOTEBOOK]

Yes, first, the OS X partition would need to be read/write available. Then, the Windows installation would have to have MacDrive installed, so it could read and write to HFS+. The user basically has to jump through hoops to intentionally make that happen and, hopefully, would be smart enough to understand the implications. In real world experience with the vast majority of users and applications, my statement still stands.

__________
New Question:

Since my current antivirus shows 3 quarantines that might be Windows viruses even though I'm currently running on OS X - then it means that if I do a partition and never go online while running Windows, I can still get viruses that will infect the Windows partition, correct?

 

[toxic]

__________
New Question:

Since my current antivirus shows 3 quarantines that might be Windows viruses even though I'm currently running on OS X - then it means that if I do a partition and never go online while running Windows, I can still get viruses that will infect the Windows partition, correct?

an infected file on OSX can do nothing to a Windows partition without write privileges, which there aren't (it's not even possible) without 3rd party software or being in a VM's shared folder.

 

[axu539]

Could Windows viruses possibly infect a Boot Camp partition from OS X if I have drivers installed that allow writing to NTFS?

 

[INEEDANOTEBOOK]

an infected file on OSX can do nothing to a Windows partition without write privileges, which there aren't (it's not even possible) without 3rd party software or being in a VM's shared folder.

So... Does that mean that as long as I only surf the net on OS X, and I don't have "write privileges", I'm safe?

In that case, I don't need an antivirus?