Most Unobtrusive Virus Protection

s15119

macrumors 68000
Original poster
Nov 20, 2010
1,855
1,672
I've been a Mac user for a long time. I've read a lot of threads about virus software and I spent a little bit of time searching before I read this.

I've never used virus or anti-malware software on any of my Macs and I don't find it to be a necessity. Yeah, I know there is malware, but sensible computing habits do a better job of defeating those than running software that sometimes resemble a virus more than most viruses.

I've found myself in a situation where the only way I can access an employers network with my trusty Macbook Air is if I run some kind of virus software. They don't seem to care what I run, I just need to run something.

I'd like advice on what is going to be the most unobtrusive option. Something that stays out of my way, doesn't use up my processor cycles and "just works". It would also be nice if it was free or cheap.

Please don't use this thread to debate whether Apple users need to worry about that. There are tons of threads where it's been debated to death. Let's try to keep it to "If you MUST run virus software, whats the best option".

Thanks in advance.
 

Andropov

macrumors regular
May 3, 2012
230
58
Spain
I'd go for a virus scanner, because it doesn't work on the background, so you can use it to "scan" for virus when you really need it (never).
 

GGJstudios

macrumors Westmere
May 16, 2008
44,427
786
Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 12 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). 3rd party antivirus apps are not necessary to keep a Mac malware-free, as long as a user practices safe computing, as described in the following link.
Read the What security steps should I take? section of the Mac Virus/Malware Info for tips on practicing safe computing.

If someone insists on running antivirus for some reason, ClamXav is a good choice, as it doesn't run with elevated privileges, isn't a resource hog, detects both OS X and Windows malware, and can run when you want it to, rather than having it running all the time.
 

aaronvan

Suspended
Dec 21, 2011
1,350
9,349
República Cascadia
Security Best Practices

1) Always operate behind a router.
2) Never click on a link in an email.

Those two steps are pretty much all the average user needs to protect themselves (even a Windows user). I usually don't even have the OS X firewall enabled.
 

Shrink

macrumors G3
Feb 26, 2011
8,931
1,606
New England, USA
Another vote for ClamXav...only works when you activate it ,so it's not a resource hog, and does the job well. I've been using it roughly monthly (probably not necessary to use it that often, but I'm a bit of a security freak) for several years, and while an av may not be absolutely necessary with OS X...if one is going to use an av...I think this is a very good choice.
 

DanCorleone

macrumors member
Apr 21, 2013
90
15
If someone insists on running antivirus for some reason, ClamXav is a good choice, as it doesn't run with elevated privileges, isn't a resource hog, detects both OS X and Windows malware, and can run when you want it to, rather than having it running all the time.
I have a file on my computer that has a windows virus, but i had no idea of it until a Windows user informed me I had sent them a file with a virus. Obviously such a virus is totally harmless to a Mac user, and we have no idea.
For that reason, I have decided to go with a program that can also detect Windows Viruses.... so I'll give ClamXav a try.
 

magicMac

macrumors 6502a
Apr 13, 2010
728
175
UK
Sophos for mac is pretty good; very light weight. But I did recently uninstalled it because it really honestly never finds anything.
 

nebo1ss

macrumors 68030
Jun 2, 2010
2,777
1,490
Your employer is right to require Anti-Virus software to protect their network. You may introduce a file to the network that while it may not affect you could affect others. However, they are are not nearly serious enough if they allow you to decide what Anti-virus software to use. They would hopefully also require a VPN client with RSA SecurID Authentication.
 

cerote

macrumors 6502a
Mar 2, 2009
835
267
Sophos for mac is pretty good; very light weight. But I did recently uninstalled it because it really honestly never finds anything.
I would avoid Sophos because it used to run the update service as elevated user which made your system even more open to intrusion if someone takes advantage of update server or spoof it. Not sure if they fixed it yet or not.

Clamxav is best suggestion if you have too. It is lightweight and if you need to actually have it watch folder it doesn't take much resources to watch one or two folders. It will if you having it watch a ton of places though. (At least from my personal experience with using it for several years). For those that need it for work the main parts is to have it watch the mail folder and downloads and you are mostly good to protect from spreading windows stuff onto windows users.
 

PicnicTutorials

macrumors 6502a
Dec 29, 2013
546
13
+1 on ClamXav. And you can try it out.
ClamX is the lightest. That's a good option for on demand. ClamX, Sophos, and Avast are top three. Sophos ws my first choice untill I deleted them. If you want to spend money webroot is your best option in my opinion. It was the only one that did not drain my ram to zero while it scanned.
 

QuantumLo0p

macrumors 6502a
Apr 28, 2006
989
30
U.S.A.
I would avoid Sophos because it used to run the update service as elevated user which made your system even more open to intrusion if someone takes advantage of update server or spoof it. Not sure if they fixed it yet or not...

Do you mean similar to Apple apps that can run with elevated privileges? lol
 

cerote

macrumors 6502a
Mar 2, 2009
835
267
Do you mean similar to Apple apps that can run with elevated privileges? lol
Yes but we are not really talking about safety of other apps here right now. I just shared opinion on that AV software on what others have found. As GGJ has posted above gives examples in the link of what one to use if you needed to use one. Here is a quote mainly on the Sophos and an example of how that type of exploit had been used before.

I would not use Sophos because the component (and almost all of its components) of the software that receives updates is running with root privileges such that an exploit would be remote root if an exploit was found for that component.

Given that Sophos is 32 bit, the security mitigations can be defeated by bruteforce techniques if an exploitable vulnerability is found in the software.

For example, McAfee LinuxShield <= 1.5.1 Local/Remote Root Code Execution. Different OS but same principle could be used if exploit found in Mac AV software running as root.

With ClamXav, all of the components do not run as root. The exception is a daemon that scans for changes in folders to initiate launching clamscan if you use the Sentry feature but it does not receive inputs from a remote source.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.