Required by work to have an antivirus program... suggestions?

Discussion in 'MacBook Pro' started by andyACEcandy, Dec 9, 2013.

  1. andyACEcandy, Dec 9, 2013
    Last edited: Dec 9, 2013

    andyACEcandy macrumors 6502a

    Joined:
    Feb 11, 2008
    #1
    So, my wife's new job requires an antivirus program in order to get onto the VPN remotely. I'm assuming this is primarily for others with windows computers :D but since they're making it a requirement, does anyone have any suggestions?

    I found a few good free ones online but they're saying she needs to buy one (and they'll reimburse here). Weird..... so I guess we're looking for suggestions on antivirus programs that cost money. Wow, completely goes against any logic haha

    Thanks
     
  2. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #2
    Of course, antivirus apps are not needed to keep OS X malware-free, but in cases like yours when it's a requirement, I recommend ClamXav. It isn't a resource hog, doesn't run with elevated privileges and you can run scans when you want, rather than have it constantly running. ClamXav is free, but you should explain that many of the best OS X apps are free, unlike the Windows environment. ClamXav has a good reputation and is well known in the Mac community. You could also make a donation to the developer, and call that your "purchase price".

    Macs are not immune to malware, but no true viruses exist in the wild that can run on Mac OS X, and there never have been any since it was released over 12 years ago. The only malware in the wild that can affect Mac OS X is a handful of trojans, which can be easily avoided by practicing safe computing (see below). 3rd party antivirus apps are not necessary to keep a Mac malware-free, as long as a user practices safe computing, as described in the following link.
    Read the What security steps should I take? section of the Mac Virus/Malware FAQ for tips on practicing safe computing.

    When the MR Guides are back online, read the Mac Virus/Malware FAQ. Until the MR Guides are available, you can read most of the same info in the Mac Virus/Malware Info post, on which the FAQ is based.
     
  3. Wuiffi macrumors 6502a

    Wuiffi

    Joined:
    Oct 6, 2011
    #3
    I'd say OS X with active firewall can be seen as some kind of antivirus software. I used kaspersky for some time. (not free though). Never found anything but made a few problems. I am no longer using it
     
  4. DeltaMac macrumors 604

    DeltaMac

    Joined:
    Jul 30, 2003
    Location:
    Delaware
    #4
    I sympathize with someone who still works where IT, despite finding Macs marginally acceptable, still feels the need to apply strict "entrance requirements".
    That being said, there is a variety of AV solutions available.
    I don't think you should need to pay for "antivirus protection" on OS X, so get something that's free… :D
    I have tried both Avast!, and Sophos Antivirus, and a couple of others that I didn't like (I don't remember what those were, it's been several years)
    And as already mentioned by better folks, ClamXav, too, is a great choice.
    Sophos, when I use it, seems to affect my system performance somewhat less than Avast!
    As an aside - I install Sophos about once per year, do a full system scan, then uninstall. I currently take care of 6 Macs. One has NEVER had a clean install, with the system simply updated, then transferred from one Mac to another over the years (so it has a collection of 15-year old MIDI files, and also an old collection of emails, begun on a Quadra with System 7.1, using AOL…, and has connected through about 15 different network/internet connections, and the same files/with updated system is now on a MacBook) and have never seen a legitimate threat found. (Well, there was that one time with a Microsoft macro virus, but that was questionable, too :D )
     
  5. Gav Mack macrumors 68020

    Gav Mack

    Joined:
    Jun 15, 2008
    Location:
    Sagittarius A*
  6. willgreene99 macrumors regular

    willgreene99

    Joined:
    Dec 16, 2010
    Location:
    DFW
    #6
    I would also recommend asking the IT department what would suffice for an anti-virus app. Do they have a list of approved applications? If you chose one of your own, what certification must they perform before they will allow your laptop on their network?

    I have a VM running on my Air that I must use in order to connect to my client's vpn for this reason, as their logon script verifies that McAfee is up and running along with other security safeguards. This works out well for me as I can just drag and drop files between my Air and the VM. And I can ssh into Linux and Solaris servers when I need to do any work on them from the VM.
     
  7. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #7
    I recommend avoiding Sophos, as it can actually increase a Mac's vulnerability, as described here and here.
     
  8. ha1o2surfer macrumors 6502

    Joined:
    Sep 24, 2013
    #8
    Not to go offtopic here but it's because we have to account for everything. If something happens and it is found a computer had no Antivirus then it could get us IT people in trouble. That's all :)
     
  9. KUguardgrl13 macrumors 68020

    KUguardgrl13

    Joined:
    May 16, 2013
    Location:
    Kansas, USA
    #10
    Wow. I was required to have Sophos installed when I lived on campus. Since moving off campus I've removed it. Thankfully the campus network is separate from the housing network (run by a third party for some reason).
     
  10. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #11
    It's bad enough to require a Mac user to install a useless app, just to fulfill a requirement set up by some uninformed IT department. It's worse to require that users spend money to buy an app, when a free app does the job as well or better than some of the paid apps. To require a specific app is absolutely ridiculous, and sounds like someone in IT is receiving compensation from the developer for forcing people to buy the app. I wouldn't stand for it.
     
  11. ha1o2surfer macrumors 6502

    Joined:
    Sep 24, 2013
    #12
    There are a lot of security precautions that need to be taken in order to prevent infections. Any computer, including a Mac, is viewed as a security risk if there isn't any protection on it. Just ask Google. They filter millions of lines of event logs to look for any suspicious activity on a 99% Mac environment.

    As for forcing a user to a certain program.. That program could full fill security need for a certain environment. Campuses house confidential information and they can't take any chances.
     
  12. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #13
    There is no way that a particular antivirus app, especially Sophos, fulfills security requirements that other apps couldn't also fill. There are plenty of apps that do the same thing Sophos does, without the added risk to Macs.
     
  13. tymaster50 macrumors 68030

    tymaster50

    Joined:
    Oct 3, 2012
    Location:
    New Jersey
    #14
    I just downloaded ClamXav, no idea why but hey better safe than sorry right?
     
  14. KUguardgrl13 macrumors 68020

    KUguardgrl13

    Joined:
    May 16, 2013
    Location:
    Kansas, USA
    #15
    Since this has sparked some discussion, I suppose I'll elaborate. This was in 2009, and things seem to have changed in the years since. Sophos wasn't specifically required (I believe, I could be wrong though), but machines were required to have some sort of antivirus, and Sophos was and is still provided for free through a licensing agreement. They also strongly recommended Firefox over other browsers, though Chrome seems to be acceptable now. Anymore I can't find any similar requirements for connecting to the campus network other than installing a network profile(?) and having some associated cloudpath system files to connect to the secure network. I suppose after I graduate in a few months I'll remove those launchdaemons.

    It's nice to know that there are IT departments that are becoming more accepting of mac/iOS products and not forcing unnecessary software. I'm well aware that potentially viruses could move from a Mac to a Windows machine and wreak havoc, but it has been previously said that safe computing should prevent that. Of course IT workers are responsible for all machines connected to the network, so I suppose precations must be taken.

    As for campuses housing confidential information, they have other means of protecting that information. I'm sure our servers are very well encrypted. We are also required to have secure passwords, change them every few months, and wait a year to reuse one.
     
  15. yjchua95 macrumors 604

    Joined:
    Apr 23, 2011
    Location:
    GVA, KUL, MEL (current), ZQN
    #16
    You don't need antivirus... You need Internet security :)

    I use Norton Internet Security 5 :) pretty inexpensive (USD30 per annum) in my country.
     
  16. TheBearman macrumors 6502

    Joined:
    May 23, 2008
    Location:
    Cary, NC
    #17
    You might have here check with the company IT folks. Most of the time they will have specific requirements and may even provide a company distro version for her use. I know my company requires Norton, which they supply (and control!).
     
  17. Ccrew, Dec 10, 2013
    Last edited: Dec 10, 2013

    Ccrew macrumors 68020

    Joined:
    Feb 28, 2011
    #18
  18. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #19
    It's not FUD. If Sophos is running with elevated privileges, which it is, the problem still exists, even after 3 years. The time is irrelevant. The fact is there are plenty of alternative apps that don't use elevated privileges, thereby completely avoiding the possibility of associated vulnerability.
     
  19. willmtaylor macrumors G3

    willmtaylor

    Joined:
    Oct 31, 2009
    Location:
    A Natural State
    #20
    Sth that takes up as few system resources as possible and runs without elevated privileges.
     
  20. Ccrew macrumors 68020

    Joined:
    Feb 28, 2011
    #21
    It's FUD GGJ. By your logic you should turn off every system level process.

    There's no third party, especially a vendor such as Sophos that's almost entire business model is centered on a single product line that's not going to stay on top of their game. By your logic the OSX firewall, Time Machine, ETC are all vulnerable also. Short sighted, closed minded, FUD is what it is.
     
  21. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #22
    The OS X firewall and Time Machine are designed by Apple to be integrated with OS X. There are enough vulnerabilities that exist in OS X without choosing a 3rd party app (which isn't necessary to begin with) that runs as root when alternatives exist that don't. There is no assurance that the Sophos development team, even at the "top of their game" is as good as the Apple development team.

    Software is imperfect, because it's designed by people who are imperfect. We can't do anything about vulnerabilities that we don't know exist. However, it makes no sense to knowingly introduce a 3rd party app with higher potential vulnerability, when safer alternatives exist, especially when such apps do not provide any protection not already offered by practicing safe computing.
     
  22. Ccrew macrumors 68020

    Joined:
    Feb 28, 2011
    #23
    The reality is though is that it's a tradeoff. Your claimed "best product" by it's very design cannot access anything outside of the user sandbox, therefore something that does try to exploit if it does so outside that context your recommendation is completely worthless. Best practice says you capture the exploit at the gate, not allow it in then hope you can catch it. By that very scenario you'd want a detection process to run at a higher escalation, be it root on a Mac or Unix box or Ring 0/Ring1 on a Windows box.

    And claiming that Time Machine et:al are different is sheer fanboiism. They're still processes that could be exploited at a different level that have access to escalated privs, hence are attack vectors.

    Every virus post you're in here spewing nonsense. While there ARE exploits published, the only thing that the published ones have lacked so far is a delivery mechanism. By saying that OSX is uber safe, and there's never been an exploit and you never ever no way no how would ever need additional protection is NOT doing a service to anyone here, unless that service is a false sense of security which you provide well.

    I'm an IT professional - and do so in a field that has access to some really cool information only a small portion of which has been published.. While I agree that OSX is more secure than an equivalent Windows box, saying that it's never been exploited I know for a fact is untrue. A 0-Day exploit is only a zero day on the day it's found, what most don't realize is that most are in use for months or even years before they are. It's going to be an unexplained trip of an enterprise level product, that has vendor support that can deal with the research necessary to identify and develop a signature that blocks it. You're not going to get that out of your freebie user space product.

    But sitting here with my Mandiant tools, Qualys scanners, Triumfant deployment, and Symantec CSP and Network protection tied to their NOC and FireEye appliances on my edge I'm just without a clue too I guess.
     
  23. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #24
    Except an exploit that tries to write outside the user sandbox will not be able to do so without the user entering an admin password to give it privileges. Thus, safe computing will be sufficient protection.
    The OS itself is an attack vector. As I said, you can't do anything about vulnerabilities that may exist that you're not aware of. You can do something about those that you are aware of. In this case, you can reduce the vulnerabilities by electing not to install a 3rd party app that has one built in.
    I haven't stated any nonsense whatsoever, and the fact that you claim such indicates you haven't read my posts carefully. For example, I have never said OS X is "uber safe" and, in fact, repeatedly state that no OS is immune to malware. OS X malware does exist in the wild, but it can all be avoided by practicing safe computing. I've also never stated that a user would never need additional protection. In the FAQ I clearly state that the current malware environment could change at any time. If a true virus is introduced, apps like Sophos will not provide protection, as they don't know what to look for. This was already proven with the Flashback Trojan, which no antivirus app initially recognized as a threat, while those practicing safe computing were unaffected. If anything, recommending an antivirus app is providing a false sense of security, as many users believe that once they have one installed, they're safe. The truth is malware detection rates in antivirus apps is less than 100%, so practicing safe computing is required, even with a 3rd party antivirus app installed.
    Who said OS X has never been exploited? Again, you're not getting that from my posts. As I've stated repeatedly, OS X malware does exist in the wild, even if none are true viruses.
    When Flashback left antivirus apps scratching their heads and scrambling to come up with a defense for a week or more, Sophos was included in that bunch. Meanwhile, those of us practicing safe computing watched the panic with complete calm, knowing we were fully protected without the need for a 3rd party app.

    If you want to put your trust in Sophos or any other 3rd party antivirus app, that's your choice. As a responsible and informed member of this forum whose motivation is to help Mac users and not to promote any software developer, I'll continue to give users the facts about safe computing and will continue to warn them of the fallacy of trusting 3rd party antivirus apps as their only line of defense against malware.
     
  24. MacModMachine macrumors 68020

    MacModMachine

    Joined:
    Apr 3, 2009
    Location:
    Canada
    #25
    its not useless , they stop the spread of email viruses.

    just because your on a mac does not mean you cannot transport viruses around via memory sticks and emails.
     

Share This Page